Phishing E-mail Example

Hi Everyone,

This is an excellent example of a phishing e-mail (see below). An e-mail drafted to look and sound legitimate with attachments that contain malware, or hyperlinks that open to infected web pages. This particular phishing attempt had an attachment (which has been removed).

We can’t stress enough to never, ever open any attachment or follow any link from an email – no matter how legitimate it looks. Yes it’s inconvenient, but that is the digital world we live in today.

Malware today will encrypt your data and hold it ransom, along with the rest of the network’s data:

•    Hospital declares ‘internal state of emergency’ after ransomeware infection.
•    LA Hospital pays nearly $17,000 to restore data.

Many of us use multiple layers of protection:

  1. local antivirus
  2. SPAM firewall (all free e-mail services use these),
  3. DNS filtering i.e., Kibosh Filtering Service

But these tools, or any other, can only block what they know about. There are plenty of exploits unknown by any security vendor.

So when in doubt – throw it out!


—–Original Message—–
From: Tia Fleming []
Sent: Tuesday, March 29, 2016 7:22 AM
To: Doe, John <>
Subject: Requested receipt ID:8E767D

Dear doe, John

Please find attached your receipt, sent as requested.

We are making improvements to our billing systems to help serve you better and because of that the attached invoice will look different from your previous ones.

Kind regards,
Tia Fleming
Divisional Managing Director

How to stay secure online.

Following these general guidelines will keep you free from web based malware/ viruses and rootkits thus protecting your personal information, and saving you hours of headache and $ repairing / replacing an infected PC.

  1. Use Google which offers a certain level of protection from:
    1. Malware protection
    2. Phishing protection
    3. SafeSearch
      1. Enforced by Kibosh Filtering Service
  2. Use FireFox or Chrome
  3. Never download a file you didn’t actively seek out
  4. Never click on a link from an email
    1. Always manually (type address in URL bar, or from your own bookmark).
      1. For you to get infected you must take action. This is what phishing emails are all about, tricking you into clicking a link. Once you click an infected link it’s over. Antivirus will not save you.
  5. Keep your O/S updated, along with Java,and if you have it installed Flash
    1. These apps will tell you when they need to be updated -don’t ignore the warning.
    2. NOTE: third party apps are the number on attack vector on Windows.
  6. On Windows PCs use WinPatrol
    1. If you are going to pay for another tool to protect your PC, outside of the Kibosh Filtering Service, then make it WinPatrol.
  7. Use a Kibosh product to protect your Internet

Malware today is delivered from infected websites which is why protecting your network with the Kibosh Filtering Service is important. Some malware will encrypt your entire hard drive, holding your data hostage until you pay to unlock it. It’s called ‘ransomware’ and if you haven’t heard about it yet, you will because it works (for the bad guys), and it’s profitable (for the bad guys). This article will tell you what ransomware is, and what it can do.

How does one get infected with malware? By clicking on a link from an email that is made to look legitimate, i.e. a ‘phishing’ email, or browsing to an infected website and or clicking on a pop-up from an infected website. All the a for mentioned are trying to trick you into clicking and once you click the link it’s over. Will antivirus help? Only if it knows about the malware, and there are many, many exploits not yet known by the antivirus vendors. More info: antivirus is dead: long live antivirus!

Any Kibosh product will protect every device on your network by:

  1. Blocking phishing sites
  2. Blocking malware sites
  3. Blocking pornography sites
  4. Enforcing SafeSearch
    1. Video search protection
    2. Image search protection

Every high-speed internet should have Kibosh protection.

Screen Shot 2016-02-15 at 8.18.15 AM



Beware mobile games with ads.

A growing trend with mobile game producers, in an effort to generate revenue, is in-game-ads, and in-game-purchasing.

In regards to in-game-purchasing, the game is free to install and play, and one can purchase gold coins, or jewels i.e., some form of game currency which you then use to purchase upgrades, new levels, new characters etc. Typically one can also play to unlock these features, but paying is much faster.

From a family safe perspective in-game-purchasing is an acceptable form of generating revenue.  A few popular examples:

  • Pixel Gun
  • Clash of Clans

In regards to in-game-ads, the game is free to install and play, but one must watch randomly placed ads to continue playing the game, and/or unlock new features.  Sometimes these are full page ads that open in a browser, and in many cases play a video.  Most in-game-ads give you the option to skip or close the ad, but not before you’ve basically seen the gist of the ad, and closing it isn’t always easy, especially for kids.

