The easiest way to detect a phishing email

Monday, November 21st, 2011 | Gene Teo | Comments Off on The easiest way to detect a phishing email

There are a number of ways to decide if an email is genuine. Often, people sending phishing emails are not native English speakers, thus there may be basic spelling and grammatical errors. Or the fake website they built is not entirely convincing. Or the URL (i.e. the website address) in the address bar looks suspicious.

All of those problems can be fixed with enough attention to detail. They could hire a freelance proofreader to check for errors and build a more accurate fake website.

In my opinion, the best way to decide if an email is legitimate or not is to ask. Make direct contact with the organisation or person the email is supposedly from, and see if they know about it. Don’t reply to the original email, as the return address often leads back to the scammers. Instead, look up contact details in an online phonebook, or by going directly to an organization’s website.

Not only does this give you an authoritative answer, you are also alerting the organization that’s being targeted, giving them more time to react.

Which emails should you be cautious about? Any that request personal information (e.g. passwords, addresses) or money.


The price of your identity: USD$0.25

Wednesday, November 9th, 2011 | Gene Teo | Comments Off on The price of your identity: USD$0.25

IT Security reporter Brian Kerbs notes that there is a website selling “identities” (that is, all the information required to pretend to be someone else) for around 25 US cents each.

That princely sum gets you:

first name, last name, middle name, email address, email password, physical address, phone number, date of birth, Social Security number, drivers license number, bank name, bank account number, bank routing number, the victim employer’s name, and the number of years that individual has been at his or her current job

Apparently 300-400 new identities are available for purchase each day.

Usually this sort of information is used to fraudulently obtain credit cards, loans, or overdrafts in the victims name, most of whom don’t find out until credit agencies contact them for repayment.

American identities have traditionally been targeted due to the ease of obtaining US Social Security Numbers (SSN), and because US financial institutions often treat the SSN as identifying information.

It is entirely possible that New Zealand has featured less prominently in the ID theft arena simply because of our smaller population and lower global prominence. Regardless, take basic steps to protect your personally identifying information. Don’t disclose birthdays, maiden names, IRD numbers, or bank account numbers (among other things) to people or organizations that don’t need that information.

More privacy and security issues with iOS applications

Thursday, October 20th, 2011 | Gene Teo | Comments Off on More privacy and security issues with iOS applications

Troy Hunt takes a look some iOS apps with regards to security and privacy. Here’s a hint: In the apps analyzed there isn’t much of either.

The information is collected by creating a proxy server to act as a middleman between the app and the server. This way the proxy server can see everything that passes back and forth, and save that data for analysis.

NoScript available for Android Firefox

Wednesday, October 19th, 2011 | Jim Cheetham | Comments Off on NoScript available for Android Firefox

The excellent & highly recommended NoScript addon for Firefox has been released on the Android platform (and Maemo, but I’m probably the only person here who has one of those). This addon blocks JavaScript, Java and Flash activity on webpages, giving you a simple way to selectively re-enable trusted providers and restore the full page functionality temporarily if you need it. provides a nice writeup; NSA is the distribution point for the add-on itself.

Easily scan and update your apps

Thursday, August 11th, 2011 | Gene Teo | Comments Off on Easily scan and update your apps

It’s important to patch and update your applications as security problems are discovered and fixed. However, not all applications will update themselves automatically, and it’s hard to keep track of each and every one of them.

Secunia Personal Software Inspector (PSI) is an app that automatically detects and installs missing security updates on your Windows computer (or you can opt to manually scan and install if you prefer).

Secunia PSI is an excellent tool to have on your personal computer, and is a valuable extra layer of protection against insecure programs. There is even a quick instructional video on YouTube to get you started.