Making Security Awareness Training Effective

by Sage N Clements, Sec+

Now more than ever cyber security (or internet security if you prefer) is important for all organizations big or small. Why? It’s simple. We live in a global connected environment. Data exchange is so prevalent now, that if it weren’t for the visionless radio frequencies making the exchange, we would be literally blinded by all the digital packets in front of us. So if it is so important, why does it seem like security is an afterthought or reactive mindset?

The consensus among most security professionals is that either traditional training methods do not work or that company officers do not value the needs of such training. Although I do believe that both have merit, the latter of the two has improved in the last three years, primarily due to some high profile public breaches. But maybe we are asking the wrong questions. Maybe the approach of “how effective is security training” should be “what can we do to make security awareness training more effective.”

It starts by accepting the fact that a one size fits all mentality does not exist when it comes to teaching. People learn differently and to apply the same methodology to everyone is not the best approach. Some people learn better using an auditory style, while others learn best physically or logically. We need to start taking a more methodical approach and incorporate a variety of learning styles and, this is probably the most important method, tie it to a performance metric that is important to the employee. What do I mean by that? In many of the call centers that I have been involved with over the years, they implemented a QAT or Quality Assurance Team. They were involved with primarily checking the work of the employees to ensure that there were no critical mistakes made with their work. Critical mistakes could lead to costly impacts to a businesses’ bottom line. Each employee would be evaluated approximately 5 or 6 times a quarter and their overall score would be weighed against the rest of their metrics.

So why would this matter, you might say? If quality metrics are weighed high enough, it could impact an employee’s potential for an incentive plan. I recall the days of my fellow colleagues getting heated every time they received a quality score they felt like they didn’t deserve. Despite the difference in opinions, the thing I always remember is that it changed the behavior of that person. Whenever my colleague had to close the call, they did it the right way because it impacted something that they care about, their incentive eligibility.

Coming full circle, why wouldn’t we want to make security awareness training a part of an employee’s performance or quality score? It is just as important to make employees aware of security threats as it is to ensure that they verify a caller or prevent someone from walking into sensitive areas without credentials. Now that we have secured a reason why they should care it time to focus on learning methods.

As I stated prior, people learn differently and the best way to teach people about security is not just focusing on computer based training or videos to get the point across, but incorporating real-life simulations with targeted employees and giving immediate feedback as it happens. A universal example would be tailgating. Tailgating is when an employee badges into a sensitive area, like an employee entrance or production area and allows someone without a badge to piggyback or “tailgate” without using their own access credentials. So when the Simulator has successfully tailgated an employee, they should pull them aside and explain to them with a security guard or a manager present, the importance of ensuring they do not become a victim and suggest mitigation techniques. In turn, the security guard should report the incident directly to the employee’s manager for record and the manager should update the employee’s quality or performance file. Conversely, if the tailgating attempt is unsuccessful by an employee, it is important to let the employee they passed the simulation for two reasons. One, it reinforces positive behavior and two, undoubtable, that employee will echo their experience with other teammates giving off a vigilance effect. This type of experience will appease to those that learn physically, visually, verbally as well as socially (to others). The same thing can be achieved by phishing attempts.

Phishing is a social engineering attack that focuses on deceiving an individual by pretending to be a reputable person or organization. It is commonly deployed by email but other methods include by phone or in person. The goal is for the target to give up their credentials or critical information so that the perpetrator can gain access to sensitive information worth value. One of the most common simulations available is sending an employee a well-crafted email from a source that appears to be legitimate. When the employee clicks on it, the screen opens a series of webpages with loud alert sounds. A splash page follows with the company emblem letting them know that they have just participated in phishing simulation. After they review the information and submit their acknowledgement of the simulation, QAT updates the employee file and the manager is copied for additional follow up. Conversely, if the phishing attempt is reported to the appropriate party (i.e. Designated Security Team or Manager) by the employee or expires (due to employee deleting the email), then the employee and the QAT are made aware. This should appease to those that learn verbally, visually, physically, socially and logically.

