I’ve Got 10 Kilos Of GOLD I Want To Share With You!

My Australian friend Rod, a security developer executive, regularly forwards copies of scam emails that his company detects, through their various Internet  resources.

I’m very appreciative that Rod takes the time to do this, since it keeps me in the loop at the company level on email scams and malware threats. And,  it gives me a chance to LMAO – some of these emails are outrageously funny.

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails similar to the one below, recently forwarded by Rod – this one is particularly ridiculous. But, that’s the point in using it as an illustrative example.

Anyone with an email address is bound to be bombarded with this type of scam email (including the misspellings, lack of punctuation, incorrect grammatical usage, etc.).

How are you doing sir/madam? My name is Mr. Twum a 25 year old man, please dont be surprise i got your email from yahoo. i have 10kilogram of AU RAW GOLD, i got this Gold as a beneficiary from my parent as their only son . i dont know much about Gold so i am here looking for someone who can lecture me on how i can sell the Gold and how much it worth at the market.

please note that i have all legal documentation from my late dad before he passed away and on one of the documents, It is said the specification of the gold is,

QUALITY : 22+Carat with a minimum

PURITY : 96% Or Better

Origin : Ghana.

And i am ready to send sample to you to test and see if it is Gold as i can read clearly.

if you so interested. have a nice day and enjoy your day

hope to hear from you soon

Opening this type of email is definitely not recommended (despite the humor), since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers, being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money and your identity. As well, they can be designed to install various types of malware  that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the type of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click.

Despite every warning under the sun, there are people who will open this type of email. And, in that group, there will be people who will respond. If you’re having trouble believing this – believe it. If this type of scam didn’t show results, we wouldn’t have to deal with them on a constant basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

It’s Time We Called Cyber Criminals What They Really Are – Terrorists

While it may be true that cyber crime doesn’t fit neatly into the restrictive classical definition of terrorism, (motivation is a definitive factor), nevertheless, cyber crime’s effect on Internet users’ is  arguably similar  – intimidation, coercion (think Rogue software), and instilling fear.

Motivation be damned! Simply because a hacker’s motivation is money, rather than political gain, hardly changes the effect of the crime. Cyber criminals, by my definition, are terrorists.

Consider the following two points:

If a group, or an individual, dug holes in a highway in your community making it unsafe to use, (put the motivation aside for a moment), how would you refer to that person, or group, based on the impact on you? The reality is – cyber criminals, blow holes in the Internet highway on a daily basis.

If you couldn’t get to work today, because a criminal gang held the subway system to ransom – with a bomb threat, how would you, or more particularly, law enforcement officials, refer to that group? The reality is – cyber criminals hold individuals, and web sites, to ransom every day.

As Shakespeare said, in Romeo and Juliet , “That which we call a rose, by any other name would smell as sweet.”  The point being – it doesn’t matter what you call a thing; what matters is – what the thing is. Cyber crime though, is a misnomer – terrorism is not.

This morning, when I was editing my Tech Net News column, I included the following high profile cyber crime occurrences which were reported over this past weekend. I could easily have added a dozen more, all from the last few days, but I think the point was made.

Newest Social Net Scam: Stranded Friend – Analysis: Beware a common hoax involving a hijacked email account and a plea for quick cash from a familiar name.

Trojan attacks now almost solely from legitimate websites – According to reports, surfers are now almost always attacked from the hacked web sites of legitimate providers. Previously the general assumption was that malware was only found on sex sites and other shady web sites, but these days all you need to do is visit the site of your favorite newspaper to come under attack.

Reports of Possible YouTube Hack Light up Social Media Sites – Reports have surfaced on social media sites that YouTube may have gotten hacked and that Apple’s iTunes App Store may also be compromised.

App Store Hacked – Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. What’s more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developer’s apps.

Existing penalties for cyber crimes, including those mentioned above, are far less than adequate. So, calling cyber criminals what they are – terrorists; would open up a whole new spectrum of possibilities – including the application of criminal penalties, and sanctions, more in line with the true nature of the offense – terrorism.

I’ve always been curious as to why it is, governments and law enforcement agencies, protect us across a broad spectrum – from noisy neighbors, all the way to ensuring our safety while travelling on airplanes. And yet, these same governments and law enforcement agencies, leave it us, at an individual level, to deal with cyber crime.

