Last postings
Beware of rogue diallers on dial up connections
MetLife offers free ID Theft service to customers
Canadians think 'phishing' is "a cool way to refer to fishing"
Credit check agencies cry foul
"It's ok if you are a pedophile" - More bad news for parents
World Cup fever attracts scammers
Internet scam artists don't like to miss a trick and the World Cup is a tremendous opportunity. Legitimate screensavers and other paraphenalia are widely on offer, some legitimate and some not.
In German, phishing emails have been making the rounds- playing on the likelihood that free offers of World Cup related goodies will be just too much for many soccer fans to ignore.
But if you open the attachments to these emails, you may pay a steep price, as spyware is secretly downloaded to your PC to track your every move on line and steal your passwords and sensitive data.
FIFA- soccer's governing body has warned that various scammy lottery companies are posing as FIFA to get folk to link to bogus- possibly spyware infected web sites. The lure is a claim that recipients
have won a lottery and must divulge personal data, 'including bank account information', to claim the prize money.
So watch the match on TV or on your web phone. And leave it at that.
MySpace users targeted by phishers
Chances are that the teenager who treats you like you have the Ebola virus, is busily updating his/her MySpace profile as we speak. And hopefully not conniving ways to acquire a passport to fly to meet an online 'crush' in faraway places.
But there are other ways that the hugely popular social networking site can do you or yours harm.
Phishers are now targeting users through that other teen favourite- AOL Messanger- they are sent a link that leads to the usual disease infected fake website that looks almost exactly like the real MySpace.com login page.
After your poor teen hands over all manner of personal data, he or she may actually be redirected to the real site. To see how convincing the fake site looks, check it out for yourself.
Microsoft patch update spoof
If you are one of the few home users who religiously applies Microsoft patches- fixes to various horrendous security problems- to your errant MS software: Be Alert.
If you receive an email from MS that warns you about a new vulnerability in something you don't understand (e.g. 'the WinLogon Service'), don't click on the provided link to a supposed patch. Hit delete.
If you click, you will actually download a Trojan (= bad) to your PC that will log your keystrokes and send them back to a hacker.
MS don't send out patches in emails as attachments. If they ever actually do so, just to confuse us- all things are possible- we are stuffed. But meanwhile, ignore all such messages.
Can you spot a phishing email?
A UK email security company has come up with a spunky and vaguely useful PR gimmick that allows users take a test to see if they can spot a phishing email. Apparently a sizeable number of UK punters who took the test, failed miserably.
If you think you have this one beat, go on - give it a whirl.
But don't get too cocky if you pass. Remember what they say: there is a scam out there somewhere - with your name on it.
Do you want to hear bad news?
Read the results of this US survey and let us know (info@headfry.com) what you think?
Should there be laws forcing companies to tell consumers about security breaches? What do you want to know in these notices? When should they be sent?
How likely would you be to leave a company sending you such a notice?
What is pharming?
Pharming usually means a situation where bad guys collect, or harvest, as they say, hundreds of email addresses at once. The phishers often just collect data on one person at a time.
Read a good story on steps a bank in South Africa is taking to protect customers, and learn about real life phishing and pharming scams to facilitate money laundering operations.
UK users baffled by techie jargon
As I have long suspected, when security vendors try to be helpful and write jargon infested prose for home users, many people the world over haven't the faintest notion what they are on about.
An AOL survey in the UK found that many Britons do not know what phishing, trojans, or rogue diallers actually mean. The fact that techies are obsessively committed to naming strategies that consist 100% of inside geek humour does not help matters.
The survey revealed, however, that Britons are not congentially challenged dullards, but fully capable of understanding freak geek terminology - if explained in plain English.
What on earth is spear phishing?
As if we hadn't enough of the frightful jargon - here comes another classic. IBM recently (circa August 3, 2005) released a security threat analysis and report, in which they referred to a rise in highly targeted phishing attacks - now known, or so they tell us- as spear phishing.
It is unclear if IBM techies are responsible for coining the horrendous, if vaguely apt phrase (in some higher plane geek speak kind of way), or if there are other guilty parties out there.
In any event, read an article in IT Business Canada - which quotes our very own Mary- on the gnarly subject.
Spyware and Star Wars confusion in the UK
Supposedly 11 per cent of the British population think spyware is "a gadget from Star Wars", according to a survey carried out by NOP and commissioned by security company Blue Coat.
In addition, more than half of those who do not think Dart Vader is using it, were 'unaware that spyware is software on a user's computer that tracks their behaviour and reports it back to a third party'. So they are only moderately better informed than the Lucas admirers.
Where is Princess Leah when you need her?
Spousal password sharing- the root of all evil?
A slightly bizarre article in which an African executive exhorts users to be more savvy about IT security risks- and not to share passwords between spouses.
Indeed, some legislation, and/or ' Voluntary Codes' - as exist in Canada - are frequently interpreted as prohibiting password sharing between spouses.
However, without any indication of marital disharmony, i.e. "I am about to leave you, but I will clean out your account first with our shared PIN", the paranoia around spousal PIN sharing is hard to comprehend. At least on any rational basis.
It certainly does little to shore up confidence in online commerce, or security at large.
But governments have a long history of engaging in scare-mongering to keep the unruly natives under control.
It is far cheaper then orchestrating real change.
A general word to the wise
Cyber scamsters are getting better at dreaming up innovative ways to take our money. The only real advise to be given is: "watch your back". It's ugly out there. If you have a tendency to be the nice, trusting type- your days of solvency are numbered.
Read every e-mail you receive (at home and work) as if Bin Laden might have sent it. Study the 'subject' line for hints that it is not what it seems to be. Ask friends and colleagues not to send you email with oblique- 'could be from anyone' subject lines. Use a personal code where you can. Just don't click on every old thing that flashes past your eyeballs. And never open unknown attachments - if in any doubt - hit delete.
The worst that can happen is that if it was legitimate, it will be sent again.
If chastised for deleting an email from the CEO demanding your immediate attention- assume your most ethically conscious and innocent face and point to the acceptable use policy/email policy, and numerous threatening emails from IT (saying not to open attachments). Sob to HR about the inequity of the situation, etc.
Almost certainly it will be the CEO who has breached protocol by sending dodgy looking attachments to security conscious staff...
Call to Action
To all you frustrated, under appreciated security programmers and developers out there in your Dogbert infested pens, now is your chance to do something noble for mankind.
Send us your ideas for Tip of the Week and we will publish the best. It must be in language that your granny would understand and be able to follow. Assuming your granny is not an MIT graduate. |
 |
 |
We are trying to build a body of knowledge that helps the average user, as well as more sophisticated folk
who already have wads of techno babble infested sites to turn to.
We believe the average user gets little help from anyone, and we sorely need his or her co-operation to
secure cyberspace. The vendors try to communicate with them, but don’t seem to comprehend how truly
mystified the well- educated (non lunk headed) user really is. They make a lot of ill judged assumptions
about what people know, and as a result the message falls flat.
Bill Gates supposedly once said ‘ we don’t talk to end users’.
Needless to say, that far sighted strategic insight has long died a death and Microsoft are positively
falling over themselves to get down and dirty with the common man, or woman, as the case may be.
So keep it simple. An ABC of ‘what to do, how to do it, or what to look out for’ is particularly useful.
Remember- you may not be appreciated in your pen, but you can be in cyberspace.
|
