March 2020: What do you understand about Phishing

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

How to Recognize Phishing

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message.

Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may

  • say they’ve noticed some suspicious activity or log-in attempts
  • claim there’s a problem with your account or your payment information
  • say you must confirm some personal information
  • include a fake invoice
  • want you to click on a link to make a payment
  • say you’re eligible to register for a government refund
  • offer a coupon for free stuff

Test your skills here about phishing 

Phishing Quiz

Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.

  • The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
  • The email says your account is on hold because of a billing problem.
  • The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
  • The email invites you to click on a link to update your payment details.

While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information. And they can harm the reputation of the companies they’re spoofing.

How to Protect Yourself From Phishing Attacks

Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. Here are four steps you can take today to protect yourself from phishing attacks.

Four Steps to Protect Yourself From Phishing

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:

  • Something you have — like a passcode you get via text message or an authentication app.
  • Something you are — like a scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

What to Do If You Suspect a Phishing Attack

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?

If the answer is “No,” it could be a phishing scam. Go back and review the tips in How to recognize phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.

If the answer is “Yes,” contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.

What to Do If You Responded to a Phishing Email

If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.

How to Report Phishing

If you got a phishing email or text message, report it. The information you give can help fight the scammers.

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at [email protected]. If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.

Cited From 

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Phishing Org

Compiled and approved by the Technical support Department

Read More security,

February 2020: Mobile Hotspot not working in Windows 10

If you cannot turn on the WiFi mobile hotspot and you see a message We can’t set up a mobile hotspot, Turn on Wi-Fi on your Windows 10 PC, here are a few suggestions that will help you fix the problem.

Mobile Hotspot not working in Windows 10

We can’t set up a mobile hotspot, Turn on Wi-Fi

The Internet is something which we need everywhere, if not the mobile data and broadband; we need the hotspot from someone. While the mobile hotspot is a very convenient option, it sometimes shows the configuration errors.

A mobile hotspot is a technology that lets you share your internet connection with other devices using the WiFi feature.

Windows 10 comes with the option to create Mobile Hotspot.  But if you cannot turn on the WiFi mobile hotspot and you see a message We can’t set up a mobile hotspot on your Windows 10 PC, here are a few suggestions that will help you fix the problem. There are several reasons which can lead to such errors in connecting with mobile hotspot. But, before we start with the fixes of these errors, the very first thing recommended is to check the connection with some other device so that you know that the issue if with your hotspot settings in Windows PC or in the device you are connecting.

The second thing recommended is to check if the internet connection is working properly or not, is it your system or the connection itself is creating the problem.

Well, if these two checks are done and you still aren’t able to get it connected, check the following fixes-

1] Run Network Adapter Troubleshooter

Windows 10 PC comes with the troubleshooters for all your issues, do check with it first and classify what exactly is the error.

  • Type Troubleshoot in the search bar of your PC and open the Troubleshoot settings.
  • Scroll down the right pane and select ‘Network Adapter’ and click on ‘Run Troubleshooter’.
  • The PC will then start checking for the possible errors and will possibly detect the issue.

2] Update the driver

If you are a regular PC user, you must know that the outdated drivers often create issues in the functionality. Thus it is advised to update the Network adapter driver if you are facing the issues in connecting your mobile hotspot.

To update the driver, you need to open the Device Manager.

  • Type Device Manager in the search box and open it.
  • Go to the Network Adapters.
  • Select your Network Adapter from the list and right-click.
  • Select Update driver
  • Once done with the update, reboot your PC.
  • Check if it resolves the issue of your mobile hotspot.

3] Change Adapter Settings

  • Open Mobile Hotspot settings on your PC.
  • Press Win+I to open Settings and go to Network and Internet.
  • Scroll down the left pane and select Mobile Hotspot.
  • Go to ‘Related Settings’ from the right pane and click on Change adapter options.
  • Identify your mobile hotspot adapter, right-click and go to Properties.
  • Open Sharing tab and Uncheck “Allow other network users to connect through this computer’s Internet connection”.

4] Check Registry settings

Type Regedit in the Start menu and open Registry Editor. Right-click and select Run as administrator. Now navigate to the following registry key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters\HostedNetworkSettings\

Right-click on HostedNetworkSettings in the right pane and select Delete.

These are some of the fixes for the most common errors while connecting mobile hotspot on Windows 10. Do let us know if you have some other fixes to add to the list.