This hands off policy has led to staggering costs to world economies – (a Trillion dollars or more, annually), and the impact on individuals, is immeasurable.

I suspect, that if cyber crime was referred to in a more appropriate manner – terrorism; we might find ourselves less alone in our daily struggle to stay safe on the Internet.

What do you think:

Are you tired and frustrated with having to deal with cyber crime on your own?

Should the nature of cyber crime be reflected in a more appropriate way, by calling it what it is – terrorism?

Should the penalties for cyber crime be set at a level commensurate with the true nature of the offense?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Email Scammers Threaten to Have Me Charged with Money Laundering

I’m use to receiving scam emails (up to 10 a day), which attempt to entice me into divulging personal information with all sorts of promises of quick money – if only I complete a particular task. A task which always involves me having to spend money.

Generally, these types of emails , while they may be designed to cheat the unwary, are helpful in the extreme; paving the way to illusive riches with a detailed list of easy to follow instructions. The type of email I like to call – “the wolf in sheep’s clothing” email.

But, in a spam scam email I received this morning, the scammers have abandoned this helpful attitude and instead, have resorted to intimidation and threats.

Here are the highlights of this threatening email:

We, office of the international police association (IPA) hereby write to inform you that we caught a diplomatic lady by the name Mrs. Vernon Wallace at (John F Kennedy International Airport ) here in New York with a consignment box filled with United States Dollars.

She said that the consignment box belongs to you and that she was sent by one Edward Luis to deliver the consignment box to your doorstep not knowing that the content of the box is money.

In this regards you are to reassure and prove to us that the money you are about to receive is legal by sending us the Award Ownership Certificate showing that the money is not illegal.

The Award Ownership Certificate must to be secured from the office of the Nigerian Senate President … this is because the fund originated from Nigeria.

Furthermore, we are giving you only but 3 working business days to forward the requested Award Ownership Certificate … if you didn’t come up with the certificate we shall confiscate the funds into World Bank account then charge you for money laundering.

I think these scammers have watched one too many movies.

I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are. Believe it or not, there are some people, somewhere, who will believe this nonsense.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

As well, ask your friends, relatives, and associates to keep the following tips in mind while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.Keep your computer protected.

Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How to Tune Up Your Anti-Malware Strategy With These Free Solutions

As highly regarded security guru Bruce Schneier says, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology”

Unfortunately, the average user continues to rely only on technology for protection. Recently, I setup a new computer system for a friend; an average user, and as I was tinkering with her system, one though kept bouncing around in my head. “What do I need to do to keep her protected on the Internet?”

I started with the usual things of course, including installing the following security applications.

PC Tools Firewall

– PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting expectations.

Microsoft Security Essentials

– Easy to set up and run, particularly for new users. The interface is positively simple offering Quick Scan, Full Scan, or Custom Scan. Provides full real time protection against viruses, spyware, and other malicious software.

Avira AntiVir Personal

– Offers on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs. As well you can repair, delete, block, rename and quarantine programs, or files.

Firefox

– I then installed the most effective security add-ons, including NoScript, KeyScrambler, Adblock Plus and BetterPrivacy.

WOT

– Web of Trust, a browser add-on which offers Internet users active preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites.

Winpatrol

– This program uses a simple yet effective method of fighting all kinds of malicious programs.

GesWall

– An isolator which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on.

Malwarebytes’ Anti-Malware

– A simple, intuitive, and easy to use interface, makes Malwarebytes’ Anti-Malware straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as a secondary on demand scanner.

SUPERAntiSpyware Free Edition

– SUPERAntiSpyware is also straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as an additional secondary on demand scanner. This should not be considered overkill – there is no one single anti-malware application that is likely to catch everything. Better safe than sorry, and all that.

ThreatFire

ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my own front line defenses.

So what could go wrong with this kind of armor against the pack of jackal-like cyber-criminals who prowl the Internet? The short answer is – plenty.

She still faces substantial risks while surfing the Internet regardless of the antispyware, antivirus, and the other Internet security applications I installed.

Malware evolves so rapidly today, that staying ahead of the curve has proven to be all but impossible for security software developers, despite their best efforts.

