By Coenraad De Beer
Conventional parental control software is a security risk on its own. Parents often fail to identify the underlying risks of Internet monitoring software, but what do you use if you want to monitor your child's activity on the Internet?
Parental control software remains a useful tool to monitor your child's online activity and at the same time block inappropriate content. The fact that you are an adult does not necessarily mean you like to view offensive content, so the software can also be utilised to block offensive content on sites you often visit. Unfortunately, with the monitoring part of the software comes an inherent security risk of sensitive information that may fall into the wrong hands.
If you want to use parental control software, you need to use it responsibly, especially if you install it on a computer that is shared by several members of your household. The trustworthy members of the family need to be aware of the software and the need to have administrator privileges to disable the software before working on the computer. Parents often forget to disable the software before doing online shopping or banking, effectively allowing the key-logger component of the software to log important information such as social security numbers, credit card numbers and passwords.
Many Internet monitoring software packages take screenshots at certain intervals to capture the contents of the screen at a specific point in time. This is also dangerous if you forget to disable the monitoring part of the software, before logging into a secure area of a website. Screenshots can be taken of sensitive information that's normally only accessible behind a secure login area. All this information (keystrokes and screenshots) is stored on your hard drive, exposing it to possible exploits from crackers or spyware.
Well-written parental control software will obviously encrypt the information it logs, but crackers often decipher the encryption code in next to no time. The last thing you need is a spyware infection or an intruder on your system that can bypass the encryption of the parental control software. You don't want a stranger going through your logs if you accidentally forgot to disable the software before entering sensitive information on the Internet. So the most important thing to remember is to disable the monitoring software before you use the computer and remember to enable it again when you're done, otherwise there is no point in having the software on your computer in the first place.
Some parental control software allows you to create different profiles for different members of the family. You can for instance have a "Child" profile that blocks inappropriate content and monitors your child's activity on the web, a "Teen" profile that does not block any content, but only monitors your child's activity and a "Parent" profile that does not monitor your activity or block any content. The "Teen" profile can be activated when your teenager wants to use the computer, or you can activate the "Parent" profile if you are present while your children surfs the Internet. The "Child" profile should be used to limit Internet access while you are not at home to keep an eye on your children's Internet activity.
Kaspersky Lab recently integrated a parental control module into their Internet Security suite. It does not log keystrokes or take screenshots, it only monitors HTTP traffic. To know what your child is doing on his or her computer, you only need to monitor their Internet use. It is easy to see which games they are playing and which software they are using by examining certain areas of your system, like the Program Files folder and the Add and Remove Programs section of the control panel. Clever kids will know how to wipe this information, but most programs make connections to the Internet these days, so just by examining the HTTP traffic generated by these programs, you can easily tell which programs your child is using and which websites they are visiting.
The parental control module of Kaspersky Internet Security logs all the websites visited by your children, all the remote images loaded from e-mails that they read and all the servers they connect to for online gaming and software updates. If the logs contain entries from winamp.com, then your child is probably using Winamp to play music or movies. Entries from ea.com, might indicate that your child is playing some games developed by Electronic Arts. Your children will also download software from certain sites, which will give you another indication of what kind of software they are using. The fact that the software monitors HTTP traffic, means that you are not only limited to the traffic generated by a web browser or e-mail client, it monitors all Internet activity from any application.
The way that Kaspersky Lab approaches parental control and monitoring software, does not compromise your online safety like your conventional child monitoring software, because there is no security holes created by keystroke logging and capturing of screen data. The logs of your HTTP traffic may still contain tracking information that you may not want to reveal to advertising companies (and their spyware programs), but the beauty of this module is that it is integrated into an Internet security suite, so you are automatically protected against unauthorised access and malicious software infections, thanks to the firewall the anti-malware shields of the software. Traffic through secure servers (HTTPS) is normally encrypted, so the monitoring software only sees the encrypted data during a secure online session like Internet banking or online shopping. I still recommend that you turn of the parental control module before transmitting sensitive information over the Internet.
Up to know I basically discussed the monitoring part of parental control software. The control part allows you to block indecent content as well. Blocking inappropriate content minimises the risk of malware infections. Porn sites are often loaded with spyware, so keeping your children away from these sites, does not only protect them from exposure to harmful content, but it also protects your computer from dangerous infections. Your child's porn surfing may be the cause of a dangerous spyware infection, something you may not be aware of (especially if you don't have any spyware protection installed). You could easily log into your online banking account or enter sensitive information on the web, without realising that there are spyware lurking on your computer, watching your every move. Parental control software is not designed to protect your computer against malware infections, but preventing your children from accessing inappropriate websites, helps them to stay away from potentially dangerous websites, which is the number one rule in malware prevention.
Proper parental control software should allow you to set up filters to block specific inappropriate content, giving you complete control over what you allow your child to access on the Internet. Kaspersky Internet Security allows you to do exactly this. Lets say you want to block access to sites containing the word "murder" in the URL. You simply add the filter "*murder*" to the Parental Control Blacklist and it will block all websites containing the word "murder" in the URL. You can also blacklist specific URL's to prevent access to certain online chat rooms, web mail services or social community websites. Websites that carries your approval can be added to a white list to prevent the software from accidentally blocking it, or you may want to allow only specific pages from a site that's currently on the blacklist. The flexibility of the software allows you to fine tune the parental control software to your own specific needs, enhancing the online safety of your children.
So what is the message I'm trying to get across here? As I said at the beginning of this article, parental control and monitoring software remains a useful tool to keep an eye on your children's Internet activity when you are not present. As a parent you need to understand that parental control software poses certain security risks of you do not manage the software in a responsible way. I feel that developers of parental control software should move away from keystroke logging and screen capturing and focus on HTTP monitoring instead. Parental control software developed by a company who specialises in Internet security, gives you peace of mind that the software was designed with security as a top priority. The next step for Kaspersky Lab may be to make the module optional. Not everyone wants parental control software, but if I want to add this functionality to my computer, I'd rather buy it from a developer who has been in the Internet security industry for years, than buying the software from a developer who does not have a clue about Internet security.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security and analysts of Cyber Security Software. Read our review of Kaspersky Internet Security 7.0 for an in depth look into one of the most comprehensive Internet security suites in the security software industry.
Wednesday, November 14, 2007
Wednesday, October 31, 2007
Website Owners - The Next Target of 419 Scammers?
By Coenraad De Beer
A couple of weeks ago I did an article on a 419 scammer who used Google to find possible victims. I analysed a very interesting 419-scam e-mail today that made it quite clear that the swindlers are slowly starting to change their tactics. The old methods are not working as well as they should, so scammers are looking for new and improved methods to claim new victims. Believe me, the dumb, idiotic scammers with their hilarious con stories are becoming smarter by the day.
The typical "Dear sir/madam" e-mails may soon be something of the past if all 419 scammers start to operate like Ferdinand Traore from Togo. Ferdinand sent an e-mail to a website owner after pulling his name, surname and e-mail address from the "Contact us" page of his website. Below is a copy of the e-mail that he wrote (The e-mail has not been edited in any way. I only changed the name of the website owner to John and his surname to Doe, to protect his identity).
"Dear John Doe,
Please forgive my using this means to reach you but I cant think of any other way of letting you know the urgent matter at hand. I acted as personal attorney to the (late) Engr. M.A. Doe, who lived and worked here for more than twenty years as a major contractor and businessman.
On the 18th of Novermber 2004 he and his wife and only daughter were involved in an automobile accident while visiting a neighboring country on vacation. They were buried two weeks after and I have exhausted all means of reaching who may have been related to them. This has been made more difficult because no mention was made of any relative while he was alive.
To the best of my knowledge, before his death, he had an investment deposit totalling more than Eighteen Million Five hundred thousand United States Dollars($US18.500.000.00) with the major bank here and now they have asked me to provide a next of kin if there is, or the estate will then revert to the government and so it would be lost.
My proposal is that you allow to be presented for this role so that documentation can be processed and payment made in your favour. This is a project which will see us partner to realise. I would be willing for us to discuss terms of participation in order to protect our various interests.
I want to assure you right away that I have positioned this deal to not last for more that two weeks. I shall be willing to discuss futher on this if write back or send to me your direct telephone number so we can discuss in the type of confidential atmosphere which this matter requires.
Awaiting your immediate response.
Ferdinand Traore (Esq).
Traore Chambers & Associates,
Rue Du Commerce Avenue B.P.120,
Lome-Togo"
You can easily be drawn into this e-mail because at first glance you may think it is a relative who died. If this happens, the scammer achieved his first goal, to get your attention. If he has your attention he can play with your mind. The plot is simple, a lawyer contacts you in search of a next of kin for a deceased person who has the same last name as yours, very convenient don't you think? The deceased person was loaded with cash, making the proposal very attractive to the unwary victim.
You may argue that there is nothing special to this e-mail, besides the fact that he addressed the victim directly on his name and not via the generic "Dear sir/madam" introduction. Furthermore the spelling and grammar is horrible, so it is easy to spot the scam in this e-mail. It is a classic inheritance scam e-mail, with the promise of a ridiculously large sum of money. Ferdinand sent the e-mail from ferdinandtraore.4to1957@yahoo.co.uk but the victim had to reply to ferdinandtraore.tgo1957@yahoo.co.uk, another common characteristic found in 419-scam e-mails. All the signs are there, so what is so special about this specific e-mail?
