Beware: The next time you get an email from firstname.lastname@example.org in your inbox, click delete.
That’s because you’re likely the target of a phishing hoax designed to steal Gmail, Yahoo, Windows Live and AOL passwords, according to Naked Security, a blog by IT security firm Sophos.
Entitled, “Microsoft Windows Update,” the email urges recipients to verify their email accounts by entering personal login information.
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click in the Verify button below and enter your login information on the following page to Confirm your records.
Thank you, Microsoft Windows Team.
While the hoax is pretty slick, eagle-eye Internet users will notice odd instances of capitalization and grammar that betray the email’s insidious intentions.
Clicking on the “verify” link leads you to a third-party website that purports to be Microsoft.com, but actually isn’t the real deal, Naked Security says. Here, users are warned that their computers are out-of-date and at high risk; they are then “required” to select one of four email providers and enter their username and password. Naturally, this information is sent directly to the scammers — putting recipients at risk of online identity theft.
Here’s how to protect yourself from losing all your data
A potentially devastating security flaw has been uncovered that affects a sizeable number of Android-based smartphones, including Samsung’s flagship Galaxy S III. The exploit allows web pages to make your phone believe that a special service number called a Unstructured Supplementary Service Data (USSD) code has been dialed into it, including one that can instantly wipe all data on it. These codes are normally used by cellular carriers to perform diagnostics and other functions on your phone.
The problem has evidently been known for a while but requires software updates to phones in order to be eliminated. Samsung has updated its Galaxy S III software to address the flaw, but not everyone may be running the newest version. To check if you are, load your phone’s Setting app scroll down to About Device. Tap that, then the Software Update tab at the top of the next screen that appears. Then, tap Update on the following screen. Your phone will check for updates and install the latest if you’re running an older version.
Multiple other Samsung models, along with some from HTC and Motorola, are also said to be affected by the flaw. There are a few things you can do to protect yourself if you are using them.
The first is simply to avoid visiting links you’re not sure are legitimate. Next, you can download and use an alternative dialer app (used for making calls) like Dialer One (download for Android) that won’t automatically execute the USSD instructions. Finally — and most importantly — you should make a daily backup of your phone to your computer in the event it does get wiped. This is a good idea in general, but has become an especially crucial one given the discovery of this flaw.