Now I know that there are many other learning styles that I may not have accounted for; to my defense, there are many other methods of attack that contribute to cyber security. The point is, that it is important to incorporate different methods with the mindset of what works with a multitude of learning styles. Equally important, is to tie the importance of security with a metric that impacts the employee so that it matters to them. As security professionals, it may be ideal to inquire with the organization if this is currently in place. If not, this would be a powerful recommendations. One of my favorite quotes is by Steve Conrad of Media Pro, “it’s not just about providing security training, it’s about providing educational experiences that change behaviors.”

Have You Prepared for Windows 10?

Nothing is more rewarding than getting something for free and thanks to Microsoft we will not have to wait until the 4Q Holidays. Microsoft has placed a rubber stamp on the release date of their newest operating system branded Windows 10. It is set to be released on July 29^th for a limited time and to select users. For full details, terms and conditions, please visit http://www.microsoft.com/en-us/windows/windows-10-upgrade (external link). The newest operating system is a hybrid of their predecessors Windows 7 and Windows 8.1 and promises to deliver a familiar user friendly environment.

With all new implementations of operating systems, it is always a good idea to take precautions. Here are the three important steps to take while implementing Windows 10:

BACKUP, BACKUP, BACKUP

As with anything you do that is major to your computer, before you upgrade, ALWAYS backup important data and software. Having a backup will ensure that if anything goes south, your data will not be impacted. In today’s day and age, you cannot afford to not back up your data. All too often do we hear the stories that “my screen is cracked and it’s too expensive to get repairs” or “my system won’t boot and I need my data back.” If you are not in the habit of backing up your important information, now is the time to practice new habits.

For those that are on a budget, you can get an external drive from your local electronic store for less than $70 or you can find a great deal from vendors on Amazon. There are also many online backup solution providers that do a great job in automating backups to the cloud.

Once you have completed the backup process, it is recommended that you test the files to ensure usability. There are rare occasions that although uploaded to an external source, the file itself could be corrupted or inaccessible.

Upgrade or Fresh Install?

Now that backups are in place, it is time to upgrade. For the majority that will get the Windows 10 update, they will initiate the process by way of an in-place upgrade while the cautious few (myself included) will do a complete reformat of the system and a fresh installation of the new OS. So, you may be asking yourself, which one is correct. Honestly, there is no right or wrong way to install Windows 10 but if there is one thing we can all agree upon; that is, software is not perfect and glitches happen.

It is always a good idea that before you install a new OS, be sure to have a copy of the ISO file that contains the OS, burned to an external source as a backup. An ISO file is an executable CD/DVD/USB program or application. It will allow the computer to launch directly into the program at startup or initiate the setup process.

For corporate or enterprise environments, it is a good idea to do a fresh installation on a test machine first before fully deploying in a production environment. This will allow you to test all native programs for functionality and compatibility. If the tests are successful, you can create an updated image to automate your new user process.

It is worth noting that there may be instances where a custom software solutions you use will not be compatible with the latest OS. If you run into that issue, contact the software vendor and inquire about Windows 10 support.

Install an Active Anti-Malware and AV Solutions

Lastly, before you start browsing websites, install an internet security suite. It is true that having a Free Anti-Malware (AM) or Anti-Virus (AV) program is better than having nothing at all, but it is strongly recommended that you have an active subscription at all times. An active subscription will ensure that you have the latest protections to the ever growing threats in cyberspace. On the same note, it is always a good idea to schedule full scans and/or boot-time scans if your AM/AV program has that functionality. A boot-time scan will allow the security program to search your computer without any active processes running on your system. This is especially helpful if you have any rootkits or Trojan viruses lurking on your system. Since these types of scans are labor intensive, not to mention time consuming, it is a good idea to automate these scans for times outside of production or normal usage hours.

Freeware Software? Better Click Again!

