The Right Way To Respond To A Fake “Confirm PayPal Account” Phishing Email

Regular readers here are smart people – very smart people. Over the last few years I’ve come to know many of them. And, none better than John Bent – my good buddy from the UK. In fact, John is the third leading commenter on this site.

I don’t mind saying, that I look forward with some anticipation to John’s comments – he is, in a sense, a writer in disguise. And, a good one at that. But, best of all, John’s comments invariable hold more than a nugget of cyber wisdom.

The following comment (from earlier today), sets out how John – a super user – responded to a PayPal account phishing email. There’s a strong lesson to be learned here – for all of us.

Hi Bill,

Re:https: Fake “confirm PayPal Account” email leads to phishing.

The version I received told me that my account had been changed to “limited” status, because of “suspected invalid use by a third party”. The cheek of these people!

I have to say it was a very good imitation, so I took it seriously enough to open a new browser window to check my account directly, NOT via the link in the email. Surprise, surprise – no mention of my account being limited.

While I was on their site, I found the address to forward suspected phishing emails to; I know, I ended a sentence with a preposition, so sue me. I always make a point of forwarding these emails to the appropriate address; a link to this can usually be found on the home page, not always easily.

I guess they do not want to highlight this problem too clearly, probably regarding it as the customer’s problem rather than theirs; how’s that for customer service?

If I still had any doubts, the sender’s email address was a complete giveaway; no mention of PayPal anywhere. One final thing, if this kind of email is genuine, it usually addresses the account holder by name and will NEVER ask you to click on a link and input sensitive information.

Kind regards
John

The sidebar on this site sets out the following – “Comments are an important feature of this Blog.” John’s comment is a perfect example of how one reader’s comment can be a teaching moment for others.

Thank you John for taking time to fill in the blanks.

Updated – July 30, 2012.

Heads up on another attempted PayPal scam. This one was confirmation of a supposed payment to Skype of £46.49 gbp. Thoughtfully a link was provided so that I can raise a dispute if I have “issues” with the payment. This is, of course, a devious way to harvest your login details so that the scamscum can actually take money from your account

Of course I know I’ve never paid anything for Skype and a quick check on my account confirmed this.

 

 

 

Gmail Scammers Still On The Make

Email spammers/scammers are masters of the well worn “carrot or stick” school of motivation. They seem to bounce from “this is what you’ll get” versus, “this is what you’ll lose” – with some regularity.

Some samples of each motivational technique taken from my spam honeypot Gmail account in the last few days.

The carrot:

Hi
It`s Kerri again. Will you ever contact me?
I made those nude pictures especially for you and I won’t write to you again!
If you wanna see them just drop me a line at – – – – – – –

and the following heavily edited example.

Robert S.Mueller
FBI Director

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire by August 20th you will only need to pay $150 instead of $420 saving you $270 So if you pay before August 20th, 2011 you save $270.

Oh yeah, don’t forget to send us your name/address; sex/age; cell number; and –  a scanned copy of your driver’s license.

Yes, I’ll get right on that  

Both of the above are just too preposterous to be taken seriously. Although, as difficult as it is to believe, there are those who are laughably loony enough to  respond.

The stick is a little different, and a good example of this is the various forms of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

Unaware webmail users are much more likely to respond to the threat of losing their email privileges than you might imagine. If the notice looks convincing enough (and, they often do), some Gmail users are bound to be taken in.

The stick:

If you expand this graphic to its original size, you’ll notice the sender is googleemail.com – close, but no cigar. As well, if you’re a WOT (Web of Trust) user, you’ll see that WOT has cleared the “Sign in” link as being safe.

A rather confusing mixed message. Googlee is not Google, but WOT marks the link as safe.

Unfortunately, this “green light” is a shortcoming in WOT’s reputation assessment since the rating reflects the reputation of the the principal domain, and not a subdomain – which, in this case, the link resolves to.

Sadly, average users are generally unaware that Gmail provides a simple tool to view message headers which contain tracking information for an individual email.

In this case, checking the headers (as shown in the following screen capture) reveals this email actually came from prajim.siaminterhost.com – obviously, not Google.

Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fall for this type of crafty scam, are often redirected to a forged version of Gmail’s login page where they can happily provided the requested information.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

If you have a webmail account other than Gmail, check out this page for instructions on finding headers for your specific provider.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ashampoo Database Hacked – What You Need To Know

I could spend all day, every day, reporting on nothing more than the latest cyber criminal targeted intrusions into enterprise IT systems.  Two reports from my today’s Tech Net News column illustrate that we are barely scratching the surface of this significant, continuous, and rapidly expanding problem:

European Space Agency website and FTP servers hacked

Dramatic increase in cyber attacks on critical infrastructure

If you’re an everyday reader here, then you may recall that I regularly recommend that you take advantage of the German software developer Ashampoo’s, occasionally offered free application multipacks.