It is not the e-mail that's unique, but the methods used by the scammer to collect information about the victim. A closer look at the visitor statistics of this website revealed a visit from Togo, with the same IP address (41.207.162.4) as the one found in the e-mail header. So there was no doubt about the identity of this visitor, it was most definitely our friend Ferdinand Traore (oops did I forget to add the "Esq" suffix after your name? Sorry Ferdinand). The traffic came from a Google search for a specific surname, in this case not the surname of the website owner, but a surname that appeared on one of his web pages.
The scammer appended "co.za" to the search string, which tells me he was looking for South African websites (or South African website owners). He also placed "2007" in front of the surname. Why? Websites contain copyright notices, often followed by the name of the website designer. Most copyright notices contains a year and active websites change this number each year, some web designers do this via a script and others do it by hand. The scammer was probably looking for websites containing a 2007 copyright notice. This would certainly keep the search results fresh and minimise the risk of using outdated contact information.
In the previous article I mentioned a 419 scammer who targeted American citizens using specific e-mail services like Yahoo! and AOL. This scammer searched for the latest contact details of certain South African website owners. I'm sure they expand these searches to other countries as well, but one thing is for certain, they are using specific contact information to send targeted and relevant e-mails to possible victims. Later today someone else reported a scam e-mail, with the exact same plot. Once again the scammer knew the name and surname of the victim and addressed him accordingly. The victim of this e-mail was a job seeker who posted his resume on several online recruitment websites. So the scammers are using several online resources to harvest personal information about their victims.
E-mails addressing you personally are no longer a guarantee that it came from a trustworthy source. The fact that the sender knows your name and last name does not necessarily mean that he legitimately obtained this information or that he has legitimate intentions. People should look deeper into the e-mail for other obvious signs exposing the true nature of the e-mail. I mentioned a couple of common characteristics earlier in this article that will help you to identify other e-mails just like this one. But not all these characteristics are present in every e-mail scam, making it hard to define a single set of rules that will apply to all e-mail scams. Common sense is the only true weapon that's dynamic enough to adapt to the different methods used by e-mail scammers today.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops. Visit our 419 Scams page for more information about 419 scams and different 419 scam examples. Stay up to date with the latest in cyber security, by subscribing to our cyber security related RSS Feeds.
A couple of weeks ago I did an article on a 419 scammer who used Google to find possible victims. I analysed a very interesting 419-scam e-mail today that made it quite clear that the swindlers are slowly starting to change their tactics. The old methods are not working as well as they should, so scammers are looking for new and improved methods to claim new victims. Believe me, the dumb, idiotic scammers with their hilarious con stories are becoming smarter by the day.
The typical "Dear sir/madam" e-mails may soon be something of the past if all 419 scammers start to operate like Ferdinand Traore from Togo. Ferdinand sent an e-mail to a website owner after pulling his name, surname and e-mail address from the "Contact us" page of his website. Below is a copy of the e-mail that he wrote (The e-mail has not been edited in any way. I only changed the name of the website owner to John and his surname to Doe, to protect his identity).
"Dear John Doe,
Please forgive my using this means to reach you but I cant think of any other way of letting you know the urgent matter at hand. I acted as personal attorney to the (late) Engr. M.A. Doe, who lived and worked here for more than twenty years as a major contractor and businessman.
On the 18th of Novermber 2004 he and his wife and only daughter were involved in an automobile accident while visiting a neighboring country on vacation. They were buried two weeks after and I have exhausted all means of reaching who may have been related to them. This has been made more difficult because no mention was made of any relative while he was alive.
To the best of my knowledge, before his death, he had an investment deposit totalling more than Eighteen Million Five hundred thousand United States Dollars($US18.500.000.00) with the major bank here and now they have asked me to provide a next of kin if there is, or the estate will then revert to the government and so it would be lost.
My proposal is that you allow to be presented for this role so that documentation can be processed and payment made in your favour. This is a project which will see us partner to realise. I would be willing for us to discuss terms of participation in order to protect our various interests.
I want to assure you right away that I have positioned this deal to not last for more that two weeks. I shall be willing to discuss futher on this if write back or send to me your direct telephone number so we can discuss in the type of confidential atmosphere which this matter requires.
Awaiting your immediate response.
Ferdinand Traore (Esq).
Traore Chambers & Associates,
Rue Du Commerce Avenue B.P.120,
Lome-Togo"
You can easily be drawn into this e-mail because at first glance you may think it is a relative who died. If this happens, the scammer achieved his first goal, to get your attention. If he has your attention he can play with your mind. The plot is simple, a lawyer contacts you in search of a next of kin for a deceased person who has the same last name as yours, very convenient don't you think? The deceased person was loaded with cash, making the proposal very attractive to the unwary victim.
You may argue that there is nothing special to this e-mail, besides the fact that he addressed the victim directly on his name and not via the generic "Dear sir/madam" introduction. Furthermore the spelling and grammar is horrible, so it is easy to spot the scam in this e-mail. It is a classic inheritance scam e-mail, with the promise of a ridiculously large sum of money. Ferdinand sent the e-mail from ferdinandtraore.4to1957@yahoo.co.uk but the victim had to reply to ferdinandtraore.tgo1957@yahoo.co.uk, another common characteristic found in 419-scam e-mails. All the signs are there, so what is so special about this specific e-mail?
It is not the e-mail that's unique, but the methods used by the scammer to collect information about the victim. A closer look at the visitor statistics of this website revealed a visit from Togo, with the same IP address (41.207.162.4) as the one found in the e-mail header. So there was no doubt about the identity of this visitor, it was most definitely our friend Ferdinand Traore (oops did I forget to add the "Esq" suffix after your name? Sorry Ferdinand). The traffic came from a Google search for a specific surname, in this case not the surname of the website owner, but a surname that appeared on one of his web pages.
The scammer appended "co.za" to the search string, which tells me he was looking for South African websites (or South African website owners). He also placed "2007" in front of the surname. Why? Websites contain copyright notices, often followed by the name of the website designer. Most copyright notices contains a year and active websites change this number each year, some web designers do this via a script and others do it by hand. The scammer was probably looking for websites containing a 2007 copyright notice. This would certainly keep the search results fresh and minimise the risk of using outdated contact information.
In the previous article I mentioned a 419 scammer who targeted American citizens using specific e-mail services like Yahoo! and AOL. This scammer searched for the latest contact details of certain South African website owners. I'm sure they expand these searches to other countries as well, but one thing is for certain, they are using specific contact information to send targeted and relevant e-mails to possible victims. Later today someone else reported a scam e-mail, with the exact same plot. Once again the scammer knew the name and surname of the victim and addressed him accordingly. The victim of this e-mail was a job seeker who posted his resume on several online recruitment websites. So the scammers are using several online resources to harvest personal information about their victims.
E-mails addressing you personally are no longer a guarantee that it came from a trustworthy source. The fact that the sender knows your name and last name does not necessarily mean that he legitimately obtained this information or that he has legitimate intentions. People should look deeper into the e-mail for other obvious signs exposing the true nature of the e-mail. I mentioned a couple of common characteristics earlier in this article that will help you to identify other e-mails just like this one. But not all these characteristics are present in every e-mail scam, making it hard to define a single set of rules that will apply to all e-mail scams. Common sense is the only true weapon that's dynamic enough to adapt to the different methods used by e-mail scammers today.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops. Visit our 419 Scams page for more information about 419 scams and different 419 scam examples. Stay up to date with the latest in cyber security, by subscribing to our cyber security related RSS Feeds.
Thursday, October 18, 2007
419 Scammers Using Google Search to Find New Victims
By Coenraad De Beer
I've heard of phishing scammers using Google Maps to reveal the location of a victim, but I haven't heard of scammers using Goole Search to find the e-mail addresses of possible prospects for advance fee fraud. However I was surprised to find such a search last week when I browsed through the visitor statistics of cybertopcops.com.
419 Scammers are starting to use technology more often to swindle innocent victims. We see advanced and professionally designed e-mails and websites, clever social engineering skills and scam e-mails targeted at specific people. That was probably the aim of the scammer who used Google Search to find Yahoo! and AOL e-mail addresses of people in the USA, who are desperately in need of funds. Yes the exact search string used by this scammer was "email address of people in the usa that are in need of fund @yahoo or aol mail". The scammer landed on our Lottery Scams page where we refer to the fact that scammers often use Yahoo! and AOL e-mail accounts to distribute fraudulent e-mails. We recently made some changes to this page and as a result it's no longer appearing in the results for this specific search string.
A couple of things immediately caught my attention when I stumbled across this visit. The visitor was from Nigeria, with the IP address 196.1.179.153, one that is often involved in e-mail scams and spamming. His/her Internet service provider was Nitel, the principal telecommunications company in Nigeria. What struck me the most was the search string used by this visitor. Did the scammer really think he/she would find the e-mail address of a US citizen, looking for funds on the Internet, using a Yahoo! or AOL e-mail address and on top of that, leaving it on the web for anyone to use? It's like going to Amazon, hoping to find specials on 419 Scam Victims, or having a victim delivered to you on a silver tray. But is a search like this, really that far-fetched?
If you browse through the results of this search, you will find quite a couple of e-mail addresses, lying around for advance fee fraud scammers to use as they please. A couple of interesting theories came to mind when I analysed the search string.
I understand that it is hard to base solid theories on a single incident, so these are only a couple of possibilities from a personal point of view. 419 scammers send e-mails to many countries, not just America, they send e-mails to Gmail and other e-mail accounts, not just Yahoo! and AOL and they send e-mails in bulk, like a spammer with a shotgun approach, they often have no idea who the recipients would be.
