phishing

Canada Post Security Warning + Postal Strike Update

Canada Post has issued a warning stating that official looking emails have been circulating asking people to click on link for tracking information on parcels that are non-existent.

Clicking on this link results in the downloading of a virus so Canada Post advises people to copy and paste the tracking number of these parcels into the official site.

If you receive one of these emails and are not waiting for a package to be delivered, delete the email.

In regards to the possibility of a postal strike, the 30 day extension will end on the 8th of August and both parties are expected to enter into binding arbitration. The Union is planning a rally in Montreal on the 6th from Parc Saint-Alphonse to the Prime Minister’s constituency office on Jarry Street East.

Be Careful !

The Canadian Anti-Fraud Centre has issued a warning in regards to fake invoices being distributed by email.

These emails look legit but actually contain links to websites that install malware on computers or solicit additional information that could be used to defraud individual consumers.

If you ever receive an email saying a suspicious purchase was made on your behalf do not click on any of the links on this email. Access the retailer’s official web site via your browser instead.

Epsilon Hack & Canadians

Well, that was some April Fools Day, wasn’t it ?

Epsilon was hacked and confirmed that 2% of their clientelle have had their email lists compromised, Alliance Data confirming that email addresses and their associated names had been stollen from their database.

Bank Info Security has posted a list of companies whose information was compromised. And among these nearly 70 companies are financial institutions, internet merchants and loyalty programs Canadians use.

Most of these companies have already contacted their Canadian customers in regards to this security breach. But what now ?

The Coalition Against Unsolicited Commercial Email advises people to change their email addresses as soon as possible, especially when dealing with financial institutions.

Twelve financial institutions were affected according to CAUCE, namely American Express, Ameriprise Financial, Barclays Bank of Delaware, Capital One, CITI, JP Morgan Chase, Moneygram, Scottrade, TD Ameritrade, TIAA-CREF, U.S. Bank and World Financial Network National Bank. But of course even if you don’t have an account at those financial institutions you should consider changing your email address at your financial institution if you’ve been advised by one of the other companies of this breach on your current email address.

The hackers have probably sold your information by now so you will likely be subjected to emails claiming to be from several financial institutions and online payment companies.

They’re of course hoping people will click on the links included in these emails and provide them with passwords and other information to facilitate identity theft. But of course no financial institution or online merchant will ever ask you to provide personal information by email and these companies always use encypted connections on the internet.

The most recent internet browsers either have a confirmation that the connection is secured or a verification scheme that confirms that the web site you’re visiting is authentic. But of course it is up to the user to keep on eye on the address bar at all times.

Internet users that are versed in Phishing know to look for an https:// and/or a picture of a lock in their address bar because scammers rarely purchase security certificates to scam people out of their information. They usually just stick to variations of a web site address to lure the less knowledgable into providing their passwords or other information on a fake website.

Personally, whenever some company sends me a warning about my account I open up a new tab on my browser and I use my bookmarks to access the site. I never click on the link provided in the email or provide account numbers via email. And if all else fails, I call their toll free number to resolve the issue.

Webmail services also offer anti-spam and anti-phishing options that you might consider using. These have worked quite nicely for me. But of course if push comes to shove the webmail address I use on most sites are disposible.

BTW, if you’re interested in obtaining additional security software or information on related consumer issues, I have some links listed in my Consumer Links that you might find interesting.

Don’t Fall for The Scams

I have just made aware of yet another phishing scam, this time involving Facebook.

Every few days someone tried to get people to click on fake links in official sounding emails and people are unfortunately still falling for it.

It’s quite simple. If a company sends an email to you saying there’s a problem with your account then go to the company’s web site directly.

Do not click on the link provided in the email !
Delete the email immediately !

These links are fake and dangerous. They lead to fake websites that steal passwords and install viruses onto your computer, that also not only steal more passwords as you type them but send out copies of the email you just received to the emails you’ve got in your contact list.

Some of these viruses also take over your computer, so it’s best to just delete these emails immediately and to install virus/malware scanners that will look for these viruses in the email you receive.

Microsoft currently offers windows users a free software package that can be used to protect Windows based machines.

Microsoft Security Essentials will protect machines against viruses, spyware and malware. But I also recommend the use of alternative browsers like Firefox, which is more secure, as well as web based email, like Gmail, whose email is usually scanned for viruses and spam.

I also like the immunity function of Spybot-Search and Destroy, which instructs your browser to prevent certain suspect scripts and websites from loading up. But you need to turn off real time protection if you’re using another virus scanning program.

Some of you may already have anti-virus and anti-spyware software pre-installed on your computers. Or some of you may have software provided to you by your internet providers. You should always update these regularly to address the latest threats. But even with this software installed it’s best to consider all emails of this nature to be potential threats.