Week of April 4, 2005

Last postings

Preying on human weakness

Harry Potter scam

Paedophiles target kid's blogs

Wily kid spies on teacher

Beware of rogue diallers on dial up connections

Rogue diallers are a particular problem in the UK and Ireland, where broadband access to the Internet is not as common as in North America.

What basically happens is that you let a nasty dialler programme onto your PC- probably through spyware that installs on your computer without you knowing, or by clicking on a pop up that appears innocuous. Your dial up connection is then hijacked and you may be dialling the Internet via Romania or dialling costly premium rate numbers, incurring all kinds of international telephone charges, and a nasty surprise when you get your bill.

Another nasty scam is where you get an automated phone message saying you have won a trip to the Seychelles. When you call the number to collect your prize, you get nothing - except ultimately a huge phone bill for a call to God knows where.

British Telecom in the UK has come up with a solution they will offer to all customers, not all of whom are thrilled with BT, having been forced to pay out thousands of dollars in fraudulent rogue dialling charges. A class action suit is in the making on their behalf - undoubtedly an impetus for BT to do something to prevent the problem ever occurring.

However, on the Net it is almost impossible to keep everyone happy- BT is also being sued by a company that leases phone lines to porn hucksters (one of a few business models that actually makes money online), as BT was blocking their lines.

What can you do?

If you live in Outer Mongolia- or, alas, most parts of Ireland - tech super power notwithstanding - and dial up is your only option, keep your anti virus software up to date and also run an anti spyware programme across your PC on a regular basis.

The freebies such as Ad- Aware and Spybot do an ok job, but no single programme seems to pick up everything, so best to use a few in combination - between them all, they should eliminate the worst offenders. The Microsoft beta spyware product is worth a try too. The inimitable Walter Mossberg from the Wall Street Journal likes Webroot's Spy Sweeper and you can get a free trial.

Be conscious of the fact that when the results of the scans come back - often in the hundreds if you have never scanned before- many of the identified programmes on your PC simply are cookie trackers- ways for legitimate sites to identify you when you drop by -so don't panic.

Read the explanation of the results before you hit delete - to have a better informed understanding of the process, and what you are actually doing. Of course, if you are a confirmed conspiracy theorist, you will surely nuke the lot.

Knock yourself out.

MetLife offers free ID Theft service to customers

Hopefully this encouraging move by the large insurer will start a trend, and cause other large financial service companies to look within their hearts (or simply acknowledge the marketing ROI from such a programme), and follow suit.

Several insurers now sell id theft coverage, but much of it is expensive, and the riders and exemption clauses so numerous, it is often hardly worth your while. Many home insurance policies exempt such cover and computer fraud, and data loss generally- always read the fine print and speak to your broker.

When Phishing = "A cool way to refer to fishing"

With news of data leaks becoming an almost daily occurence, it is little wonder people are worried - and anxious to learn how to protect themselves. A recent AOLCanada study showed that one fifth of Canadians consider id theft their top on-line concern, and revealed that they are falling for phishing scams hook, line and sinker.

On a bizarre note, in Ontario, about 15 per cent of respondents said they thought phishing was “just a cool way to refer to fishing.” Only about 2 per cent of B.C. residents (who presumably fish more) made a similar connection. Things are clearly worse than I thought.

But in Canada, regulators appear sanguine and are doing - absolutely nothing to protect Canadian consumers.

Meanwhile, regulators in several US states have come up with a new solution to help consumers avoid id theft.

Credit check agencies cry foul

Californians have the right to put a freeze on their credit reports. About 20 states have pending legislation picking up on the concept. The idea behind it is to prevent an aspiring id thief (with legitimate and sensitive consumer details in his/her possession) from causing havoc, by opening new accounts and wracking up credit using their identity.

US consumers concerned about data leaks can simply lock the bad guys out.

What a great idea you might say.

However, the self interested credit check agencies don't like it one bit as it annihilates a business model founded in part on consumers making impulse buys, and thus needing instantaneous access to credit histories. The danger for them is, of course, that if you have time (the time needed to unlock the freeze), to reflect on your purchase, you may change your mind. Very bad for business.

Their lobbyists are busy fudding their way through the halls of political power - predicting various doom laden condequences for the American economy if consumers take time to catch their breath.

"It's ok if you are a pedophile" - More bad news for parents

Tales of insidious online pedophiles preying on kids are more common than bad reality TV shows, and horribly worrying to concerned parents. This story about Canadian police cracking an international child pornography ring is scarier than most, as it reports on the case of an online predator whose " online technique was to pass himself off as a convicted pedophile, even though he isn't one... The idea was to find young people who didn't sign off at the mere mention of such a background".

What is worse is the fact he succeeded, and even sought the help of the seemingly willing victims to recruit other kids.

So as well as warning your kids that bad people exist using false personas on line (posing as kids etc) - you may have to explain something you never thought necessary to explain- why pedophiles are bad people, best avoided.

General word to the wise

Cyber scamsters are getting better at dreaming up innovative ways to take our money. The only real advise to be given is: "watch your back". It's ugly out there. If you have a tendency to be the nice, trusting type- your days of solvency are numbered.

Read every e-mail you receive (at home and work) as if Bin Laden might have sent it. Study the 'subject' line for hints that it is not what it seems to be. Ask friends and colleagues not to send you email with oblique- 'could be from anyone' subject lines. Use a personal code where you can. Just don't click on every old thing that flashes past your eyeballs. And never open unknown attachments - if in any doubt - hit delete.

The worst that can happen is that if it was legitimate, it will be sent again.

If chastised for deleting an email from the CEO demanding your immediate attention- assume your most ethically conscious and innocent face and point to the acceptable use policy/email policy, and numerous threatening emails from IT (saying not to open attachments). Sob to HR about the inequity of the situation, etc.

Almost certainly it will be the CEO who has breached protocol by sending dodgy looking attachments to security conscious staff...

Call to Action To all you frustrated, under appreciated security programmers and developers out there in your Dogbert infested pens, now is your chance to do something noble for mankind. Send us your ideas for Tip of the Week and we will publish the best. It must be in language that your granny would understand and be able to follow. Assuming your granny is not an MIT graduate.

We are trying to build a body of knowledge that helps the average user, as well as more sophisticated folk who already have wads of techno babble infested sites to turn to.