Spam is a Pain in the Ass!

The following statistic bears repeating – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

Botnets or not, personally, I don’t really care where the spam comes from – it’s a major pain in the ass!

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily spam going to my long established accounts.

Generally, the spam aimed at my older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in.

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration.

The following graphic (this is only one day), clearly illustrates just how pervasive this type of phishing Spam is. Most of this spam has the following in common: notification that the reader has won a huge sums of money, or that they will have access to a huge sums of money but only after a payment of  hundreds of dollars.

Click for larger.

As well, in almost every case the spammer requests the following type of personal information:

Your name

Your current address

Your phone number – both land line and cell

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not?

In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience. Without a doubt, there are some people, somewhere, who will respond to this nonsense.

Opening this type of email is definitely not recommended since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files and emails that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click on unsolicited emails.

Not clicking will ensure your safety and that these email will remain nothing more than a pain in the ass.

Spam and Botnets – Who’s Responsible?

A fairly recent survey on Internet security released by the National Cyber Security Alliance (NCSA), determined – “U.S. consumers don’t understand botnets; networks of compromised computers that have become one of the major methods for attacking computer systems”.

Pointedly, Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” people don’t know how to keep their computers secure.

The information gathered in this survey is not new to experienced computer users’, or to those of us involved in Internet and system security. It seems to me, that this is simply repackaged information that we have had access to, in some cases, for years. In fact, the statements in this survey can be applied to worldwide Internet users’ and are not restricted to just users’ in the U.S.

I think that one would have to have been on an extended vacation from both computers and cyber space, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time.

Consider this – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

So the question is, why is the average, or typical computer user, so lacking in knowledge when it comes to Internet security precautions; some might say even negligently so?

Problem solving this issue does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article, summed up this issue particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take Internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the (dryer) lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the root of this problem: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all, Internet users’.

We are long past the point where we need to stop just talking about this issue. We need to stop being part of the fear campaign and the feeling of helplessness that accompanies it, and develop appropriate solutions.

Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where little or no user interaction is required to maintain the security of the system. Microsoft’s soon to be released Windows 7 operating system, developed with security in mind, appears to be a step in that direction.

More to the point however, a massive change in Internet users’ attitudes and perceptions needs to take place. Users’ have to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem, but instead, are part of the solution.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser addon which takes security this one step further. The solicited opinions of users/members, on a web site’s safety, are incorporated into the overall site safety rating.

There are other solutions of course; some draconian, some less so, but unless we as computer users take responsibility for our own online safety, you can be sure that governments will eventually introduce measures that will be considered draconian.

We now live in the age of the “interconnectedness of all things”, in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists; and here we are, back to the concept of draconian government imposed Internet security measures.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and amongst other solutions, insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer. If you reduce your exposure to successful attacks on your machine, then downstream you are helping to protect my machine and those of others.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of.

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

A Helpful Spam Scammer – A Wolf in Sheep’s Clothing

Most of us learned, in kindergarten, that appearances can often be deceiving. In the unlikely event that you didn’t; checkout,  All I Really Need To Know I Learned In Kindergarten, by Robert Fulghum. This book is a phenomenal bestseller; with good reason.

The following is a teeny, tiny excerpt -

“And then remember the Dick-and-Jane books and the first word you learned – the biggest word of all – LOOK.”

So, you ask – what has this got to do with the title of this article? Well the answer is – plenty! Not all of us, when we are on the Internet, LOOK – really look. Not all of us recognize, “the wolf in sheep’s clothing.” Spam scammers rely on this to defraud those of us who don’t.

This morning I received the following email, in which the spam scammer attempts to convince me that she is the genuine article – a concerned individual who has my best interest at heart.

She goes on to assure me that she’s not like all the rest of the cybercriminals out in the wild blue of the Internet. In fact, she lets me know that the “Compensation in Nigeria” scam, is a scam. No kidding lady!

She very kindly points out, all I have to do is spend $590.00 to receive my $1,500,000.00 which is waiting for me in Nigeria. And unlike her, I should not send over $20,000, to unscrupulous scammers, since they are out to steal my money! All I have to spend is that $590.00, and not $20,000.00. Sounds very cool!

