How do you make sure you're protected online?

Last week, Epsilon, a Dallas, Texas based company that handles mass-email marketing and communications for some of the world’s largest banks and corporations, sent out a notification and press release explaining that they had experienced a security breech into their customer database which exposed millions of personal records to a unauthorized entity.  Many of you may have already received notifications from the companies you work with on a daily basis explaining this issue. 

Although these companies send out very nice and calming notifications with verbiage such as:

“We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

We want to assure you that (financial institution) has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.” 

This was not a very finite event.  Although Epsilon is downplaying it stating it was only email addresses and names, and they only exposed 2% of all of their records, realize that Epsilon handles marketing information on a massive scale for companies such as: 

1800-Flowers
Best Buy
Capitol One
Chase
CitiBank
Hilton Honors
JP Morgan
Marriott Rewards
US Bank
Walgreens

And that is just a small sample of the dozens of their clients that were affected.

Or should I say, of their clients’ clients that are affected?  Ultimately this lands on each and every one of us that has done business with these companies and provided our names and email addresses in the course of doing business with them. 

What does this mean for you?

Obviously, first and foremost this means your security online has been compromised.  Perhaps not in a way that directly can lead to identity theft, but as an end result, it is a possibility.  Expect increased spam, phishing emails and virus attacks as a result of this.

At best you’ll get a letter acknowledging there was a problem – neither Epsilon nor their clients are offering any solutions or remediation and seem to be doing nothing more than analyzing the scope of the damage.  In essence, they are making this your problem to deal with as they work at fixing the security issue that caused the exposure.

Your security, as always, is your responsibility!

What should you do?

Epsilon and their clients can assure you all they want that nothing really important was stolen – just your name and email address – but for those that stole the information, you can bet their intentions are to get as much personal information as they can.

Act with extra caution when clicking links in emails or opening any emails from unrecognized sources.  If you receive and email from someone you know that looks suspicious but you’re not sure, pick up the phone and call them to verify what it is, or simply send an email to their address in return (not a reply!) asking them what it is and if they did indeed send it.

Be sure you are using a good quality desktop security software that offers aggressive spam and phishing filtering, web threat prevention and proactive internet security features – and make sure you keep it updated and the subscription active!  Our recommendation is Trend Micro Internet Security.  It is a lightweight but robust security platform that you can trust.

Change your passwords.  According to Epsilon passwords weren’t stolen, but do you really want to take the chance that they’re 100% accurate regarding that?  Besides, most of us use the same passwords for email, bank accounts, on-line shopping, etc. and our email address is almost always our login ID.  If the bad guys can get one of your passwords either through a phishing scam or Trojan download, it could expose much more than just your email address to them.

And as always, if you have questions call us.  We are indeed concerned about your security and are more than willing to answer your questions or inspect any suspicious emails you receive.  If you already suspect you may have a Trojan, spyware or other malware on your system, bring it in to us for our flat-rate PC Tune-Up service.  We’ll diagnose any issues your system may have and make security recommendations to keep you safe.

If you’re concerned about your network security or have multiple systems, schedule an on-site appointment with one of our technicians and we’ll come to you!

Remember, security is your responsibility – trust the professionals to make sure YOU are as secure as you need to be!

Security Alert is a post from: @ Blog

Trend Micro Internet Security will provide you real-time security information on your search engine results. Click for a larger image.

One thing that never fails to impress me about the human spirit is the out-pouring of support, assistance and over-all sympathy when tragedy strikes.  World wide, people come together and do or give whatever they can to help those in a time of crisis.  In the aftermath of the devastating earthquake that has stuck Haiti, humanity has once again come together to show how generous and supportive we can be.  And as the internet makes the world smaller, this assistance can be delivered faster than ever before.

Of course the opposite side of humanity often comes to light as well.  There are those who plan, scheme and seek to take full advantage of the outpouring of generosity for their own gains.  With internet technology at their disposal these schemes can be rolled out quicker and take more from unsuspecting victims; people looking to help those in need.

So what are these schemes?  What should we look for, be wary of and most importantly, how do people keep themselves and ultimately those who need help from becoming the victims of these scams?

1. Fake charity or malware sites.

Scammers know those who want to help but might not know where to go are likely to go to Internet search engines for advice.  Fake charitable organizations are springing up online faster than dandelions in a spring meadow.  These scammers use a technique known as Search Engine Poisoning to get their sites to the top of the search engines quickly.  Although they may not stay there, the majority of search engine users tend to trust the top search results as being the most relevant and therefore legitimate organizations.  This gives the scammers precious time at the top of the ranks to dupe as many users as possible.

Our suggestion – always go the extra step to verify the organization you’re looking to donate to is legitimate.  Nothing saves time, money and aggravation better than doing your homework and gathering all of the information before taking action.  Stick to charitable organizations you know such as the Red Cross (www.redcross.org) or contact your local government for information on any grass-root efforts in your area.

Also, a quality security application such as Trend Micro Internet Security will actually provide you with information as to which search engine results have been verified as legitimate, scams or those that have not been verified yet.  Please see the graphic in the article for a demonstration of this feature.  This will give you a good first indication if the site is for real or just out to make a buck.

Or something worse.

2. Twitter tweets and traps.

Many see Twitter as a reliable source for breaking news and information, but just as many legitimate companies use Twitter for marketing purposes, scammers use it to market their fake charities as well.  Using Twitter accounts, target links are spread in an effort to make them look like official charities or news sites related to the Haiti crisis.  This is exacerbated with the use of TinyURL’s that can easily hide a shady link.

Again, be sure to verify the source and destinations of these links.  If in doubt, don’t send the money.  Seek out a reputable organization that you know and trust.

