Phishing Evolves: Best Practices to Avoid Being Phished

avoid_fishingby Michelle Couture

I received an email from Fidelity alerting me that my 401(k) account needed action.  It stated that I needed to activate my account within 2 weeks or I would lose matching for the year.  Being new to the company, I didn’t want to miss out on this opportunity.  I remember thinking that it seemed a little strange considering no other company had imposed such a rule, but I thought, “Hey, maybe this company does things differently.”  So I clicked and activated my account.

The next day I received an email from our security and privacy team telling me I had been phished.  I was shocked. Nothing seemed fake or out of place. What now?

Sadly, nothing about this story is unique.  Every day, people click on links and infect their devices and systems with malware.  If you have a “team” monitoring your account, as I did, the impact can be minimized.  But for a lot of people the consequences are disastrous.  Do you think you would know what to look for?

According to a recent Verizon report, over 20% of people will click on a phishing email.  The best way to avoid being phished is to always be on high alert.  When I think about my example, I knew something was weird, yet I talked myself out of it and clicked anyways.  It’s human nature to trust, and phishers capitalize on that.  This is exactly why it is so important to be aware of the scams. That way, if something feels “off,” you know what to do.

In my case there are a few rules I now keep handy:

  1. Be aware of email requests with high urgency that ask you to take quick action.  Phishers often prey on employee trust and will spoof executives to get you to comply with high urgency actions like wiring large amounts of money ASAP. Or in my case, losing my matching benefits if I didn’t immediately comply.  As a rule of thumb, if you are ever in doubt, double-check the request with the sender either by phone or by composing a new email—never reply to the email itself.
  2. Never give sensitive personal or financial information over email.  Trusted parties will never ask you for personal or financial information through email (e.g., social security numbers, account numbers, credit card numbers, passwords, etc.). Be cautious of emails that ask you to call a phone number to update your account information as well.
  3. If an offer seems too good to be true, it probably is.  Offers of big bonuses, large payments or gifts (e.g., win a free iPad) are ways attackers try to get inside your head. If the promise is “too good to be true,” do some research into the individual or company before taking action.
  4. Think about whether you initiated the action.  Phishers will try to spoof well-known companies to have you reset your password, update your account or track a shipment. Always be suspicious of unsolicited email, if you didn’t prompt a password reset — don’t click the link.
Continue Reading

vCenter Orchestrator Configuration Password Recovery

If you forgot/lost the password of vCO Configuration wizard, you can reset it using the following steps:
  1. In vCO Server, navigate to C:\ProgramFiles\VMware\Orchestrator\configuration\jetty\etc\
  2. Edit the file and paste the following line (this should be replacing the existing one):
3. Restart the vCO Configuration server and log in with username/password: vmware/vmware.
Continue Reading

Find your lost user login passwords on Windows XP and Windows7

The Ophcrack Windows password cracker is the best free Windows password recovery tool available. Ophcrack is fast and easy enough for a first time password cracker with basic Windows skills.

DownloAd:  Click Here


  • Opchrack can crack passwords for Windows 7, Windows Vista, and Windows XP.
  • Ophcrack can recover 99.9% of passwords from Windows XP, usually in a matter of seconds. Any 14-character or smaller password that uses any combination of numbers, small letters, and capital letters should be crackable.
  • Ophcrack can recover 99% of passwords from Windows 7 or Windows Vista. A dictionary attack is used in Windows 7 and Vista.
  • The Ophcrack LiveCD option allows for completely automatic password recovery.
  • LiveCD method requires no installation in Windows, making it a safe alternative to many other password recovery tools.
  • No Windows passwords need to be known to use the Ophcrack LiveCD to crack your Windows passwords.


  • Software is freely available for download online
  • Passwords are recovered automatically using the LiveCD method
  • No software installation is necessary to recover passwords
  • No knowledge of any existing passwords is necessary
  • Ophcrack works with Windows 7, Windows Vista, and Windows XP


  • Some antivirus programs mistakenly identify Ophcrack as a Trojan or virus (see Guide Review below)
  • 506 MB (7/Vista) / 425 MB (XP) LiveCD ISO image must be downloaded
  • LiveCD ISO image must be burned to a disc before being used
  • Passwords greater than 14 characters can not be cracked


Thanks to About.Com for this info

Continue Reading