001 If you weren’t aware, malware is big business in today’s day and age. Now when I say malware, I’m not just talking about viruses and Ransomware, which seems to be all the rave these days; specifically, I’m referring to spyware and adware.

Lately, I have been seeing a lot of machines coming into the shop with advertising pop-ups, browser redirects and various forms of keyloggers running in the background. I ask myself, how exactly is it possible for so many machines to have the same kind malicious software on them.

My research has shown that the majority of the malware my customers have encountered are directly related to bundling software they download unknowingly. Bundling software, also known as deceptive software in many tech circles, is typically software that is downloaded in conjunction with a free program (most of the time) or game. It’s typically denoted by a checkbox in the lower left hand corner of the installation prompt and in small print as an automatic opt-in option.

002

Here is an example of the opt-in check box commonly used when installing Java. As you can see, there is a check box on the lower left hand of the prompt advising the user of the option to install a 3^rd party program and change the default settings. If the user clicks through this screen without properly inspecting it, they are opting into the installation of the said software. By the end of the installation, the system has been modified.

The main issue with the bundling software is that the Freeware or Software publishers the user intends to download from does not do a very good job of vetting the software. Instead they rely on a 3^rdparty vendor to do the screening per their contract. The contract typically states that the 3^rd party will ensure that the software is not malicious in nature, but also includes an indemnification or hold harmless clause to the effect that they are not responsible if the software is harmful in any capacity. That seems to be the extent of the vetting process. This is unfortunate as it does not take much time to test a software package prior to distribution.

Now don’t get me wrong, not all bundling software is consider malicious in nature and there are great companies like Java, who do provide a thorough inspection prior to bundling; but this is not an industry practice.

If bundling software is such a problem, then why do software publishers continue to use it? That’s a great question and it is as simple as saying TINSTAAFL. There Is No Such Thing As A Free Lunch and free software is no exception.

Bundling software is a great source of revenue for software publishers and vendors. It allows them to receive revenue by allowing an advertising vendor or other software publisher to embed their software in the installation process. The freeware is essentially an advertising hub.

Seems pretty harmless for the most part. The only red flag is that in many cases, the software publisher has embedded software in their product that is not fully disclosed to the end-user. Just a lot of ambiguity and warranty disclosures in the End-User Licensing Agreement (EULA), but I digress.

So what’s the answer to prevent your computer from being impacted by malicious software? The easy answer would be to always deselect the bundling options, but honestly, it is not always practicable as it has advantages. Here are some tips that I provide to my customers:

Consider the Source

The best way to ensure that your computer is not impacted is by not downloading software or bundles from sources that are less than reputable. If you are not sure, Google their name or product. If the first entry that comes up is malware or potentially unwanted programs [PUP] entries, then think twice before downloading.

Reviewed Checked Entries or Custom Installation

One thing I forgot to mention is that bundled software is not always downloaded because a user forgets to check the box in the 003 installation screen. There are also instances where the bundled software is hidden within the installation process and the only way to prevent it from installing is by going through a custom installation. Selecting this option will give you a list of all components and software that will be installed on your machine. Deselect all undesirable software packages.

Actively Scan For Malware

It is good practice to have your Anti-Virus and/or Anti-Malware solution scan for infections directly after the installation of Freeware or bundled software. Catching the exposure early can help prevent future headaches. Always keep you’re A/V or Anti-Malware definitions updated.

Passwords Are Still an Issue

After reviewing the Verizon Data Breach Report, it is apparent that passwords are still a problem. Specifically, users are choosing passwords that are easily guess-able or worse, do not change the default passwords of networking devices.

Here are three tips to improve passwords:

Password Complexity

According to an article published by CBS (http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/), in 2013 the top 3 passwords used were “123456“, “password” and “12345678.” Unbelievable!

It should be no big secret, the longer the passwords, the more difficult it is for anyone to guess it (or crack it). Add in some numbers, combination of upper and lower case and a symbol (if possible), will increase your protection 10-fold.