What can we learn through this behaviour? Do not post your personal e-mail address in any public area on the web. Do not reveal your financial status on the web. Scammers will use this to their advantage. If they have your e-mail address in their possession and at the same time know about your financial problems, then they can send you a highly targeted and convincing e-mail, putting them in the right place at the right time. I still think it was wishful thinking by the scammer to do such a narrow search, hoping to find a victim that fits this profile. However, this scammer inadvertently revealed one of their harvesting methods, so lets take the necessary precautions and make it harder for scammers to find new victims.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about online scams and assisting users in the removal of malicious software.
I've heard of phishing scammers using Google Maps to reveal the location of a victim, but I haven't heard of scammers using Goole Search to find the e-mail addresses of possible prospects for advance fee fraud. However I was surprised to find such a search last week when I browsed through the visitor statistics of cybertopcops.com.
419 Scammers are starting to use technology more often to swindle innocent victims. We see advanced and professionally designed e-mails and websites, clever social engineering skills and scam e-mails targeted at specific people. That was probably the aim of the scammer who used Google Search to find Yahoo! and AOL e-mail addresses of people in the USA, who are desperately in need of funds. Yes the exact search string used by this scammer was "email address of people in the usa that are in need of fund @yahoo or aol mail". The scammer landed on our Lottery Scams page where we refer to the fact that scammers often use Yahoo! and AOL e-mail accounts to distribute fraudulent e-mails. We recently made some changes to this page and as a result it's no longer appearing in the results for this specific search string.
A couple of things immediately caught my attention when I stumbled across this visit. The visitor was from Nigeria, with the IP address 196.1.179.153, one that is often involved in e-mail scams and spamming. His/her Internet service provider was Nitel, the principal telecommunications company in Nigeria. What struck me the most was the search string used by this visitor. Did the scammer really think he/she would find the e-mail address of a US citizen, looking for funds on the Internet, using a Yahoo! or AOL e-mail address and on top of that, leaving it on the web for anyone to use? It's like going to Amazon, hoping to find specials on 419 Scam Victims, or having a victim delivered to you on a silver tray. But is a search like this, really that far-fetched?
If you browse through the results of this search, you will find quite a couple of e-mail addresses, lying around for advance fee fraud scammers to use as they please. A couple of interesting theories came to mind when I analysed the search string.
- 419 scammers are targeting people living in the United States. Why? Perhaps they have a better success rate with Americans;
- They prefer people using the e-mail services of Yahoo! and AOL. Why? The spam filter of Yahoo! and AOL is not as effective as Gmail's and it is probably easier for scammers to get through to people who use these e-mail services. Also note that the scammer did not look for Hotmail e-mail addresses. According to 419eater.com, some scammers do not like to converse with Hotmail users; and
- They specifically target people in need of financial assistance. Why? People with severe financial problems are often desperate and will do anything to improve their financial position. 419 scammers exploit this desperation, making it easier to convince these victims.
I understand that it is hard to base solid theories on a single incident, so these are only a couple of possibilities from a personal point of view. 419 scammers send e-mails to many countries, not just America, they send e-mails to Gmail and other e-mail accounts, not just Yahoo! and AOL and they send e-mails in bulk, like a spammer with a shotgun approach, they often have no idea who the recipients would be.
What can we learn through this behaviour? Do not post your personal e-mail address in any public area on the web. Do not reveal your financial status on the web. Scammers will use this to their advantage. If they have your e-mail address in their possession and at the same time know about your financial problems, then they can send you a highly targeted and convincing e-mail, putting them in the right place at the right time. I still think it was wishful thinking by the scammer to do such a narrow search, hoping to find a victim that fits this profile. However, this scammer inadvertently revealed one of their harvesting methods, so lets take the necessary precautions and make it harder for scammers to find new victims.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about online scams and assisting users in the removal of malicious software.
Labels:
419 Scams,
Online Fraud,
Online Scammers,
Online Scams,
Scammers,
Scams
Monday, September 24, 2007
PC Security DIY Part I: Malware - The Most Wanted Cyber Criminal
By Coenraad De Beer
More or less 3 weeks ago, several anti-scammer websites fell victim to DDoS (Distributed Denial of Service) attacks by the Storm botnet. The comments made on blogs and news sites about these attacks, made it clear once again that cyber security experts are well aware of the dangers of malware infections, which are the backbone of any botnet, as well as the impact these infections have on the online industry. The fact that security experts realise these problems is all good and well, but it does not really help addressing the problem. Normal computer users need to understand the implications of malware infections as well, but more importantly, they have to carry the consequences of their actions if they refuse to take appropriate preventative measures against malware.
Before we start, I would like to explain a couple of terms to users not familiar with DDoS attacks and botnets. A botnet is a network of software robots controlled remotely by crackers. A software robot in this specific case is a compromised computer, infected with specific malware types like Trojan horses and worms. A compromised computer is also called a "zombie computer". A botnet is therefore a collection of compromised or "zombie" computers. I am not going into the details of a DDoS attack, but a Denial of Service attack basically happens when a botnet sends thousands, even millions, of communication requests to a web server. This results in a bottleneck of incoming traffic, causing the server to crash, or making it so slow that it cannot serve the website to normal visitors anymore. An attack from a big botnet will therefore have a much larger impact on a web server than an attack from a smaller botnet. Okay, now that we have the jargon out of the way, lets delve deeper into the impact of malware infections on the Internet as a whole, but also for the individual Internet user.
The Internet is often referred to as the information superhighway. Off course the Internet as we know it today, is much more than just an information superhighway, the Internet has become a digital world where many offline tasks can be done online as well. You can work, play, recruit, date, shop, chat, watch TV, listen radio and do many other things online. But for the sake of this article I will stick to the term information superhighway, because the rules of the road fit perfectly in with what I want to illustrate. According to Wikipedia, it is estimated that up to one quarter of all personal computers connected to the Internet, are part of a botnet. This estimate is not that hard to believe, I will even go so far to say that this figure may even be bigger than a quarter of the Internet's population, especially if you take into account the rate at which malware infections spread through the Internet. Ignorance plays a big role in malware infections, but don't leave negligence out of the equation. If it only stopped at ignorance and negligence, large and influential companies are able to address the problem, but they are unwilling to sacrifice profit for the safety of other Internet users.
Internet Service providers are in pole position to address the increasing threat of malware infections, the one thing that's making botnets grow larger and larger by the day. Unfortunately they are only interested in making money instead of providing a safe and quality service to their loyal and honest customers. No they would rather keep the clients distributing malware, sending out spam or taking part in Denial of Service attacks, because it means loss of revenue for them if they decide to suspend the services or terminate the accounts of these clients. Most ISPs will state in their Terms of Service that they do not tolerate this kind of behaviour, but it is only done to make them look great on paper, they seldom enforce these terms. John Masters, anti-spam activist and a dedicated supporter of Cyber Top Cops, sent me an e-mail the other day, suggesting that we should roll out penalties against people who use unprotected computers connected to the Internet. Although I realise the difficulty of getting something like this into place, I personally think it is a great idea and I wholeheartedly agree, but before we start to punish the user, start with the ISP for not taking action against the user.
It makes a lot of sense to fine people who use unprotected computers on the Internet. This is why I referred to the information superhighway earlier in this article. The Internet can be compared to a real highway, where several road safety rules apply. Driving on a highway with a vehicle that's not roadworthy does not only put your own safety at risk, but also the safety of other road users. If a traffic officer pulls you off the road and find that your vehicle is not roadworthy, you will most probably receive a fine (unless you bribe the traffic officer). If you continue to drive like this you may end up with a suspended driver's licence. The same principle applies to computer security. If you use an unprotected computer on the Internet you're not only putting your own safety at risk, but the safety of other Internet users as well. If your ISP becomes aware of the fact that you're connecting to the Internet without appropriate, up to date anti-malware software installed on your computer, you are supposed to be fined for putting the safety of all other Internet users at risk. They should suspend your services if you continue to connect to the Internet with an unprotected computer.
Your computer may be distributing malware, sending out spam, phishing e-mails and advance fee fraud scams. Your computer may even be used in Denial of Service attacks. So you end up becoming an accomplice in Internet crime. You unknowingly become a spammer, a scammer or a malware distributor. By using an unprotected computer you contribute to cyber crime instead of fighting it. That's not all, the malware may be monitoring your keystrokes, capturing everything you type, stealing passwords, e-mail addresses, account numbers, social security numbers, credit card numbers, names, telephone numbers, physical addresses... can you see where I'm going with this? These programs are able to compile a complete profile about yourself, this information is then transmitted back to the operator of the malware, who may use it to commit fraud in your name, in other words steal your identity. The perpetrator may even clean out your bank account, open credit cards or take out loans in your name and guess who is going to receive the bills at the end of the month, you!
What are the practical implications of implementing a penalty system for reckless Internet users? First of all, the ISP needs to have solid evidence, proving that the guilty party was really using an unprotected computer. Secondly, if the user had anti-malware software installed on his/her computer, the ISP needs to prove that the software was outdated. Finally, if the user had up to date anti-malware software installed, the ISP needs to prove that the software was not appropriate for preventing malware infections. This means that anti-malware software needs to comply with certain safety standards before they can be accepted as approved anti-malware solutions. This will effectively force all anti-malware developers to put their software through specific tests, conducted by a computer security standards authority. This will also cause anti-malware application prices to rise, which may pull the plug on the development of free anti-malware solutions, unless the developers certify these free applications as well. The ISP should use special software to check whether these approved anti-malware applications are installed on the client's computer. The software should send out several warnings to the clients who do not comply with these standards, giving them a reasonable amount of time to attend to the problems and providing detailed instructions on how to resolve them. Access to the Internet should only be terminated if the user fails to respond to these warnings.
