Commbank Phishing Email

Another phishing email doing the rounds. This email purports to be from the Commonwealth Bank, and advises that there has been “an unusual number of invalid login attempts” and that you will need to “Confirm that you’re the owner of the account”.

The login button, of course, does not link to a Commbank website but instead redirects to a convincing looking phishing website.

Commbank Phishing Website

The good news is due to a certificate error, most users will probably receive this screen instead.

Always take care when clicking links in emails. A link can be created to say one website but link to another.

For example: This URL should link to this website. Take a closer look at the link. Where is it linking to?

Hovering over a link with your mouse will show the URL that will be opened.

Suspicious links can be scanned using a website such as Virus Total.

Windows Updates February 2017

UPDATE: February Security Updates will be included with March Update 2017.

Traditionally Windows Updates are installed on the second Tuesday of each month (or the Wednesday that falls after the second Tuesday of each month for us Aussies). This month’s patches will be delayed after some last minute issues were discovered.

This month’s patches will include an update for a 0-day vulnerability in SMB which is the file sharing component of Windows.

Most computers will automatically update Windows each month, but my advice is to do a manual check to ensure that Windows Update is working correctly and patches are installed. Malware is known to disable Windows Updates as a method of staying persistent on your device.

Free tools to help keep your PC secure

While computer security seams hard, it doesn’t have to be. I recently wrote a post with 7 tips to stay secure online. This post is a follow up with some additional tools that can be installed to help keep your PC secure.

These tools are not a replacement for your Antivirus. They are designed to run alongside your current AV to ensure you are getting the best protection. My recommendation for paid AV is ESET. If you are short on cash, I would stick to Microsoft Security Essentials.

OpenDNS –  OpenDNS is free for home users and improves your Internet Services Providers DNS by adding web filtering/content blocking, identity theft protection, and the ability to monitor what is happening on your network. OpenDNS can be setup in your home router to protect your entire home network.

This is simple to set up; You create an account with OpenDNS, select the categories you wish to block, and then upgrade your routers DNS.

DNS (Domain Name System) is a service that translates domains names, i.e., into IP address, i.e. Computers talk in IP addresses, which is hard for us Humans to remember, hence DNS. OpenDNS blocks these untrusted IPs so that your devices are unable to access them.

Cybereason RansomFree – Ransomfree is a tool to help protect against ransomware. It creates and monitors several groups of files on your machine. If these files are modified, Ransomfree will attempt to neutralise the attack.

Ransomware is a nasty kind of malware that encrypts the user’s data, requiring payment to have the files decrypted. If you are hit with ransomware, there is no guarantee that paying the ransom will result in the decryption of your files. My advice to recover from ransomware is to reinstall windows, and restore from a backup.

Ransomware is often delivered via email and installs on your device via macros or by taking advantage of vulnerabilities in software. My previous post outlines how to avoid these kinds of attacks.

Microsoft Malicious Software Removal Tool – A free tool from Microsoft that is downloaded and run each month as a part of Windows Updates. While this runs each month it only performs a quick scan.

I recommend running a full scan once a month. This can be performed by:

  1. Holding the Windows Key and Press R
  2. Type in ‘MRT’ (without quotes) and press Enter
  3. Confirm the UAC prompt to allow the software to run as administrator
  4. Click Next, Select Full Scan, and then click Next again

You should see the version (in form of Month Year) at the top of the Window. If this doesn’t have your current date and year you may have to run Windows Update to install the latest version. If ‘Patch Tuesday’ for the current calendar month has not yet happened, then of course you will still be running the previous month’s version.

For more articles visit our Tech Tips page.

Computer Maintenance & Repairs, Custom Built Computers, Laptops and more.