Articles: Internet Security

More on Scams

As always there are numerous scams out there, most trying to steal your email address and password, or overcharging you for something that you may or may not need. They may be by email or snail mail – post.

The last overcharging scam we have seen is a renewal notice/invoice from an organisation called PTMO – Patent & Trademark Organisation. Their scam is to overcharge you for a trademark renewal – on a trademark that you may or may not have and which may not be due for renewal.

As always, if you get an invoice from someone you are not 100% sure about;

Check the amount and what they are charging you for.
Make sure it is for a service you need and do not get from elsewhere
Read the fine print – some may lock you in for a long period
Do not give away passwords or anything else

For more information on various scams, search for “New Zealand scams” (or similar search phrases) in your preferred search engine.

Google Analytics spam

Spam and ghost referrers appearing in Google Analytics has been a major issue for some time. Your stats will be biased to some degree if there are lots of spam referrers.

If you want to know more about this and how complex it is to resolve, have a look at the article at http://help.analyticsedge.com/spam-filter/definitive-guide-to-removing-google-analytics-spam/

The first part of the article tells you about the issue in reasonably readable terms Continue reading

Internet of Insecure things

Some time ago we talked about the Internet of Things. That means devices like fridges, air conditioners and heat pumps and other devices that are now wifi and internet enabled. CCTV cameras also fall into this category and there are millions of them around. Greater London has around 500,000 and the whole of the UK is estimated to have 4,200,000! 9 https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_Kingdom)

These devices may make your life easier and more secure but the proliferation of these is also assisting hackers as they are not secured or using any anti virus or firewall type software.
Continue reading

NZ Website Credit Card hack / skimming

Hackers have recently skimmed credit card details from scores of NZ online stores. These include sports and book stores and online pharmacies. Worldwide there are around 6000+ sites affected by this malware.

The hack exploits a vulnerability in unpatched Magento Shopping carts on sites.

If you think you have purchased from a site which uses a Magento shopping card, contact your bank. If your site uses Magento as it’s shopping cart back end contact your developer.

And if you are using any other shopping cart on your site check to make sure that it is fully up to date and secure.

Now! Pronto!

See http://www.nzherald.co.nz/it-security/news/article.cfm?c_id=239&objectid=11729022

Domain / SEO Scam

As always there is some sort of a domain name scam going on – the latest is an email from someone called Domain Registration Service SEO Company

Their email is telling you your name is expiring. But what they are actually selling you is apparently some sort of Search Engine Optimisation service. It took me quite a while of reading the fine print to even figure that out. They don’t even have their domain name on their proforma invoice.

They are directing you to a secure checkout so they could even just be taking your money or credit card details and doing nothing else.

See http://www.scam.com/showthread.php?638695-Domain-SEO-Service-Registration-Corp or search for “Domain Registration Service SEO Company” for more info about this scam.

Our recommendation – don’t touch them, or respond to any similar scammy or spammy emails.

View more about various scams we have written about at http://www.netaction.co.nz/internet-security/scams-etc/

Spam in Google Analytics

We have written about this before, but here is an update

Many of you will be noticing a large number of spam / ghost sites in your Google Analytics, Referring sites data. For some sites these have accounted for a very significant amount of their traffic. That biases the “real traffic” figures and reduces the usefulness of Analytics reporting.

To view this, login to your Google Analytics account.

Go down to Acquisition / All Traffic / Referrals

Some of the spam sites you may see are those like top1-seo-service.com, googlesucks, how.to.travel.and.make.money.with.maps.ilikevitaly.com, free-share-buttons.com, www1.social-buttons.com, 5542.copyright, pornhub, and many more…

Do not click on the links to these sites!

Until now the methods used to try to exclude these spam sites have been moderately effective.

We continue to try to eliminate these from the stats data for our clients. But is becoming more challenging as the ghost sites regularly change their names and identity.

Google does not appear to have an answer to this issue. I am sure they must be working on it but there is certainly no “official word” from them about a solution. They have been noticeably quiet on this matter, I suspect because they don’t know what to do about it and it’s a major challenge for them.

We live in hope that they will achieve a solution before Analytics reporting becomes totally useless. This is essentially about sites hacking and modifying Google systems. So we expect to see a resurgence of people using other stats reporting packages which are unaffected by this issue.

It is mostly a bigger issue for a small site than a large one as it means a proportionally bigger bias. Having said that, I have seen spam referrals of 600 – 1000 sessions plus in a month on some sites. That is very significant even for a site with a large amount of traffic.

So the “take out” from this is, don’t blindly believe your Analytics stats without looking at them in some more depth and seeing what your “real traffic” is.

Our previous article on this is at http://www.netaction.co.nz/google-analytics-re-robots-ghost-referrers/

Fake Link Crashes web browsers

Again, mostly affecting Apple users, there is a link being used in Social media posts that causes the Safari browser to crash. The link is often “shortened” in posts so users don’t immediately recognise it as fake and mischievous.

A 22 year old found a hole in Safari security so created this just “because he could”. He should “get a life’ instead!

Read more about it and how it could affect you at http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11579741

Password security – have you been hacked?

Many major companies have had their databases hacked and info stolen (eg Adobe, various banks and credit companies, govt agencies).

How do you know if you are on a hacked list that is now public?

We have found a site that checks against the main known hacked lists and tells you if you are on them.

The site is https://haveibeenpwned.com/

As far as I can see from checking and reading about it, it is a safe site to use but make your own decision (we checked it and we are there for the Adobe hacked list – we have registered Adobe products previously).