Here is an example of an actual invoice sent out by DNS Services for “Managed DNS Backup Business Services”.  We found this one on the internet, but the ones we’ve seen from local customers have been identical.  The company even lists our name servers under Name Servers 1 and 2 (NS1.IDENTIFEX.COM and NS2.IDENTIFEX.COM) which makes the invoice seem even more legitimate at a glance.

Solicitation Disguised as Invoice

If you take the time to read the entire invoice, you will find a very small disclaimer stating that the invoice is not a bill, but rather a solicitation for the order of goods or services.  Click the graphic to the left to enlarge and read the section outlined in red.  It reads:

This is a solicitation for the order of goods or services, or both, and not a bill, invoice, or statement of account due.  You are under no obligation to make any payments on account of this offer unless you accept this offer.

There have been reports on the internet that claim the disclaimer line was not included in the invoice they received. If this is correct, DNS Services could be in violation of mail fraud.  If you receive one of their bills without this disclaimer, we urge you to turn it over to the State’s Attorney and/or the US Postal Service.  For more information about U.S. Postal regulations that prohibit this type of solicitation, read about it here.

What you can do if you receive an invoice for web services that you aren’t sure about:

I Don’t Care if They Read My Email… What’s the Big Deal?

We get asked that question a lot.  Unfortunately, when hackers get into your email account, they aren’t there to read your email.  They use your account to send out tens of thousands of pieces of spam (junk mail).  When that happens, your legitimate email account, our legitimate email server, and our thousands of other legitimate email customers on that server get black listed by the rest of the internet for spamming.  No one on our mail server will be able to send email to anyone else on the internet.  Our staff then gets to spend days cleaning up the mess and begging blacklists to remove us and allow us to resume delivery of email.

While we have been lucky enough to catch most accounts before it gets that far, it doesn’t mean that it won’t happen in the future.  We are in a constant state of war.  They find a better weapon, we find a way to defeat it, they go find another weapon.

How They Get Your Password

There are a lot of ways that hackers can get your passwords.  In this article, we will discuss the most common method we have been seeing: the Java exploit.  For those of you that aren’t familiar, Java is a software programming language that is platform independent.  That means I can write a program in Java and run it on just about any operating system (Windows, Mac, Linux, Android, etc.).  It’s a great idea in theory!  It saves programmers from countless hours of re-programming for each OS and it has become very popular.  In fact, every app that runs on your Android phone is written in Java.  But like everything else in this world, Java’s popularity has also made it a target.  Hackers have recognized that they can affect many more systems by attacking it.

How are they accomplishing this?  Unfortunately, Java does one other thing that is particularly vulnerable.  It is often installed as a plugin in your browser.  That plugin allows web developers to write something called a Java Applet; a mini program that will run on a webpage and has the capability to interact with your computer’s operating system.  While many Java Applets out there do wonderful things, they are also the very thing that hackers are using to get into your computer.

Here’s how it works:  Hackers plant a virus in an applet on a web page.  You visit that webpage and the applet actually installs the virus on your computer.  The virus opens a “back door” into your machine that circumvents your anti-virus and firewall programs and announces itself to the hackers that created it.  After that, the bad guys are in.  They can see all of your files, read any information you have on the machine, and often times install “key loggers” that log everything you type.  The first time you log into your email account or online banking or any other online account, they have your usernames and passwords and can start using them.  Just imagine how much fun they could have on Amazon with your saved credit card numbers!  And don’t forget, if you’ve bought anything online and typed in your credit card number, they now have that too.

How to Protect Your Computer

The first impulse for users is to completely remove Java from their computer.  That is certainly a preventative step, but it may also stop you from using certain software that you use everyday on your computer.  Several very popular programs run on and depend on Java, such as Open Office or the very popular game, Minecraft.  Since the real culprit is the browser plugin, you can opt to simply disable it.  That has become easier to do recently, and we will give you the steps below.  Equally as important as disabling the plugins, always keep your software up to date!  Software companies are constantly writing fixes to stop hackers from using vulnerable spots in their code.  Keeping Java (and any software you use) up to date will keep you safe from exploits that hackers are actively using.  That just makes good sense.

