Monday, February 4, 2013

Protecting Your Online Pivacy

In the last few months I have had more problems with my sites being protected from either phishings, or putting unwanted ads on my blog. I have changed my pass words several times and even considered closing accounts and re-opening them for fear that once a perpetrator gets into one of them, they keep them open for future hits.

With my email I have found that I might have to do just that, close it out and reopen. I wish there was an easier way to contact companies that run these sites so you can have them close it, and then reopen without issues. Google is one I wish there was a way to talk to someone. I cannot for the life of me understand why you can't contact them and actually talk to a 'live' person?!

I also clean my computer once a week on top of everything else, and I still have issues. 

I was made aware that my blog was being hit with ads in my comments this weekend. I had to go in and change my availability for comments to only those who have registered ID's. I wanted to let all of you know that in case you have a hard time commenting. I am hoping it won't affect you being able to post. 

Now, this morning I was made aware that Twitter is having issues with this very problem and so when I am finished here I have to go in and change all my passwords again. 

I think it's time to learn more about this issue and see what I can do to stop it. Do you have these problems too? Do you know, or have, any information on this topic that could help me avoid this in the future?

It is really getting old and I am concerned about protecting my novel, and books I write in the future. If you have any information or ideas, please leave them in the comments below. I sure could use the help!

On a lighter note: I decided to allow a friend of a friend to read my entire novel for feedback. She lives in Germany and I've never met her, which I thought would make an excellent candidate. I heard back from her this weekend and I am so happy to tell you that she loved the book and asked to be a future beta-reader! In fact, she said she would read any and all if I would let her. 

I can't tell you how excited I am about her enthusiasm of the story. It means the world to me and my sister! Thank You Jessi!

I hope that all of you have a great week and I look forward to any ideas you might have about the issues with phishings. Take care and see you back here on Thursday!


Love, Lisa




19 comments:

  1. The whole issue of privacy, etc. is one of concern and a great irritation. I'm careful about what links I open in my email since that's one of the biggest sources of attack. Any email that says it's from my bank (or some other bank) I immediately delete without clicking anything. Same with emails from "Amazon", "eBay", or any job opportunities since I know these are all scams.

    I had to change my blog so it wouldn't accept Anonymous comments because I started getting so much spam. Most of it was caught by the spam filter, but it was such a hassle cleaning it out. It's sad because I sometimes received some very interesting comments as anonymous. Now I've put a message above my comment box address the anonymous issue. I'd hate to miss a legitimate comment from someone who doesn't want to register with Blogger.

    Lee
    Wrote By Rote
    An A to Z Co-host blog

    ReplyDelete
  2. Thanks lee for your suggestion. How do I do that? I would hate to miss comments too!

    ReplyDelete
  3. If you want to add a comment policy to your blog go to "settings" and then "comments". Go toward the bottom of the page and you will find a text box where you can add anything you want to tell visitors to your blog about commenting. It's a nice way to add a personal touch to your blog even though a lot of people may never even notice it.

    Lee
    Wrote By Rote
    An A to Z Co-host blog

    ReplyDelete
  4. Yeah, hard and fast banking rule: go to the website yourself. Never follow links. Plus, at least in the case of Royal Bank of Canada up here, they specifically note that they will never provide a link to login. They then provide a link to their phishing e-mail address in the same paragraph.

    I download nothing from untrusted sources and I trust no one, not since my laptop got a keylogger on it (I blame Farmville) and some scammer logged into my Facebook account and started to harass my friends with some BS story about having been mugged in London (I still have fond memories of an old classmate of mine, who is now in the Canadian Armed Forces, verbally abusing that scammer).

    I use several different classes of passwords. My banking passwords are lengthy and comprised of random characters. My social networking and e-mail passwords are easier to remember (though still comprised of random elements) and different for each one. The big benefit there is, provided you don't have an errant keylogger, if they manage to guess one password, they've got access to only one account and you only have to change that one password.

    In my Facebook fiasco, it was a password I used for several accounts. Eight password changes later, they now all have different passwords. Haven't had an issue since.