The downside (for some) is, you must register and provide an email address. Additional benefits can be gained by registering as an  Ashampoo member, which includes creating a password.

Unfortunately, Ashampoo has become a victim of a cyber criminal targeted intrusion aimed at their customer database. According to the company:

“Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected … it is not stored on our system.”

If you have taken advantage of Ashampoo’s offers, then it’s important that you exercise extreme caution with any future emails sent by the company and, any unsolicited email sent by any company, for that matter.

As well, if you have registered as an Ashampoo member, it’s important that you change your account password. Additionally, if you have used the same password elsewhere (you’d be surprised how often this occurs), it’s imperative that you change these passwords immediately.

My thanks to my buddy John B. (a great Scot!), for bringing this unfortunate incident to my attention this morning.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cyber Criminals Bump Up Efficiency Using Cloud Services

In a comment response yesterday to regular reader Mal C., I made the point – “It’s the person at the keyboard, that’s where the trouble starts – not the OS”. Continuing the discussion with regular reader John B., I expanded on this –

“It’s the person at the keyboard, that’s where the trouble starts – not the OS”, is operative – no matter the operating system.

Just one example: Email accounts are continuously been phished (“your account will be deactivated”, is a popular approach), with the objective being to have the user respond with, password, DOB, mobile telephone number, etc.

If the phish is successful (and many are), the crook ends up controlling that account. Cyber crimes like this, are not system specific. They depend on unaware, undereducated users, for their success.”

As luck would have it, this morning I got an invitation from Commtouch, to post an upcoming article here on Tech Thoughts (which will be published on their site shortly), that partly supports this view.

Cloud Streamlines Efficiency of Identity Theft

Working with cloud-based services significantly improves economies of scale – for cybercriminals, too. Phishers are already benefiting from free hosting by hiding phishing pages within hacked legitimate sites.  Now, they are leveraging cloud-based form management sites, such as Google docs or formbuddy.com. to collect information from unwitting victims.

With this technique, the phisher does not have to worry about creating/managing/storing back-end form data and can more easily scale the harvesting of phished data.  Those duped into filling out the form will not be aware of this nuance.

We just hope victims are paying attention when they fill out a seemingly legitimate form that directly asks for an “email address password.” If their attention lags, they are giving the phisher a significant pay-off for a minimal investment: Identity theft.

This attack targets users of HomeAway holiday rentals – See the images below. Click on an image to expand.

A look at the page source reveals that the filled in form is sent to “formbuddy.com” and not collected directly by the phisher.  Formbuddy.com collects and stores all the responses to the “form” shown above, and then emails a neat summary to the phisher (whose login name is “fanek”).

As a matter of interest, WOT (Web of Trust) warns against visiting formbuddy.com, as per the following screen capture.

As an aware and educated computer user, I know that you wouldn’t be deceived by this type of clumsy attempt to defraud – under no circumstances would you disclose your email address password to anyone.

As I said at the opening, these schemes depend on unaware, undereducated users, for their success. Unfortunately, that describes far to many Internet users.

About Commtouch:

Commtouch provides proven Internet security technology to more than 150 security companies and service providers including 1&1, Check Point, F-Secure, Google, Microsoft, Panda Security, Rackspace, US Internet, WatchGuard and Webroot,, for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and protect effectively in all languages and formats.  Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance.

More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

McDonalds “Fillet O’ Phishing” Survey Scam

Would you fill out an email survey, sponsored by McDonalds – if they paid you 250 dollars for completing it? I’ll go out on a limb here and say – yes you would. Just like most offers that sound overly attractive though – this offer is a scam.

This scam is not only plausible, but in appearance, it could easily pass for the real thing. Jump into this one though, and you’ll stand a good chance of losing your credit card information. So, no 250 dollars; just a real messy credit cleanup to look forward to.

Filling out the survey form really isn’t the hook – that comes later.

Clicking on the “proceed” link (this is where you supposedly get the 250 bucks), opens the following screen. All you have to do is provide your credit card details and additional personal information.

If, at this point, you don’t hear a loud warning bell resonating in your head – you’re about to become a cyber crime victim.

To add credibility (and reduce suspicion), victims of this scam are automatically redirected to the official McDonalds site – once the victim’s credit card details have been scooped by the crooks.

In August of 2010, when I first reported on this scam, which was then being “test marketed” by the cyber crooks in New Zealand and Australia, I made the following point –

The rest of us (non Australian or New Zealanders), shouldn’t be complacent because, for the moment, this scam is appearing only in that part of the world. If this scam works there, and I suspect it will work very well, there’s little doubt it will soon be on it’s way to you’re inbox.

Well, here it is in North America and according to the chat on the Net, this time out, the graphics on the survey and phishing pages are loaded directly from McDonald’s own website. You can rightfully accuse cyber crooks of being the lowest form of pond scum imaginable – but you can’t accuse them of not being technically sophisticated.

It’s the same old, same old, though – the first time I came across this scam was in 2006. This type of scam is recycled repeatedly – because it works. Reasonably intelligent people do get trapped by sophisticated scams. Due, in large part, to their failure to take minimum common sense security precautions. Don’t be one of them.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

f you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender Releases Free Antispam for Linux Mail Servers

BitDefender styles itself as “an award-winning provider of innovative Internet security solutions”, and I must admit that I agree. Moreover, BitDefender has taken a leading role in providing free security solutions, including a host of specialty malware removal tools – particularly, in the past few months.

Yesterday, BitDefender released a Free Antispam application designed specifically for Linux Mail Servers. This new application is driven by BitDefender’s award winning anti-spam engine, and according to Alexandru Balan, BitDefender’s Innovation & Technology Product Manager, the application is aimed at “small businesses and individuals who run mail servers in environments other than Windows, but are dissatisfied with the lackluster performance of existing open-source or proprietary antispam solutions.”

Fast facts:

Antispam – Using constantly updated blacklists and whitelists of known Spam sites, Bayesian learning provides another layer of detection that adapts to the changes made by Spammers to bypass static Spam filters.

Antiphishing – While considered more of personal threat than a corporate threat; phishing sites can also harvesting information from your company’s employees. Using a combination of constantly updated blacklists and whitelists, BitDefender prevents users from known accessing phishing sites and preventing compromise.

Content Filtering – Content filtering allows for the detection of predefined information such as credit card or account information, report names, client databases, etc. from passing outside the company’s control.

High performance NeuNet technology (advanced adaptive neural network).

Easy installation and easy to use web-based and command line administration interface.

Highly compatible kits that are available for all major Linux distributions (available as RPM, DEB, IPK) and are Linux FHS compliant.

System requirements:

Linux – Linux Kernel 2.6.18 or newer, glibc 2.3.1 or newer, libstdc++ from gcc 4 or newer.

Supported Distributions:

Debian GNU/Linux 3.1 or newer, Fedora Core 1 or newer, Novell SuSE Linux Enterprise Server 9, Linux 8.2 or newer, Mandrake/Mandriva 9.1 or newer, RedHat Enterprise Linux 3, Linux 9 or newer

BitDefender Security for Mail Servers, is the only product to have won a VBSpam award in every single VBSpam test – and with one of the highest spam catch rates in this test, and no false positives, it outperforms all other products and achieved the highest final score in the September 2010 test.

Download Free AntiSpam for Mail Servers at: BitDefender – registration required.

A user guide, in PDF format, is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

ANOTHER Gmail “We’re Going To Close Your Account” Phishing Attempt – And The Beat Goes On!

For months now, Gmail inboxes have been flooded with one form or another, of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

I mentioned earlier this month, that I didn’t expect to see this Gmail  accounts scam reducing in volume any time soon. And sure enough, late today, I received another email, purportedly from the Gmail Team, in which the phisher attempts to convince me that this is the genuine article.

Dear Account User,

Bear with us, we ere undertaking a major upgrade in our Gmail network to ensure the security and privacy of our Gmail users and improve our service.

All Gmail Account needs Verification to avoid it being shut down due to recent problems encountered by Gmail Database system as a result of the ongoing upgrade. Please supply the details below to clarify that your account. so that it will not be deleted.

Username:

Password:

Birth date:

Country:

Note: Account owner that refuses to update his or her account within Seven days of receiving this notice will lose his or her account permanently.

Thank you for using Gmail!

The Gmail Team

It’s the same old, same old, though. Just like most of these type of emails, this one contains the usual misspelling, grammatical, and punctuation errors.

It looks convincing enough though, that some new Gmail users might easily be taken in. I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are.

As with all emails of this type, the following issues raised immediate questions.

No personalized greeting.

The reply form asks for information that I initially supplied to Gmail when I activated my account.

The reply form asks me to provide my password. Isn’t this supposed to be kept secret even from Gmail?

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address. In this particular case, the email actually came from vodamail.co.za (South Africa).

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

It’s important that you know, that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of.

To further illustrate just how common this is, the article I wrote on being hacked – My Gmail Account Hacked From Nigeria, continues to be one of the most read articles I’ve written.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Password Phishing Still Going Strong

For months now, Gmail inboxes have been flooded with one form or another, of the “Your Account Information Has Changed” phishing attack. Unfortunately, I don’t expect to see this Gmail  accounts scams reducing in volume any time soon.

