Tuesday, May 21, 2019

Awesome Screenshot: Screen Video Recorder

Screencast, record screen as video. Screen capture for full page, annotate, blur sensitive info, and share with one-click uploads.Capture all or part of any web page. Add annotations, comments, blur sensitive info, and share with one-click uploads. Now with free desktop capture! 

Awesome Screenshot is the highest-rated screen capture & image annotation tool on Chrome with over 2 million users! As a way of thanking our user base, we no longer offer in-app purchases. Previously premium features are now completely free. 
The default option for saving an image is now storing the image on awesomescreenshot.com with no time limit. 

Check out our new Awesome Screenshot website @ www.awesomescreenshot.com to experience our new image hosting, sharing and point-specific feedback features. It’s the easiest way to communicate with your images!

Tuesday, May 14, 2019

What is a phishing attack?

Phishing is by far the most common “hack” used to steal passwords, take over accounts, and enter systems without authorization. It is mostly a social engineering attack, rather than a true hack in the technical sense. As such, it is far harder to defend against.

Phishing can occur through any channel: via telephone, email, a web page, or even in person. In short, it is an attempt to trick you into revealing a secret (such as your password or any other data).

The word phishing refers to the term fishing, as in “fishing for passwords,” and is possibly a portmanteau of phone and fishing. It’s also likely related to an early hacking term, phreaking, as phishing was already a common social engineering tactic even before the rise of the internet.

The symbol <>< was used to signify stolen or phished information on online forums, as it was hard for bots to detect or block it, thanks to its resemblance to valid HTML code.

How to defend against phishing attacks

The core of any phishing attack is usually the inability of humans to easily authenticate each other. Computer systems are also often not made with authentication problems in mind, and it takes a significant amount of effort to properly validate cryptographic signature schemes.

Telephone phishing

Verifying a caller’s identity can be difficult. Numbers that show up on caller ID are easy to spoof, so even if the phone number of the authorized person is known or saved in the phone book, there is no guarantee the person on the other side of the line is who they say they are.

Only calling back the number is sure proof it really belongs to the caller, but even then it’s important to verify the number by looking it up on the internet or in a telephone book. You can also consider it verified if it was collected in person, for example, via a business card.

Banks, governments, or courts will hardly ever call you to request personal information. If they do, ask for the caller’s name, title, and department, then call back with a publicly listed and available number of that institution.


Phishing emails are by far the most common threat. Attackers will send legitimate-looking emails from financial institutions, governmental organizations, or generic schemes like lotteries to trick a user into visiting their website.

The attackers may set up a fake banking website, for example, that looks real enough and will prompt the user to enter personal information. Such a phishing site might ask for passwords, credit card details, or generic personal information for use in identity theft schemes.

The most robust way to verify the authenticity is PGP, though few individuals and sites have it set up.

As a rule, one should not click links in emails, especially not those in unexpected correspondence. Instead, users should navigate to the website directly and follow prompts there. Use the forms on the website to communicate with support staff.

Phishing sites might impersonate a site that the victim regularly visits. They might also simply be used to trick the user into calling a fake customer support number or to solicit credit card details from users, for example, by notifying them of a lottery jackpot.

Victims of phishing sites are often funneled to the sites using four distinct channels:

  • Emails: “Account verification required.”
  • Advertisements: “You’re the lucky winner!”
  • Typo-squatting: googel.com instead of google.com
  • Search engines: “You searched for your bank, here is your ‘bank’”

To avoid falling victim to a phishing site, it is a good idea to always check the URLs of the sites you visit and, ideally, only navigate to them using saved bookmarks.

Using a hardware two-factor authentication method is also a great way to protect yourself from phishing, although not all sites offer this. Some password managers can also help you identify phishing sites, as they will only auto-fill your passwords into sites they’ve previously authenticated.

Be careful with your personal information

Emails pressuring you to “verify your account” or to “keep your account open” are almost always phishing attempts intended to stress victims into clicking links and entering information in haste.

When receiving such emails or phone calls, keep calm and wait until you are back at a device that you are comfortable with, such as your desktop computer at home or your primary smartphone.

To mitigate vulnerability to phishing attacks, use bookmarks, password managers, and hardware two-factor authentication tokens. And finally, don’t hesitate to verify information, and always mistrust emails, advertisements, and phone calls.

All credit for the article: https://www.expressvpn.com/blog/what-is-a-phishing-attack/?utm_campaign=social&utm_medium=social&utm_source=tw&utm_content=blog

Tuesday, May 7, 2019

Top 10 Tips for Strong Internet Security

Tip #1: Only sites with HTTPS are secure!

URLs beginning with ‘http://’ are NOT secure. Sites with ‘https://’ are using a combination of Hypertext Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol, meaning that the session between your browser and the web server is encrypted. Without HTTPS, bad guys can intercept your session using tools like Firesheep.