How to Disable the Java Plugins in All Your Browsers

In February 2013, Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers, via the Java Control Panel. Here are the steps:

1.) Open the Windows Control Panel by Clicking on Start > Control Panel.

2.) Click the item labeled Java.  If you don’t see it, switch to Classic View (in XP) or large icons (in Vista or Windows 7).

3.) Click the Security tab.  Uncheck the checkbox titled “Enable Java content in the browser.”

4.) Click OK, and you’re done.

If your version of Java doesn’t have this checkbox, update the software first by clicking on the Update tab and following the instructions. (The update tab isn’t visible in our screenshots, but should be visible for you when you open the Java control panel.)

What if I’ve Already Been Hacked?

If you find out that a virus is on your computer, please call us right away to have your account password changed at (605) 886-4806.  Don’t use the new password to access your email from your computer until after the virus has been cleaned up.  And, of course, if you have any other accounts that you have been accessing or credit cards you’ve used while the computer was infected, you may want to have those changed as well.

The latest batch of java exploits that we have seen are incredibly advanced and clever.  Experts say they were engineered by someone with a great deal of understanding about how anti-virus software works, because they are able to install without detection.  It’s not until we see an unusually high volume of email being sent from a customer’s email account that we have any clue there is a problem.  Many times when we ask customers to scan their computer, they don’t find the virus at all the first time.

On Windows machines, we’ve had the most luck using Microsoft Security Essentials and running a “Full Scan”.  You have to make sure that the virus definitions are up to date (just click the Update tab and then the large “Update” button to download the latest definitions)  and make sure you select “Full Scan”, not “Quick Scan”.  The Quick Scan doesn’t scan the locations that these viruses like to hide in.  If you don’t have Microsoft Security Essentials, go out and download it!  It’s a free product and because it is designed by Microsoft to run on windows, it is very light and won’t bog down your computer.  *Additional Tip:  When you install Microsoft Security Essentials, click on the Settings tab and setup a scheduled time once a week to run a FULL SCAN.  We recommend running it overnight, as the full scan will take several hours.

If you can’t find the virus yourself, get help from a professional!  There are several companies in Watertown that we highly recommend.  You will find their information below.  Tell them that Identifex sent you!

Download Microsoft Security Essentials here:
http://www.microsoft.com/en-us/download/details.aspx?id=5201

Computer Repair Shops We Recommend

A-I Computer Solutions
1337 9th Ave SE
Watertown, SD 57201
(605) 753-1337
http://www.a-ics.com/

Computer Dan’s
3 South Broadway
Watertown, SD 57201
(605) 886-4077
http://www.computerdans.com/

Connecting Point Computer Center
504 Jenson Ave SE
Watertown, SD 57201
(605) 882-1555
http://www.connectingpoint.biz/

Domain slamming (also known as unauthorized transfers or domain name registration scams) is a scam in which the offending domain name registrar attempts to trick domain owners into switching from their existing registrar to theirs, under the pretense that the customer is simply renewing their subscription to their current registrar. The term derives from telephone slamming. (Courtesy of Wikipedia)

These types of scams have been going on for a long time, but we still get a lot of questions about them.  The best rule of thumb is this:  If you had us register your domain for you, we are the only ones that will send you a bill to renew it.

Don’t send a check to these guys.  Once you do, they will try to move the domain away from Identifex to their own domain registry.  We have some safe guards in place to stop this from happening, but even with the best case scenario, you won’t get your money back.  And their service is more expensive than ours.

Some customers that have gotten scammed by these companies have never been able to recover the domain and eventually had to register a new one in order to move forward with their plans for it.  We would really hate to see that happen!

If you are ever in question about a bill that you receive regarding your website, just give us a call at (605)-886-4806.  We will be happy to help you sort it out.

LevelBest2.com

DakotaLight.net

BridesExpressions.net