Jealous? Cyber-crooks Have You In Their Sights

Physiological studies have observed jealousy in infants as young as five months old and surprisingly, in elderly people. Many psychologists hold the view, that jealousy is a normal and appropriate reaction to the fear of losing a loved one to someone else.

It’s no surprise then, that Cyber-crooks are continuing to use jealousy as a social engineering email hook, to entice potential victims to click on an email containing enclosed links which can lead to the installation of malware.

The following screen capture (from one of my email inboxes, yesterday), illustrates the type of crafty email currently circulating on the Internet. Consider carefully – would you follow the links in this email?

If you had attempted to do so, in this case, you would have been cautioned by bit.ly (a free service that shortens long links), since the original link has been shortened using this service. Kudos to bit.ly for being on the ball here.

(Click pic for larger)

The following is the text of another email of this type, currently circulating on the Net.

Hello,

I apologize for my frankness. I’m sorry for not being able to speak to you in person, but I can only talk to you via email and I feel obliged to notify you to open your eyes, you are being betrayed.

I know it is difficult to prove, but every picture tells a story, I’ll send you these pictures so that you can see it with your own eyes. Take care…a big hug

From a good friend who is very fond of you

View photos here

In this case, there is no intermediary, like bit.ly – so you’re on your own.

It may well be that certain individuals are not prepared to take the fidelity of a loved one at face value, but these same individuals have no hesitation in opening an email from an unknown sender, it seems.

Do these types of emails work for scammers, do you suppose? You bet! Let me give you an example of how foolish people can be –

Several months ago, I wrote an article “Nude Pics Of Your Wife/Girlfriend Attached – Click Here”, as another of my frequent tests of Internet user gullibility. This is the very type of article frequently used by cyber-criminals to launch penetration attempts. Much to my surprise, the article is now one of the most frequently read articles on this site. I ask you – how careless can people be?

Regular readers of this site are familiar with the following safeguards:

• Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
• As well, WOT now checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.
• Don’t open unknown email attachments.
• Disable scripting features in email programs.
• Make regular backups of critical data.
• Make a boot disk in case your computer is damaged or compromised.
• Turn off file and printer sharing on the computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
• Ensure the anti-virus software scans all e-mail attachments.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Online Banking Do’s and Don’ts

While it’s true that the Internet, despite its fundamental design flaws, has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices, and decisions, that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the positive hype surrounding financial institutions’ system security, we have learned, much to our detriment, that there are no absolutes in computer system security.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, the active security features offered by your financial institution.

Examples of security features offered by financial institution:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that resembles a lock, or a key, when you conduct secure transactions online. Look for this symbol so that you have reason to believe your connection is, in fact, secure.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words, that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your password in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer, even at home, unattended, once you have signed in to online banking.

After completing your transactions, ensure that you sign out, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly, many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party, or website, other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, (absolutely NOT recommended), to be safe, change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by someone else. The best passwords are made up of an alpha-numeric combination that are more than eight characters long, and a combination of capital and lower case letters.

This is an example of an Online Banking email phishing attempt.

Final words – don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Service Center and PayPal Spam Scams Are Back!

The old “Due to the congestion in all Gmail users and removal of all unused Gmail Accounts” scam, is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber-criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

If you receive an email that is supposedly from “Gmail Service Centers”, and it addresses you in any way other than your name (Dear Valued Member, for example), it’s a scam. Google is not likely to forget your name, right?

At one and the same time, the following email purportedly from PayPal, is making the rounds once again. Similar to the Gmail scam it opens with a generic salutation – in this case,  “Dear PayPal Member”.

PayPal is familiar with this type of scam, and has issued the following warning:

“PayPal will never send an email with the greeting “Dear PayPal User” or “Dear PayPal Member.” Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information – to spoof@paypal.com”.

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Federal Reserve Bank Spam Scam

No, I’m not referring to the U.S. Federal Reserve as a scam, although there are more than a few, it seems, who think just that. Instead, I’m referring to the latest cybercriminal phishing scam which uses a phony “warning”, purportedly from the Federal Reserve Bank, which warns against – are you ready for this – phishing. You have to think that these guys are the very definition of “brazen”.

