Category Archives: Security

Scam Emails: Why Cal.net will never ask for your information via email.

Scam Emails: Why Cal.net will never ask for your information via email.

It has come to our attention that is an email being sent to our customers from account.verification@cal.net reporting the following:

‘Due to congestion on our webmail servers all unverified accounts will be closed within the next 48 hours”.

The message then requests that users fill out a form asking for username and password.

This is in fact a scam email and can be deleted. Such attempts are becoming a common way that scam and spam operations attempt to collect your personal information for illegitimate uses

If you have already submitted a response with your information it is critical that you contact our customer service department right away to protect your account security. You can reach us at 530-672-1078 option 2.

 

That being said if you ever receive such a request from Cal.net or another source, you should always contact that company via a phone call to verify before submitting information that includes a username, password, phone number, social security number, or any bank account or credit card information.

Legitimate business operations would never require a user to submit confidential information in an unsecure fashion such as email.

Should you have any questions or concerns please feel free to contact us at the number listed above.

-Cal.net Customer Service

530-672-1078 x 2

support@cal.net

www.cal.net

windows xp logo

Microsoft Ending Windows XP Support

Microsoft is ending support for Windows XP on April 8, 2014, 12 years after its debut.  Cal.net wants our customers to understand what this means for the security of their computers and their personal information.

 

What does “end of support” mean?

  1. Microsoft will no longer patch security holes in the Operating System and related programs.
    • This means the security holes in the operating system hackers and criminals use to gain access to your computer will no longer be patched. Leaving your system permanently vulnerable to these exploits.
    • Office 2003 and older will no longer be supported either, again, leaving security holes un-patched.
    • Internet Explorer 8 is the last version of IE that works on XP. It will not be updated either, leaving you vulnerable when surfing the internet.
  2. Many Software and Hardware Vendors will no longer offer support 
    • This means your new phone, camera, printer, or other device likely will not work with your computer.
    • You will not be able to get phone or other support for your devices or software.
    • New versions of your favorite software will not work on your computer.

What it does not mean…

Your PC will continue to work, and you will still be able to access the internet, email, programs and  documents.

Will my Anti-Virus continue to work?

Below is information provided by av-test.org about popular AV Software vendor support.

Note: Anti virus software is very important, but it will not protect you from all possible exploits.
Back To Top
Anti Virus Support by Vendor

Manufacturer Support Information
Agnitum No end of support announced; support available for at least 2 more years (1)
AVG No end of support announced; support available for at least 2 more years (1)
Avast No end of support announced; support available for at least 2 more years (1)
Avira Support will end on 8th April 2015 – further details…
Bitdefender Support for home-user products available until January 2016; support for corporate products available until January 2017 (2)
Bullguard No end of support announced; support available for at least 2 more years (1)
Check Point / ZoneAlarm No end of support announced; support available for at least 2 more years (1) – further details…
Comodo No end of support announced; support available for at least 2 more years (1)
Emsisoft Support available until at least April 2016 (2)
ESET Support available until at least April 2017 (2)
Fortinet No end of support announced; support available for at least 2 more years (1)
F-Secure No end of support announced; support available for at least 2 more years (1)
G Data Support available until at least April 2016 (2)
Ikarus No end of support announced; support available for at least 2 more years (1)
K7 Computing No end of support announced; support available for at least 2 more years (1)
Kaspersky Lab support will continue at least until 2018 for consumer and at least until 2nd part of 2016 for business products (2)
Kingsoft No end of support announced; support available for at least 2 more years (1)
McAfee No end of support announced; support available for at least 2 more years (1)
Microsoft (Security Essentials) Support will end on 14th July 2015 – further details…
Microworld No end of support announced; support available for at least 2 more years (1)
Norman Support available until at least January 2016 (2)
Panda Security No end of support announced; support available for at least 2 more years (1)
Qihoo 360 Support available until at least January 2018 (2)
Quickheal No end of support announced; support available for at least 2 more years (1)
Sophos Support will continue at least until 30th September 2015 (2) – further details…
Symantec / Norton Products support Windows XP, no end-of-life decision has been made yet
Tencent No end of support announced; support available for at least 2 more years (1)
ThreatTrack / Vipre Support available until at least April 2015 (2)
Trend Micro Support will end on 30th January 2017 – further details…
Webroot Support available until at least April 2019 (2)

Back To Top

What Browsers will be supported?