While it may be true that reputable Anti-malware software is often capable of detecting harmful and malicious attempts to compromise a computer, this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs), can often be behind the curve in recognizing the newest threats.

You might be wondering just how many new malware threats circulate on the Internet – and here’s one answer. Over the last three months alone, PandaLabs has recorded five million new strains of malware.

On the face of it, it may appear that this huge number of new malware strains presents an insurmountable problem. But malware itself is only part of the problem.

The method used to deliver the malware – social engineering – that’s the most significant problem currently, for an average user. Social engineering, which relies on, and exploits our natural curiosity, is a sure winner for the bad guys.

Cyber-criminals are increasingly relying on this aspect of social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

So the problem I found myself having to deal with was “If all these security applications I installed won’t offer her absolute protection against cyber-criminals, what, or who will?” The only plausible answer was – she must take on this responsibility herself. The inescapable fact is – she must become her own best protection. In my experience it’s the only strategy that works.

My friend, (just like most average users), had a need to believe, and desperately wanted to be able to trust, that the installed security applications would totally protect her on the Internet.

She, like the rest of us, needed to become convinced that a mild case of paranoia when using the Internet, was in her own best interest. Being suspicious, and untrusting while surfing the web, might not make her invulnerable to malware infections or worse, but it will certainly reduce her odds enormously.

It took considerable effort to finally convince her that mild paranoia would play an important role in preventing her from becoming a victim of cyber criminals.

Particularly, overcoming the instinctive human response (and we all have it), to just “click” while surfing the Internet. That instinctive response, would pose one of the biggest risks to her online safety and security.

Security experts argue (including me), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

At the end of the day, I finally managed to get her agreement that she would not engage in any of the following unsafe surfing practices.

Downloading files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Clicking links in instant messaging (IM) that have no context or are composed of only general text.

Downloading executable software from web sites without ensuring that the site is reputable.

Using an unsecured USB stick on public computers, or other computers that are used by more than one person.

Opening email attachments from unknown people.

Opening email attachments without first scanning them for viruses.

Opening email attachments that end in a file extension of .exe, .vbs, or .lnk.

Regular readers of this site are very familiar with the following recommended security strategy to protect their computer system, their money and their identity:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected. Most of all, understand that you are your own best protection.

Well known software developer Comodo Group, have developed a new Internet video series, Really Simple Security, published on a dedicated YouTube channel, that makes it easier than ever for an average user to become much more proactive in their own protection. This is a site that should be in everyone’s bookmarks.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Nigerian Spammers Take On the FBI

Times must be tough in Spammer Land (Nigeria). Or, it could be, that the poor air and water quality, in this infamous country, is beginning to rot a few brains.

How else to explain, spammers giving a deliberate “poke in the eye” to, of all organizations, the FBI. On the other hand, I suppose it’s possible to be both bold, and dead stupid, at the same time.

In any event, it’s obvious the spammers who are responsible for a ludicrous email currently making the rounds, do not subscribe to the philosophy of “choose your enemies carefully, for they shall kick your ass”. In this case, I suspect, it won’t be very long before that happens.

Most of us learned, in kindergarten, that appearances can often be deceiving. In the unlikely event that you didn’t; checkout, “All I Really Need To Know I Learned In Kindergarten”, by Robert Fulghum. This book continues to be a phenomenal bestseller; with good reason. The following is a teeny, tiny excerpt:

“And then remember the Dick-and-Jane books and the first word you learned – the biggest word of all – LOOK.”

Unfortunately, not all of us, when we are on the Internet, LOOK – really look. Not all of us recognize, “the wolf in sheep’s clothing” email scam. Spam scammers rely on this to defraud those of us who don’t.

According to a recent email I received (a perfect example of the “wolf in sheep’s clothing” scam), the FBI has interceded on my behalf, to allow me to complete an illegal transaction with Mr. Sanusi Lamido, of the Central Bank Of Nigeria.

The FBI (according to the email), kindly points out “During our Investigation, it came to our notice that the reason why you have not received your payment is because you have not fulfilled your Financial Obligation given to you in respect of your Contract/Inheritance Payment”.

“So therefore, we have contacted the Federal Ministry of Finance on your behalf and they have brought a solution to your problem by coordinating your payment in the total amount of $5,000,000.00 USD which will be deposited into an ATM CARD which you will use to withdraw funds anywhere of the world”.