Many people might ask, how should I update my anti-malware application if my Internet access is terminated? Your Internet access should only be terminated if you fail to respond to the warning notifications sent to you. If you end up with a terminated Internet access account, it means you ignored the notifications and you should have thought about the implications of your actions before you decided to ignore them. Other may claim that they are computer illiterate and cannot install software or keep them up to date. Most anti-malware applications update themselves and it does not take a rocket scientist to install them. With most of these installations you simply need to click on the "Next" button until you see a "Finish" button. If you can surf the Internet, then I'm sure you know how to click a button. I understand that not every Internet user is a computer expert, so if you find it difficult to install software, join an online forum like BleepingComputer.com, GeeksToGo.com or TechGuy.org and ask for assistance. It is extremely important to secure your computer before it gets infected with malware.
I just painted a pretty grim picture, didn't I? The burden placed on Internet Service Providers to check up on clients, to prove that clients are using unprotected computers, to penalise those who disobey the rules and to close down the accounts of regular offenders. Then there is the problem of high anti-malware prices and no more free anti-malware solutions for the people who cannot afford expensive anti-malware protection. But this is where the Internet is heading if we do not take action now. Online fraud is causing consumers to loose confidence in Internet shopping. Phishing scams are making users afraid of signing up for Internet banking services. People are weary of online payment and trading services like PayPal and eBay, no matter how safe they claim to be. Spammers are stealing bandwidth and the Internet user have to cough up for the costs. Expensive hardware and software is needed to fend off Denial of Service attacks. Malware is at the root of all these problems. It is the biggest contributor to cyber crime and eliminating malware is like removing a species from the food chain. This will be a big blow to spam and bot networks, resulting in less spam and phishing scams, fewer Denial of Service attacks and fewer stolen identities, passwords and credit card numbers. All the money saved through proper prevention of malware, including malware related problems like spam and Denial of Service attacks, can be utilised to build better protection against malware and assist companies to continue the development of free anti-malware solutions for home users.
So what is the bottom line? Internet Service Providers need to take responsibility for their networks. Customers are paying for Internet access, free from spam and malware attacks. It is the responsibility of the ISP to keep spam and malware infections within acceptable limits. Proper legislation needs to be put into place and governments need to take action against ISPs if they allow these threats to rise beyond acceptable limits. How do ISPs keep these threats within acceptable limits? Listen to the complaints sent through to your abuse departments, stop ignoring them, terminate the services of regular offenders and publish these actions for everyone to see. Make examples of those who do not want to listen and soon enough you will have people sticking to the rules. People will continue to do what they want if they know there is no punishment for their wrongdoing.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, providers of free malware removal assistance and helpful Internet security tips for the novice user. In the next instalment of the PC Security DIY article series, we will look at the foundation of Internet Security, using a secure browser and e-mail client and getting into safe browsing and e-mail reading habits.
More or less 3 weeks ago, several anti-scammer websites fell victim to DDoS (Distributed Denial of Service) attacks by the Storm botnet. The comments made on blogs and news sites about these attacks, made it clear once again that cyber security experts are well aware of the dangers of malware infections, which are the backbone of any botnet, as well as the impact these infections have on the online industry. The fact that security experts realise these problems is all good and well, but it does not really help addressing the problem. Normal computer users need to understand the implications of malware infections as well, but more importantly, they have to carry the consequences of their actions if they refuse to take appropriate preventative measures against malware.
Before we start, I would like to explain a couple of terms to users not familiar with DDoS attacks and botnets. A botnet is a network of software robots controlled remotely by crackers. A software robot in this specific case is a compromised computer, infected with specific malware types like Trojan horses and worms. A compromised computer is also called a "zombie computer". A botnet is therefore a collection of compromised or "zombie" computers. I am not going into the details of a DDoS attack, but a Denial of Service attack basically happens when a botnet sends thousands, even millions, of communication requests to a web server. This results in a bottleneck of incoming traffic, causing the server to crash, or making it so slow that it cannot serve the website to normal visitors anymore. An attack from a big botnet will therefore have a much larger impact on a web server than an attack from a smaller botnet. Okay, now that we have the jargon out of the way, lets delve deeper into the impact of malware infections on the Internet as a whole, but also for the individual Internet user.
The Internet is often referred to as the information superhighway. Off course the Internet as we know it today, is much more than just an information superhighway, the Internet has become a digital world where many offline tasks can be done online as well. You can work, play, recruit, date, shop, chat, watch TV, listen radio and do many other things online. But for the sake of this article I will stick to the term information superhighway, because the rules of the road fit perfectly in with what I want to illustrate. According to Wikipedia, it is estimated that up to one quarter of all personal computers connected to the Internet, are part of a botnet. This estimate is not that hard to believe, I will even go so far to say that this figure may even be bigger than a quarter of the Internet's population, especially if you take into account the rate at which malware infections spread through the Internet. Ignorance plays a big role in malware infections, but don't leave negligence out of the equation. If it only stopped at ignorance and negligence, large and influential companies are able to address the problem, but they are unwilling to sacrifice profit for the safety of other Internet users.
Internet Service providers are in pole position to address the increasing threat of malware infections, the one thing that's making botnets grow larger and larger by the day. Unfortunately they are only interested in making money instead of providing a safe and quality service to their loyal and honest customers. No they would rather keep the clients distributing malware, sending out spam or taking part in Denial of Service attacks, because it means loss of revenue for them if they decide to suspend the services or terminate the accounts of these clients. Most ISPs will state in their Terms of Service that they do not tolerate this kind of behaviour, but it is only done to make them look great on paper, they seldom enforce these terms. John Masters, anti-spam activist and a dedicated supporter of Cyber Top Cops, sent me an e-mail the other day, suggesting that we should roll out penalties against people who use unprotected computers connected to the Internet. Although I realise the difficulty of getting something like this into place, I personally think it is a great idea and I wholeheartedly agree, but before we start to punish the user, start with the ISP for not taking action against the user.
It makes a lot of sense to fine people who use unprotected computers on the Internet. This is why I referred to the information superhighway earlier in this article. The Internet can be compared to a real highway, where several road safety rules apply. Driving on a highway with a vehicle that's not roadworthy does not only put your own safety at risk, but also the safety of other road users. If a traffic officer pulls you off the road and find that your vehicle is not roadworthy, you will most probably receive a fine (unless you bribe the traffic officer). If you continue to drive like this you may end up with a suspended driver's licence. The same principle applies to computer security. If you use an unprotected computer on the Internet you're not only putting your own safety at risk, but the safety of other Internet users as well. If your ISP becomes aware of the fact that you're connecting to the Internet without appropriate, up to date anti-malware software installed on your computer, you are supposed to be fined for putting the safety of all other Internet users at risk. They should suspend your services if you continue to connect to the Internet with an unprotected computer.
Your computer may be distributing malware, sending out spam, phishing e-mails and advance fee fraud scams. Your computer may even be used in Denial of Service attacks. So you end up becoming an accomplice in Internet crime. You unknowingly become a spammer, a scammer or a malware distributor. By using an unprotected computer you contribute to cyber crime instead of fighting it. That's not all, the malware may be monitoring your keystrokes, capturing everything you type, stealing passwords, e-mail addresses, account numbers, social security numbers, credit card numbers, names, telephone numbers, physical addresses... can you see where I'm going with this? These programs are able to compile a complete profile about yourself, this information is then transmitted back to the operator of the malware, who may use it to commit fraud in your name, in other words steal your identity. The perpetrator may even clean out your bank account, open credit cards or take out loans in your name and guess who is going to receive the bills at the end of the month, you!
What are the practical implications of implementing a penalty system for reckless Internet users? First of all, the ISP needs to have solid evidence, proving that the guilty party was really using an unprotected computer. Secondly, if the user had anti-malware software installed on his/her computer, the ISP needs to prove that the software was outdated. Finally, if the user had up to date anti-malware software installed, the ISP needs to prove that the software was not appropriate for preventing malware infections. This means that anti-malware software needs to comply with certain safety standards before they can be accepted as approved anti-malware solutions. This will effectively force all anti-malware developers to put their software through specific tests, conducted by a computer security standards authority. This will also cause anti-malware application prices to rise, which may pull the plug on the development of free anti-malware solutions, unless the developers certify these free applications as well. The ISP should use special software to check whether these approved anti-malware applications are installed on the client's computer. The software should send out several warnings to the clients who do not comply with these standards, giving them a reasonable amount of time to attend to the problems and providing detailed instructions on how to resolve them. Access to the Internet should only be terminated if the user fails to respond to these warnings.
Many people might ask, how should I update my anti-malware application if my Internet access is terminated? Your Internet access should only be terminated if you fail to respond to the warning notifications sent to you. If you end up with a terminated Internet access account, it means you ignored the notifications and you should have thought about the implications of your actions before you decided to ignore them. Other may claim that they are computer illiterate and cannot install software or keep them up to date. Most anti-malware applications update themselves and it does not take a rocket scientist to install them. With most of these installations you simply need to click on the "Next" button until you see a "Finish" button. If you can surf the Internet, then I'm sure you know how to click a button. I understand that not every Internet user is a computer expert, so if you find it difficult to install software, join an online forum like BleepingComputer.com, GeeksToGo.com or TechGuy.org and ask for assistance. It is extremely important to secure your computer before it gets infected with malware.
