What Are the Dangers of Spam?

Spammers can send email that includes viruses, worms and Trojans that infect your computer. Not all viruses crash your computer, some are set up to spy on you when you are online. They can track what sites you visit and copy your username and passwords and send them back to the spammer/hacker. You are then left vulnerable to an even larger threat. Identity theft.

Some of these viruses attach themselves to your computer’s operating system and prevent you from removing them. They often work undetected and can only be removed by completely reinstalling the factory settings, or visiting your local computer guru.

The easiest way to stop spam is not to sign up for anything you don’t need. If you do need to sign up for something that requires an email address, use an alternate email address, so your primary email address stays as spam free as possible.

If you want to take things to the next level and get a secure email address from a company like Spam Arrest and the only email you’ll receive is from the members on your white list.

You can improve your email security even further with an encrypted email service like Pronton Mail; in addition to their Spam Filters, they have many advanced features to please even the most security conscious. The setup of all the advanced features can get very technical, though once it’s all set up correctly, it’s just as easy to use as any other web based email account.

How Are Companies Getting My Email Address?

A company can collect email addresses and forward them to affiliated partners. Here are some of the ways that companies are getting your email address.

Personal Homepages

Just about everyone has a homepage. Almost every internet service provider (ISP) offers you a place to put up your own website, but many people also include their contact information. This is not a good idea. Spiders are continually crawling the web and harvesting email addresses from websites that provide contact information.

Harvesting software searches the internet for the @ symbol. In searching for it, they recognize that this is likely an email address and therefore it leaves you open to receive their spam. By harvesting as many addresses as they can, spammers simply use the law of averages. The more email you send, the more responses you get.

Once you reply to spam, you announce that your email address is monitored and you’ll likely get even more spam. Then, spammer 1 sells your address to a network of other spammers and your inbox turns into a depository for penis enlargement and breast implant emails.

Registration Forms

Nearly all registration forms that you fill out can lead to spam. Sometimes there is a box that you can check if you do not wish to receive emails from the company or its affiliates. Unless you want to receive email from them, you should click the box. If you don’t get an option, you may want to forget the registration all together.

This registration spam also applies when you are registering a new piece of software. Many companies tell you that registering allows them to keep you informed of any product upgrades, but they also use it to send you advertising.

Contest Entries

An easy way for companies to get your email information is to post contests for things that you want to win. Of course, to enter, you must provide your email information so that they can notify you if you win. This also applies to gift offers and subscriptions.

Before signing up for a contest, check the company that is promoting it. Some of these contests are legitimate, and some of them are set up specifically to get your email address. It’s a really tricky business. The prize may not always be worth the amount of spam you receive.

Using a Password Service to Protect Your WordPress Site

It seems all we talk about is creating strong passwords and if you are like most people, you create a password that you thought was solid only to find out it is not. What’s the solution? Using a password service is a great way to create a strong password and protect your WordPress and other sites.

There are a number of these services – A few that come to mind are LastPass, Keeper and Dashlane’s password manager; in fact David Pogue of the NYT calls Dashlane’s password manager “life-changingly great”. You install the software on your computer and it will create these wild passwords that are up to 50 characters and really just look like gibberish. What’s even better is that it memorizes them for you, because there is no way you could remember these passwords. Then to keep all those passwords secure you use a master password. That way even if your passwords are stolen the hackers are going to need the master password.

A good master password needs to be strong – in fact it’s critical because all your other passwords lay in the balance of this. Follow as many password rules as you can and this one you need to memorize along with any passwords needed to access your computer.

You will need to be patient as it takes time to transition your entire life online to a password service. You’ll be surprised at just how often you use passwords. Think about it – every time you login somewhere you use a user ID and a password. Getting the system up and functioning completely can be a real challenge, but stick with it, because eventually you will be far more secure and have way less passwords to remember.

You should actually have a password service for your mobile devices and your desktop devices. These are different and will require two different downloads and if it’s a paid service two different purchases.

If you really want to boost your password security on WordPress use more than one password. Have a two factor authorization. This means that your login will require two parts of information. For example, your password and something you know. It provides an extra layer of protection in a number of applications including Twitter, Apple, Dropbox and Google.

Today is a good day to get started with your password service!

Making Sure Your WordPress is Securely Installed

Often the One-Click installs offered by many web hosts don’t install the latest version of WordPress, so after installing it, check to see if it’s the latest version and then do an update if needed. Also check the default themes and plugins and update them if necessary.

