Bnpositive's Blog

You are here: Home / Archives for malware

malware

By 1 Comment

Can You See the Red Flags in This PayPal Account Phishing Attempt

PayPal Phishing Email Screenshot
Click Image to Enlarge

It still surprises me the number of people that get taken by these types of spam emails, normally leading to malware installs, identity theft or other annoyances of life in the digital age. For me I hardly ever click on links in an email if I'm not expecting the email from someone already in advance. Even then I take a few quick seconds to scan the email and look for anything that seems fishy to me. Or should that be "phishy"?

Can you spot all the issues with this email I recently received:

  1. Misspelled the name of the company in the sender's name "Paypl service"
  2. Spammy looking email address! - this isn't always a reliable tell-tell sign to watch out, but more often than not it should give you a heads up. In this case the account name (prior to the @ symbol) seems odd, and in this case the server the email is coming from is also pretty sketchy looking
  3. Not always a red-flag (sadly) but there's numerous instances of letters being capitalized in the body of the message that shouldn't be if following standard grammatical rules
  4. Although not an alert all by itself, anything I see a link that's formatted as a button, I know there's opportunity for the things to be hidden, in this case we look at where the link is going to go by hovering over the link with our mouse in the browser and our browser telling us where in the bottom-left-hand corner
  5. Look at that link! //cat.jp.as.criteo.com/ now I'm going to stop right there because it's interesting to note that "Criteo" is a legitimate advertising platform, so these spammers appear to be either absolutely tracking their efforts of success or potentially spoofing this further to obscure their ploy. Taking a further look at the remaining part of the URL you'll see another website address being include after the "?r=" query string. That leads me to believe that link is being redirected even further to help cover their tracks

Here's another quick Public Service Announcement for you, don't just go clicking on links in emails even when they look like they're coming from legitimate sources. 

In this case, if you did indeed have a PayPal account and you were worried about it. Go to their website directly by opening your browser and typing in the URL of the company directly and visiting the site that way. Login to your account and see if there are any warnings or alerts posted there. If the company has a chat feature for support, send them a chat and have them verify if there are or are not any issues with your account that need to be addressed.

By Leave a Comment

Great Marketing Strategy Nag Screen From Avast

When's the last time you were impressed and surprised by a company's marketing strategy towards you?

I'll admit it. If there's a free piece of software that works for me I will use it. And use it, and use it, and then some! I used Microsoft Defender and Windows Security Essentials for forever as my anti-virus and anti-malware services. And yes, they always worked well for me. I've never had a reason to not continue using them as I had been for years.

Well, with Windows 10 at some point I got the Avast free antivirus software installed and as before I've continued to use it because it seems to work fine for me, although I do miss my previous software installs.

Avast software includes them regularly nagging me about my PC running slow and they can improve it and blah-blah-blah. I usually click through the upgrade notifications and warnings and go along my merry way. I'm an above average computer user and can just take care of most of those things myself. It's amazing what regular maintenance activities and being aware of what's getting installed on my machines to begin with can make a difference.

Getting Surprised and Impressed by Avast

This evening though, as I was clicking through the screens to say "No Thanks" the screen featured below popped up.

Avast Sign-up Nag Screen for Marketing Strategy

This is a great piece of marketing strategy work in my opinion. They've taken the usual motivations for "No" and clearly give you reasons to trust them and give them a try while reinforcing the low-risk and zero price commitment barriers. 

As you've probably experienced, you'll sign-up for a trial of something and before you know it the trial is over and you just got your account cha-chinged for a charge you really weren't prepared to confirm in the budget that month.

Key Marketing Strategy Points

Here are the key points I believe in this marketing strategy messaging above:

  • I'm reminded of the issues my PC was experiencing that this software says it will fix. In my case that's 445 performance issues (a personalized total for me as a customer)
  • Reminder that I can take advantage of the 60-day trial completely FREE
  • If I like it, on 11/04/2019 I will be charged the 1 year subscription rate (I frequently put reminders in my calendar now a couple of days ahead of these kinds of dates to remind me to take care and cancel it if I don't want it)
  • Additionally, they're letting me know (because of my behavior in the previous point) they're going to alert me a week before the deadline to cancel so I don't get surprised and irritated at them for automatically renewing my subscription.
  • Additional reminders via text
  • Nice comforting green color

I Might Actually Upgrade to the Premium Version

I'm actually pretty close to giving it a try and just seeing how I like it, and most importantly, did it clean-up those 445 performance issues and actually speed up my computer for me? One thing they left off that I think would have been beneficial, and it probably would be included in that email 7 days before! They've got an option to save more if you subscribe for 3 years at a time. It works out to $1.69/mnth billed at just over $60 for the 3 years.

What's not said in this advertisement is that this probably saves Avast a ton of headaches as well. Their customer service reps are probably tired of fielding calls, emails and online social media complaints about getting auto-billed and renewed for services.

When's the last time you put your customer's shoes on and thought about their experience with you and your company? Ask yourself how you'd like to be treated if the roles were reversed?

What would your sales and marketing processes look like then?

By Leave a Comment

Beware Siri: How Hackers Attack Smartphones

Apple iPhone 4s Siri

Until recently, your smartphone has been a private place. Your apps, personal information, and contacts, were all safely stored within a locked screen. However, hackers never sleep. There is always someone, somewhere, hard at work on the next big breakthrough. And now hackers have it.

In order to avoid becoming a hacker's next victim, you've got to be informed of the latest system vulnerabilities and keep your software updated. There are also companies on your side, who constantly guard against the malicious intent of hackers. Stay updated by checking their social networks for news.

Here's a recap of recent events, including a look at how hackers gain access to your phone.

Headphone Hack

While this may be less of a hack and more of a malicious trick, you'll never keep your headphones in your phone again. A French government agency discovered they could control phones with silent (to the human ear) radio waves that your iPhone's Siri, or your Android's Google Now, would identify as voice commands.

If you leave headphones plugged into your phone, hackers can use those headphones as an antenna, which makes your phone more easily hacked. With this technique the hacker can make your phone download malware, send phishing scams through email, Facebook, Twitter, and other social network sites, or even have your phone call theirs, turning your phone into a listening device.

There are some limitations of this hack, ones which you can take advantage of for your protection. The plugged in headphones mentioned above, only work with this hack if they have a built-in microphone. And if your phone doesn't have Siri or Google Now enabled from your lock screen, the hacker can't access the program he needs. Most phones require the user to press a microphone button on the screen before they speak, which enables the voice command options.

Other Hacks to Watch For

MSpy is a surveillance app that tracks all received and dialed calls. It collects all texts, photos, and emails, and also monitors web history. The drawback of this app is that the person who uses it must have access to your phone. If you keep a healthy password on your lock screen, you should be in the clear.

Have you noticed all of the free charge stations in airports, malls, and other tech stores? Well, be careful where you plug in your phone. A USB charge station is a direct line of access. Some free charge stations have been outfitted with malware that is downloaded by your phone as soon as you plug in. Experts estimate that your phone is compromised within one minute if you use a malicious plug.

Beware of free Wi-Fi. Though coffee shops like Starbucks offer free Wi-Fi, tread carefully. A hacker can set up another Wi-Fi hotspot of their own and title it something similar, for instance, “Starbucks 2.” Some people will probably connect, and as soon as they do their phones are open for attacks. The hacker can then load malware on their phones which attacks email and personal contacts, which in turn sends out phishing schemes for money and more personal information.