I just painted a pretty grim picture, didn't I? The burden placed on Internet Service Providers to check up on clients, to prove that clients are using unprotected computers, to penalise those who disobey the rules and to close down the accounts of regular offenders. Then there is the problem of high anti-malware prices and no more free anti-malware solutions for the people who cannot afford expensive anti-malware protection. But this is where the Internet is heading if we do not take action now. Online fraud is causing consumers to loose confidence in Internet shopping. Phishing scams are making users afraid of signing up for Internet banking services. People are weary of online payment and trading services like PayPal and eBay, no matter how safe they claim to be. Spammers are stealing bandwidth and the Internet user have to cough up for the costs. Expensive hardware and software is needed to fend off Denial of Service attacks. Malware is at the root of all these problems. It is the biggest contributor to cyber crime and eliminating malware is like removing a species from the food chain. This will be a big blow to spam and bot networks, resulting in less spam and phishing scams, fewer Denial of Service attacks and fewer stolen identities, passwords and credit card numbers. All the money saved through proper prevention of malware, including malware related problems like spam and Denial of Service attacks, can be utilised to build better protection against malware and assist companies to continue the development of free anti-malware solutions for home users.
So what is the bottom line? Internet Service Providers need to take responsibility for their networks. Customers are paying for Internet access, free from spam and malware attacks. It is the responsibility of the ISP to keep spam and malware infections within acceptable limits. Proper legislation needs to be put into place and governments need to take action against ISPs if they allow these threats to rise beyond acceptable limits. How do ISPs keep these threats within acceptable limits? Listen to the complaints sent through to your abuse departments, stop ignoring them, terminate the services of regular offenders and publish these actions for everyone to see. Make examples of those who do not want to listen and soon enough you will have people sticking to the rules. People will continue to do what they want if they know there is no punishment for their wrongdoing.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, providers of free malware removal assistance and helpful Internet security tips for the novice user. In the next instalment of the PC Security DIY article series, we will look at the foundation of Internet Security, using a secure browser and e-mail client and getting into safe browsing and e-mail reading habits.
Labels:
anti-malware,
botnets,
DDoS,
Malware,
PC Security,
unprotected computers
Wednesday, September 05, 2007
Choose Your E-mail Address Carefully
By Coenraad De Beer
Did you know that it is important to choose the right name for your electronic mailbox? Very few people realise it and therefore expose themselves to things like identity theft, phishing and yes you guessed it, annoying spam.
What do you normally use as a login name or nickname when you register for an online service? Many people use a number or a keyword that is easy to remember and the easiest thing to remember is obviously your own name. However, your own name is the last thing you should use for any kind of login details and the same rule applies when you choose an e-mail address.
Why is it important for a spammer or phishing scammer to know your name? The main reason is authenticity. Let me explain with an example. If you have an account with PayPal and you receive an e-mail asking you to update your details, are you going to take the e-mail seriously if the e-mail starts with "Dear PayPal Customer"? Most people will say no, but what if your name is John Doe and the same e-mail starts with "Dear John Doe"? You can easily argue that anyone can send a PayPal look-alike e-mail starting with "Dear PayPal Customer", but not everyone knows my name, so chances are good that the latter version are probably from PayPal. I won't be too sure of that, especially if your e-mail address is john.doe@example.com. People often use a dot (.), a dash(-) or an underscore (_) as a separating character in their e-mail addresses and even a novice computer programmer will be able to extract the name and surname part from an e-mail address similar to the one given above
An e-mail starting with your name draws your attention immediately, so you tend to read more carefully and in most cases, the whole e-mail. Most people will respond immediately if they hear someone calling their name. The same basic principle applies to e-mails starting with your name, or containing your name in the subject line. This is why it is so popular among e-mail marketers to use your name in the subject line, you immediately want to see what the e-mail is about, because the person addressed you personally, like a friend or familiar person would do. Spammers use the same technique so that recipients open their e-mails and read what's inside. They normally use the first part of your e-mail address as your name in the hope that it contains your real name.
What about jdoe@example.com or doej@example.com or jd@example.com? If everyone calls you John, then jdoe, doej or jd will have little effect on drawing your attention. If someone sends you an e-mail with a subject line reading "john.doe check this out" and another one sends you exactly the same e-mail, but changes the subject line to "jdoe check this out", which one will draw your attention the most? The fist one off course and it will attract even more attention if the spamming software replaced the dot between your name and surname with a space, wouldn't it?
Ok, so lets come back to the example of the PayPal phishing e-mail. People are less suspicious when their real names are mentioned in the e-mail, but you will always be able to spot a scam if you choose an e-mail address that is not related to your name, surname or any of the nicknames your friends and family normally use. In other words, when you see someone using the first part of your e-mail address in the subject line, instead of your real name, you can know for sure that the e-mail is the work of a spammer and if the sender used it in the body of the e-mail, then it is obvious that the sender doesn't have a clue what your real name is. PayPal is supposed to know what your real name is, so if your e-mail address is jdoe@example.com, then they will never send you an e-mail starting with "Dear jdoe", only spammers will.
What if my current e-mail address contains my name or surname? I know that it is a lot of work and a huge frustration to change from one e-mail address to another, a lot of people have to be informed and a lot of e-mail subscriptions have to be changed. If your current e-mail address contains your name or surname, consider changing it as soon as possible and rather choose a name that does not reveal any personal information. A telephone number written on a little piece of paper reveals nothing about the name or surname of the owner, your e-mail address should have the same effect on strangers.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Did you know that it is important to choose the right name for your electronic mailbox? Very few people realise it and therefore expose themselves to things like identity theft, phishing and yes you guessed it, annoying spam.
What do you normally use as a login name or nickname when you register for an online service? Many people use a number or a keyword that is easy to remember and the easiest thing to remember is obviously your own name. However, your own name is the last thing you should use for any kind of login details and the same rule applies when you choose an e-mail address.
Why is it important for a spammer or phishing scammer to know your name? The main reason is authenticity. Let me explain with an example. If you have an account with PayPal and you receive an e-mail asking you to update your details, are you going to take the e-mail seriously if the e-mail starts with "Dear PayPal Customer"? Most people will say no, but what if your name is John Doe and the same e-mail starts with "Dear John Doe"? You can easily argue that anyone can send a PayPal look-alike e-mail starting with "Dear PayPal Customer", but not everyone knows my name, so chances are good that the latter version are probably from PayPal. I won't be too sure of that, especially if your e-mail address is john.doe@example.com. People often use a dot (.), a dash(-) or an underscore (_) as a separating character in their e-mail addresses and even a novice computer programmer will be able to extract the name and surname part from an e-mail address similar to the one given above
An e-mail starting with your name draws your attention immediately, so you tend to read more carefully and in most cases, the whole e-mail. Most people will respond immediately if they hear someone calling their name. The same basic principle applies to e-mails starting with your name, or containing your name in the subject line. This is why it is so popular among e-mail marketers to use your name in the subject line, you immediately want to see what the e-mail is about, because the person addressed you personally, like a friend or familiar person would do. Spammers use the same technique so that recipients open their e-mails and read what's inside. They normally use the first part of your e-mail address as your name in the hope that it contains your real name.
What about jdoe@example.com or doej@example.com or jd@example.com? If everyone calls you John, then jdoe, doej or jd will have little effect on drawing your attention. If someone sends you an e-mail with a subject line reading "john.doe check this out" and another one sends you exactly the same e-mail, but changes the subject line to "jdoe check this out", which one will draw your attention the most? The fist one off course and it will attract even more attention if the spamming software replaced the dot between your name and surname with a space, wouldn't it?
Ok, so lets come back to the example of the PayPal phishing e-mail. People are less suspicious when their real names are mentioned in the e-mail, but you will always be able to spot a scam if you choose an e-mail address that is not related to your name, surname or any of the nicknames your friends and family normally use. In other words, when you see someone using the first part of your e-mail address in the subject line, instead of your real name, you can know for sure that the e-mail is the work of a spammer and if the sender used it in the body of the e-mail, then it is obvious that the sender doesn't have a clue what your real name is. PayPal is supposed to know what your real name is, so if your e-mail address is jdoe@example.com, then they will never send you an e-mail starting with "Dear jdoe", only spammers will.
What if my current e-mail address contains my name or surname? I know that it is a lot of work and a huge frustration to change from one e-mail address to another, a lot of people have to be informed and a lot of e-mail subscriptions have to be changed. If your current e-mail address contains your name or surname, consider changing it as soon as possible and rather choose a name that does not reveal any personal information. A telephone number written on a little piece of paper reveals nothing about the name or surname of the owner, your e-mail address should have the same effect on strangers.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Labels:
E-mail addresses,
Phishing,
Spam
Monday, August 20, 2007
Fighting Spam - Is It A Loosing Battle?
By Coenraad De Beer
A loyal reporter of spam asked me the other day whether we are fighting a loosing battle against spam. He goes out of his way to report several spam e-mails every day, not the normal routine of spotting a spam e-mail and forwarding it, no this guy did his homework before he went out on a crusade to battle spam. Because I know what hard work it is to take action against spam, I can understand why he asked this question. After a hard day of fighting spam, you come to the conclusion that all your attempts are in vain. Abuse departments never reply to your reports and the volumes of spam hitting your mailbox seem to magically increase as you report more spam. So you are left with only one unanswered question, are we fighting a loosing battle?
In June this year, Neo from WebProWorld started a very interesting discussion on spam. Although his post mainly revolved around forum spam, he did touch a very actual topic. Spam is not only limited to one medium only, spam is a much bigger problem than most people realise. We have to deal with forum spam, search engine spam, e-mail form spam, guest book spam (for those who still use guest books on their websites), article spam (yes article syndication can also turn into annoying spam), IRC spam, blog spam, comment spam, ebook spam, affiliate network spam, mobile phone spam, and of course the infamous unsolicited junk e-mails. I am sure I missed a couple, but I think you get the picture, spam has infiltrated almost every digital form of communication. No wonder people become pessimistic about fighting spam.