If we take the example that were used earlier for passwords and we made a few tweaks here and there, you would have a more secure password. Let’s explore:

Password: 123456

There are a couple of things wrong with this password. You should never have more than 2 sequential numbers (i.e. 1,2,3) in a row. The password contains no letters or special characters. It would take a script kitty all but 10 minutes to break this password.

We can improve this password by amending it to: K23*l6iM

The first thing I wanted to accomplish was to make sure that I have at least 8 characters in this password. The password length is important. The more characters you have, the harder the password is (traditionally). I also took the liberty to remove the numbers 1,4 and 5 and replace them with special characters and upper case and lowercase letters. In the process, I spelled milk backwards. Clever.

Let’s try one more example.

Password: password

So this one does things right and wrong. The good is that it is 8 characters long. The bad is I can find this word in the dictionary. There are programs in the wild that will allow you to crack a password by going through every word in the dictionary in a matter of seconds. Ordinarily, I would say, change it up by converting it to P@$$WorD or p@$Sw*rd, but these are more common than the word it self (kinda).

The best defense if this is your password is to just change it all together. Make the password at least 8 or 9 characters minimum. Avoid using any words or phrases that you are fond of or that can be found in a dictionary.

Password Managers

Password managers are starting to gain some steam in world where data breach runs rampant. Password managers will allow you to use a program to generate random passwords or store custom passwords in a secure program. Before settling on a password manager program, YouTube or read reviews by others to determine if the product is right for you. Be sure that your master password that you use to sign into the service is complex since this is your first line of defense.

And no more non-encrypted excel spreadsheets. You have been warned.

Change Default Passwords

When I saw the top passwords used in the report mentioned earlier, I asked myself, how is it possible for so many people to be using the same exact password. If I would have to take a guess, I would say these were all default passwords. If you take anything from this post, it should be to CHANGE THE DEFAULT PASSWORD and increase the number of characters in your password.

It should go without saying that the first step when setting up any network device or program is CHANGE THE DEFAULT PASSWORD. I will give you a little secret; the default password is available to everyone on the Internet including my Oma. Leaving the password unchanged is like leaving your car running while you are inside dreaming of sheep jumping fences.

Although this was not meant to be an all encompassing guide to password use, I am hoping this will help generate ideas on securing yourself or your network. We live in an age where data breaches and password dumps are common place. There is no full proof way to keep people from accessing places they shouldn’t, but together we can make it a lot harder.

5 Ways to Improve Your Internet Connection

The degradation of your internet connection can happen for many reason. As we continue to use our machines, we collect e-dust or junk files that are known to slow down computers. If left unintended, your internet browsing can feel like molasses over time.

Here are some helpful tips to improve your internet connection.

Power Cycling Hardware

An excellent way to improve connection performance is to power cycle your network connection. Power Cycling involves unplugging and reconnecting a modem, router and computer for 30 to 60 second time intervals from its power source. Doing so can help reestablish a clean connection between network devices and discharge any static between the connection lines.

Regularly shutting down your computer can help reduce memory leaks which can lead to the browser malfunctioning or applications not opening. If your computer is on a network, restarting your computer after the end of operations is ideal. This will ensure that computer memory is refreshed and admins can still provide updates to computers.

Cleaning Browsing Data and Cache

Another method to improve internet connection is to clear your internet browsing history and stored data (cache). This is often done in the option or tools section of the browser. Cache data is internet data stored in the computer that can later be retrieved for faster loading when you revisit a commonly visited website. The more cache data stored, the greater the network degradation.

Update Operating System and Software

The health of your operating system and software plays a critical role in the performance of your computer. An outdated operating system or software can lead to exploits or configuration problems that can prevent you from accessing the internet. For residential consumers, it is recommended that you utilize the automatic update option for your operating system. For businesses, it is recommended that you update critical O/S updates immediately after testing in lieu of waiting for your patch management schedule.