    It goes without saying that you should have some form of Internet Security package (a decent free one would be Comodo Internet Security, which continues to have the highest ranking on MatouSec's 64-bit Proactive Security Challenge, second only to Private Firewall and then Kaspersky). Norton and McAfee will not protect you (though at least Norton passed the first level of tests).

    Ad-Aware Free is also rather useful for hunting down tracking cookies and other bits of malicious adware. HijackThis and the free version of Malwarebytes' Anti-Malware are rather handy, too. I run them on occasion. Of course, none of those solutions will keep your system clean, guaranteed. Alas, one must practice constant vigilance. Open no links or attachments you aren't expecting. Make sure you cursor over any links your friends send you to see where it is those links lead (any domain names you don't recognize you should Google first) before clicking on them.

    I think that's about all I can offer as suggestions. You can read up on spyware and the like online. There are huge resources out there that discuss these topics at length.

    Sorry this is happening to you. Also as a note, if you're just receiving spam ads in comments, that's noting you need to change passwords over. Everyone gets those. Heck, Mark Coker got a spam comment in his recent Smashwords blog post. That's just spam bots patrolling the net for new places to drop their crap. Turning on moderation or turning off anonymous posting as Lee mentioned should solve that issue. Unless spambots have their own Google accounts these days ...

    ReplyDelete
  5. Oh, and I forgot one thing. Whenever possible, make sure you are using secure connections (https) to login. Facebook has secure login support. I think Google does as well. You'd have to check the help for your regular services.

    Another tidbit: never, ever login to anything important via wireless Internet. I won't bore you with the details, but it's not nearly as secure as people make it out to be.

    ReplyDelete
  6. Weird...I had to take your first comment out of spam Ryan, but the second one had gone through. Oh well, at least I know what to do now. Yes, I already took out the anonymous one, only with ID's can post now. I do use cleaners such as malware bytes and I do it weekly. I also changed all my passwords several times now and none of them are the same. My son said that they can keep your page open and even with the password change they can still get in. He said to contact google and see if they would do a hard shut off and then turn it back on. That should close the page and then only I can open it with the new password. I don't know if they will do that, but it would save me from having to change my address again.

    As far as wireless login's I have to have my smart phone to keep up with my social networking. Otherwise I would never be able too. I have it hooked to my email and facebook. Do you think that might be the issue?

    ReplyDelete
    Replies
    1. That's probably not the issue (though I could be wrong). Smartphones use the cellular network, which has far better encryption. One might even argue that wireless Internet (even so-called "secured" wireless Internet) doesn't have any encryption.

      I'm not certain if your son is correct on that one (again, I could be wrong; I've only dabbled a bit in PHP login systems). While they can keep the page open, I am fairly sure (only from my own experiences with changing passwords) that once the password is changed, you have to log back in (thus they would have to know the new password). I know a lot of secured services will expire all session IDs once the password has changed, thus only allowing new session IDs (e.g., the one that changed the password) to access the site.

      What I say isn't gospel, but it's sure how I'd code it.

      What ads have you been seeing on your site? They aren't new posts under your name, otherwise they'd come to me via RSS feed. I'm just wondering what suggests to you that your account has been compromised.

      Delete
    2. My son works for support.com and does know a lot about this stuff, but maybe he is wrong on this one, I don't know. I hope you are right. The reason I know I am getting phishings is because of a friend of mine receiving it from me. The funny thing is, she's the only one. I don't get why, but she has. I might have to change my address too and change it on all my sites. I would really hate to do that though!

      Delete
    3. See, now that's interesting. One of your friends is receiving e-mails (I take it?) from you that you aren't sending. Unless you've landed on a fake login page for your e-mail account, a cross-site scripting attack is the more likely culprit.

      The most common XSS attack I can think of happened recently (well, not that recently--it was a year or so ago) to a client of mine. I received a few e-mails from her with random links inside, so I knew what happened. I sent her a message to let her know to change her password (just in case) and I deleted the e-mails. What happened for her was that she clicked on one of those links. The link spawned a site with a malicious script, which made use of vulnerabilities in her web browser to send e-mails to her address book.