Some interesting reasoning came to light during this discussion on WebProWorld. One thing that sticks out its head in every discussion about spam is the apathetic approach towards spam. The attitude of "spam has always been a problem and will always be, live with it, accept the problem, you cannot change it, nor can you fix it". There is no merit in any of these statements, so lets take a closer look at them and I will show you why. "Spam has always been a problem". Really? Spam started to become a problem when people discovered its marketing potential. Spam wasn't a problem in the early days of the Web, we allowed it to become a problem by accepting the problem. Yes people got punished back then, but the spam volumes increased so much that it became impossible to punish every single spammer. Companies seem to be more concerned about treating the symptoms (with spam filters) than attacking the root of the problem. The right statement would be: "Spam has always been allowed to be a problem."
"Spam will always be a problem". Do we know for certain? Spam may eventually cause the collapse of the e-mail communication system and how do something remain a problem if the infrastructure is gone? If you believe that spam will always be a problem, then you obviously believe that whatever replaces e-mail will also fall victim to spam. Probably, but the creators of a new communication infrastructure will be complete idiots if they allow history to repeat itself. Spam has become a problem because of crippling legislation and in certain cases a total lack of legislation. How can we battle spam if legislation allows spammers to spam you until you tell them to stop? Its like allowing murderers to kill you until you tell them to stop. Can you see how ridiculous our current spam legislation is, spam will always be a problem, as long as we allow useless laws to regulate it.
"Live with it, accept the problem, you cannot change spam, nor can you fix it". People change, they adapt to their environment. Our kids are growing up with spam, so it will have a far smaller effect on them than it had on us. Those of us who grew up with commercials and ads displayed during our favourite TV shows, have developed a kind of blindness to these ads. Our children will also develop spam blindness over time, they will not respond to spam as easily as we do. It is a matter of education and removing the ignorance. Spam only works because people continue to respond to them. According to an article by Michael Specter, "Damn Spam - The losing war on junk e-mail", spammers usually need to send a million e-mails to get fifteen positive responses, for the average direct-mail campaign, the response rate is three thousand per million. With a response rate as little as that you can easily see where spam could be heading if we can limit the response rate to zero. There will be no sense in sending spam anymore. People need to realise what is counted as a response and what they can do to limit accidental responses. Yes, simply by opening the e-mail already counts as a response in many cases.
Should we accept spam, should we live with it? Well you can easily ask, should we accept serious crimes like murder, rape and armed robbery? Just think what would happen if we had the same attitude towards these wrongdoings, crimes forbidden by civil law. What is civil law, it is actually common sense. We know it is wrong to steal money from someone else, but we are willing to live with a system where it is acceptable for other people to waste our money. That is exactly what spam is. Conventional advertising demands an investment from the advertiser, making it an unattractive medium for cheap unsolicited bulk advertising. However in the case of spam, the consumer ends up paying for the advertising. Some spammers do not even pay a penny for sending these batches of spam, they have bot networks doing the work for them. These bot networks consist of consumer PC's infected with malware. The one consumer (the sender) unknowingly pays to send the spam and the other consumer (the recipient) unknowingly pays to receive the spam. So the consumer coughs up on both sides of the channel.
Brad Taylor, Gmail anti-spam engineer, sees the battle against spam as a war. One side eventually gets tired and anti-spam authorities cannot allow themselves to get tired in this struggle against spam. Sometimes the spammers get tired of trying to fool the spam filters and eventually give up, but only for a short space of time. During this rest period they regroup to find a loophole in the filtering system. Once they discover a way around it, they start spamming again. Stock market spam is a classic example of this roller coaster ride. Stock market spam was quiet for some time and suddenly they started popping up like weed via PDF attachments. Spammers will always try to circumvent the system. Does this mean we should give up trying to beat them at their own game? Absolutely no, spammers annoy us with their unsolicited junk, so if we have means to our disposal to annoy them too, why not use it? The war against spam is far from over, the battle against spam is far from lost, I say bring it on.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about the importance of reporting spam.
A loyal reporter of spam asked me the other day whether we are fighting a loosing battle against spam. He goes out of his way to report several spam e-mails every day, not the normal routine of spotting a spam e-mail and forwarding it, no this guy did his homework before he went out on a crusade to battle spam. Because I know what hard work it is to take action against spam, I can understand why he asked this question. After a hard day of fighting spam, you come to the conclusion that all your attempts are in vain. Abuse departments never reply to your reports and the volumes of spam hitting your mailbox seem to magically increase as you report more spam. So you are left with only one unanswered question, are we fighting a loosing battle?
In June this year, Neo from WebProWorld started a very interesting discussion on spam. Although his post mainly revolved around forum spam, he did touch a very actual topic. Spam is not only limited to one medium only, spam is a much bigger problem than most people realise. We have to deal with forum spam, search engine spam, e-mail form spam, guest book spam (for those who still use guest books on their websites), article spam (yes article syndication can also turn into annoying spam), IRC spam, blog spam, comment spam, ebook spam, affiliate network spam, mobile phone spam, and of course the infamous unsolicited junk e-mails. I am sure I missed a couple, but I think you get the picture, spam has infiltrated almost every digital form of communication. No wonder people become pessimistic about fighting spam.
Some interesting reasoning came to light during this discussion on WebProWorld. One thing that sticks out its head in every discussion about spam is the apathetic approach towards spam. The attitude of "spam has always been a problem and will always be, live with it, accept the problem, you cannot change it, nor can you fix it". There is no merit in any of these statements, so lets take a closer look at them and I will show you why. "Spam has always been a problem". Really? Spam started to become a problem when people discovered its marketing potential. Spam wasn't a problem in the early days of the Web, we allowed it to become a problem by accepting the problem. Yes people got punished back then, but the spam volumes increased so much that it became impossible to punish every single spammer. Companies seem to be more concerned about treating the symptoms (with spam filters) than attacking the root of the problem. The right statement would be: "Spam has always been allowed to be a problem."
"Spam will always be a problem". Do we know for certain? Spam may eventually cause the collapse of the e-mail communication system and how do something remain a problem if the infrastructure is gone? If you believe that spam will always be a problem, then you obviously believe that whatever replaces e-mail will also fall victim to spam. Probably, but the creators of a new communication infrastructure will be complete idiots if they allow history to repeat itself. Spam has become a problem because of crippling legislation and in certain cases a total lack of legislation. How can we battle spam if legislation allows spammers to spam you until you tell them to stop? Its like allowing murderers to kill you until you tell them to stop. Can you see how ridiculous our current spam legislation is, spam will always be a problem, as long as we allow useless laws to regulate it.
"Live with it, accept the problem, you cannot change spam, nor can you fix it". People change, they adapt to their environment. Our kids are growing up with spam, so it will have a far smaller effect on them than it had on us. Those of us who grew up with commercials and ads displayed during our favourite TV shows, have developed a kind of blindness to these ads. Our children will also develop spam blindness over time, they will not respond to spam as easily as we do. It is a matter of education and removing the ignorance. Spam only works because people continue to respond to them. According to an article by Michael Specter, "Damn Spam - The losing war on junk e-mail", spammers usually need to send a million e-mails to get fifteen positive responses, for the average direct-mail campaign, the response rate is three thousand per million. With a response rate as little as that you can easily see where spam could be heading if we can limit the response rate to zero. There will be no sense in sending spam anymore. People need to realise what is counted as a response and what they can do to limit accidental responses. Yes, simply by opening the e-mail already counts as a response in many cases.
Should we accept spam, should we live with it? Well you can easily ask, should we accept serious crimes like murder, rape and armed robbery? Just think what would happen if we had the same attitude towards these wrongdoings, crimes forbidden by civil law. What is civil law, it is actually common sense. We know it is wrong to steal money from someone else, but we are willing to live with a system where it is acceptable for other people to waste our money. That is exactly what spam is. Conventional advertising demands an investment from the advertiser, making it an unattractive medium for cheap unsolicited bulk advertising. However in the case of spam, the consumer ends up paying for the advertising. Some spammers do not even pay a penny for sending these batches of spam, they have bot networks doing the work for them. These bot networks consist of consumer PC's infected with malware. The one consumer (the sender) unknowingly pays to send the spam and the other consumer (the recipient) unknowingly pays to receive the spam. So the consumer coughs up on both sides of the channel.
Brad Taylor, Gmail anti-spam engineer, sees the battle against spam as a war. One side eventually gets tired and anti-spam authorities cannot allow themselves to get tired in this struggle against spam. Sometimes the spammers get tired of trying to fool the spam filters and eventually give up, but only for a short space of time. During this rest period they regroup to find a loophole in the filtering system. Once they discover a way around it, they start spamming again. Stock market spam is a classic example of this roller coaster ride. Stock market spam was quiet for some time and suddenly they started popping up like weed via PDF attachments. Spammers will always try to circumvent the system. Does this mean we should give up trying to beat them at their own game? Absolutely no, spammers annoy us with their unsolicited junk, so if we have means to our disposal to annoy them too, why not use it? The war against spam is far from over, the battle against spam is far from lost, I say bring it on.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about the importance of reporting spam.
Labels:
Spam,
Spam filtering
Monday, June 25, 2007
Pay Close Attention To The URL's In Your E-mails
By Coenraad De Beer
More and more phishing scammers are starting to use clever eye-deceiving techniques with the URL's in phishing e-mails, making victims believe that the URL belongs to the real company portrayed in the fake e-mail. If you receive e-mails from your bank or other financial institutions, look twice before you click on any links.
I'm not talking about the anchor text of the link or the ten feet long look-alike URL's you normally find in conventional phishing e-mails, no I'm talking about the domain name, the one thing that clearly distinguishes a legitimate URL from a fake one. Online banks normally use simple URL's for their online banking services, making it easy to distinguish them from the long obscure URL's normally used by phishing scammers. But before we go into the details of the deceiving techniques used by phishing scammers, let me give you a brief explanation of how URL's work.
The Top-Level Domain and Sub-Domain
Lets say you are a client of Example Bank. The Example Bank website is called www.example.com. This is the top-level domain. They use the sub-domain www.secure.example.com for their online banking application ('secure' is a sub-domain of example.com, also owned and administered by Example Bank).
Secure Encrypted Connection
Secure encrypted connections always use the prefix https://. So the complete URL for Example Bank's online banking website will be https://www.secure.example.com. Any URL collecting sensitive information like credit card numbers, social security numbers, user names, passwords, etc. should start with the https:// prefix, if it doesn't, get away from it as far as possible.
Expanding The URL With Directories
Directories containing data and files, are also stored on a domain. Lets say the login page for the online banking system is called 'loginpage.php' and is stored in the 'login' directory. The final URL, containing these elements, will look like this: https://www.secure.example.com/login/loginpage.php
Variations
Scammers try to fool users by using variations of well-known URL's. If we change our URL to https://www.secure.example.invalid.com/login/loginpage.php, then we are no longer referring to the online banking website of Example Bank, but the website invalid.com. The latter part of the URL between https:// and the first forward slash (/) is the crucial factor, determining whether the URL points to the right site or not.
Now you have a basic idea of how URL's are constructed and how phishing scammers manipulate them to fool the uninformed. Phishing scammers hide these manipulated URL's by displaying the valid URL in the anchor text (the text of a link). The anchor text is only a clickable object and can be anything under the sun. The underlying URL and not the anchor text itself, determines which website opens when the user clicks on the anchor text. Most browsers and e-mail clients allow the user to view the URL by hovering the mouse pointer over the link. The actual URL is then displayed in the status bar, the horizontal bar at the bottom of the application screen.
People have started to spot these manipulated URL's more easily and this technique is slowly loosing its effectiveness. As a countermeasure to this problem, scammers started to register domains with different extensions. For instance, scammers may register a domain like example.org, example.info or example.co.uk to launch phishing attacks on clients of example.com. However this will not fool the informed and observant client.
It is in the nature of all cyber criminals to look for new and advanced ways of claiming victims. Phishing scammers are now focussing on registering top-level domains, spelled exactly as the real domain, except for one single letter (or maybe two). An example of such a domain was recently reported at CastleCops, where a Western Union domain was forged as VVesternunion.biz. Most screen fonts separate the two V's quite clearly, but with certain fonts you won't be able tell the difference between VVestern and Western. Less than a day after the scam was reported at CastleCops, another phishing e-mail was reported at Cyber Top Cops, this time involving a forged Sterling Online Banking domain. The anchor text of each link in this e-mail was displayed as sterlingonlinebanking.com but the actual URL pointed to sterlingonlinebenking.com. This is quite a long domain, so one can easily fail to spot the small difference in spelling.
Several different phishing scams are often sent to a single recipient. It is easy to ignore these e-mails, because the same e-mails are delivered over and over again, they contain similar characteristics and no one really cares about e-mails from companies of which you are not even a client. But the game of phishing becomes a dangerous one if you receive a phishing e-mail representing a company, one of which you happen to be a client. Your chances of becoming a victim increase when the phishing scammer uses some of the eye-deceiving gimmicks discussed in the previous paragraph. It is therefore extremely important that you double check the URL's before clicking on them, especially if the e-mail appears to be from your bank or any other financial institution.
Most online banks request their clients to visit their home page and log into their account from there, their e-mails never include links pointing directly to the secure online banking server. Instead of adding links to their e-mails, some organizations instruct their clients to type the domain name directly into a browser, without even mentioning the domain name in the e-mail. But this only works with clients of well-known companies like PayPal and eBay.
As a general rule or thumb, banks never send e-mails to their clients requesting them to verify their details, to take part in online surveys, or informing them about suspicious activity discovered or restrictions placed on their account. Banks will not send you an important notice via e-mail and walk the risk of never reaching your inbox, something that happens very often with all the spam filters installed on our machines these days. You can be sure that your bank will require a personal visit from you, at one of their branches (or even head office in severe cases), whenever you need to resolve serious matters like account restrictions, suspicious activity on your account or fraud. A simple e-mail, a quick login and a click of a button will not do the job in the real world. Computers are way too gullible for that.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software. The details discussed in this article are put into practice through simulation 2 and 3 of their Online Threat Simulations.
More and more phishing scammers are starting to use clever eye-deceiving techniques with the URL's in phishing e-mails, making victims believe that the URL belongs to the real company portrayed in the fake e-mail. If you receive e-mails from your bank or other financial institutions, look twice before you click on any links.
I'm not talking about the anchor text of the link or the ten feet long look-alike URL's you normally find in conventional phishing e-mails, no I'm talking about the domain name, the one thing that clearly distinguishes a legitimate URL from a fake one. Online banks normally use simple URL's for their online banking services, making it easy to distinguish them from the long obscure URL's normally used by phishing scammers. But before we go into the details of the deceiving techniques used by phishing scammers, let me give you a brief explanation of how URL's work.
The Top-Level Domain and Sub-Domain
Lets say you are a client of Example Bank. The Example Bank website is called www.example.com. This is the top-level domain. They use the sub-domain www.secure.example.com for their online banking application ('secure' is a sub-domain of example.com, also owned and administered by Example Bank).
Secure Encrypted Connection
Secure encrypted connections always use the prefix https://. So the complete URL for Example Bank's online banking website will be https://www.secure.example.com. Any URL collecting sensitive information like credit card numbers, social security numbers, user names, passwords, etc. should start with the https:// prefix, if it doesn't, get away from it as far as possible.
Expanding The URL With Directories
Directories containing data and files, are also stored on a domain. Lets say the login page for the online banking system is called 'loginpage.php' and is stored in the 'login' directory. The final URL, containing these elements, will look like this: https://www.secure.example.com/login/loginpage.php
Variations
Scammers try to fool users by using variations of well-known URL's. If we change our URL to https://www.secure.example.invalid.com/login/loginpage.php, then we are no longer referring to the online banking website of Example Bank, but the website invalid.com. The latter part of the URL between https:// and the first forward slash (/) is the crucial factor, determining whether the URL points to the right site or not.
Now you have a basic idea of how URL's are constructed and how phishing scammers manipulate them to fool the uninformed. Phishing scammers hide these manipulated URL's by displaying the valid URL in the anchor text (the text of a link). The anchor text is only a clickable object and can be anything under the sun. The underlying URL and not the anchor text itself, determines which website opens when the user clicks on the anchor text. Most browsers and e-mail clients allow the user to view the URL by hovering the mouse pointer over the link. The actual URL is then displayed in the status bar, the horizontal bar at the bottom of the application screen.
People have started to spot these manipulated URL's more easily and this technique is slowly loosing its effectiveness. As a countermeasure to this problem, scammers started to register domains with different extensions. For instance, scammers may register a domain like example.org, example.info or example.co.uk to launch phishing attacks on clients of example.com. However this will not fool the informed and observant client.
It is in the nature of all cyber criminals to look for new and advanced ways of claiming victims. Phishing scammers are now focussing on registering top-level domains, spelled exactly as the real domain, except for one single letter (or maybe two). An example of such a domain was recently reported at CastleCops, where a Western Union domain was forged as VVesternunion.biz. Most screen fonts separate the two V's quite clearly, but with certain fonts you won't be able tell the difference between VVestern and Western. Less than a day after the scam was reported at CastleCops, another phishing e-mail was reported at Cyber Top Cops, this time involving a forged Sterling Online Banking domain. The anchor text of each link in this e-mail was displayed as sterlingonlinebanking.com but the actual URL pointed to sterlingonlinebenking.com. This is quite a long domain, so one can easily fail to spot the small difference in spelling.
Several different phishing scams are often sent to a single recipient. It is easy to ignore these e-mails, because the same e-mails are delivered over and over again, they contain similar characteristics and no one really cares about e-mails from companies of which you are not even a client. But the game of phishing becomes a dangerous one if you receive a phishing e-mail representing a company, one of which you happen to be a client. Your chances of becoming a victim increase when the phishing scammer uses some of the eye-deceiving gimmicks discussed in the previous paragraph. It is therefore extremely important that you double check the URL's before clicking on them, especially if the e-mail appears to be from your bank or any other financial institution.
Most online banks request their clients to visit their home page and log into their account from there, their e-mails never include links pointing directly to the secure online banking server. Instead of adding links to their e-mails, some organizations instruct their clients to type the domain name directly into a browser, without even mentioning the domain name in the e-mail. But this only works with clients of well-known companies like PayPal and eBay.
As a general rule or thumb, banks never send e-mails to their clients requesting them to verify their details, to take part in online surveys, or informing them about suspicious activity discovered or restrictions placed on their account. Banks will not send you an important notice via e-mail and walk the risk of never reaching your inbox, something that happens very often with all the spam filters installed on our machines these days. You can be sure that your bank will require a personal visit from you, at one of their branches (or even head office in severe cases), whenever you need to resolve serious matters like account restrictions, suspicious activity on your account or fraud. A simple e-mail, a quick login and a click of a button will not do the job in the real world. Computers are way too gullible for that.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software. The details discussed in this article are put into practice through simulation 2 and 3 of their Online Threat Simulations.