Tip #2: Use security questions whose answers are impossible for others to guess

Security questions are useful when we forget our passwords and need to reset them. In fact, when signing up for email accounts, most of us unthinkingly put in truthful answers to easy questions, like, “What is your mother’s maiden name?” or “What’s the name of the town in which you were born?”

But have we ever stopped to think how easy it is for bad guys to find the answers to those questions? We share so much of our personal lives on the internet; it’s actually very easy for bad guys to find our security answers on the internet, and to reset our passwords without permission. In fact, a reporter from the Washington Post was able to hack her brother’s iCloud account in three minutes using information that was guessable or findable on the Internet.

Instead of answering security questions with obvious answers that people can find using search engines or from reading your online profiles, try answering with irrelevant answers mixed with numbers. Of course, make sure you remember the answers in the event that you ever get locked out of an account and need to use your security question!

Tip #3: Don’t use the same password for all your accounts

Obviously, it’s easy to remember one complex password and use it across all of your accounts. However, this leads to the possibility of one service being hacked and the hacker using this password to attack your accounts with other services.

Try using suggest using a password manager like 1Password, KeePass and LastPass to generate and keep passwords (we also have a random password generator). These password apps can create random, indecipherable strings of alphanumeric characters as passwords and help store them for you on your different devices.

If your online service (i.e. email, online storage, bank) offers 2-step verification, you should definitely use it.

Tip #4: Keep your operating system and all your software up to date

Operating systems such as Windows and Mac regularly send updates for users with software patches and so on. While it may be tempting to close popups reminding you of a new update, you should be updating as soon as you’re able to protect against the latest security vulnerabilities.

You should also keep your other software up to date. The best tactic is to turn on automated software updates on all your apps—this applies to your antivirus software, email apps, browsers, and so on.

Tip #5: Be careful when accessing public WiFi

Unfortunately, a lot of people don’t know that when you are sitting in your favorite coffee shop, accessing your favorite sites with free Wi-Fi, you’re at risk of having someone intercept your data.

Unprotected free Wi-Fi is a breeding ground for hackers to intercept and access your personal data. Before you connect to public Wi-Fi, turn off file sharing on your computer. If you’re on public Wi-Fi, don’t sign into anything requiring a password UNLESS you’re connected to a VPN.

Tip #6: Be careful what you write on social media

While social media is getting more and more popular, sites like Instagram, Twitter, Pinterest and Facebook are great for keeping up to date and letting your friends know what you’re doing and where you’re going. However, this information is gold for criminals. Accepting friends you don’t know personally could mean giving a hacker unfettered access to information about your family, your friends, where you live, and what you buy/read/do. Yikes.

Tip #7: Delete suspicious email attachments

Have you ever received an unsolicited email? Chances are, you have. The majority of people know that if you receive suspicious links or attachments from random strangers, you shouldn’t open them and should delete them straight away. However, if you receive a strange attachment or link from a friend, you should still do the same.Hackers often send dangerous malware by hacking someone’s email account and sending emails to the victim’s contact list. If you ever receive a suspicious email from a friend, you should email them and tell them that they are likely a hacker’s

Hackers often send dangerous malware by hacking someone’s email account and sending emails to the victim’s contact list. If you ever receive a suspicious email from a friend, you should email them and tell them that they have likely been hacked. In addition, tell them they should change their password and turn on 2-step authentication ASAP.

Tip #8: Don’t plug strange things into your computer

Not only can malware spread through virtual means—but it can also be spread through hardware! Users of USB sticks, external hard drives, and even smartphones are not immune from malware. The nefarious BadUSB malware is a case in point. Before you plug anything into your computer, make sure that you know exactly where it came from and what else has been on it. Only plug in things from trusted sources.

Tip #9: Never lose your device

So you’ve loaded your computer and smartphone with all the latest security software, changed all your passwords, and turned on 2-step verification. But what happens if you lose your computer or your smartphone? If you lose your device, all your emails, photos, and personal data could end up in the hands of someone who’s up to no good.

Don’t let this happen to you! Password protect your lock screen, use a brightly colored case so that you can’t lose it, and back up your data regularly. Turn on device location or use a third-party anti-theft app in case the unimaginable happens. The best, of course, is to always be vigilant about your hardware and never lose it, period.

Tip #10: Know where you’re downloading apps from

For maximum safety, only download apps from 100% trusted sources—for example, the Apple app store, or the creator of the software itself. When installing apps, make sure you know the permissions you’re giving them. For example, does that time management app really need access to your camera and contacts?

One more easy win – make sure your computer or device is configured so that downloaded apps need to be opened manually. You don’t want to download an executable file and have it automatically open on your machine without your consent!

At the end of the day, knowledge is a powerful tool. Maintaining good internet security requires a combination of taking care of your software and hardware, and using some good old fashioned common sense.

All credit for this article goes to: https://www.expressvpn.com/internet-privacy/guides/top-10-tips-strong-internet-security/