Phishing etc.

Probably the two most prevalent problems involving e-mail today are NOT viruses, trojans, scripts and the like. They are both forms of what is referred to as "social engineering" - ways of getting by guile or trickery what crooks can't get by their programming prowess.

The first is usually the least harmful, if not one of the biggest wastes of time and bandwidth: fake virus scares, that cause people to voluntarily forward gigabytes of these fake messages to everyone they know. This is their "small-man-complex" way of exerting their power by getting a whole bunch of gullible people to fearfully follow their command. If you EVER receive an email warning of a virus - especially one that Norton is powerless to stop (or some other nonsense), go to either Norton's or Mcafee's websites and search a key phrase from the mailing and you will find that this is just a known scam.

The second: phishing, is the most lethal, in that someone foolishly following simple lies can literally undo all the available encryption on legitimate e-commerce sites by VOLUNTARILY giving out their Social Security number, account numbers etc. to an unencrypted site controlled by thieves. No legitimate company will EVER email you (mainly because email is NOT secure) and ask you to re-enter highly sensitive information they have supposedly lost.

Update here: the most recent phishing scam is a scam that's spoofing Microsoft's Windows Security Center. The fake site shows such factual information as the user's IP address, the browser being used, operating system, and country of origin. The page then claims that an attacker "has gained access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents.'" A pop-up also says that the PC has been infected with a rogue .dll -- a piece of spyware dubbed "W32.Sinnaka.a" -- that is collecting your private data. This part is all untrue, a ruse to scare the user into downloading one of 4 different fake "anti-spyware" programs - Spy Trooper, PS Guard, World AntiSpy, and Raze Spyware - for a cost of $10 each. The scam is to spook users with a bogus infection alert -- backed up by an interface that looks official -- then get them to reach for the first piece of software they see. As I have said before, never click anything online out of fear! When in doubt, here is a list of the dangerous and the safe Anti-Spyware apps to make sure you are safe.

A new third - and even more insidious offshoot of phishing is pharming. With pharming, false websites that mimic the legitimate original sites are set up to collect personal information. When attempting to reach a legitimate site, you are directed to the fake site because of a compromised DNS server. Paranoia is not what we are seeking to achieve here. If you only enter personal data on sites that you log-in to that are "HTTPS" rather than "HTTP", you will know something isn't right with a fake site as your browser will warn you that the certificate doesn't match. NEVER send critical information over a link where you don't know it is secure - by the lock that shows in the far right bottom corner of your browser, and the "Secure Hyper Text Transfer Protocol" (HTTPS) prefix to the site you are on that shows in the navigation bar of the browser.

[Katahdin Komputer] [Networking] [Repair] [Installing] [Custom Design] [Education]