We first reported on this scam back in November 2008, and since it has now resurfaced, it’s probable that cybercriminals have had some success with this. I suppose cybercriminals are into recycling, just like the rest of us.

The graphic below represents last year’s attempt. The only noticeable difference between this year, and last year, is the link address. Notice the red circles following the links in this graphic which is WOT’s (described later in this article), way of warning you that these links are dangerous. You will not see a warning on the links in the latest version of this scam since the the cybercrooks are now using a flash element in this latest version.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive, or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party.

Scam emails like this may have several purposes; they can be crafted to trick you into revealing financial information that can be used to steal your money, or they can be designed to install various types of malware on your computer.

Hopefully, you are aware of this type of Internet scam, but I can assure you that a sufficiently large number of people are not. Scams such as this, rely on the principal that exposing a large number of people to this type of scam email, will always deceive at least some of those people.

As part of their Internet Threats series, WOT (the developers of my favorite Internet browser security add-on), has produced a short video designed to educate consumers about the wave of financial-themed phishing and spam, and the steps they can take to protect themselves.

Being aware of Internet threats is critical to your security on the Internet, so I suggest you take this opportunity to view this short (2:21 mins.), educational video.

As I have pointed out in the past (I’m sure regular readers of this Blog must be tired of seeing this), the following tips will help you protect your computer system, your money and your identity:

Don’t open emails that come from untrusted sources. It’s been estimated that 96% of emails are spam. While not all spam is unsafe, common sense dictates that you treat it as if it is.

Don’t run files that you receive via email without making sure of their origin. If the link has been sent to you in a forwarded email from a friend, be particularly cautious. Forwarded emails are notorious for containing dangerous elements, and links.

Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

If you do not use a web based email service, then be sure your anti-virus software scans all incoming e-mail and attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Customer Care is Gonna Close You Account – Not!

The old “we’re going to close your email account” scam is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

What could be better for scammers than this; a natural market for fraudulent emails – new, and unaware users. Staying safe on the Internet is definitely one area where experience counts.

According to a recent email, sent to my relatively new Gmail account, my G mail account (these guys can’t spell – it’s Gmail not G mail), will be deleted within 24 hours unless I verify my user name, password, date of birth, and country information.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

If you have received the following email recently, I trust you recognized it for what it is, and after reporting it as Spam, you simply deleted it.

If your email account is not relatively new, it’s unlikely you received this email but reading it can still be instructive. BTW, all of the spelling mistakes are the spammers.

“This Email is from G mail customer care and we are sending it to every G mail accounts owner for safety. We are having congestion due to the anonymous registration of G mail accounts so we are shutting down some G mail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.

Due to the congestion in all G mail users and removal of all unused G mail Accounts. G mail would be shutting down all unused Accounts, you will have to confirm your E-mail by filling out your Lo gin Information below after clicking the reply button or your account will be suspended within 24 hours for security reasons.

* User name: …

* Password: ……

* Date of Birth: …….

* Country Or Territory: …..

Warning!!! Account owner that refuses to update his or her account within Seven days of receivinga this warning will lose his or her account permanently.

Thank you for using G mail !”

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How to Conduct Online Banking Safely

I’ve noticed a surge recently, in search engine referrals to this site on online banking fraud, so it’s time for a refresher on how to safely carry out your online banking.

As use of the Internet continues to expand exponentially, banks and other financial institutions have increased their use of the Internet to deliver products and enhanced financial services, or simply to improve communications with consumers.

The Internet, despite its fundamental flaws, does offer the potential for safe, convenient, and new ways to shop for financial services and conduct banking business, any day, any time.

While it’s true that the Internet has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices and decisions that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the hype concerning inpenetrateable system security, we have learned, much to our detriment, that no such inpenetrateable systems exist.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, security features offered by your financial institution.

Some examples are:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer unattended once you have signed in to online banking.

After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number or password on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, to be safe change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

This is an example of an Online Banking email phishing attempt.

Don’t use:

A password you use for any other service.

Your name or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

For an article on Phishing and how to protect yourself see Gone Phishing? Protect Yourself – Stop · Think · Click , elsewhere in this Blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Elsewhere on this site there are additional articles dealing with other current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

The Enemy is at the Gate – Common Sense Tips for Internet and System Security

So what can you add to your computer’s Firewall, Security Applications, and Browser security add-ons to ensure you have the best protection available while you’re surfing the web?