So what’s wrong with in-game-ads? As recently noted in the

Examples of games with pop-up ads one must watch to play:

  • My Talking Tom Tom
    • On their appstore page, they state the are PRIVO certified to protect your childs privacy and personal information. Apparently this doesn’t include protection against adult content.
  • Star Wars Rebel Alliance

Are some games with in-game-ads better than others? Not really because the developer(s) creating the game use third party companies to generate the ads, and there are only a few companies that create the ads, like AdMob.

App developers are looking to get paid for their work, and their options for generating revenue are:

  1. Sell the game outright with no ads
  2. Give the game away for free, but generate revenue by selling in-game-currency / items
  3. Give the game away for free, and place ads through out the game
    1. The ads are outsourced to third party companies like AdMob

So all in-game-ads are actually controlled by a few companies, much like the Mainstream Media we deal with today. I.E., if one game is showing objectionable content ads, then they are all suspect.

How to secure Windows 10

Microsoft introduced a lot of new features in Windows 10 such as Cortana. However, most of them are breaking your privacy. For example if you’re using the default settings, each time you start typing in search box in taskbar , your local search terms and location are sent to Microsoft, some of which advertise to you. To make matters worse, who knows what web results will be returned?

Also, by default (default = if you don’t change this then it will do it) Windows 10 has permission to report a huge amount of data back to Microsoft. By clicking through “Express Settings” during installation, you allow Windows 10 to gather up your contacts, calendar details, text and touch input, location data, and a whole lot more.

By default, Windows sends a lot of your information to their servers sometimes without asking you to opt-in.

However we can turn most of these tracking features off. Follow these guides to fix Windows 10 and restore your privacy.

How to disable Cortana (it’s always on and listening) and the search online features (which will show web results along with local files/folders):

  1. Right click the Windows icon (i.e. the start button)
  2. Select Search
  3. Select Settings (the cog-wheel) on the left
    1. Turn off Cortona
    2. Turf off Search online and include web results



AVG changes their privacy policy.

We know some of you use AVG, one of the most popular antivirus apps on the internet. They have been around in the US since 1998, and they started as a free antivirus solution. Around 2006 they added AVG Internet Security is a full suite which brings together the AVG Anti-Virus, Anti-Spyware, LinkScanner, Anti-Rootkit, Web Shield, Security Toolbar, Firewall, Anti-Spam, Identity Protection and System Tools protection components.

The basic AVG antivirus is still free, and we recommend this component of AVG only if you have a Kibosh router. Using the free version you’ll have to put up with AVG ads trying to get you to upgrade to the full Internet Security suite, but it’s a good app and free.

The AVG Web Shield component is what we are focused on here today. When enabled all of your data goes through AVG servers: passwords, banking sites, skype, etc. To do this they install their own root certificate ala superfish to allow HTTPS interception and decryption of all web browser traffic. I repeat all of your web browsing: passwords, search terms, websites, voip, etc.

AVG is changing their privacy policy on Oct 15. The new policy, which takes effect on October 15, makes clear that AVG will collect non-personal data such as “Browsing and search history, including meta data.” AVG says it collects this data “to make money from our free offerings so we can keep them free.”

Note that they state “non-personal data”.  However your internet usage data is useless to advertisers without that data being associated to an entity, i.e. that statement is suspect.

Kudos to AVG for stating their policy in plain words we can all understand, and if you trust AVG with all of your data, and you trust they will not sell your data and your personal information – which they have if you are using Web Shield, then no worries.

Kibosh router owners only need to use the free antivirus component of AVG, that’s it. The Kibosh Web Filtering Service does your web filtering, spyware and malware blocking, ad & tracking site blocking and pornographic website blocking – all without tracking our personal data.

How to test your internet speed.

There are a number of internet speed test sites, but most of them hammer you with pop-ups, ads, flash, etc, etc. Also many ISPs (Internet Service Providers) will give specific IPs knows to be associated with speed test servers preferential treatment.

In our experience, at the time of this post, the cleanest, safest, most accurate internet speed test can be found at

Click here to test your internet speed using