Compiled and checked by the technical support department, and cited from the windows club

Read More Computer,

January 2020: How To View Saved Wifi Passwords In Android (2 Methods)

First Method: Using Apps

1. Using File Managers

Step 1. First of all, you need a file explorer that gives you the read access to the root folder. If your default File manager doesn’t give you the read access to the root folder, then you can install Root Explorer or Super Manager which will grant superuser permission to you to access the system folder

Step 1. Go to data/misc/wifi folder, and you will find a file named wpa_supplicant.conf.

How To View Saved Wifi Passwords In Android
How To View Saved Wifi Passwords In Android

Step 2. Open the file and make sure to open the file in a built-in text/HTML viewer for the task. Now in this file, you will be able to see the network SSID and their passwords next to it.

How To View Saved Wifi Passwords In Android
How To View Saved Wifi Passwords In Android

Now note down the network name and its password. In this way, you will be able to view all saved WiFi passwords on the Android device.

Note: Please do not edit anything in wpa_supplicant.conf as it can alter your device working or it will have the effect on your Wifi connectivity.

2. ES File Explorer

Step 1. Download and Install ES File Explorer App on your Android device and open the app.

Step 2. Now you need to enable the “Root Explorer” option in ES File Explorer.

ES File Explorer
ES File Explorer

Step 3. Now you need to move to the Root folder in ES File Explorer, and you need to find a directory called “Data.”

ES File Explorer
ES File Explorer

Step 4. Now under the “Data”, you need to locate the folder “Misc”

ES File Explorer
ES File Explorer

Step 5. Now under the WiFi folder, you need to locate the file with name wpa_supplicant.conf. Simply open the file with ES File Explorer’s built-in text/HTML viewer.

ES File Explorer
ES File Explorer

Step 6. Now you can see all your SSID (network name) along with PSK (Password) next to it and close the file.

ES File Explorer
ES File Explorer

That’s it! You are done, this is how you can find saved WiFi password using ES file explorer.

Other Apps:

Well, just like ES File Explorer there is plenty of other third-party file manager app available for Android that can be used to access the root directories. Below, we are going to list down 2 best file explorer apps like ES File Manager that can be used to open the wpa_supplicant.conf file to view saved wifi password.

1. Root Browser
Root Browser
Root Browser

Root Browser is one of the best and full-fledged file manager and root browser app available on the Google Play Store. The best thing about Root Browser is that it allows users to access the root directories. Not just that, but Root Browser also includes an SQLite Database Editor, APK Analyzer, multi-pane navigation and much more. So, Root Browser is another best file explorer app that can be used to view saved wifi passwords.

2. X-plore File Manager
X-plore File Manager
X-plore File Manager

X-plore File Manager is one of the best and most advanced file explorer app available on the Google Play Store. To edit the wpa_supplicant.conf file, you need to have a rooted Android device. Some of the advanced features of the X-plore File Manager includes Root, FTP, SMB1, SMB2, SQLite, etc. Not just that, but X-plore File Manager also supports SSH file transfer and SSH shell.

2nd Method: Using Wifi Password Recovery (Root)

Wifi Password Recovery is a free tool that requires root access to recover saved passwords in your Android smartphone. You can use this tool to backup all your wifi passwords on your device

Wifi Password Recovery Features:

  • LIST, BACKUP & RESTORE all network’s (WiFi) password saved on your device!
  • Show SSID and Password on fullscreen (for easy viewing and sharing with others)
  • Copy WiFi Password to Clipboard (to be able to paste anywhere)
  • Show QR Code (to another device scan and access the network)
  • Share password through SMS or Email

How To Use Wifi Password Recovery?

Step 1. You need to download Wifi Password Recovery app on your rooted Android smartphone.

How To View Saved Wifi Passwords In Android
How To View Saved Wifi Passwords In Android

Step 2. After you installed it, you need to grant the Root Permissions.

How To View Saved Wifi Passwords In Android
How To View Saved Wifi Passwords In Android

Step 3. Now you can see all your saved wifi passwords listed with SSID Name and Pass. If you want to copy the password just tap on the network and then select “Copy password to clipboard.”

How To View Saved Wifi Passwords In Android
How To View Saved Wifi Passwords In Android

That’s it you are done! This is the easiest way to know saved WiFi passwords in your Android smartphone.

3rd Method: By ADB Commands

Android Debug Bridge (ADB) is just like CMD for Windows. ADB is a versatile tool that allows users to manage the state of an emulator instance or Android-powered device. Through ADB, you can execute commands through the computer to your Android device to perform sets of tasks. Here’s how you can use ADB commands to view saved WiFi Password on Android.

