Reset your LinkedIn Password

The original LinkedIn 2012 databreach turns out to have been much larger than the estimated 6.5 million username and passwords that were stolen. There are really more than 100 million records compromised and LinkedIn is sending emails to these users that they need to change their password.

The bad guys however, are jumping on this as well and are sending phishing emails with a fake LinkedIn login page. If you fall for this scam and log in on their fake page, your credentials will be stolen and your LinkedIn account compromised and/or your computer infected with all kinds of malware.

If you receive an email that seems to come from LinkedIn, hover over the links and make sure they are legit before you click. Even better, do not click on anything and just go to LinkedIn using your browser and change your password. If you have used your LinkedIn password for other sites, it’s time to change those as well!”

Go to, click Help, (bottom right) and choose Changing Your Password.  In case you want to get another layer of password protection, LinkedIn also offers dual factor authentication by which you can have a one time numerical code sent to your smartphone each time you need to access your LinkedIn account.

Hidden Dangers Of HTML Attachments

Research from our partners has spotted an up and coming trend; malicious HTML “attackments” that are used for credentials phishing. There are a couple of reasons why the bad guys have taken a liking to HTML:

  1. Reduced chance of antivirus detection
  2. Users are familiar with this, and do not see harm

Bad guys are using .HTML attachments to spoof bank login pages, popular online services, and secure messages from financial institutions.

Internet criminals never stop trying to get past our spam filters and trick you into clicking on phishing links or opening malicious email attachments.

This is a warning against a new type of attack that uses an HTML attachment which tries to scam you into entering your user name and password.

HTML attachments are often used by banks for secure messages, so you might think that these are always safe. They are NOT. If you get an email with an HTML attachment, be just as careful as always and do not open it unless you have asked for it, or have verified with the sender that the attachment is legitimate.

Remember: Always Think Before You Click!

If you would like any information about how to protect your computer network from viruses and malicious attacks, please contact us to discuss your needs.

  • Not sure if you need a Network Health Check?

    We have a self-assessment questionnaire entitled Do You Need An IT Audit?. This short questionnaire will ask some of the questions that you need to know the answers to, as well as providing some additional insight into the changing nature of IT Systems Management along the way. The information that you provide is confidential and at the end of the questionnaire you will receive a summary report based on the answers that you have given that will help you to see whether or not you might benefit from having a audit of your business's IT infrastructure and assets
  • Don’t Trust Your Company’s Critical Data And Operations To Just Anyone!

    This Business Advisory Guide Will Arm You With 21 Revealing Questions You Should Ask Any Computer Consultant Before Giving Them Access To Your Company's Network Choosing the wrong computer consultant to support your network can not only be incredibly frustrating and expensive, but it could end up costing you in downtime, data loss, and expensive repair bills, not to mention the headaches and frustration! To download this FREE report, "What Every Business Owner Must Know About Hiring An Honest, Competent, Responsive And Fairly Priced Computer Consultant", complete the form below:

[ALERT] Deadly Dridex Cybercrime Gang Has Just Moved Into Ransomware

One thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart. Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.

The Dridex Locky ransomware strain isn’t more sophisticated than other latest generation crypto-ransom malware, but it is rapidly spreading to victim systems. Forbes claims that Locky is infecting approximately 90,000 systems per day and that it typically asks users for 0.5-1 Bitcoin (~420 dollars)  to unlock their systems. Locky is disseminated through phishing emails containing Microsoft Word attachments. Each binary of Locky is reportedly uniquely hashed; consequently, signature-based detection is basically impossible.

The Dridex gang is the 800-pound gorilla in banking Trojans. Apparently they have seen the profit potential of ransomware and leveraged their extensive criminal infrastructure to get their Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted. The FBI just stated that the threat from ransomware is expected to grow, as per an article in the Wall Street Journal.

The last few days, the Dridex botnet has sent at least 4 million phishing emails with a zip file as the attachment. The zip file contains a JavaScript file which downloads and installs Locky.  

Five Things To Do About It

  1. Block any and all emails with .zip extensions and/or macros at your email gateway level.
  2. Disable Adobe Flash Player, Java and Silverlight if possible. These are used as attack vectors.
  3. Step all employees through effective security awareness training, so they can recognize the red flags related to ransomware attacks.
  4. Print out this free job aid, laminate it, and hand it out to employees so they can pin it on their wall.
  5. Do a Phishing Security Test on your users and find out if they are going to click on something they shouldn’t. Get started here: