Skip to content

How can I tell if an email is fradulent?

August 25, 2010

Unfortunately, as phishing attacks become more sophisticated, it is very difficult for the average person to tell if a message is fraudulent. That is why phishing schemes are so prevelant and successful for criminals. For example, many phony e-mail messages link to real company logos of well-known brands. However, there are things you can be on the lookout for:

  • Requests for personal information in an e-mail message Most legitimate businesses have a policy that they do not ask you for your personal information through e-mail. Be very suspicious of a message that asks for personal information even if it might look legitimate.
  • Urgent wording Wording in phishing e-mail messages is usually polite and accommodating in tone. It almost always tries to get you to respond to the message or to click the link that is included. To increase the number of responses, criminals attempt to create a sense of urgency so that people immediately respond without thinking. Usually, fake e-mail messages are NOT personalized, while valid messages from your bank or e-commerce company generally are. The following is an example from a real phishing scheme:

Dear valued bank member, it has come to our attention that your account information needs to be updated due to inactive member, frauds, and spoof reports. Failure to update your records will result in account deletion. Please follow the link below to confirm you data.

  • Fake links Phishers are getting very sophisticated in their ability to create misleading links to the point where it is impossible for the average person to tell if the link is legitimate or not. It’s always best to type in the Web address you know is correct into your browser. Also you can save the correct URL to your browser Favorites. Do not copy and paste URLs from messages into your browser. Some of the techniques that criminals have used in the past to fake links are as follows:
    • In some messages, the link you are urged to click might contain all or part of a real company’s name and can be “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a faked Web site. Notice in this example using Outlook that resting the pointer on the link reveals another numeric Internet address in the box with the yellow background. This should make you suspicious.

Masked link

  • Be aware of URLs that include the @ sign. In the following example, the URL would take you to the location that comes after the @ sign, not to Wood Grove Bank. This is because browers ignore anything in the URL that comes before the @ sign:

https://www.woodgrovebank.com@nl.tv/secure_verification.aspx

The real location, nl.tv/secure_verification.aspx, could easily be an unsafe site.

  • Another common technique that has been used is a URL that at first glance is the name of a well-known company but on closer scrutiny is slightly altered. For example, http://www.microsoft.com could appear instead as:

http://www.micosoft.com,  http://www.verify-microsoft.com,  http://www.mircosoft.com

  • Message body is an image To avoid detection by spam filters, fake e-mail messages used in phishing schemes often use an image instead of text in the message body. If the sent spam message uses real text and you happen to use Outlook, the Outlook Junk Email Filter will very likely move the message to the Junk E-mail folder. The message body image is usually a hyperlink. You can tell because when you rest the pointer on the message body, the pointer becomes a hand.

    Pointer becomes a hand

  • Attachments Many phishing schemes ask you to open attachments, which can then infect your computer with a virus or spyware. If spyware is downloaded to your computer, it can then record the keystrokes you use to log into your personal online accounts and then sends that information back to the criminal. So be sure not to open attachments in suspicious e-mail messages. Any attachment that you want to view should be saved first, and then scanned with an up-to-date anti-virus program before you open it.
  • Promises that seem too good to be true Use common sense and be suspicious when you are offered money or discounts that seem too good to be true
Advertisements

WEB BROWSING 101 – Where do I type in my website address and where do I type in my search?

August 23, 2010

One of the most common mistakes made by beginners on the internet is incorrectly using the search field and address bar. This will explain the difference between the two, and specifically, how to get to a website if you already have the URL (internet address). I have used an example from a particular ISP (Internet Service Provider) and Internet Explorer, but the same principles apply to any ISP and any browser.

The screenshot above shows the homepage of a popular ISP called XTRA.

This homepage is usually installed as the default homepage for Xtra’s customers. Many people assume that this page is the starting point of the entire internet — a misperception the ISP is unlikely to clarify as it suits them well.

One of the first things you see on this homepage is a place to enter the subject you wish to search for. If, like many people, you don’t understand how browsers work then you may assume that whatever you want to do should be entered into this field.

And this is where the problem occurs: A user has the URL of a website they wish to visit (e.g. http://www.ups.com), so they type this URL into the search field. Most of the time they will be given a list of search results which includes the website in question. The user can then click this link and be taken to the website.

Although this may work for you, it is NOT the correct course of action. At best it is a slow, round-about way of getting where you wanted to be. At worst it will take you to the wrong place or fail to find the website you’re looking for.

This is how it should be done:

Look for the Address Bar near the top of your browser window. It may be in the same place as our example or it make look a little different, but it will usually be labeled “Address”.

If you know the URL of the website you wish to visit, type it directly into the address bar and click the Go button (or hit your keyboard’s Enter key). This bypasses the search altogether and takes you straight to the site you want to visit. Simple as that!

What are those cookies? Removing cookies from your computer diet!

August 20, 2010

Whom among us does not love cookies? You shouldn’t.

Cookies is a term used for pieces of data that websites store on your computer. They do this so that they can track you from session to session as well as store things about you, like your particular preferences at a website, or even the last search you did (at a few travel sites).  Sometimes it’s just there so that they can track you from session to session, and know that its the same person each time. In all these cases they are using your computer to help them track you. Maybe that’s fine with you, maybe its not, but now you can choose.

Check out NPR’s story yesterday (August 19, 2010) that will tell you all about “Tracking The Companies That Track You Online”.

Privacy and Security Issues Using the Internet

August 20, 2010

Please visit this link and read carefully.  http://www.google.com/privacy.html It will explain how Google (among EVERY website you visit) tracks your information and uses it.  Nothing to be alarmed about but you should be aware of what tracking cookies are.  If you have any questions please visit  http://www.thecomputericon.com.  Thanks so much!