3. Spam and Phishing galore.

Spammers know due to the outpouring of concern over the happenings in Haiti, e-mail users are more likely to open messages with “Haiti” in the subject line.  Many of these are messages designed to appear as though they are sent by not-for-profit or charitable outreach programs. Others use “Haiti” subject lines as a disguise for the usual online pharmaceutical sales, dating-sites or links to other malware infested websites.

As you know, malware sites containing rogue anti-virus programs, Trojans and key loggers are set up to steal user information and potentially damage computer data.  These nefarious attempts at identity and financial theft can be even more dangerous and damaging than fake charities.

It is important to remember that unless you have supplied your email address and signed up to receive newsletters from charity organizations online, they will not send you solicitations for donations.

And as always, keep a reliable and updated security application on your PC and use common sense.  Do not open emails or click links on emails without verifying the source first.

4. Haitian money scam.

Like the infamous Nigerian Money Scam or 419 scam, e-mails from supposed Haiti Earthquake victims that paint a grim picture of life and suffering in Haiti, begging for assistance are becoming more prevalent.  These e-mails generally include a very convenient link to send donations as well.  In most cases the link directs the user to a malware site that will infect the user’s computer with Trojans or key loggers.

As in all cases, common sense and a good mail filtering security program is still your best defense.

5. So-“phish”-tication.

Phishing attempts are becoming more sophisticated.  We’re all pretty used to seeing the horribly written phishing and spam emails, wrought with misspellings and grammatical errors.  New phishing attempts detected are sophisticated emails impersonating reputable charities such as the Red Cross.  These lengthy emails include data and statistics that compel the reader to donate immediately to help the victims of Haiti and other disasters.  However, the spoofed links in the email lead back to fake donation sites of profiteers or malware sites aiming to steal identity and personal information.

All the same suggestions apply here – charities such as the Red Cross will not send e-mails asking for donations unless you’re already on an e-mail list with them.  Keep your security software updated and avoid clicking links in unsolicited e-mails.

When in doubt Aspire Technology Solutions has security experts on staff that can answer your questions and even check on the legitimacy of e-mails and websites.  We also carry a wide range of security products for businesses and home PC’s that can be purchased on-line and downloaded for immediate use.

We are all concerned for the victims of the earthquake in Haiti, but our assistance needs to be directed to the organizations that can provide help to those that need it.

Top 5 Haiti Scams is a post from: @ Blog

What is the CAN-SPAM Act?
The CAN-SPAM Act is a law put into place to set rules and necessities for commercial email. Rest assured that any business with good intentions can easily follow the requirements of the CAN-SPAM Act without sacrificing newsletter content or volume.

1. Clearly identify who you are.
Use an accurate originating domain name and email address that will identify the person or business that is sending the newsletter.

2. Use truthful and accurate e-mail subject lines.
Be sure that the subject of your e-mail reflects the content of the message that is being sent out and doesn’t attempt to trick the recipient into opening the email.

3. Identify the e-mail as an ad or newsletter.
This is pretty straightforward and recipients will appreciate it. Be honest about what you are sending out!

4. Include your valid postal address.
Tell people where you are located. This can be your business street address, a PO Box registered with the U.S. Postal service for your business or a private mailbox that has been registered to receive commercial mail under Postal Service regulations.

5. Provide an option for recipients to opt out of receiving future emails.
It is vital that you and your business respect the wishes of those you are sending e-mail advertisements to and always provide an easy to find explanation of how they may choose to no longer receive e-mails from you.

6. Do not delay in honoring opt-out requests.
If a recipient chooses to no longer receive e-mails from your business, it is imperative that their request be met. Your newsletter manager must be able to process opt-out requests at least 30 days after the newsletter has been sent. An opt-out request must be honored within 10 business days.

You may not charge them a fee, request any personally identifying beyond an email address, or force them to take any other steps other than sending a reply email or visiting a single page to make their opt-out request. You cannot sell or transfer the email addresses of people who have opted out of receiving emails from your business.

7. Be sure to monitor what others are doing on behalf of your business.
If you decide to hire another company to take over your business’ e-mail marketing, your business will still be held responsible for whether or not your advertisements comply with the law.

As I mentioned above, even as you ensure that your e-mail advertisements comply with the CAN-SPAM Act, the receivers of your newsletters may still be less than pleased to see your e-mails in their inbox.

Trust is beyond essential when it comes to the relationship between a business and its clients. Having your newsletter disregarded as spam does a lot to damage that trust.
There are a few guidelines you can apply to your e-mail advertisements to both respect your customers and avoid being labeled as spam senders.

Just as you must provide an “opt-out” option, provide an opt-IN option as well.
Offering a clear option to receive newsletters from you business is arguably the best way to build a list of clients who WANT the information your e-mail advertisements provide.

Be honest about how many e-mails you send out.
A person may be interested in receiving newsletters from you, but not want to receive an e-mail every week. Consider creating different e-mail advertisement campaigns and providing options (weekly or monthly) that people may choose from to ensure that they are receiving exactly what they would like.

Above all, respect the requests you are sent!
If a user asks to be removed from your email list, honor their request. We have all felt the frustration of repeatedly asking to be removed from a call list only to get more calls from the same company. Disregarding requests to opt-out will quickly lead to your business being reported as “a spam sender”

Effective e-mail advertising can be boiled down to one simple rule:

Always provide information to those who want it, and do not bother those who don’t.

Interested in sending out newsletters? Aspire Technology Solutions provides fantastic Newsletter applications included in our Hosting packages. Click here to learn more!

Newsletters or Spam? is a post from: @ Blog