Front Line Defenses

Hand in hand with the previous section, firewalls, anti-malware, anti-virus and IPS/IDS systems should be updated with the latest patches, definitions or firmware. An outdated system can give rise to configuration and intrusion issues that can have a significant impact on your internet connections. Scan your system regularly and monitor security logs for irregularities.

Homeland Security Ransomware

Today I had my first run in with the infamous Homeland Security / FBI Ransomware. For those who are not aware, it is a form of malware that hijacks the use of a computer at start up and demands the user pay a sum of money, typically $300 from what I have heard from other techs. After selecting a profile to load, a single window pops-up that appears to be a notice from the Homeland Security Department claiming that you have violated internet laws. To further scare the user an “English” Voice blasts the speakers demanding restitution in the amount of $300. I must admit, I was somewhat impressed by the presentation and excited as I have heard that it was pretty difficult to cleanse from your system. I do not take viruses or malware very lightly, but boy was I disappointed as it took little effort to remove this notice from the system.

My first action was to restart the computer and boot into Safe Mode with Command Prompt. Being in Safe Mode allows only the essential applications to run, hopefully giving some wiggle room to un-compromise the system. As I entered the desktop, I used the command prompt to access the desktop using explorer.exe. I let the system run for two minutes before proceeding and I was shocked that the Ransomware did not load (I know I should be thankful). I continued with my action plan by using Windows Restore feature on Windows 7.

Now I have a theory on how this malware works. I do not believe it activates automatically, but is triggered after a certain action has been taking by the user or time elapse, similar to how a Logic Bomb works. Knowing this, I did not go back three days prior when the system was working without a hitch but instead 30 days. I can say with a degree of certainty that this system including its registry was not infected last month, so it’s a safer bet that starting at that point would be okay.

The restoration process took about 10 minutes, but after it was completed and the computer was restarted, everything appear to be right on the outside. For precaution, I scanned the system with Malwarebytes, TDSKiller and did a boot time scan with Avast; after which, I found remnants of some infected files and I removed them (unclear if they were related) and updated Windows.

The entire process took less than 3 hours (with multiple scans) and although I was disappointed on how easy it was to get rid of this version, I learned a very valuable lesson as a tech. Don’t underestimate the use of Windows Restore. Educating your friends, family and clients on keeping updated restoration points on their systems is invaluable. It can solve close to 60% or more of any software troubles that you may have, especially the ones that have altered the registry without the user’s knowledge.

Written by Sage NC

The Dangers of Downloading Apps

Mobile apps are a great way to solve immediate problems that we deal with on a daily basis. Need a flashlight to aid you while you look under the hood of your car? A quick stroll through your local market will reveal a plethora of applications that will instantly turn your device into a high powered sensation. What about converting dollars into pounds? Guess what? With a click of your finger, it can happen. Even apps for dog whistles exist. Let’s face it, mobile apps are a staple of our culture and society. We often get so complacent on using them, that we never consider at what price these illustrious tools come at.

The majority of the applications we purchase on the various markets are free and do not require anything additional in the form of sign ups. That’s great, right? Well consider TINSTAAFLs rule. There is no such thing as a free lunch. What I mean is what is package as free, is often accompanied with a price: your privacy.

Your personal information can be sold to third parties at a decent premium by app developers. This helps to offset the cost of development and is the most widely used method to generate revenue for publishers besides embedded ads.
Many apps that you download can have access to vital and private information including your contacts, phone number, pictures, email addresses, documents and even your camera.

I recall one day, I downloaded a game from the market and within minutes I received an unsolicited text messages for a vacation I recently won and apparently signed up for. Perplexed by this, I uninstalled the application and reinstalled just to isolate the root cause. To my amazement, I received the same solicitation. As I investigated the application’s permissions in settings, i discovered that the application has access to my phone book and my phone number. Needless to say, I had to uninstall the program to avoid my friends and family from being impact.

