|
There has been a significant rise in spam mail, virus and fraud alerts
in last few weeks. Some of the stuff in circulation are extremely destructive
and a serious security threat to all Internet users. We examine these
threats in detail with example and discuss how to protect yourself.
Gone are the days when spam was just unsolicited e-mail. Today spam has
become far more dangerous in the hands of hackers, fraudsters and virus
makers who regularly use it to distribute trojan virus or send bogus warning
mail
Trojan Virus
This is a type of virus that gets into your computer mostly through e-mail
file attachment and opens a back-door entry for hackers to get into your
PC and steal confidential information. After infecting your PC, it spreads
same trojan to all your friends and customers listed in address book.
Example of Spam with Trojan Virus
Here is an example of how hackers use fake warning to infect your PC.
We have used infobanc.com as example, you may receive similar mail from
other sources.
E-mail account disabling warning
Dear user of e-mail server "Infobanc.com",
Our antivirus software has detected a large
amount of viruses outgoing from your email account,
you may use our free anti-virus tool to clean
up your computer software.
Further details can be obtained from attached file.
For security reasons attached file is password
protected. The password is "82177".
Sincerely,
The Infobanc.com team
http://www.infobanc.com
File Attachment
Name: Document.zip
Type: Zip Compressed Data (application/x-zip-compressed)
Encoding: base64
Plain Text (text/plain)
|
How to Protect Yourself
The real danger lies in simplicity and believability of the e-mail - with clever
choice of 'sender', known to you. Very few would care to check if the mail is
genuine or sent by a hacker.
What's important is to look for following peculiarities in such mails that can
help you identify the threat and take precaution:
-
Any unsolicited mail with file attachment is a suspect - no
matter who seems to have sent it
-
Emails from your service provider normally address you by
your name and/or business. Fraudulent emails often include salutation like
"Hello", "Dear User" , "Dear Member" etc.
-
Never click at the file attachment to open it
-
Inform the 'sender' (i.e on whose name the mail was sent)
about the mail and delete it.
-
If you are using POP mailbox - set maximum size of an e-mail
to less than 20 Kb in your e-mail client. This way, larger e-mails will
remain at your mail server unless you opt to download them. You may delete
suspect e-mails from server later.
-
Install a good anti-virus software - update it regularly.
Failure to take precaution means allowing hackers to take control of your PC,
loose personal information stored in it and jeopardizing security of friends
with same threat.
Bogus Warning Mails
Hackers use this trick to extract confidential information about you and then
use it for identity theft.
In its simplest form - you receive a fake mail from a reliable source like eBay,
Paypal, your bank etc. informing you that your personal information needs updation
for smooth running of your account. You are requested to click at a give link
and update your personal record.
Example of Bogus Warning Mail
Here is an example of fraudster's trick to extract personal information. We
have used eBay example, you may find same bogus warning mail on Paypal, CitiBank
and many others including even your own bank.
Dear valued eBay member:
It has come to our attention that your eBay billing
informations are out of order. If you could please
take 5-10 minutes out of your online experience and
update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result
in account suspension. Please update your records
by January 11th.
Once you have updated your account records your
eBay session will not be interrupted and will
continue as normal. Failure to update will result
in cancellation of service, Terms of Service (TOS)
violations or future problems.
To update your eBay records Click here:
Another example....
Subject: Security Check
For security reasons please re-enter your user ID and
password.
Your User ID
Your Password
|
How to Protect Yourself
-
Any unsolicited e-mail asking for sensitive information is
a suspect. E-mail is as public as postcard - any hacker can intercept and
read your e-mail. Respected companies never ask for information like credit
card number through e-mail.
-
The mails may come with actual logo image of the company
and even the 'Click Here' link may seem to be pointing to legitimate website
of service provider. Do not get convinced so easily - its easy to lift logo
image from company website and Internet links may easily be disguised.
-
The surest way to reach a web-site is to type its URL in
your browser - clicking a link in an e-mail may take you to fraudster's
website.
-
Do not divulge personal information such as account id and
password, credit card number, bank account, PIN number, Social Security
Number, mother's maiden name etc. before verifying the requester's identity.
-
Whenever in doubt - check with source of e-mail (i.e. on
whose name the mail was sent). Do not get into panic that your service will
be discontinued. Fraudsters usually scare their victims with imaginary threat
to act fast.
-
Choose a password that uses combination of letters, numbers,
and symbols. Avoid choosing obvious words such as nickname or dates (e.g.
your birth date). Don't use same password for all other online services.
Using same password for multiple websites increases the likelihood that
someone could learn your password and gain access to all your accounts.
Change your password frequently.
Happy and Safe Surfing
Dr. Amit K Chatterjee
Related Links:
|
