Bnpositive's Blog

You are here: Home / Archives for hacking

hacking

By Leave a Comment

How to Spot Malicious Emails in Your Inbox

Malicious Email Example

Just a quick and hopefully helpful blog post to help you know what to look for in emails that you believe are suspicious and maybe malicious in nature.

For this email it states that it's from USPS.com and regarding delivery a package where they're suggesting money may be due upon receipt or before they will finalize getting the package to you.

  1. The "Friendly Name" of the email address says "USPS" but if you look at the actual email address you'll notice the actual email address is palmbeachpools@ns1007092.ip-92-204-136.us via palmbeachpools.com. Doesn't really look like an email address that would be coming from the USPS right? There's your first clue. Also, it says "via palmbeachpools.com", which is stating what email server sent the email.

    Now I'm sure the owners of palmbeachpools.com are upstanding citizens in their community, but pretty certain they're not letting the USPS.com use their email servers as a business decision or gesture of good will.

  2. Looking at the general content of the email, things look like they could be legitimate. However, if you hover over the button link in the email they're wanting you to click on, you'll see they're directing you to that palmbeachpools.com website again and into a suspicious looking directory that's probably been hacked on their server and contains code that will do the malicious things they've designed this email to instigate.

As a general warning, don't click on things in emails received that you're not expecting to receive. Even if it appears to have come from a legitimate source. Do a couple of quick checks on things like this and make sure there's nothing that looks suspicious. I personally never click on an attachment in an email that I didn't specifically ask to have sent to me by someone that I'm expecting, so that's a pretty good tip too if you're prone to fall for this kind of stuff.

By Leave a Comment

Beware Siri: How Hackers Attack Smartphones

Apple iPhone 4s Siri

Until recently, your smartphone has been a private place. Your apps, personal information, and contacts, were all safely stored within a locked screen. However, hackers never sleep. There is always someone, somewhere, hard at work on the next big breakthrough. And now hackers have it.

In order to avoid becoming a hacker's next victim, you've got to be informed of the latest system vulnerabilities and keep your software updated. There are also companies on your side, who constantly guard against the malicious intent of hackers. Stay updated by checking their social networks for news.

Here's a recap of recent events, including a look at how hackers gain access to your phone.

Headphone Hack

While this may be less of a hack and more of a malicious trick, you'll never keep your headphones in your phone again. A French government agency discovered they could control phones with silent (to the human ear) radio waves that your iPhone's Siri, or your Android's Google Now, would identify as voice commands.

If you leave headphones plugged into your phone, hackers can use those headphones as an antenna, which makes your phone more easily hacked. With this technique the hacker can make your phone download malware, send phishing scams through email, Facebook, Twitter, and other social network sites, or even have your phone call theirs, turning your phone into a listening device.

There are some limitations of this hack, ones which you can take advantage of for your protection. The plugged in headphones mentioned above, only work with this hack if they have a built-in microphone. And if your phone doesn't have Siri or Google Now enabled from your lock screen, the hacker can't access the program he needs. Most phones require the user to press a microphone button on the screen before they speak, which enables the voice command options.

Other Hacks to Watch For

MSpy is a surveillance app that tracks all received and dialed calls. It collects all texts, photos, and emails, and also monitors web history. The drawback of this app is that the person who uses it must have access to your phone. If you keep a healthy password on your lock screen, you should be in the clear.

Have you noticed all of the free charge stations in airports, malls, and other tech stores? Well, be careful where you plug in your phone. A USB charge station is a direct line of access. Some free charge stations have been outfitted with malware that is downloaded by your phone as soon as you plug in. Experts estimate that your phone is compromised within one minute if you use a malicious plug.

Beware of free Wi-Fi. Though coffee shops like Starbucks offer free Wi-Fi, tread carefully. A hacker can set up another Wi-Fi hotspot of their own and title it something similar, for instance, "Starbucks 2." Some people will probably connect, and as soon as they do their phones are open for attacks. The hacker can then load malware on their phones which attacks email and personal contacts, which in turn sends out phishing schemes for money and more personal information.

By Leave a Comment

How to Identify Hacked Email Links

I don’t know how many times I get emails from family and friends that have received emails themselves where they clicked on a link and it took them somewhere they didn’t want to go, or they ended up getting some kind of malware or virus installed on their machine.

I receive emails like these myself, but I’ve just taken for granted I guess at my ability to quickly see hacked links and avoid them. Alghough

Hacked Email Link

In the link below, if you just take a few seconds to look at the link you’ll see that the first part is for a website you’ve probably never heard of, and thus should be distrustful. Then you’ll see the more familiar reference to the CNN News website. This part is included to get people to think it’s a legitimate link. The other think to be aware of is that most of the time, periods are not included in urls except for before the top-level-domain extension (.COM, .NET, .ORG, etc.) and right before the final file name (.htm, .html, .php, .asp, .aspx, .php, etc.)

Long story short, if you see a link that looks like this, DON’T CLICK IT! Just delete the email.