Some browser makers will continue to support updates for  Windows XP for a period of time. Below is the list of the most current information at the time of writing.

Internet Explorer 11 Not Supported
Internet Explorer 10 Not Supported
Internet Explorer 9 Not Supported
Internet Explorer 8 No Updates or Patches
Google Chrome Supported until April 2015
Firefox No Plans to discontinue support, although Service Pack 3 is required for updates

Back To Top

Cal.net Support Policy for Windows XP

Cal.net will extend Windows XP Support for 90 days, until July 8th, 2014. This includes Office XP, and Office 2003. After that date we will no longer support these products.

The Bottom Line

All major software and hardware vendors, security experts, and Internet Service Providers agree that the machines running Windows XP present a security risk to their owners, and the the internet eco-system as a whole. Therefore, Cal.net advises that those running Windows XP take the computer offline for use, or replace or upgrade the operating systems on their computers.
Back To Top

MS Front Page

Microsoft Front Page Extensions No Longer Supported

As of February 2014, Cal.net Webhosting no longer supports Microsoft Front Page Server Extensions.

Why Has support been Discontinued?

Microsoft stopped making new version of Front Page in 2003, this means that they no longer create new versions of the “Server Extensions” that allow the front page program to connect to the web server and allow publishing. The last release of MS Front Page Extensions was in 2002, more than 12 years ago,  the age of the extensions makes it incompatible with newer, more secure versions of the Web Server software.  Cal.net has to consider the security of all its customers, and Front Page Extensions constitute a threat to everyone.

How do I publish my website?

There are many methods available to update your website. The simplest would be to use Front Page with FTP, Instead of Front Page using Front Page Extensions.  Please See this Tutorial on using Front Page with FTP.

(please note: Cal.net support does not have a copy of MS Front Page, and cannot help set up your software beyond providing you with lost usernames and passwords)

Are there any Alternate Programs I can use?

There are many freee WYSIWYG (what you see is what you get) web page editors available.

Here are a few…

  • Kompozer (Free) - KompoZer is a complete web authoring system that combines web file management and easy-to-use WYSIWYG web page editing.
  • Microsoft Expression Web ($125.00)- This is the replacement for Front Page that MS released.

 

 

How to Spot a Phishing Email Scam

 

Phishing is a form of social engineering scam, in which a spammer sends an email that appears to be from some institution that the user does business with such as a bank or internet service provider, with the intent of getting personal information. They often go to great lengths to give the appearance of legitimacy, including using company logos, and building look alike websites to extract information. Understanding the material in this post, especially the section on links, will allow you to successfully identify phishing attempts in almost all cases.

Many Cal.net customers with @directcon.net email addresses received just such an email this last week. In this article, I will dissect this Phishing email to help our customers understand how to sniff out these scams. (If you visited the link in this email, or feel your password may have been compromised, please call support at 530-672-1078).

This scam email avoided many of the obvious mistakes scammers make in the Phishing emails they send. We will start with the most important and difficult part of the scam to pull off, the fake website, and the link to it.

1) The Link- This is how the phisher actually gets your information. They send you to a website that they set up, and have you enter your password, credit card number, or whatever they are looking to get. In this email, if you clicked on the link, you were taken to a website at directcon.net.ms. It may not be immediately obvious that this is not the directcon.net website, after all, it has directcon.net in it. This is the spammer taking advantage of the fact that people don’t understand how web addresses work.

  We will start with a short explanation of how web addresses are structured.

 

Subdomains are not always used in a web address, but the domain and toplevel domain have to be there. Now lets examine the address of the scammers website, and see if we can identify the problem.

