There
has been a significant rise in spam mail, virus
and fraud alerts in last few weeks. Some of the
stuff in circulation are extremely destructive
and a serious security threat to all Internet
users. We examine these threats in detail with
example and discuss how to protect yourself.
Gone are the days when spam was just unsolicited
e-mail. Today spam has become far more dangerous
in the hands of hackers, fraudsters and virus
makers who regularly use it to distribute trojan
virus or send bogus warning mail
Trojan Virus
This is a type of virus that gets into your computer
mostly through e-mail file attachment and opens
a back-door entry for hackers to get into your
PC and steal confidential information. After infecting
your PC, it spreads same trojan to all your friends
and customers listed in address book.
Example of Spam with Trojan
Virus
Here is an example of how hackers use fake warning
to infect your PC. We have used infobanc.com as
example, you may receive similar mail from other
sources.
| E-mail account disabling
warning
Dear user of e-mail server "Infobanc.com",
Our antivirus software has detected a large
amount of viruses outgoing from your email
account, you may use our free anti-virus
tool to clean up your computer software.
Further details can be obtained from attached
file.
For security reasons attached file is password
protected. The password is "82177".
Sincerely,
The Infobanc.com team
http://www.infobanc.com
File Attachment
Name: Document.zip
Type: Zip Compressed Data (application/x-zip-compressed)
Encoding: base64
Plain Text (text/plain) |
How to Protect
Yourself
The real danger lies in simplicity and believability
of the e-mail - with clever choice of 'sender',
known to you. Very few would care to check if
the mail is genuine or sent by a hacker.
What's important is to look for following peculiarities
in such mails that can help you identify the threat
and take precaution:
- Any unsolicited mail with file attachment
is a suspect - no matter who seems to have sent
it
- Emails from your service provider normally
address you by your name and/or business. Fraudulent
emails often include salutation like "Hello",
"Dear User" , "Dear Member"
etc.
- Never click at the file attachment to open
it
- Inform the 'sender' (i.e on whose name the
mail was sent) about the mail and delete it.
- If you are using POP mailbox - set maximum
size of an e-mail to less than 20 Kb in your
e-mail client. This way, larger e-mails will
remain at your mail server unless you opt to
download them. You may delete suspect e-mails
from server later.
- Install a good anti-virus software - update
it regularly.
Failure to take precaution means allowing hackers
to take control of your PC, loose personal information
stored in it and jeopardizing security of friends
with same threat.
Bogus Warning Mails
Hackers use this trick to extract confidential
information about you and then use it for identity
theft.
In its simplest form - you receive a fake mail
from a reliable source like eBay, Paypal, your
bank etc. informing you that your personal information
needs updation for smooth running of your account.
You are requested to click at a give link and
update your personal record.
Example of Bogus Warning Mail
Here is an example of fraudster's trick to extract
personal information. We have used eBay example,
you may find same bogus warning mail on Paypal,
CitiBank and many others including even your own
bank.
Dear valued
eBay member:
It has come to our attention that your eBay
billing informations are out of order. If
you could please take 5-10 minutes out of
your online experience and update your personal
records you will not run into any future
problems with the online service. However,
failure to update your records will result
in account suspension. Please update your
records
by January 11th.
Once you have updated your account records
your eBay session will not be interrupted
and will continue as normal. Failure to
update will result in cancellation of service,
Terms of Service (TOS) violations or future
problems.
To update your eBay records Click here:
Another example....
Subject: Security Check
For security reasons please re-enter your
user ID and
password.
Your User ID
Your Password |
How to Protect
Yourself
- Any unsolicited e-mail asking for sensitive
information is a suspect. E-mail is as public
as postcard - any hacker can intercept and read
your e-mail. Respected companies never ask for
information like credit card number through
e-mail.
- The mails may come with actual logo image
of the company and even the 'Click Here' link
may seem to be pointing to legitimate website
of service provider. Do not get convinced so
easily - its easy to lift logo image from company
website and Internet links may easily be disguised.
- The surest way to reach a web-site is to
type its URL in your browser - clicking a link
in an e-mail may take you to fraudster's website.
- Do not divulge personal information such
as account id and password, credit card number,
bank account, PIN number, Social Security Number,
mother's maiden name etc. before verifying the
requester's identity.
- Whenever in doubt - check with source of e-mail
(i.e. on whose name the mail was sent). Do not
get into panic that your service will be discontinued.
Fraudsters usually scare their victims with
imaginary threat to act fast.
- Choose a password that uses combination of
letters, numbers, and symbols. Avoid choosing
obvious words such as nickname or dates (e.g.
your birth date). Don't use same password for
all other online services. Using same password
for multiple websites increases the likelihood
that someone could learn your password and gain
access to all your accounts. Change your password
frequently.
|