The email goes on to say – “We have confirmed that the amount required to procure the Approval Slip will cost you a total of $196USD which will be paid directly to the ATM CARD CENTER agent via western union money transfer / money gram Money Transfer”.

Not a bad deal huh? $5,000,000.00 USD for an investment of a measly 196 Bucks – and all of it guaranteed by the FBI! Jeez, how could a rational, thoughtful person, pass up an opportunity like this?

I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are. Believe it or not, there are some people, somewhere, who will believe this nonsense.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

Ask your friends, relatives, and associates to keep the following tips in mind while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.Keep your computer protected.

Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

The Only Anti-Malware Strategy That Works

I just finished setting up a new computer system for a friend; an average user, and as I was tinkering with the system, one though kept bouncing around in my head. “What do I need to do to keep her protected on the Internet?”

I started with the usual things of course, including installing the following security applications.

PC Tools Firewall – PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting expectations.

SUPERAntiSpyware Professional Edition – Thanks to Mike Duncan of SUPERAntiSpyware, I had a spare lifetime license.

Avira AntiVir Personal – Offers on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs. As well you can repair, delete, block, rename and quarantine programs, or files.

Firefox – I then installed the most effective security add-ons, including NoScript, KeyScrambler, Adblock Plus and BetterPrivacy.

WOT – Web of Trust, a browser add-on which offers Internet users active preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites.

Winpatrol – This program uses a simple yet effective method of fighting all kinds of malicious programs.

GesWall – An isolator which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on.

Malwarebytes’ Anti-Malware – A simple, intuitive, and easy to use interface, makes Malwarebytes’ Anti-Malware straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as a secondary on demand scanner.

So what could go wrong with this kind of armor against the pack of jackal-like cyber-criminals who prowl the Internet? The short answer is – plenty.

She still faces substantial risks while surfing the Internet regardless of the antispyware, antivirus, and the other Internet security applications I installed.

Malware evolves so rapidly today, that staying ahead of the curve has proven to be all but impossible for security software developers, despite their best efforts.

While it may be true that reputable Anti-malware software is often capable of detecting harmful and malicious attempts to compromise a computer, this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs), can often be behind the curve in recognizing the newest threats.

You might be wondering just how many new malware threats circulate on the Internet – and here’s one answer. Over the last three months alone, PandaLabs has recorded five million new strains of malware.

On the face of it, it may appear that this huge number of new malware strains presents an insurmountable problem. But malware itself is only part of the problem.

The method used to deliver the malware – social engineering – that’s the most significant problem currently, for an average user. Social engineering, which relies on, and exploits our natural curiosity, is a sure winner for the bad guys.

Cyber-criminals are increasingly relying on this aspect of social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

So the problem I found myself having to deal with was “If all these security applications I installed won’t offer her absolute protection against cyber-criminals, what, or who will?” The only plausible answer was – she must take on this responsibility herself. The inescapable fact is – she must become her own best protection. In my experience it’s the only strategy that works.

My friend, from a physiological perspective, had a need to believe, and desperately wanted to be able to trust, that the installed security applications would totally protect her on the Internet.

She, like the rest of us, needed to become convinced that a mild case of paranoia when using the Internet, was in her own best interest. Being paranoid, suspicious, and untrusting while surfing the web, might not make her invulnerable to malware infections or worse, but it will certainly reduce her odds enormously.

It took considerable effort to finally convince her that mild paranoia would play an important role in preventing her from becoming a victim of cyber criminals.

Particularly, overcoming the instinctive human response (and we all have it), to just “click” while surfing the Internet. That instinctive response, if she continued, would pose one of the biggest risks to her online safety and security.

Security experts argue (including me), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

At the end of the day I finally managed to get her agreement that she would not engage in any of the following unsafe surfing practices.

Downloading files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Clicking links in instant messaging (IM) that have no context or are composed of only general text.

Downloading executable software from web sites without ensuring that the site is reputable.

Using an unsecured USB stick on public computers, or other computers that are used by more than one person.

Opening email attachments from unknown people.

Opening email attachments without first scanning them for viruses.

Opening email attachments that end in a file extension of .exe, .vbs, or .lnk.