Well, how about something that’s free, and readily available. Something called “Common Sense”.

Common sense: sound and prudent judgment based on a simple perception of the situation or facts. Merriam-Webster’s Online Dictionary

Common Sense Tip #1 – Given the virtual epidemic of malware currently circulating on the Internet, don’t run, or install programs, of unknown origin.

Internet users’ continue to be bombarded with rogue security software which has reached epidemic proportions. There seems to be no end to the release of new rogue security software threats. Rogue software will often install and use a Trojan horse to download a trial version, or it will perform other actions on a machine that are detrimental such as slowing down the computer drastically.

Download applications, particularly free programs, only from verifiably safe sites (sites that guarantee malware free downloads), such as Download.com, MajorGeeks, Softpedia, and the like.

There are many more safe download sites available, but be sure you investigate the site thoroughly before you download anything. Googling the site, while not always entirely reliable, is a good place to start. A recommendation from friends as to a site’s safety is often a more appropriate choice.

Common Sense Tip #2 – Don’t open emails that come from untrusted sources. It’s been estimated that 96% of emails are spam. While not all spam is unsafe, common sense dictates that you treat it as if it is.

Much of the spam emails I’ve seen lately are crafted around spicy, scandalous, and salacious stories. This is generally a dead giveaway that you are dealing with a risky email.

Here’s a recent email from my inbox – “Who to blame in world crisis?‎ – Ivanka Trump sunbathing pics http://www.000000.com”. Common sense tells me there is a major disconnect between the heading of this email (Who to blame in world crisis?) and sunbathing pics of Ivanka Trump. There is no doubt that this is a dodgy email. By the way her name is Ivana, not Ivanka.

Common Sense Tip #3 – Don’t run files that you receive via email without making sure of their origin. If the link has been sent to you in a forwarded email from a friend, be particularly cautious. Forwarded emails are notorious for containing dangerous elements, and links.

Common Sense Tip #4 – Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Common Sense Tip #5 – If you do not use a web based email service then be sure your anti-virus software scans all incoming e-mail and attachments.

Common Sense Tip #6 – Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you are unsure if your software based protection is up to the task then checkout the following recommended free downloads that will help you manage and protect your computer system.

These applications have been well tested over the years for reliability and functionality, and all have developed a strong, loyal following.

AVG Anti-Virus Free Edition

AVG Anti-Virus Free 8.0 now incorporates protection against spyware through a new combined anti-virus and anti-spyware engine as well as a “safe-searching component” which has been incorporated into the new AVG Internet Security Toolbar. This program scans files on access, on demand, and on schedule and scans email incoming and outgoing. For those on Vista, you’re in luck, it’s Vista-ready

Spyware Doctor Starter Edition

Spyware Doctor Starter Edition from PC Tools is an excellent choice, as a secondary line of defense. This free version of the award winning program, with its easy to use interface, is used by millions of people worldwide to protect their computers; it’s reported there are a million+ additional downloads every week. Be aware however, there is no real-time protection offered with this version and this is the reason I recommend this application as a secondary scanner only.

Spyware Terminator

Having tested virtually all of the major anti-spyware applications over the past year or more, I’ve settled, for now, on Spyware Terminator primarily due to its strong real-time protection against spyware, adware, Trojans, key-loggers, home page hijackers and other malware threats. Spyware Terminator excels in strong active protection against know and unknown threats. If anything, I find it perhaps a little overly aggressive. On the other hand, better this than the alternative.

Comodo Firewall Pro

Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 10 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

HiJackFree

If you are an experienced/advanced computer user and you’re looking for a program to strengthen your anti-malware resources, then HiJackFree is one that’s worth taking a look at. This free application, from EMSI Software, offers a potent layer of additional protection to add to your major anti-malware programs. The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to eradicate the malware.

Ad-Aware

Ad-Aware Free is good free spyware and adware remover. It does a good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire

ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Web of Trust (WOT)

WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

SnoopFree Privacy Shield

SnoopFree Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. In particular, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.