      The easiest way to get prevent that problem is to make sure you're running the latest version of your browser (I know, boilerplate tech comment) and make sure you don't follow any links from e-mails. Cursor over them to see where they're sending you, copy the shortcut into notepad or something. Only once you've logged out of your e-mail (I generally advise people not to stay logged in) and have closed your browser and opened it again, should you visit any sites. Unless they're sites you know and trust. Though be warned that some sites are vulnerable to attack and can have malicious code without the owners knowing.

      To avoid having your login details compromised, never ever log into something from a link provided to you from a webpage or e-mail. Only login from your bookmarks (and make sure your bookmarks are going to the right place, too). Phishing attacks work specifically because people are good at making a fake login page that looks and feels real (they even redirect the username and password to the real site, so that you're none the wiser).

      Delete
    4. Wow Ryan, I can't believe they go to all that trouble! I really don't understand a lot of this so I guess I will have to get my son to help me. Computer software is not one of my strong suits!

      Delete
  7. Askimet is a good widget that I use to block spam, and so far it has helped a great deal. But if someone is accessing you account, then you need to change it to a very secure password, as well as your email accounts and such. Then in the end, it could be a problem with the hosting site, maybe blogger was hacked or if you have any widgets or graphics on your page they could have carried the phishing link.

    ReplyDelete
    Replies
    1. I've developed an intense dislike for Akismet. They keep finding cause to screen out my blog. Maybe it's partly the blog owners' faults for having controls set too rigidly. Now my solution is to avoid WordPress blogs for the most part and if I do comment on one, I'll comment a few times until the comment goes through. Wastes my time and is very annoying.

      Lee
      Wrote By Rote
      An A to Z Co-host blog

      Delete
    2. A lot of WordPress blogs require the first comment from a poster to be moderated before any others will go through. It's a feature to prevent spam without using plugins like Akismet or a Captcha. I don't recall Akismet's settings off-hand, but I don't know why they'd screen out an entire blog.

      Then again, I don't know why Blogger would consider 95% of my comments here as spam and file them accordingly. :D

      Delete
    3. Porter, you could be correct in the images carrying a phishing link. that's why I no longer add to my pinterest site from my emails.

      Delete
  8. Yes, it's all confusing to me Ryan. I have no choice but to get my son involved and have him clean the computer out really good again. Or maybe I just need a new one!

    ReplyDelete
  9. Um...Lee, don't shoot me, but I do use Akismet, and it has helped (so far) prevent the issues, you Lisa are talking about. With someone like Lee, I can pull his comment out of my spam folder, accept it, and thereafter, Wordpress recognizes (in this case Lee) as acceptable. All other comments by Lee go through without a hitch.

    ReplyDelete
    Replies
    1. I know you have Akismet. You rescued me once and hopefully I'll be okay from here on out. On some WordPress blogs I'll be okay for a while and then they might start screening my comments again and so the process starts again. I wish I knew how I ended up on certain black lists, but just so my blog friends on other platforms and Blogger recognize and accept me I'm fine. Someday I'll go back and complain to the services who have blacklisted me, but it's not all that important to me at the moment.

      Lee
      Wrote By Rote
      An A to Z Co-host blog
      Twitter: @AprilA2Z

      Delete
  10. Lisa,

    Fortunately, I haven't had any if these problems, but I am very careful about what I open. If there is any question at all, I delete it.

    I usually don't comment on Word Press often and stick mostly with Blogger blogs because it is a lot easier and less time consuming to comment. I may also change my settings so that anonymous people can't post though because I have gotten a bit of spam, on one blog and not the other, but it does get blocked for the most part.

    I've got a twitter account, two FB account, 2 blogs , a website, and so far have been okay. (Knock on wood). Things are always happening to my husband's computer. He has pfishing and malware problems and had to totally wipe everything out and start all over several times. He finally put on the FREE anti-virus program I use and hasn't had another problem - yet anyway. I use AVG and have for years and I really like it. It scans my computer every day and checks all my emails. You still need to be careful in what you open and the links you go to. That's just common sense.

    Lately, I've been a bit skeptical about Internet Explorer because they have had so many problems and they are very slow, but my email runs on that, so for now I'm still using it, although I do use Chrome for a lot of browsing and research.

    Sunni

    ReplyDelete