This morning I received another email, purportedly from the Gmail Team, in which the spam scammer attempts to convince me that this is the genuine article.

Unlike most of these type of emails though, this one does not contain the usual misspelling, grammatical, and punctuation errors. In fact, this notice, as the following screen capture shows, is a brilliant forgery. And, it gets better, yet.

Despite the fact the cyber crooks involved here, have taken extraordinary care in developing this scam, the notice still shouts out the need to “stop and think” – before clicking.

No personalized greeting – Google, which knows more about me than anyone, except perhaps my mother, has chosen to use a generic greeting – Hello. How strange is that?

My information is incomplete – How can this be? I’ve been a Gmail user since day one, and I don’t recall that Google has ever been accused of losing data. This just doesn’t make any sense.

Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fell for this crafty scam were taken to a forged version of Gmail’s login page and, I’m quite sure – happily provided the requested information.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

Note: Despite 20+ years of experience using Webmail, one of my Gmail accounts was hacked recently. I have yet to work out exactly how this was accomplished.

It’s important that you know that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of.

To further illustrate just how common this is, the article I wrote on being hacked – My Gmail Account Hacked From Nigeria, continues to be one of the most read articles I’ve written.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Cloudmark DesktopOne – A Free Anti-spam Desktop Application

When Mark Twain made the comment “The rumors of my death have been greatly exaggerated”, he might have been talking about the desktop-based email client. Mozilla, with the release of Thunderbird 3.1.2 just a few days ago, obviously doesn’t believe in the premature death of desktop-based email clients.

The view that somehow Web based email is safer than a desktop-based email client, since Web based email clients such as Gmail, Hotmail and others, supposedly filter out all dangerous or unwanted content, is not an opinion that I entirely agree with. This view does not line up with my personal experiences.

The fact is, many desktop-based email clients can be superior in this area, since they offer advanced security options, as well as junk mail filters, and anti-phishing protection.

After having my principal Gmail account hacked earlier this year, the idea that Google, and others (who are motivated by profit only – something you need to keep in mind), store my emails indefinitely, is less than appealing. It’s not my idea of safe, or hacker proof security.

As well, Web based emails, including deleted emails, will be released to appropriate authorities based on a court order. There goes both security, and privacy. Of course if you haven’t done anything wrong, you have nothing to worry about, right? Hah!

Regular readers are aware that I’m a big fan of community based security applications such as WOT, and Immunet Protect, to name just two. Expanding on this concept, Cloudmark, a messaging security company, has built community-based filtering technology (supported by a community of over a Billion users), into Cloudmark DesktopOne.

Cloudmark DesktopOne, is a free (also available on a fee basis), anti-spam desktop application, designed for both typical at-home users, and business users, which continuously filters e-mail, to eliminate spam and protect users against phishing, and e-mail-borne viruses

Here’s How it works:

Fast facts:

Quick, easy, automatic setup – Cloudmark DesktopOne installs in seconds, then automatically detects email accounts on your computer and begins filtering them with a click of a button.

Filters Even When Your Email Program is Closed – Cloudmark DesktopOne works independently of your email program to block spam around the clock, even when your email program is closed.

Manage Multiple Email Accounts in One Window – When you’re in Pro mode, the Accounts window displays your protected email accounts, with statistics about how many spam messages were blocked for each one. Open this window to configure your Cloudmark DesktopOne to filter, sort, and delete spam.

Simple Online Account Management – Manage your Cloudmark subscription in a convenient web-based interface.

If you run a desktop-based email client, then Cloudmark DesktopOne is definitely worth taking a look at.

Note: Cloudmark DesktopOne in basic mode, is free for individual users to filter one e-mail account into a single spam folder. Users, businesses and households, who need to manage multiple e-mail accounts and folders can upgrade to Cloudmark DesktopOne in pro mode for $19.95 annually.

Supported Clients: Microsoft Outlook, Microsoft Outlook Express, Microsoft Windows Mail, and Mozilla Thunderbird.

System requirements: Windows 7 (32 and 64 bit), Windows Vista (32 and 64 bit), and Windows XP.

Download at: Cloudmark

About Cloudmark:

Cloudmark, Inc. is a global leader in carrier-grade messaging infrastructure and security solutions, delivering the industry’s fastest, most accurate and most scalable messaging platform for fixed, mobile and social networks. Cloudmark solutions protect more than one billion subscribers for the world’s largest networks, including AT&T, Comcast, MySpace, NTT, Swisscom and Time Warner Cable.

For more information, go here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.