?

Log in

No account? Create an account

Previous Entry | Next Entry

I made a trip early this week to London…

Sometimes it’s probably best to finish that first cup of coffee before one starts reading the e-mail messages that have come in overnight.

coffee mug01aHad gotten up shortly after 5:00 AM on Friday, fiddled around and poured that first cup of morning coffee. Poked around on Facebook for a few minutes, scanned the New York Times online for the news of the day.

Was reading my messages when a new message appeared, with a simple subject: “"Hi.” Had I not recognized the sender’s name, and let’s just call him Pat, I might have just deleted it, because is sounded like so many that end up in ones spam folder. But I read it, and here’s that it said:

Apologies for having to reach out to you like this, I made a trip early this week to London, UK and had my bag stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately for me, I can't have access to funds without my credit card, I've made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in. I really need to be on the next available flight. 

I can forward you details on how you can get the funds to me. You can reach me via email or May field hotel's desk phone, the numbers are, +447024030610 or +447024030611.
I await your response...
(name withheld)

I read the message two or three times. I didn’t respond at first, because there’s been a recent e-mail hoax going on across the ‘Net where letters such as this have been showing up in the readers’ mailbox. This is a scam, one were a message is sent to a user falsely claims to be an established legitimate enterprise or individual in an attempt to scam the user into surrendering private information that will be used for identity theft. But I had known Pat for a number of years, and knew him to be an established religious leader in a community in the southwest, and it concerned me that there just might be a problem.

So what does one do in a case like this?

I Fenton scam01bdid not reply to the message, but immediately contacted another mutual friend in the area via e-mail, asking if our friend Pat had indeed travelled to the UK. While waiting for a response from the mutual friend I further noticed that where I should have been listed as the recipient of the message, my name or e-mail address was missing. That was one of the giveaways that this was not a legitimate e-mail message from my friend.

Got a response back within a few minutes that as suspected, our mutual friend was indeed at home here in the US, and not in London. Luckily I had his alternate e-mail address, so I forwarded the original that I had received to the alternate address.

He responded a bit later that his e-mail account had indeed been hacked, and that his entire address book had been hacked as well. It later showed up that other friends had received the same e-mail message that had appeared in my inbox. There were other activities that were taking place on this throughout the day, but my friend found that those who had hacked his account had deleted all of his archived e-mails and his contact list.

And my friend Pat wasn’t alone in getting hit by this very same hoax yesterday. It was reported in the Denver Post that Sen. Josh Penry, the minority leader of the Colorado Senate, was not stuck in the United Kingdom without a passport or credit cards and in need of money to pay hotel bills and buy a ticket to fly back to the U.S. In fact, the wording in the e-mail that his friends had received was exactly the same as the one that others and I had received from my friend Pat.

And this isn’t just a Gmail issue, for the same thing has been reported by Yahoo users, those on AOL, people using Hotmail, and probably every other e-mail system out there. And yes, some people almost fall for it.

There have been other recent incidents, but for now this is enough to digest.
  


 
What is one to do?

If Nigerian Scamyou have become the victim of such a scam, the first thing to do is realize that you’re not alone, so don’t panic. You need to report it, and each e-mail provider has a method of reporting such activity so that they can dig into such issues. The one for Gmail support is here. If you have a Gmail account, this is the place to start.

If you get an e-mail like the one described above, report it, then trash it. This should be followed by running your anti-virus/security software to make sure your computer hasn’t been compromised. This is an important step that shouldn’t be neglected.

The next step is to call or contact the friend whose account sent the message, because their address book probably has been compromised. Let them know they need to change their passwords (something you should do once a month anyway).

If you’re not sure how to recognize phishing e-mails or links, then take the time to see Microsoft's clues that can help. And if you think that you know all about phishing scams and span, take the SonicWALL Phishing and Spam IQ Quiz and see just how well that you do.

Passwords are another area where the phishing scammers can easily gain access to your e-mail. Just because you’ve used the name of your pet dog Fluffy without incident for years now, and on everything you do on the ‘Net, doesn’t mean you cannot get hit by them today or tomorrow. Understanding how to create strong passwords and how to use them is the first step. And keep your password secret. If you think that you already have a strong password, then Microsoft’s interactive password checker will help you verify its strength.

Google offers an excellent interactive Gmail Security Checklist, where you can see just how secure your settings may be. There may be others out there, so check with your e-mail provider.

When it comes anti-virus applications for your computer, the first thing to check is to be sure that your definitions are up to date at all times. Most of them have a way to automatically check and update in the background while you’re working online. I don’t usually recommend anti-virus packages to people other than personal friends or clients in my IT practice, but when asked what I use personally on my own Windows 7 and XP systems, I only use one package: Microsoft Security Essentials. It’s solid, has a low memory overhead, runs smoothly in the background , and (get this) it’s free. I regularly test a number of other security apps over the course of a year, but always return to this package.
 
Mac-wormAs far as Mac computers go, it’s been long said that the OS X operating system is immune to a virus attacks. This may have been the case in the past, but be aware that anti-virus programs don't just provide protection against known viruses; they also include anti-phishing, anti-adware, anti-spyware, and other tools that can keep your Mac from picking up debris as you browse the web. I’m currently testing one, the Sophos Anti-Virus for Mac Home Edition. It’s a freebie, and so far checks out quite well.

There's another reason to use an anti-virus application on your Mac: the recipients of your e-mails. Even though it's unlikely that a virus will successfully attack your Mac, there's a good chance that you could unwittingly forward a virus-laden e-mail to Windows-using colleagues, who may not have anti-virus software on their computers. It's better to be prepared for an attack than to try to clean up after one.

If you are a victim

If you think that you’ve been a victim of a phishing scam, or any other Internet crime, then you should contact the the Internet Crime Complaint Center (IC3). The IC3 is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA), and their mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.

The FBI also offers information on the various e-scams that are out there. You can sign up with them to get e-mail updates when new scams and warnings are posted.

In conclusion

Basic computer security starts with you. It’s not the responsibility of your computer manufacturer, the maker of your operating system or your e-mail provider to implement. It’s all up to you. If you’re confused by all of the jargon that’s thrown around about computer safety terms go, then the PC Security for Beginners page should help. If this seems to be too basic for you, then CERT offers a more detailed look with their extensive and comprehensive Home Network Security online page.

It cannot be stressed enough that you need to take reasonable security precautions as noted above. Just follow the links that apply to your particular situation and computer system. You also need to backup your contact list or address book to a secure location, and do it on a regular basis. Some download the address book to a special place on a hard drive, on a flash drive, or even a BlackBerry, iPhone or other smart phone. Be creative. You need to probably check the software documentation for whatever your situation may be, but an old adage applies quite well here: plan your work and work your plan.

Once you have a good backup strategy in place, it should only take minutes each week.

Final thought: when opening or downloading anything from the ‘Net, just use simple common sense, and look before you leap.


Note: portions of this page are a condensation of the forthcoming book When Things Go Boom, which is due to be released in spring/summer of 2011. If you’re interested in receiving more information on its release, just leave a comment on this page.

Winking smile 

Comments