Mac Scareware – UPDATED
I hate to even mention the two words together – Mac scareware. Something about it makes me feel dirty. Inevitably, it was going to happen. Here’s how to spot the bogus “application” and not get sucked into the scam.
Gmail Spam and You
Lately, there has been a rash of spam coming from (apparently) compromised Gmail accounts. How the spammers are getting in is beyond me since I’m not watching your Gmail account 24/7/365. There have been two types of spam (that I’ve seen first-hand) – one with a single, clickable link in the message and another with a single, mal-formed link in the message. The mal-formed link looks something similar to this:
http%3A%2F%2Fsuche%2Doptiker%2Ede%2Fimages%2Fass%2Ephp
This is actually a message from a compromised account. Obviously, you can’t click on this link since the sender didn’t format it correctly (or their sending program obfuscated the link.) Good job by you, evil-doers. Not exactly the brightest of folks if they’re trying to take advantage of people and their message is garbled on send.
Fighting Back
Since it’s not exactly clear how your account was compromised, all you can do is try and clean up after the spammers. Since I’m most familiar with (and have access to) Gmail, I’ll walk you through how to change your password, kick out the spammers and lock down your account (given you don’t go and give away access to your account again by visiting some less-than-honest web site or service.) Other email providers should have similar capabilities available to them, you’ll just have to browse through the various settings for yourself.
Change Your Password
This sounds rather obvious, but it is necessary for me to tell you since some people don’t think about this. At any point in time you think any online account is compromised, the first thing you should do is change your password. This locks evil-doers out (assuming they’re not currently logged in and they’re not taking advantage of some unforeseen backdoor in the service you’re using online.) Yes, you’ll have to change the password on all of your devices and email programs or applications, but there’s no sense in leaving the front door unlocked for the spammers to keep walking in and using your account. Just think of it this way, if you’ve got to manually change the password on your devices and software, so do those guys – except they don’t know what the new password is.
Log in to your Gmail account and head to Settings (or Mail Settings as Google is adjusting the behavior of some of their account layouts) in the upper right hand corner of your browser window. Once you’re in your Settings, choose the Accounts tab (third from the left.) The first item in your Accounts settings should be Change Account Settings. Click the link and it will open a new window or tab (depending on your browser settings.)
Gmail's Accounts Tab
Kick Them Out
Activity Information
I’ve scrubbed my IP addresses from the graphic, but you’ll get the idea. All of my logins came from Illinois (which is correct), but your may not read the same. I do know if I check from AT&T’s cellular network, the IP address will show up from New York. Just be aware and don’t get too alarmed at that. What you’re looking for is a login from outside the United States (or something outside of your country if you’re reading this from outside the U.S.) The countries I have seen in hacked accounts include Chile (twice), the Dominican Republic and Macedonia. These were obvious red flags since the user(s) has not been to those countries today (or ever.) You may want to take note of the IP address listed in the Location (IP address) column.
The button at the top of the window, Sign out all other sessions, is the key to kicking out the spammers. Clicking this button will close any open session (except for your current one) and force you (and them, if they want further access to your account) to log in again. Since you’ve already changed your password, you’ve effectively killed off spammer access to your account.
Locking Down Your Account
Browser Connection
The last item of business is to lock down your account. More precisely, you’re going to lock down how you physically access your account. Head back to the Settings (or Mail Settings) in the upper right hand corner of your browser. We’re going to be working in the General tab, so you don’t need to head anywhere once inside the settings. The fifth item in the list should be Browser connection. Now, since I’m using Google Apps, I’ve already forced all the users in my domain to use HTTPS to access their accounts, but there’s a good chance if you’re a regular Gmail user, this option isn’t selected for you. By selecting the Always use https option, you will be forcing connections to your account over a secure connection every time you access the account. If you need more reinforcement as to why this is a good idea, read up on the Firesheep plugin for Firefox.
Where to go from here
Now that you’ve locked down your Gmail account and regained some of your dignity (you may still want to apologize to your Gmail contact list), you may want to think of other accounts you have that were using that same password. Facebook? Twitter? Online Banking? You may want to stop reading this guide and go and change those account passwords right now.
I know for a fact Twitter and Facebook now have added the ability to enable HTTPS sessions to access your account, and most other social networking and email providers have, too. Head to your respective account settings and have a look around and be sure to enable HTTPS whenever you can. Yes, this may seem to slow down your access and use of your account, but the security benefits are more than worth it.
If you should have any questions or further concerns, please contact me. I would be more than happy to help you.
Squaring up
As most of you may know, I’m a geek and follow way too many things going on in the world of technology. When the opportunity arose to be able to process credit cards with my iPhone using a sweet app and card reader from Square, I jumped on it right quick. Needless to say, I was enamored with the simplicity, ease of use and downright high geek-factor.
Then the opportunity presented itself to join Square’s Inner Square program and help spread the word of the awesome goodness this company was dishing out. The only wee-little problem with joining the program was Square was limiting it to 100 people across the country. I figured, why not? They must have felt the same way.
Read more »
Workflow: Computer Hardware and Software
Sorry for the long lapse in getting the next installment in the workflow series out the door. Holidays, work and sickness have kept me busy. Enough of the excuses and on to more important matters – my computer hardware and software setup for photography. Let me get this out in the open right away – I’m a Mac guy through and through. While some of the things I will discuss pertain to Mac and Windows users, a good majority of this post will be Mac-focused.
Workflow: Camera Gear
The first installment in my Workflow series is going to focus on the camera gear I use for shooting sports and why I chose the items I have. First and foremost, I’m a Canon shooter, so if you’re a Nikon shooter, I’m sorry, but you’re going to have to draw your own parallels (if there are any) to your hardware and settings as I don’t have any experience to go off of with Nikon hardware. With that said, here we go…