Like most of these type of emails, this one contains the usual spelling, grammatical, and punctuation errors.

Attn: My Dear,

I am Mrs Kerra Linda Derrick, I am a US citizen, 48 years Old. I reside here in New Braunfels Texas. My residential address is as follows. 108 Crockett Court. Apt 303, New Braunfels Texas, United States, am thinking of relocating since I am now rich.

I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $20,000 while in the US, trying to get my payment all to no avail.

So I decided to travel down to Nigeria with all my compensation documents, And I was directed to meet Mr.James Ekeh, who is the member of COMPENSATION AWARD COMMITTEE, and I contacted him and he explained everything to me.

He said whoever is contacting us through emails are fake. He took me to the paying bank for the claim of my Compensation payment. Right now I am the most happiest woman on earth because I have received my compensation funds of $1,500,000.00 Moreover, Mr Cliff Olawale, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you.

I will advise you to contact Mr.James Ekeh. You have to contact him directly on this information below. COMPENSATION AWARD HOUSE Name : Mr.James Ekeh Email: james.ekeh09@yahoo.com Phone: +234-703-676-6120

You really have to stop dealing with those people that are contacting with the information that your fund is with them,it is not in anyway with them.They are only taking advantage of you and will financially dry you up until you have nothing.

The only money I paid after I met Mr.James Ekeh is $590,take note of that. Once again stop contacting those people, I will advise you to contact Mr.James Ekeh instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You and Be Blessed Mrs. Kerra Linda Derrick 108 Crockett Court. Apt 303, New Braunfels Texas, United States Of America

The problem is – there are some people, somewhere, who will believe this nonsense. After all, we don’t normally expect to be deceived by someone who gives us fair warning.

I know that you will not be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

Ask your friends, relatives, and associates to keep the following tips in mind  while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.Keep your computer protected.

Install a security solution and keep it up-to-date.

Spammers Go Short – Cut Link Lengths

The presence of shortened URLs in spam has skyrocketed over the past few days and now appears in more than two percent of all spam, according to MessageLabs Intelligence.

With many social networking sites providing character restrictions on status updates and messages, the use of free URL redirection services which turn lengthy web addresses into shortened URLs, is increasing in popularity with spammers for a number of reasons.

According to Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec – “There are literally dozens of websites that offer URL shortening services and spammers have realized that using these services eliminates the need to solve a CAPTCHA or register an account.”

“The newly shortened URLs also help cybercriminals disguise the true destination of where their victims will click through to, posing further risks of entering websites used to conduct drive-by malware attacks as well as spam. Donbot, the botnet responsible for sending approximately five billion spam messages every day, is one of the main culprits using this technique. Links of any size all need to be treated with caution.” Since you are a cautious Internet user, you know that, right?

For more information on email security, checkout MessageLabs Solutions.

Hey Sucker – Read This! Michael Jackson’s Not Dead!

The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

Best Spam Story Ever! Thanks Pastor Mike

Earlier this year I wrote an article on home networking “Your Electric Wiring Is a Wi-Fi Network Alternative”, which proved to be fairly popular with readers outside of North America.

Just two days ago I wrote an article “Email Spammers Are Smarter than You Think”, in which I stated – “I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it”.

Then, this morning, I received the following spam email offering to provide me with a contract worth $2.5 million, provided I am prepared to engage in fraud, graft and government corruption. Now, I could use $2.5 million, but I’ll pass!

The connection between the networking article, and this carefully crafted spam email, points out how spammers can modify their criminal activities to seek out a specific target market, rather than rely only on the more general broadcast, and non-specific targeting method, we are more familiar with.

I’m posting the email in its entirety since I found it very funny, and you may too. I consider it more than ironic, that the apparent sender is a pastor, given that he is advocating fraud, graft, and corruption. Halleluiah , brother!

Dear Sir,

RE: CONTRACT SUPPLY OF NETWORK WIRES WORTH USD2.5 MILLION FOR INTERNET ACCESS TO SECONDARY SCHOOLS

We are much delighted to enter into business relationship with your company of which we request for your full cooperation in order to achieve this goal.

