How to Spot Danger Before Your Computer Gets Infected ...€¦ · Thousands of websites get infected with malware daily The End Result – Site identified with Blackhat SEO Spam.

PROTECTING YOUR BUSINESS ASSETS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 1

A MyNAMS Presentation by Regina Smola

How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and

Your Credit Card Number Gets Stolen

BEWARE OF DANGEROUS LINKS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 2

Pay close attention to the links you click on!

Email Spoofing (forgery) – Sender changes the From address and parts of the email header to appear as though it came from a different source.

Phishing (fake) – a way of trying to trick you to steal your private data, such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. Malware Sites (viruses) – Malicious hackers inject malware onto webpages to try to infect your computer, steal your private data and infect your website.

PAYPAL EMAIL FORGERY

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 3

This email looks suspicious

PAYPAL SECURITY TIPS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 4

Identify or resolve a suspicious activity problem

�  An email from PayPal will: Address you by your first and last names or your business name.

�  An email from PayPal won't: Ask you for sensitive information like your password, bank account, or credit card.

Help with PayPal Suspicious Activity: http://wpsecuritylock.com/paypalactivity

PAYPAL PHISHING SITE

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 5

Always check the url in your browser address bar

EBAY EMAIL SPOOF

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 6

Look for typos and things that suspicious

FIREFOX BLACKLIST PHISHING

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 7

Browser attack warnings should never ask you to download

DANGEROUS EMAIL DOWNLOAD

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 8

Beware: email attachments can contain viruses and steal your data

BANK PHISHING SITE

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 9

Mouse over links and check your status bar before clicking

FAKE AV VIRUS INFECTION

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 10

This Fake AV has tricked thousands of people!

SPAM EMAIL DANGER

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 11

Example of scam and spoofing emails

From: Bis <bis@pmail.com> Subject: this is bad...umm, yeah

BEWARE OF UNSUBCRIBE LINKS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 12

Only click unsubscribe links like aweber and companies you trust

Sending an unsubscribe message could put your email on numerous spammer lists.

URL REDIRECT DANGER

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 13

Could this link redirect me to a dangerous site?

What’s behind this link? http://www.dropbox.com/u/67943224/indexall.html Found 2 redirects

MALWARE SPAM DETECTED

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 14

Thousands of websites get infected with malware daily

The End Result – Site identified with Blackhat SEO Spam. This often means that it was hacked and the attackers inserted links to their own sites to increase their page rank. Site scanned for malware at http://wpsecuritylock.com/scanner

CHECK FOR REDIRECTS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 15

Simple way to check for url redirects

FREE REDIRECT CHECKING TOOL Go to http://wpsecuritylock.com/redirectcheck

CHECK SHORTURLS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 16

Great little tool to check Tweet urls too!

Avoid phishing, malware, and viruses by examining short URLs before visiting them. Find out where links really take you. Go to http://longurl.org

IS MY EMAIL HACKED?

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 17

Symptoms that your email is hacked

�  You're receiving email bounces (failed delivery) for message you've never sent.

�  There are messages in your Spam folder from YOU.

�  Your friends are telling you that you're spamming them.

�  You’re receiving Gmail “Unusual Activity” alerts.

CHECK YOUR MAIL SERVER IP

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 18

Take a proactive approach to fighting email fraud

If you’re email was hacked into, your email server’s IP address may be blacklisted. Go to http://wpsecuritylock.com/ipblacklist

DOMAIN EMAIL SECURITY

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 19

Help control your email spam

Enable SpamAssassin and Spam Box from your hosting cPanel

GMAIL SECURITY

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 20

Beef up your Gmail security settings

Check your Gmail Settings: Protect yourself – turn on External content and Browser connection security.

GMAIL ACTIVITY ALERTS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 21

Turn on alerts for unusual activity

Check your Gmail Alert preferences 1.  Scroll to bottom of Gmail, click on “Details.”

2.  Scroll to bottom of popup window, click on “change.”

3.  Check “Show an alert for unusual activity.”

GOOGLE 2-STEP VERIFICATION

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 22

Increase security by turning on the 2-step log-in process

Advanced Log-In Security - 2-step verification Go to https://www.google.com/settings/

GMAIL SECURITY SETTINGS

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 23

Periodically check your Google security settings!