Now recall that the domain order is subdomain.domain.top level domain

Site Subdomain Domain Top Level Domain
Scam directcon net ms
Real directcon net

As you can see from the table, the top level domain for the scam site is .ms, where the real site’s tld is .net. Because the scammer owns the domain name net.ms he can create a dummy site for any website who’s TLD is .net. As another example, lets say that you bank with Wells Fargo, and that their domain name is wellsfargo.net. This same scam could be used for that site.

Site Subdomain Domain Top Level Domain
Scam wellsfargo net ms
Real wellsfargo net

This may seem like incomprehensible technobabble, but understanding this is the most important thing to glean from the article. If you pay attention to the web addresses of important sites, and are able to identify domains, subdomains, and top level domains, then it will be very difficult to trick you into giving up important information to a scam site.

Now a quick look at the Cal.net domains you might be dealing with.

Site Subdomain Domain Top Level Domain
Cal.net * cal net
directcon.net * directcon net

2) The FROM field: Many spammers will neglect to change the from field in the email to something from the company the are imitating. The example here was done well by the criminal, they faked the from field to make it appear that it comes from cal.net support staff.

3) LOGO- Often the logo used in spam emails is a low quality copy, or different from the ones sent in email communications. The one in the example above is a very fuzzy copy from the cal.net website.

4) Grammar- Many phishing con artists come from outside the United States, and as a result, there will often be awkwardly worded sentences, or misspellings present in the text.

If ever in doubt about the validity of a communication, please call our support at 530-672-1078 to verify before exposing your account information.

 

Email Security and You

Over the last few weeks we have received a lot of incoming phone calls regarding email scams that you, our customers have been receiving. While many of you are easily able to identify when these are a scams we felt it would be a good idea to go over the basics that will help you identify these and protect yourself from the threat they represent. These three simple steps will keep you scam free and clear!

 

Q: Is the email asking you to respond with sensitive information regarding you, your family, or in general?

A: If this is the case more than likely this email is a scam email trying to “Fish” for information. No business online will ever ask you for your username, your password, your social security number, or ask you to verify your checking account number etc. Most businesses will likely call you in the event of a security breach or other concern regarding your information.

 

Q: Is the email asking you to download and open an attachment to “help us update our records”

A: Recently some scam emails are actually virus laden with either a picture file or zip file attached with a request that you open the file and “fill in your information”. This is not only a scam but will also infect your computer with whatever virus the sender had as well.

In closing, the term “Better safe than sorry” still applies today, especially to email communications. In a world where instant and fast is not always better, a quick phone call or email for clarification can be the difference between a few minutes delay to an $80 or more computer repair bill.

 

Q: Does the email attachment come from a friend or business associate?
A: Often times your friends and or business associates will get a virus infection and their PC’s will act as senders of scam and virus email as in the above example. Unless you were expecting the file to be sent via email it is always a good idea to confirm that the picture, file, or link to another website was actually sent by that person. If it’s out of the blue, and to good to be true, I simply delete the emails unless I’m expecting the attachment.

Securing Sensitive information on the internet

In the past year we have heard about hacking and identify theft more than ever before. Every day the number of Internet users multiplies rapidly worldwide and that only means one thing: more vulnerable victims. In an effort to protect our customers and our own networks, Cal.net Systems’ Engineer team has made its network security a top priority. Every day we run threat-tests against our systems to ensure they are safe and up-to-date. In addition, we have also implemented hardware and software firewalls that can protect against certain types of attacks. Even when you think you may have plenty of security, someone with a lot of time on their hands always seems to find a way to break in.

Today, we will be educating our customers a little about secure browsing.

Browser Address Bar

Most users rarely navigate directly to a website, preferring to use a search engine like Google to find web pages. As a result, most people rarely pay attention to the address bar (pictured below)  in their browser.

The address or URL of a website has many components, the one we are concerned with here is the first part as highlighted in red below.

http vs https

Http is a protocol, or a method of transporting the information you see in your browser from the server where the pages resides, to your computer.

http – Data is sent back and forth in plain, human readable text.

https -The “s” stands for secure. Data is sent back and forth encrypted, meaning that it can not be read by someone for whom it was not intended.