Step 1. First of all, download the Android SDK Package on your Windows computer and install the .ext file.

Step 2. Next, enable the USB Debugging on your Android device and connect it with the computer via USB Cable.

Through ADB Commands
Through ADB Commands

Step 3. Next, head to the folder where you have installed Android SDK Platform Tools. Now on your computer download & install ADB drivers from adbdriver.com

Step 4. Now from the same folder hold the Shift key and right-click inside the folder. Click on the ‘Open Command Windows Here’

Through ADB Commands
Through ADB Commands

Step 5. To check whether the ADB is working or not, enter the ‘ADB devices’ command. It will list the connected device.

Step 6. Next enter ‘adb pull /data/misc/wifi/wpa_supplicant.conf c:/wpa_supplicant.conf’ and press Enter.

Read More security,

December 2019: Distributed Denial Of Service (DDOS) Attack Mitigation

DDOS attack mitigation services matter to businesses. DDOS attacks are a common thing now, and not even a day passes by that you don’t hear about another DDOS attack. Cyber hacking attacks use malicious codes to change the computer code, data or logic in order to steal or manipulate the data, or to crash a system.

DDOS attacks are different from hacking attacks, but DDOS mitigation services matter for businesses because they can prevent the overwhelming a website that would otherwise put a business's website offline to customers.

Since most enterprises and businesses today operate on a technology-dependent network, these breaches can seriously compromise the system and the data security of the entire organization. And not only of that organization but of the people who rely on and use services of that organization as well.

What is a DDOS attack?

A distributed denial-of-service (DDOS) attacks are one type of cyberattack that renders the websites and other online services unavailable to its users. A DDOS attack is an attack where numerous compromised systems attack one target which in turn causes a so-called ‘denial of service’ for users using that system. The incoming messages from these compromised sources cause the system to basically shut down.

How is DDOS different from the DOS attack?

Before we move on, let’s see how these two differ. In a DOS attack, an attacker uses one internet connection to either take advantage of a computer’s vulnerability or send an overwhelming flow of fake requests so as to cause a server to crash by exhausting its resources.

Distributed denial of service (DDOS) attacks, on the other hand, are carried out from various connected computers. There is usually more than one person involved and since the attacks are coming from more than one device at the same time it is more difficult to dodge the attack. DDOS attacks target the network in an attempt to overwhelm its resources with immense amounts of traffic.

How does a DDOS attack happen?

In this type of attack, a perpetrator can use your malware-infected computer (and many more malware-infected computers) to remotely target another device.

An attacker must first hijack computers by installing malware to remotely control them. This is accomplished by exploiting a target computer’s disadvantages, such as a low-security system or other weaknesses they can find. Then, through these computers, they can send system overwhelming amounts of data to the target website or system overwhelming amounts of spam to a particular email address or addresses.

It is called a ‘distributed’ attack precisely because the attacker is using several computers, including yours, to trigger the DDOS attack.

What are the main types of DDOS attacks?

The Internet has played a leading role in economic rise and prosperity, but everything great comes with a price. One such price is the rise of the DDOS attack, which stands for Distributed Denial of Service. DDOS attacks have evolved over the years and today there are various types of DDOS attacks.

There are many different acronyms and terms which can sometimes be confusing. But that’s why we are here to clear the mystery for you.

Let’s take a look at the most common and most dangerous types of DDOS attacks:

UDP Flood

Image Source: DDOS-guard.ir

A User Data Protocol Flood (UDP) attack floods the ports on the target device with IP packets that contain UDP datagram – which is a connectionless networking protocol. By flooding the random ports on a remote host, this type of attack is making the host device to listen for applications on those ports and respond with an ICMP packet. This eventually dries out the sources and renders the system inaccessible to its users.

SYN Flood

Image Source: hackforums.net

This type of DDOS attack focuses on the “three-way handshake” – a defect in the TCP connection sequence. Syn Flood – aka TCP SYN, uses this weakness to exploit all the resources of the target server, therefore, making it unavailable. What basically happens here is that the perpetrator sends TCP requests extremely fast and the target device can’t process them which causes the crash in the system.