Google Security Checklist – Highly recommended! Take a few minutes to check that your Gmail security measures are up to date. Go to http://wpsecuritylock.com/gmail-security

EMAIL FRAUD PROTECTION

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 24

Take a proactive approach to fighting email fraud

Free tool to help identify “real” emails from over 1,500 senders, including PayPal, numbers banks and popular websites (ebay, amazon, etc.). Truemark icons show up next to messages that have passed a two-step security check to verify the sender. Go to http://www.iconix.com System requirements are limited, but they’re working on updates.

STOLEN PASSWORD CHECKER

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 25

Has your password been stolen and shared?

Check to see if your password has been stolen and shared on multiple hacker databases. Go to https://shouldichangemypassword.com

STRONG PASSWORD TIPS

Generate Strong Passwords

1.  Use a minimum 15 characters.

2.  Combination of upper and lowercase letters, numbers and symbols. WordPress suggests the following symbols: ! " ? $ % ^ & ).

3.   Never use the same password twice.

4.  Don’t use your name, website name, your kids name or dictionary words.

Built-in strong password generator

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 26

Make your passwords hard to guess! !

My Favorite Password Manager

LastPass: http://lastpass.com

WP Password Generator:

http://wpsecuritylock.com/password

AUTO SCAN FOR MALWARE

Put your website on automatic scanning for suspicious activity.

Sucuri’s Web Integrity Monitoring service detects unauthorized changes to your website, DNS, whois and SSL certificates. They’ll scan your website for malware, viruses, spam and security issues and notify you if something is found. Go to http://wpsecuritylock.com/sucuri

I highly recommend this service and use it on all my sites. No webmaster should be without it! Use my discounted affiliate link above and save. @2012 Regina Smola, WPSecurityLock.com. All rights reserved. 27

Make your passwords too hard to remember! !

GOOGLE WEBMASTER TOOLS

Add your site to Google Webmaster Tools for important information about crawl errors and malware warnings found on your domain.

Go to www.google.com/webmasters/tools

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 28

Use an email address that you check often !

THINK BEFORE YOU CLICK

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 29

Link Safety Tips - Ask yourself these questions.

�  Do I trust the email sender? And did it really come from him? (See http://wpsecuritylock.com/messageheaders)

�  Is the text link shown the same as the hyperlink? (Mouse over the link and look at your browser’s status bar.)

�  If I click this link will it redirect me to parts unknown? (Check http://wpsecuritylock.com/redirectcheck)

�  Is my firewall on and anti-virus program(s) running?

�  Does the site have malware? (Free malware scanner at http://wpsecuritylock.com/scanner)

REPORTING RESOURCES

�  Report Malware and Phishing Sites to Google http://wpsecuritylock.com/googlereport

�  Report Skype Scams http://www.facebook.com/SkypeVirusHelp

�  Report Email Scams, Fraud and Phishing http://wpsecuritylock.com/reportemail

�  Report Internet Crime to the FBI http://wpsecuritylock.com/reportinternetcrime

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 30

Help each other stay protected by reporting Internet Crime !

JUST THE TIP OF THE ICEBERG

More Security Training to come! I’ve Been Hacked: Security Tips to Help Protect Your Online Business Free Webinar Thursday, April 5, 2012 – 8pm Eastern Go to http://nams.ws/ibh Learn security tips and tools you can use to help protect your computer, website, and online accounts.

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 31

Good news! Get more security tips on 4/5/2012

REPLAY AVAILABLE

MyNAMS Offers 17 Ways To Get Better Training, Content And Tools For Your Online Business Today If you’re creating a totally online business or looking for a new channel to increase your offline revenues, then the MyNAMS community IS for you. Become a member at http://nams.ws/regina Save 85% off your membership with coupon: MYNAMS85

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 32

Get the replay of this webinar and a whole lot more!

THANKS FOR COMING

Let’s Connect

Ø  My Site: http://nams.ws/secure

Ø  Facebook: http://facebook.com/wpsecuritylock

Ø  Google Plus: http://wpsecuritylock.com/gplus

Ø  LinkedIn: http://linkedin.com/in/reginasmola

Ø  Twitter: http://twitter.com/WPSecurityLock

Ø  Skype: wpsecuritylock

Ø  Phone: (815) 200-9775

@2012 Regina Smola, WPSecurityLock.com. All rights reserved. 33

I’m so glad you spent this time with me!