So what can you do to protect yourself? First and foremost always explore the permissions you are granting an application prior to downloading, especially if you are downloading from an android market. Apple has a more stringent submission process than Google Play at the time of this writing. Ask yourself, does it make sense for this app to access this information; am I comfortable with giving them this access; how reputable is the publisher?

Next, take some time to review the comments left by others who have experienced this app: is there a consistency in the comments; is there anything outside the ordinary that the app should not do; are others uninstalling the app for reasons not related to it’s intent. That valuable information could help prevent you from being exposed.

Lastly, prior to downloading, ensure that you have a popular well known antivirus application on your mobile device that has the ability to scan applications that have been downloaded. Many of these programs have the ability to notify you right away if the application has been marked as malicious or problematic. Some even give you the option to limit the permissions the application has. This is a significant benefit.

Understanding how the app market works is a great step in protecting your privacy.

Keeping Your Computer Clean

Nothing feels better than purchasing your first laptop or computer. From the moment we turn it on, we get enthralled in the post screens, hold our breath during the loading screen and give out a huge exhale accompanied by a smile when the operating system loads. Indeed, nothing is better than purchasing your first computer and nothing is worse than its first break down.

Aside from viruses and malware, many failures of computer systems start from a hardware failure which could be prevented with a little care.

1. Keep vents clear of dust.
One of the easiest ways to prolong the life of your machine is to keep the vents clear of dust. Your computer suctions in a lot of air to help cool the internal component parts within the casing. Avoid using your mouth to blow out dust. Compressed air does wonders providing that you computer is unplugged and you are using it 3 to 6 inches from the vent. Avoid getting any closer as the condensation can damage the computer.

2. Do not place computer on fabric surfaces.
With laptops especially, we sometimes have the tendency to place the computer on our lap or on the bed. Don’t do this. Blocking the vents keeps the hot air in which can damage your motherboard. Many third party stands are available to keep the laptop elevated. This improves the air circulation and best of all you can keep the stand in your lap and the device cost less than $20.

3. When your computer sounds like a turbine engine…
Don’t ignore it. Its time to take it into a shop for some internal cleaning. This sound may mean that there is too much dust inside the unit or the heat has worn the protect paste between the processor and fan. Ignoring this sign could cause you to fork over some major cash for repairs or worse cause your computer to be inoperable.

These are a few basic steps you could take to improve the performance of your computer.

6 Strikes Now In Effect

In late February, several Internet Service Providers (ISP) enacted the Copyright Alert System (

CAS) also known as Six Strikes. The system is designed to deter users who download or access copyright content without sufficient permissions over the internet.

WHAT DOES THIS MEAN TO YOU

If you are a fan of downloading or sharing torrents where the content is copyrighted or accessing sites that enable you to watch content normally accessible by paid methods (PPV); an IP (Intellectual Property) content owner can notify your ISP of your activity and the ISP has the right to take action ranging from warnings, throttling (slowing down) internet connections and potentially terminating service until a user completes a training webinar on the subject .

Most ISPs have not disclosed the details of the action process to the general public.

WHAT CAN YOU DO TO PREVENT THIS ACTION FROM OCCURRING

Educate yourself on what is acceptable by contacting your ISP and having them explain the CAS system to you. The more informed you are in the subject matter the better. Additionally, educate your family, especially adolescence and teenagers who may access the internet without direct supervision.

Written By: Sage N.C.
Tags: #6strikes, #sixstrikes, #CAS, #copyrightalertsystem,

Spam

SPAM

We all get it from time to time. Those unwanted emails that attempt to persuade us to buy prescription drugs or visit a site to be eligible for a vacation package that seems too good to be true. SPAM: and we thought snail mail was bad.

SPAM is typically the unsolicited emails that a user gets in their inbox. Some can be as harmless as driving traffic to a particular site or service; and some can be malicious in nature, sending you to a website filled with infected (virus) files.