Ping of Death

Image Source: hackerstreehouse.net

Ping of Death attack or POD happens when the offender sends malicious or oversized pings to crash or freeze the target device. The maximum length of the IP packet is 65,535 bytes. However, there are limits to maximum sizes per each frame, so a larger IP packet always has to split between many IP fragments. But when POD strikes, since the fragments are malicious and oversized, the target machine ends up with packet bigger than 65,535 bytes which in turn causes the device to freeze or stop working.

Slowloris

Image Source: Infosecinstitute.com

Slowloris attack is a powerful DDOS attack where a single device can take down a whole web server. This type of attack is simple yet extremely effective as it requires minimal bandwidth to target the web server, without harming other services and ports. As the name itself indicates, Slowloris is slow but steady. Slowloris is known to be used by many ‘hacktivists’ to attack government websites.

NTP Amplification

Image Source: cisco.com

NTP Amplification attack is basically a type of reflection attack – only amplified. In this type of attack, attackers elicit a response from the server from a fake IP address. The attacker uses the publicly accessible Network Time Protocol (NTP) servers to attack and overwhelm the target UDP (User Datagram Protocol) traffic.

Cited from Identity Theft Scout by the Technical Support Department.

Read More security,

November 2019: Enable These Hidden Security and Performance Features in Chrome 79

Chrome 79 is here. Before you do anything else, click the triple-dot icon in the upper-right corner of your desktop browser, click on Help, click on “About Google Chrome,” and summon that update for your system. (Go ahead and update your Android or iOS apps, too.)

While that chugs along, here’s a quick look at all the different settings you can tweak in order for Chrome 79's new performance and security enhancements to work. These settings are vague and, in some cases, completely buried, so it’s worth spending a few minutes to check and make sure you’re set up to take advantage of Chrome 79's latest tweaks.

Password Leak Detection

This feature, previously an extension, then a website, now runs a quick check whenever you type a new login into Chrome. Assuming you’re signed in to your Chrome account first, look for the “Warn you if passwords are exposed in a data breach” option in the Sync and Google services section of Chrome’s settings. If you don’t see it there, it’s possible you don’t have it yet; Google is rolling this feature out because that’s how Google does things.

Illustration for article titled Enable These Hidden Security and Performance Features in Chrome 79

Screenshot: David Murphy

If you’re impatient, like me, you can type chrome://flags into your address bar, search for “password leak,” enable the detection feature and restart your browser. You should then see this setting appear in the aforementioned “Sync and Google services” section of your settings.

Real-Time Phishing Protection

While you’re probably smart enough to avoid websites that are blatant misrepresentations of actual websites you’d want to visit, it never hurts to have all the protection against phishing you can get. You never know when some websites might be just clever enough to confuse you into giving up your account credentials or payment information.

While Chrome already comes with built-in phishing protection, Google is making it even better in Chrome 79. As the company describes:

“Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases.”

To make sure you’re getting these phishing updates as quickly as possible, you’ll want to enable the ambiguous “Make searches and browsing better” option in the “Sync and Google services” section of your Chrome Settings.

Freeze unused tabs so they stop sucking your system resources

A fun new “tab freezing” feature in Chrome 79 will help prevent your browser’s overflowing tabs from running background actions and eating up your CPU. They’ll still use system memory, so be diligent about how many tabs you really need to keep in your browser. This automatic “freezing”—which kicks in after five minutes of inactivity on a tab—won’t happen unless you flick on a Chrome flag, though.

Illustration for article titled Enable These Hidden Security and Performance Features in Chrome 79

Screenshot: David Murphy

Pull up chrome://flags and search for “Tab Freeze.” You’ll then see a number of options in the drop-down menu:

  • Enabled
  • Enabled Freeze - No Unfreeze
  • Enabled Freeze - Unfreeze 10 seconds every 15 minutes
  • Disabled

I’d keep the setting on “Enabled” myself, but if you want your browser to temporarily “warm-up” sites at a regular interval, try the third option.

Speed up page-loading times when skipping forwards or backward

This little gem, which I found in a report from ZDNet, allows Chrome to load pages from its cache whenever you click on the forward or back buttons in your browser (or do what I do, and let your gaming mouse’s extra buttons send you back and forth in your history). This should help the page load even faster, and all you have to do is enable this little flag in your browser: chrome://flags/#back-forward-cache 

Heed Google’s warning, though: “NOTE: this feature is highly experimental and will lead to various breakages, up to and including user data loss. Do not enable unless you work on this feature – Mac, Windows, Linux, Chrome OS, Android”

Cited by the Technical Support Department from LifeHacker  

Read More internet,