Monday, September 28, 2015

HOA Meeting

The HOA meeting will be Tuesday September 29 at 7:00pm at the Benbrook Senior Citizen Center.

The items up for discussion include officer and area director elections.  We will also hear from Benbrook City Council hopefuls.

Sunday, September 13, 2015

Cyber Security

As many of you may have heard, or seen directly, a sketchy email has been sent out.  The email is from the Mont Del Homeowner's Association (montdelhoa@gmail.com), which is the real Mont Del HOA email address, but it is a fake email.

If you clicked on it, I advise you to run any anti-virus software you might have and download Malwarebytes and run it immediately.  It's free for home use.

 

From what I've heard is that when people click on the fake links (called "pdf") nothing happens.  What's probably happening is that it is installing something on your computer.  The most common reason people create these emails is to steal information.  For example, if it's a keylogger, it will record and send back every keystroke on the infected computer.  This would allow a person to gain access to email, bank accounts, credit card numbers from online shopping, and every other password protected website.

If you've clicked on the malicious "pdf" link and then logged in to any website, be safe and run an anti-virus and Malwarebytes, then change your password.  To be extra safe, you can change your password from another computer or device from which you did not click on the sketchy "pdf" link.

Here is Dwayne's email response to phishing scam email: 

Neighbors:

Apparently we've been hacked.  Please don't open a recent email that everybody seems to have just gotten from our HOA email account, titled "pdf."  And if you do, don't open the attachments.  We don't know what they are, but assume they're evil. Not sure how they knew to use my name, either, which is the scariest part.

We'll try and get to the bottom of this ASAP.  In the meantime, no MDHOA email will be sent out with attachments or links.  And all authentic MDHOA email should have a specific subject line which sounds like the kind of thing we'd normally send out ("Annual Meeting," "Movie Night," etc.)

Sorry for the inconvenience.  We're on top of it.

(The real) Dwayne
 
 
 
Key things to look for in any email:
  1. Who is it from?  Do you recognize the sender.  If the address looks sketchy, it probably is.  In this case, the sender address was legitimate, but the email was not, so we have to look for other signs.
  2. Are you expecting an attachment?  If not, look carefully at what is being sent.  According to Dwayne's email above, he will never send out an links or attachments.
  3. Look at the form and file names of the attachments/links.  The malicious email that went out claimed to have 2 pdf attachments, but in reality contained 2 hyperlinks.  Attachments and links are completely separate things.  The mismatch between these two things are a major red flag and suggest someone is trying to trick you.  Also, the fake attachment names were named "pdf."  A pdf is a file extension, and should come after the name of the file name--not be the file name (i.e. name.pdf).
  4.  Look at the body of the email.  What does the email text say?  If there is not text, at is a red flag.  If the text is confusing, vague or poorly written, that is another red flag.  Many malicious emails come from abroad from people who are not native speakers of English.
 What to do:
  1.  If you are in doubt, call the person directly and ask if they sent you something.
  2. Use extreme caution before you click a link in an email.  Usually, you can hover the mouse cursor over the link and preview the URL.  Look to make sure the domain is legitimate  (i.e. ...facebook.com, or ...google.com are more likely to be legitimate, whereas ...faceboook.com and ...goog.le.com are probably fake)
  3. If you get an email from your bank (or anywhere else), don't ever click on the link, open a new tab in your browser, and type in the real known address from there (i.e. www.chase.com).  
  4. If you get an email with a phone number and are asked to call it, DON'T! Always call your bank/credit card company from the number on the back of the actual card.
There are a lot of other things I didn't cover, but hopefully these basic tips can keep you safe.  There are bad people on the internet, and I want you all to be safe and get taken advantage of.
 To give you confidence, here is a screenshot of me installing Malwarebytes on my personal computer.