Regular readers of this site are very familiar with the following recommended security strategy to protect their computer system, their money and their identity:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected. Most of all, understand that you are your own best protection.

If you are unsure if you have adequate software based protection on your computer, then check out “The 35 Best Free Applications – Tried, Tested and Reliable! ”, on this site, and download free security software that is appropriate for your personal circumstances.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Paranoia on the Internet Pays Off

By chance, I met a very interesting cab driver today; one who was extremely computer competent and far more security conscious than the typical computer user I normally meet informally.

What struck me immediately, was Mike’s sense of paranoia surrounding his use of the computer on the Internet, which extended to the installation of software from unknown sources, including software from “friends”.

I must admit, it was very refreshing to have a discussion with a security conscious user, who was very aware of the security issues surrounding the use of computers.

So, is it paranoia if they really are after you? Well I can assure you, if you are connected to the Internet – they really are after you!

The Internet is a world that is full of cyber criminals, scam and fraud artists, and worse. A world that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software. Believe me, this is a very incomplete list!

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users.

I’ve often felt that given the present dangers on the Internet, it’s unfortunate that we can’t buy paranoia at the local computer store, or that we can’t download it freely from the Internet.

Despite the best efforts of antispyware, antivirus, and other Internet security products, you still face substantial risks while surfing the Internet. Malware (a genetic term for all sorts of nasties), evolves so rapidly today, that staying ahead of the curve has proven to be all but impossible for security software developers.

While reputable Anti-malware software is often capable of detecting harmful and malicious attempts to compromise your computer, this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs) can be behind the curve in recognizing the newest threats.

Some statistics suggest that a zero day malware threat (a threat so new that no viable protection against it yet exists), will only be caught 57% of the time by installed Anti-malware software. Personally, I believe that this figure is a gross exaggeration.

Given these conditions then, we all need to become infected with a mild case of paranoia when using the Internet. Being paranoid, suspicious, and untrusting while surfing the web, might not make you invulnerable to malware infections or worse, but it will certainly reduce the odds enormously.

The prime area where paranoia can play an important role in preventing you from becoming a victim of cyber criminals is in overcoming the instinctive human response to just “click” while surfing the Internet. That instinctive response poses one of the biggest risks to your online safety and security.

Curiosity, coupled with a conditioned response can often override self-discipline and common sense; so it’s not unusual for people to engage in some, or all, of the following unsafe surfing practices.

Downloading files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Clicking links in instant messaging (IM) that have no context or are composed of only general text.

Downloading executable software from web sites without ensuring that the site is reputable.

Using an unsecured USB stick on public computers, or other computers that are used by more than one person.

Opening email attachments from unknown people.

Opening email attachments without first scanning them for viruses.

Opening email attachments that end in a file extension of .exe, .vbs, or .lnk.

So it’s time for you to develop a case of healthy paranoia while surfing the Internet, and as a first step be actively aware of the following threats to your personal and computer security.

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Window shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Having developed this new sense of paranoia you will no doubt take the following actions to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT, which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you are unsure if you have adequate software based protection on your computer, then check out “The 35 Best Free Applications – Tried, Tested and Reliable!”, on this site, and download free security software that is appropriate for your personal circumstances.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

FBI Spam – Spammers Go One Step To Far

Times must be tough in Spammer Land. Or, it could be, that the poor air and water quality, in this well know country, is beginning to rot a few brains.

How else to explain, spammers giving a deliberate “poke in the eye” to, of all organizations, the FBI. On the other hand, I suppose it’s possible to be both bold, and dead stupid, at the same time.

In any event, it’s obvious the spammers who are responsible for a ludicrous email currently making the rounds, do not subscribe to the philosophy of “choose your enemies carefully, for they shall kick your ass”. In this case, I suspect, it won’t be very long before that happens.

According to this recent email, the FBI has interceded on my behalf to allow me to complete an illegal transaction with Mr. Sanusi Lamido, of the Central Bank Of Nigeria.

The FBI (according to the email), kindly points out “During our Investigation, it came to our notice that the reason why you have not received your payment is because you have not fulfilled your Financial Obligation given to you in respect of your Contract/Inheritance Payment.