Why would I need to know this?

Almost everyone uses the Internet for paying bills and buying goods and services. These activities require  sending sensitive information over the Internet such as credit card numbers or other personal information. It is not hard to see why you would not want this information sent in plain text. Just as you might use a shredder to protect your information from people digging through the trash, you should pay attention to the address of any website to which you provide personal information.

How can I know if I am protected?

Modern browsers have taken steps to make it easier to discern if you are using http or https, and to verify the identity of the owner of the website. The most straightforward way is simply to look for the “s” at the end of https in the address bar of your browser.

secure-connection

Encrypted Connection

not-secure

Normal unsecured connection

Other considerations.

Hackers and thieves have come up with many devious ways to try trick you into giving them your information, going as far as setting up look alike sites.  Your browser also has a way to verify that the site your are on belongs to the company you are doing business with.

When you are connected to a secure site, a lock will appear somewhere near the browser address bar. (1) Click on the lock in the address bar (2) Look for the Identity of the website, and verify that it is who you expect it to be.

Verify the owner of the Web Site

Final Thoughts.

The https is only necessary when you are sending sensitive information. There is no risk from visiting an unsecured site during normal browsing

Configuring Outlook 2010 for your Cal.net E-mail Address

 

These instructions will work for @cal.net and @directcon.net e-mail addresses. The only difference will be the name of the Incoming and Outgoing servers.

1) Open your Outlook 2010

2) On the top-left menu click on File > Add Account.

 

 

 

 

 

 

3) Select “E-mail Account” and click Next (Some of you may not get this screen; You can skip to next step).

4) Select “Manually configure server settings” and click Next

 

5) Select “Internet E-mail” and click Next. (Some of you may not get this screen; You can skip to next step)

6) Type your full name and e-mail address. Change “Account Type” to “POP3″, if necessary.
If your e-mail address ends with @cal.net, enter mail.cal.net for both Incoming and Outgoing mail servers.
For @directcon.net addresses, enter mail.directcon.net for both.
Enter your username and password and then click on the “More Settings …” button on the bottom right.

7) Click on the “Outgoing Server” tab and make sure “My outgoing server (SMTP) requires authentication” is checked. You don’t need to change anything else on this screen.

 

 

 

 

 

 

 

 

 

 

8) Next you want to click on the “Advanced” tab. Change your incoming server port to 995 and check “This server requires an encrypted connction (SSL)”.
For the Outgoing server, make sure it uses port 587 and TLS for encrypted connection.

 

 

 

 

 

 

 

 

 

 

9) You may now click OK to go back to the same screen seen in step 6 and click on “Test Account Settings” to make sure all settings are working. Here you may see a screen like the one below. This is a certificate warning that will create the encrypted transfer of data between your computer and the e-mail server. Click “Yes” to accept and you should be good to go!

How do I check my Cal.net spam filter

Cal.net uses an excellent spam filtering system called Can-it Pro to reduce the amount of spam you receive in your inbox. Usually the primary email address, and the password for your Cal.net account acts as the username and password for the filter login.

Go To http://canit-web.directcon.net/

Login with the username and password. If you do not know it, call tech support at

530-672-1078 and we will be happy to help you change your password.

Protect Yourself From Online Phishing Scams

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and the first recorded use of the term “phishing” was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to “baits” used in hopes that the potential victim will “bite” by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.

Phishers send an e-mail or pop-up message that claims to be from a business or organization that you might deal with – for instance, your Internet Service Provider (Cal.net), online payment services or bank. Often, this e-mail or pop-up window is very official looking and might even contain a company logo. The message usually indicates the need to “update” or “validate” your account information. It then directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. When you visit the Web site, it requests personal information that the operators then use to steal your identity or commit crimes in your name.

Five Steps You Can Take to Protect Yourself:

1. Don’t Click on Suspicious Links

If you receive an e-mail or pop-up message that asks for personal or financial information, don’t reply or click on the link in the message. If you are concerned about your account, contact the organization in the email using a telephone number that you know to be legitimate.

