Warning

WARNING to all my Facebook friends: Beware of Social Engineering attacks that can compromise you, your friends, your co-workers, and your family.

Be especially cautious of “friending” people on Facebook who YOU DON’T KNOW PERSONALLY. This recently happened to me, but I recognized the attack when it came, and I’m now trying to alert all my friends… that YOU may be targeted by the same attacker. Here’s how it works, and what to look out for:

Initial Attack:
Somebody sends you a “Friend Request” on Facebook. You weren’t born yesterday, so you don’t accept Friend Requests from people you don’t know, but you think that perhaps you know this person from work, school, church, or someplace else, so… you check out their Facebook page. There, you notice that several of your friends are friends with this person (in my case, the attacker’s name was Daisy Arnold, so let’s use that name from here on out). I was probably in a hurry, and once I saw that Daisy was friends with several people I know well, I figured she must be a new acquaintance and Accepted. This is where I messed up. DO NOT accept Friend Requests from people YOU DO NOT KNOW IN REAL LIFE!

You might be asking: “So what’s the harm? Maybe I just forgot meeting her. Perhaps she follows my blog. Maybe she’s new to Facebook, and thinks that you NEED a lot of friends.” All good questions, and all questions that Social Engineers count on you asking. Their goal is just to get you to invite them in. Here’s what happens once you Accept them (in my case Daisy Arnold) as a friend:

The Sneak Attack:
Once Daisy’s your friend (remember, they use MANY fake names, pictures, and personal information), ALL of your personal information you make available for your friends is hers for the taking. That may include your full name, birthdate, telephone, home address, place of employment, educational background, and all information about your children and family. You might even present them with your travel itineraries and information about your most recent purchases. Would an identity thief strike gold on your Facebook page? But that’s not the worst of it. Besides mining all your accessible personal information, they will mine your list of friends to begin:

The Sneakier Attack:
Mind you, Daisy (or whatever name is used) is not carrying out this attack by herself. Black Hat software designed for these types of attacks will be executing on hundreds of computers, worldwide, to replicate this attack thousands of times over… often without the computer owner’s knowledge. Once daisy has access to your list of friends on Facebook, she will Friend Request them. With this type of geometric progression, it doesn’t take long for Daisy to collect a large number of new friends that have MANY connections to her, so you may be easily fooled by her next attack:

The Damage Attack:
At this point, Daisy posts a link for you to check out, or a link to a fun new game app, or a link to a site where you can get free stuff (music, computers, etc.). Daisy sent a link to what looked like a porn site. If you follow the link, it’s pretty much all over for you, your computer, and your identity. Virtually every step you take from this point forward will be loading malware into your computer. Malware can take many forms, from using your computer to broadcast spam, to logging your every keystroke, to destroying your data, to any number of illegal uses that you would not be aware of.

What Can You Do?
First, unfriend the Daisy’s you have let in. She still mined information from your page, but at least now, she can’t use YOU to sucker any more of your friends into accepting her as a friend.

Second, NEVER click on any site that you haven’t checked out! Your friends are sometimes easily scammed, so if it looks or feels wrong… it probably is.

Third, NEVER click through on a new Facebook app or site from a friend’s link! If it’s real, you can get to it from a trusted source (like Facebook)… more likely, the link you click from a friend will take you down a rabbit hole. Many of my friends have ignored my advice in this area for years; most have no idea that ALL of their links, apps, games, and videos they send me don’t make it past my first level of filters. You can lead a horse to water… yada, yada, yada.

Last But Not Least!
Consider this:

1.     If your computer is running noticeably slower, even for simple tasks, you are probably infected with malware.

2.     If your CPU performance is high when you are doing nothing, you are probably infected with malware.

3.     If you’ve ever downloaded free music or videos, you are probably infected with malware.

4.     If you have ever copied any game, music, or program off of a memory stick or CD, you are probably infected with malware.

If you are infected, there are several ways to eradicate malware and viruses. I’m not promoting any brand of anti-virus or anti-malware software, but unless you are one… you should let a computer professional handle it; much like professional extermination.

Oh, one more thing: Daisy Arnold is NOT my friend. If you are a Facebook friend of mine, I apologize if you have been friended by her because she gained access to my friends list. Mea Culpa!

YBIC,

Dave

Well Done, Good and faithful Servant

On Monday morning, while reading through my email at work, I was shot in the gut!

Well… not literally, but that’s what it felt like as I read that my friend and co-worker, Jeff Larson, had died the day before. I kept reading the email over and over, hoping to discover that it was just a cruel joke of some kind; it wasn’t.

Jeff was just 52, seemingly healthy and fit, full of life, and the friendliest and most loving guy you’d every hope to meet. I’d known Jeff for the past 6 years, and I was his friend. Of course, Jeff was that rare individual that was friends with EVERYONE! And that was no mean feat, seeing that Jeff was the Director of Quality for Invensys Nuclear.

That everybody loved Jeff was evident in the outpouring of emotion from the hundreds of people who came to his funeral service today. I had poured out my grief and my feelings in a poem, and as family and longtime friends spoke, they remembered all of the same great qualities that I knew in Jeff. Here’s the poem:


True Quality

By David Alan Hoag – September 11, 2012

In Remembrance of Jeffrey Larson;
March 7, 1960 – September 9, 2012

Jeff Larson shared our workday life
And though, not on his team
With Jeff, you always knew that you
Were held in high esteem.

“Let’s fix the problem,” he would say,
“And not affix the blame.”
“Let’s all improve, and learn, and grow,
And not just stay the same.”

A humble guy, with ready smile
Who’d stop along his way
To talk with you, and share his laugh;
Jeff brightened up our day.

His energy: all positive.
He’d lift us when we’d fall.
And he’d share his joy in passing,
Encouraging us all.

A runner… healthy, trim, and fit;
Up running with the dawn.
But none shall know the time or place,
And just like that… he’s gone.

This hollow void, this sudden death;
In time, the wound will mend.
But now, my heart cries out in loss,
For Jeff… who called me “friend.”


Afterward, we all gathered in The Pines Park. On a hot day, on the bluffs of San Clemente, people continued to share their stories of Jeff: his love of life, his encouragement, his friendship, his joy, and his love. It was evident that Jeff was a Christian that had lived his life adhering to Christ’s command to “love one another.”

Jeff died while training for a half-marathon. I have no doubt that he ran right into the arms of Christ, who surely spoke these words to Jeff: “You have run your race. Well done, good and faithful servant!”

I’m blessed to know so many brothers and sisters in Christ who are like Jeff in spirit, who constantly seek a deeper relationship with God, and who continually pour their love out into the world. I’m humbled to know them, and I’m encouraged by this “cloud of witnesses” to continue to run my race.

I pray that you have a Jeff in your life to encourage you to run YOUR race!

Your brother in Christ,

Dave