No one really likes SPAM and we subconsciously either click links to peak our curiosity or we delete the email as an afterthought. The funny thing about it is that despite our efforts to eradicate the problem, like unwanted rodents, they keep coming back. So what are the risks of SPAM and how do we get rid of it? Although there is no sure fire proof to rid all SPAM, understanding how your email address ended up on a mailing campaign and knowing what viable options you have , can help reduce this pain.

How Do I Get SPAM?

So we start our by asking ourselves? How in the world did I end up on a SPAM campaign? In this day and age where data and content are king….I will touch base on the three main culprits.

1) MOBILE APPS – Free is not always good and often comes with a price. When you download applications from the android or iOS markets, you may be blinding allowing the publisher to obtain pertinent information from your device including your name, phone number, email address and even the contact information of your friends and family.

All this information can be used to solicit products, services and potentially entice you to click on a link to an infected website. I recall an instance in which I downloaded a card game program from the Android Market and within seconds of opening the application, I was bombarded with text messages from unknown numbers telling me that I won a cruise.

2) FORUMS – Another popular way to end up on the campaign list is by posting on forums. Many programs today exist to scan forums for email addresses listed and/or user names of the poster. With the extrapolation of users names, these programs are notorious for duplicating the user name with different domain names in hopes to have reach you or another user with that combination.

3) SOCIAL SITES – Social Media websites are the most prevalent way in our society to take information and use it for SPAM. From the moment you sign up for the service, you are providing your information that can be used to send you unsolicited emails. Furthermore, when you add applications/games (i.e. Farmsville, MafiaWars) to your profile, some of your information may be transferred over to the publisher.

What Are The Risks?

So what is the big idea with SPAM. Some are perfectly harmless, offering products and services based off of purchases you made or interests that you’ve expressed. Others will try to lure you into a website that is design to take information or worse, automatically installing computer viruses, tracking tools or malware on your system.

With Mobile Applications, your contact list may be subject to unsolicited text messages. Before you download an application, make sure that you review what access you are granting the program to. If it is confirms that it has access to your phone lists and text messages, ask yourself if it make sense for the application to have access to it. You may want to rethink or find an alternative program for your needs.

What Can I Do To Get Rid Of It?

So the underlining question is, how do I reduce the SPAM that I receive? Although, there is no sure 100% way to get rid of SPAM, here are some tips that should help you significantly reduce your SPAM:

1) Unsubscribe Vs. Reporting Spam – Most solicitation emails have the option to unsubscribe to their mailing campaign by simply clicking on the link located in tiny print on the bottom footer. I CAUTION YOU, THIS IS NOT ALWAYS THE BEST OPTION.

Some lesser known companies will have the option to unsubscribe but when you select the link, it redirects you to a website that requires you to enter your email address to unsubscribe. When you comply with this direction, many times you are signing up for another service or adding yourself to another SPAM campaign. If clicking the link does not work without other user input, do not proceed further.

RULE OF THUMB: Only use the Unsubscribe option from reputable, well-known companies that you know and trust (i.e. Amazon, Best Buy, Walmart). If it is a company or email address that you are not familiar with, mark the email as SPAM, so that your email provider can filter this from the server. Many email providers rank different domains based off of users reporting SPAM to them. So do your part.

2) Choose Users Names Different From Email – Many online users are notorious for using the same user names as their email address. For example, JohnSmith posted on a forum. His user name may be extracted from a SPAM bot in which they will send emails to various common domains (i.e. @yahoo, @gmail, @aol, @msn), in hopes of getting a hit. Then off to the races.

3) Explore Privacy Settings – All social sites have a privacy policy that will tell you how your information is being used. It is generally located at the bottom right of the main website.

Just because you signed up with a social media service with every privacy option unchecked (opt-in), doesn’t mean that you cannot go back and opt-out. Access the account or privacy settings. There are generally a list of different options and explanation how this will affect you.

As always, if you feel like your system has been compromised, contact us for a PC Health check.

TAG: #SPAM, #EMAIL, #PRIVACY, #UNSUBSCRIBE, #VIRUS, #ANTIVIRUS