I am a commission agent and consultant and there is a business I want to introduce to your company and if everything goes well, at the end, you will pay me 1% of the total value of the deal as commissions. Briefly, let me explain to you the nature of the concerned business. A government department in Nigeria UNIVERSAL BASIC EDUCATION NIGERIA is looking for a reliable and trustworthy company that can supply the above.

The ministry wishes to award the contract for the supplies to any reputable company in your area with proven capability to supply the above quantity items within a period of 10 months against upfront payment by telegraphic transfer 60% advance by telegraphic transfer immediately the contract is sign while is delivery is by sea to Lagos seaport within 8 months upon you/ contractors receipt of full advance payment. I am writing you this letter because I want to know whether your company has the ability to undertake the contract from for the supply of the above listed items?

Really, it is sometimes difficult to get such a big order from government of any country especially when the term of payment is 60% advance deposit after contract signing and balance 40% before shipment. The good news is that I have friends in the UNIVERSAL BASIC EDUCATION NIGERIA office of the principal buyer and these friends of mine are willing to help me to convince the top official of the ministry in Nigeria to give the contract to your company if you co-operate with me.

The co-operation I need from is to agree to compensate me with 1% of the total value of the contract if we are able to make the transaction. I depend on the success of this transaction and the commission I will receive from this transaction as my own benefits and to uplift my standard of living.

If you are interested to get this contract and if you are capable to handle the contract and willing to give me 1% of the total value of the contract, please contact me by email to enable to give you instructions on how you will apply for the contract.

As soon as you apply for the contract, I will contact my friends in the ministry for them to start underground works with the top officials of the ministry to give the contract to your firm. I am waiting for a speedy answer from you to enable show it my friends in the ministry for them to know whether it will stand a better chance of winning the contract as well on how you should prepare your tender documents.

Kindly treat urgent by confirming your interest, also send us your prices of the above products immediately by internet so that we will advice on how to prepare your tender documents.

Thanks for your kind cooperation also call me upon receipt of this mail.

Yours sincerely

Pastor. Mike Ukwu
NEW AGE TRADING
No. 120 Brass Street
Aba,
Tel: 00234-07056757161

Email Spammers Are Smarter Than You Think

I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

- In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

- To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Elsewhere on this site there are additional articles dealing with other current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

You Won $1,230,310! Still Believe in Fairy Tales?

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails just like this. Anyone with an email address is bound to be bombarded with this type of scam email.

(Click graphic to view larger)

Opening this type of email is definitely not recommended since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, (Wikipedia), rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re probably going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money. As well, they can be designed to install various types of malware on your computer that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on but I think the message here is clear. Think carefully before you click.

Minimum Security Precautions:

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you are unsure of you current security software, then checkout “Need Free Security Programs? – 10 Of The Best!” on this site.

Don’t Open a Can of Worms! – Get the New Improved WOT

Regular readers of this site are well aware that for the last year or more, I have written extensively about WOT, Web of Trust.

What is WOT?

WOT is a free Internet Browser resource that has established an impressive 4.5/5.0 star user rating on CNET, and has become one of the most downloaded FireFox Add-ons at the Mozilla add-on site, with over 4 million users.

If you are an Internet Explorer 8 user (and this is the only release of Internet Explorer you should be using), you’ll be happy to learn WOT is now available for this latest IE release.

According to Matt Crowley, Program Manager, Internet Explorer Extensibility, “WOT is a great example of how add-ons can extend the user experience, functionality, and security of a web browser. This represents the type of quality and usefulness we’re aiming to showcase on ieaddons.com.”

Web of Trust offers Internet users preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites. The WOT security add-on provides safety ratings to search results when using Google, Yahoo!, Digg and other popular sites, helping users protect their computers and personal information.

WOT operates in a unique fashion in order to offer this active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 20 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

How WOT works

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely. Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

Ratings for over 20 million websites

Downloaded 4,000,000 times +

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer and FireFox

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish, Finnish, Chinese and Japanese.

WOT now has customizable protection:

WOT provides four convenient one-click protection options that can be changed instantly depending on the situation.

Fast facts:

Light protection suits experienced Web users

Basic protection guides the user by giving warnings

Maximum Safety stops dangerous Web sites from loading

Parental Control blocks access to Web sites with a poor child safety rating and no rating at all

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click

Download at: MyWot

Watch a demo video showing how WOT works in practice.