The next thing you need to do is take care of security issues on your site. WordPress has a plugin called iThemes Security Pro (formerly Better WP Security), that lets you change certain WordPress features to make it more difficult for the hackers to gain access. Be sure to take advantage of this tool to give you the best chance at a secure WordPress site.

iThemes Security Pro will let you:

* Change the default ‘Admin’ username to something different
* Lock entrance to the admin at specific time periods
* Change your admin user ID from 1 to something different
* Ban users based on the IP addresses
* Automatically email your database backups to yourself
* Change the URL you use to login from wp-login to something different
* Change your WordPress directory files from wp-content to something different
* Change your database prefix from wp_ to something different
* Check the number of hits on 404 pages and lock the user out if they are excessive
* Track any file changes
* Limit the number of times you can login attempts with the wrong password

And there’s more.

One of the easiest ways to get through a site’s security is with their password. Many don’t take the time to create solid passwords because they claim they take too much time, but compared to the time it will take you to attempt to rebuild your site, it seems like such a small price.

When you are creating a password:

Every password should be at least 15 characters
Every site should be different
Is strongest if it is not an actual word
Is strongest if it is a mix of special characters, lowercase letters, capital letters and numbers.

Regular Backups

The last thing you need to do is make sure you are taking regular backups of your site files and database(s). That way should the unthinkable happen, you will at least have a backup safely stored away, which will certainly reduce your stress.

One of the most popular plugins for doing this is called UpdraftPlus. This will create a backup and then upload that backup to Dropbox for safe keeping. You can also email that backup to yourself. That’s because the Dropbox plugin keeps only one backup, so sending to yourself allows you to keep many versions.

Get busy, add your plugin(s), change your passwords, make your backups and make your site as secure as possible.

How You Can Protect Your WordPress Site from Hackers

These days your WordPress website security is no laughing matter – in fact, you could say it has become downright treacherous as more and more people come to find themselves left with the devastation of a hacker. Rather than being a statistic, now is a good time to take action and do what you can to protect your WordPress site from hackers. Let’s have a look at a few things you can do.

#1 Protect Your wp-config.php
This is an important WordPress file and so you will want to make sure it is protected. You can hide it so it is not available for public view just by putting a few lines of code into your htaccess file.

<Files wp-config.php>
order allow, deny
deny from all
</Files>

Add this code and it will stop the wp-config.php file from being visible to public users and makes it harder for hackers and robots to spot.

#2 Never use “admin” to Login
One of the most common mistakes is to leave the default ‘admin’ as your login to your WordPress sight. This needs to be changed right away as this is dangerous and allows hackers an advantage. It’s very dangerous leaving ‘admin’ as your login.

#3 Use SFTP
Most people use FTP to upload their files, but you really should use a Secure FTP connection – SFTP. That way when you send your files they will be encrypted.

#4 Using the Login Lockdown Plugin
Login Lockdown plugin will make sure that you remember your password. Every failed attempt at logging in is registered along with the person’s IP address and it will block the ability to login from different IPs if the login has failed after the set number of attempts, which you control. The default setting is 3 failed logins within 5 minutes per hour. You have the control to remove the blocked IP address from the plugin panel in your WordPress dashboard.

#5 WP-DB Backup
You need to have backups regularly not just now and then when you think about it. UpdraftPlus is a plugin that will do this for you and then it will send your backup to your email address and/or store it on the server. An offsite backup is wise because should your site be hacked it gives you the best chance of getting things up and run quickly.

There are plenty of things you can do to make your WordPress site more secure – these are certainly a good start!

Phishing For Your Identity

Who hasn’t received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you’ve conducted business with in the past. So, you click on the convenient “take me there” link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been “phished”.

Phishing (pronounced as “fishing”) is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.

It is not at easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The “From” field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company’s website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the “From Field” can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information. A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

Trojan Horse – Greek Myth or Computer Nemesis?

We have all heard the term Trojan Horse, but what exactly is it? A Trojan Horse is a destructive program that masquerades as a harmless application. Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive. One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses but instead introduces viruses into your computer.

The Trojan can be tricky. Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus? Or, even more frightening, you receive an email that claims to be alerting you to a new virus that can threaten your computer. The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their “free”, attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable. You proceed to take them up on their offer and download the software. In doing so, you have just potentially exposed yourself to a massive headache and your computer to a laundry list of ailments.

When a Trojan is activated, numerous things can happen. Some Trojans are more annoying than malicious. Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons. The more serious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware such as viruses, spy on the user of a computer and secretly report data like browsing habits to other people, log keystrokes to steal information such as passwords and credit card numbers, phish for bank account details (which can be used for criminal activities), and even install a backdoor into your computer system so that they can come and go as they please.

To increase your odds of not encountering a Trojan, follow these guidelines.

1. Remain diligent. Trojans can infect your computer through rogue websites, instant messaging, and emails with attachments. Do not download anything into your computer unless you are 100 percent sure of its sender or source.

2. Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.

3. Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms. Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.

4. Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.

Nothing can guarantee the security of your computer 100 percent. However, you can continue to improve your computer’s security and decrease the possibility of infection by consistently following these guidelines.