So therefore, we have contacted the Federal Ministry of Finance on your behalf and they have brought a solution to your problem by coordinating your payment in the total amount of $5,000,000.00 USD which will be deposited into an ATM CARD which you will use to withdraw funds anywhere of the world”.

The email goes on to say – “We have confirmed that the amount required to procure the Approval Slip will cost you a total of $196USD which will be paid directly to the ATM CARD CENTER agent via western union money transfer / money gram Money Transfer”.

Not a bad deal huh? $5,000,000.00 USD  for an investment of a measly 196 Bucks – and all of it guaranteed by the FBI! Jeez, how could a rational, thoughtful person, pass up an opportunity like this?

Too Funny! I’m now a little unsure as to what I should do – I’m used to watching YouTube to get my daily chuckles, but maybe I’ll give that up, and just focus on this type of email instead.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Spam is a Pain in the Ass!

The following statistic bears repeating – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

Botnets or not, personally, I don’t really care where the spam comes from – it’s a major pain in the ass!

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily spam going to my long established accounts.

Generally, the spam aimed at my older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in.

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration.

The following graphic (this is only one day), clearly illustrates just how pervasive this type of phishing Spam is. Most of this spam has the following in common: notification that the reader has won a huge sums of money, or that they will have access to a huge sums of money but only after a payment of  hundreds of dollars.

Click for larger.

As well, in almost every case the spammer requests the following type of personal information:

Your name

Your current address

Your phone number – both land line and cell

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not?

In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience. Without a doubt, there are some people, somewhere, who will respond to this nonsense.

Opening this type of email is definitely not recommended since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files and emails that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware. But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click on unsolicited emails.

Not clicking will ensure your safety and that these email will remain nothing more than a pain in the ass.

Computer and Internet Security – How Savvy Are You?

When you surf the Internet are you a savvy computer user? Are you aware of the dangers and pitfalls that wait for the typical unsuspecting user? How likely are you to be pounced on by the multitude of scam artists, schemers and cyber-crooks lurking in the shadows, just waiting for victims.

In any given week I speak with 100’s of typical Internet users who generally have the same behavior characteristics while surfing the Internet in that they:

Use a search engine to locate and generate information.

Despite the fact that cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines – the typical user I come into contact with, has little or no knowledge of current conditions and believes search engine output to be untainted, and free of potential harmful exposure to malware.

Sadly, current statistics indicate that web pages continue to be infected with malware at an ever increasing rate. Some estimates suggest that a legitimate website is infected every five seconds!

For a comprehensive article that discusses how “phishers” are currently infecting legitimate sites check out “More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites”, on  the Dark Reading web site.

Trust the information they discover while online to be reliable and credible.

Rogue security software developers, for example, rely on the innate level of trust that typical Internet users’ have developed, to convince users’ to download this type of malicious software.

The vast majority of typical Internet users I speak with are not aware that such a class of software even exists. But it does; and regrettably, it is now widespread.

A rogue security application is an application, usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Some types of rogue security software have the potential to collect private and personal information from an infected machine which could include passwords, credit card details, and other sensitive information.

Communicate with family and friends by email.

The worldwide Internet population is now estimated to be 1.08 billion users, so the ability to communicate with family and friends has increased dramatically.

Unfortunately however, cyber-crooks are well aware of the opportunities such a large number of unaware potential victims present for illicit monetary gain.

Incredible as it seems, billions (that’s right billions), of spam email messages are generated every hour through so called botnets; zombie computers controlled by cyber-criminals.

The IC³ (Internet Crime Complaint Center) recently stated that these types of attacks against Internet users are occurring with such frequency, that the situation can be called nothing short of “alarming”.

Yet, the majority of typical users, that I meet, are unaware of the very real dangers that spam emails hold for their safety, security and identity protection.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational email topics.

Sensational news alerts, for example, continue be one of the methods cyber-crooks have selected to capture users’ attention, rather than emails offering pharmaceuticals, expensive watches, or other knockoff products.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as McAfee SiteAdvisor, which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.

Don’t open unknown email attachments.

Don’t run programs of unknown origin.

Disable hidden filename extensions.

Keep all applications (including your operating system) patched.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Finally, a major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet. That instinctive response poses one of the biggest risks to your online safety and security.

Stop – Think – Click