2. Never Email Sensitive Data

Don’t send personal or financial information via e-mail. It’s like handing a thief your wallet.

3. Check Your Financial Records Often

Review your credit card and bank account statements often to determine whether there are any unauthorized charges. Notify immediately of suspicious charges.

4. Keep Your Anti-Virus & Spyware Current

Use anti-virus software and keep it up-to-date. Some phishing e-mails can contain software that will harm your computer. Additionally, this software can track your Internet browsing habits without your knowledge. Up-to-date anti-virus software can help protect your computer from inadvertently accepting these types of files.

5. Don’t Open or Download Unknown Files

Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them. You can assess its contents in the bottom window pane without opening and then delete.

If you believe you’ve been a victim of a phishing scam, notify Cal.net Tech Support immediately and file a complaint at www.ftc.gov. Below is a replica of the malicious email:

From: “Technical Support” <offfice@directcon.net>

To: <undisclosed-recipients:>

Sent: Wednesday, June 08, 2011 4:24 AM

Subject: Cal.net Account Subscriber

 

 

> Attn: Cal.net Account Owner,

>

> Your Webmail Quota Has Exceeded The Set Quota/Limit. You Are Currently

> Running On low GB Due To Hidden Files And Folder On Your Mailbox. In Order

> To Increase Your Webmail Quota, You Must Validate Your Account Below:

>

> Email Username……….

> Email Password……….

> Confirm Password……….

>

> Failure To Validate Your Webmail Quota May Result In Loss Of Important

> Information In Your Mailbox Or Cause Limited Access To It.

>

> Thanks for bearing with us.

>

> Sincerely,

> Customer Care Unit,

> Webmaster Team.

> ————————————————————-

> © Copyright Cal.net 2011

 

You can also visit the FTC’s Identity Theft Web site to learn how to minimize your risk of damage from ID theft. Go to: http://www.ftc.gov/idtheft. Or contact the antiphishing group: http://www.antiphishing.org/

Here is a short video explaining Phishing Scams http://www.youtube.com/watch?v=sqRZGhiHGxg

 

How to choose a secure password.

How to choose a secure password?

Choosing a secure password is one of the most important steps to assure your security on the Internet. With the Identity theft on the rise, it is difficult to overstate the importance of this simple step. In the interest of protecting our customers information and accounts, Cal.net will be putting a new secure password policy into effect. The new policy will not force password changes at this time. It will however affect any password changes requested from this point forward. All new passwords must at the minimum comply with the following rules.

  1. Must be a minimum of 8 characters.
  2. At least one special character (!@?%).
  3. At least three numbers.

Cal.net has compiled a list of suggestions to help our customers choose strong passwords.

What NOT to use as password?

  • Your account name or username.
  • Your real name or anybody else’s name.
  • Birthday, phone number, address or driver’s license number.
  • Any word from a dictionary. That includes other languages.
  • Words from a dictionary using common substitution between numbers/letters, like the number 0 for the letter O, the number 1 for the letter L, the number 3 for letter E and so on.
  • Any “secure password” found on the internet.

Good password suggestions?

  • Always include symbols, like .,!@?% etc.
  • Use uppercase and lowercase letters.
  • Choose a password with at least 8 characters. The longer it is, the more secure it will be.
  • Use an interesting phrase, a verse from a poem or a song. Use the first letter of each word to create your new password. Check to make you didn’t accidentally create a word from the dictionary.
  • Go to a busy street or parking lot and record 3 or 4 different license plates. Eliminate all duplicate letters and numbers and create your password with what’s left.
  • Discover new ways to obtain letters and numbers, like opening a book and grabbing the third letter of the first 10 adjectives you see. Use your creativity!

Keep your password safe

This part is very essential, it makes no sense to create a very strong and secure password only to turn around and share it with family or close friends:

  • Never reveal your password to anybody.
  • Never write down your password. Even though the password might be long and have strange characters, you need to be able to identify it easily so you don’t have to write them down.
  • Always change your passwords every few months.

If you have any questions about the policy, please contact Tech Support.