Monday, June 18, 2007
Security Flaw Announcements - The Wrong Way Of Doing The Right Thing
By Coenraad De Beer
The latest security flaws in the world of software are always popular topics for online discussions, newsletters and articles. Discovering the latest security flaw in a popular application is still the most favourite pastime for many freelance journalists and technical gurus. The problem does not lie in the disclosure of the flaws as such, the problem lies in the approach towards the disclosure as well as the timing of the disclosure.
Security flaw announcements have grown into a very popular electronic sport. It is a constant race against time to become the first one to announce the latest flaws found in the most famous software applications. Rival users of similar products are often in competition with each other to prove which application is the most secure. It is often a case of throwing mud at each other, instead of taking the safety of other users into consideration.
Do non-technical users sign up for technical newsletters, do they read technical blogs or do they take part in technical discussions? Many of them don't, it is in most cases only technical people discussing these matters and reading the technical newsletters. Most people are only interested in using the software and do not care about taking part in a forum discussion about the latest security flaw in the software. This is the point I'm trying to make, if your goal is the safety of other users, who do you want to save when your forum post or article never reaches the audience who needs the information the most? Even if you reach the right people, what's the use of announcing a flaw if you can't provide a safe and solid solution to the problem? What do you want people to do when a severe virus is raging on the Web, a virus for which there is no fix at that specific time? Do you think everyone will suddenly stop using the Internet because of your useless information? You are only giving the flaw unnecessary publicity, exposing each user of the software to even greater exploits.
The animated cursor flaw of Internet Explorer is a good example where there was no solid solution to the problem when it became a known threat. At least most people suggested that Internet Explorer users switch to Firefox, but every coin has two sides. The flaws of Internet Explorer proved once again that there is ample reason to switch to a safer alternative like Firefox, but we all know how reluctant most Internet users are to switch to a new browser. Yet again, if people do not want to listen to good advice, let them burn their fingers. Unfortunately this flaw resulted in debates about which browser has the most flaws, its like arguing about whose car is the fastest if there is no road to drive it on. Switching to a safer browser will not disinfect a PC already infected with a virus. After all, what's the use of having the safest browser in the world if you can't even get it to run on an infected PC?
Software developers should provide proper channels through which users can report flaws and more importantly, companies should act promptly on these reports. It is because of the poor response from major companies, that people start to seek alternative methods, out of frustration with their hear-no-evil, see-no-evil approach. A while ago I discovered a severe flaw in a very popular free anti-virus application, but the only channel through which I could discuss problems surrounding the free version, was through their online forum. This means you seldom talk to the actual developers or employees of the company, only forum moderators and members. I understand and I have experienced these frustrations, if there is no one you can talk to about a serious problem surrounding their software, who on earth do you turn to?
There is a huge difference between the announcement of a security flaw and the announcement of a patch to fix a flaw. If you can't provide a proper workaround for the problem, if you are unable to tell someone who can do something about it, keep it to yourself. Announcing security flaws without contributing to the solution is like someone announcing the release of poisonous gas into the air and instead of handing out gasmasks, he suggests that everyone hold their breath until the gas is gone.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
The latest security flaws in the world of software are always popular topics for online discussions, newsletters and articles. Discovering the latest security flaw in a popular application is still the most favourite pastime for many freelance journalists and technical gurus. The problem does not lie in the disclosure of the flaws as such, the problem lies in the approach towards the disclosure as well as the timing of the disclosure.
Security flaw announcements have grown into a very popular electronic sport. It is a constant race against time to become the first one to announce the latest flaws found in the most famous software applications. Rival users of similar products are often in competition with each other to prove which application is the most secure. It is often a case of throwing mud at each other, instead of taking the safety of other users into consideration.
Do non-technical users sign up for technical newsletters, do they read technical blogs or do they take part in technical discussions? Many of them don't, it is in most cases only technical people discussing these matters and reading the technical newsletters. Most people are only interested in using the software and do not care about taking part in a forum discussion about the latest security flaw in the software. This is the point I'm trying to make, if your goal is the safety of other users, who do you want to save when your forum post or article never reaches the audience who needs the information the most? Even if you reach the right people, what's the use of announcing a flaw if you can't provide a safe and solid solution to the problem? What do you want people to do when a severe virus is raging on the Web, a virus for which there is no fix at that specific time? Do you think everyone will suddenly stop using the Internet because of your useless information? You are only giving the flaw unnecessary publicity, exposing each user of the software to even greater exploits.
The animated cursor flaw of Internet Explorer is a good example where there was no solid solution to the problem when it became a known threat. At least most people suggested that Internet Explorer users switch to Firefox, but every coin has two sides. The flaws of Internet Explorer proved once again that there is ample reason to switch to a safer alternative like Firefox, but we all know how reluctant most Internet users are to switch to a new browser. Yet again, if people do not want to listen to good advice, let them burn their fingers. Unfortunately this flaw resulted in debates about which browser has the most flaws, its like arguing about whose car is the fastest if there is no road to drive it on. Switching to a safer browser will not disinfect a PC already infected with a virus. After all, what's the use of having the safest browser in the world if you can't even get it to run on an infected PC?
Software developers should provide proper channels through which users can report flaws and more importantly, companies should act promptly on these reports. It is because of the poor response from major companies, that people start to seek alternative methods, out of frustration with their hear-no-evil, see-no-evil approach. A while ago I discovered a severe flaw in a very popular free anti-virus application, but the only channel through which I could discuss problems surrounding the free version, was through their online forum. This means you seldom talk to the actual developers or employees of the company, only forum moderators and members. I understand and I have experienced these frustrations, if there is no one you can talk to about a serious problem surrounding their software, who on earth do you turn to?
There is a huge difference between the announcement of a security flaw and the announcement of a patch to fix a flaw. If you can't provide a proper workaround for the problem, if you are unable to tell someone who can do something about it, keep it to yourself. Announcing security flaws without contributing to the solution is like someone announcing the release of poisonous gas into the air and instead of handing out gasmasks, he suggests that everyone hold their breath until the gas is gone.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Labels:
Exploits,
Security Flaws,
Software Security
Monday, June 04, 2007
Adult Related Content - Fuel For Spyware And Spam
Yes, our weekly article is back on track, due to time constraints and a huge workload, I was unable to write articles for the blog the last couple of months. Things are slowly getting back to normal and hopefully I will be able to fill our regular timeslot each week with a brand new article about cyber crime.
Before we get to this week's article, just a little interesting background information. The article was initially titled "Hardcore Porn - Fuel For Spyware And Spam". According to EzineArticles, this is in violation of Section 2-a of their Editorial Guidelines, more specifically "Website/Author/Brand Names are not Allowed in Your Title". My idea behind the words "Hardcore Porn" was to emphasise the hardcore facts that we are stuck with the most explicit and disgusting material shoved down our throats (and the throats of our children) everyday. I had to change the title to get it approved on EzineArticles, hence I stuck to the same title here.
Do you think Hardcore Porn is a brand name? Generally speaking, isn't this exactly the reason why we are stuck with this junk in our mailboxes? A brand being protected instead of our freedom to use the Internet without being plagued by psychopaths and sex maniacs. What do you think? Please post your comments.
Article written by Coenraad De Beer
People can't thank you enough when you helped them to get rid of spyware from their computer. But this gratefulness soon changes to disgruntlement when you tell them they need to stay away form their favourite porn websites, 3d sex games, sexy desktop mates and screen savers if they do not want to fall victim to another spyware attack. For these people it is too much to sacrifice, but what they don't realise or don't want to accept, is that all these things are not worth the damage they may cause.
Porn is not good for the human psyche, it becomes an addiction just like any other addictive substance. Whether you believe porn is immoral or not, is beside the point, it remains a fact and it is no good for your computer either. But lets forget about the adults for a while and think about our children. In homes where everyone does not have his or her own computer, is a family computer, used by each member of the family. If mom or dad surfs porn websites, do you think it will remain for the eyes of mom and dad only? Unfortunately no. It is not only mom or dad who gets hooked on porn, the family computer gets hooked as well, hooked by spyware. These websites make sure you come back for more by constantly throwing offensive pop-up advertisements in your face while browsing the Web or simply by working on your computer while being connected to the Internet. The spyware does not know and does not care who is in front of the computer screen, it is only the ad that counts.
A while ago I worked with a HijackThis log from someone struggling with annoying website redirects and Google warning him about being infected with spyware. I replied with the disinfection instructions, but also warned him about the adult related software that caused the infections. I never received any response from him, he was probably not prepared to get rid of his virtual desktop girlfriend. I guess he must love her very much for being willing to sacrifice his own online security, privacy and the freedom to browse without being redirected to websites he does not want to visit. Not my idea of an ideal relationship. The best of all is that this person also had Parental Control Software installed on his computer. This is either a naughty teenager bypassing the content filters installed by his parents, or even worse, a father who believes the content filters will prevent his children from being exposed by the filthy software installed on the computer. Parental content filters and control software are designed for Internet adult content filtering, like offensive images, websites, e-mails and text, not spyware or adult related software already installed and allowed to run on your computer. Using parental monitoring software (which does not block content) may help you monitor the activities of your children online, but it does not prevent them from being exposed to adult content in the first place. Anyway, what does it help to monitor your children if you can't set them a better example yourself?
With all the free e-mail services available today, everyone with Internet access have their own e-mail account, even your children. Some spyware programs are also e-mail address harvesters. When a child uses the same computer a parent or older family member use for browsing porn sites, chances are good that this poor child will fall victim to endless offensive, disgusting and explicit adult related e-mails. Everyone who uses the infected computer is at risk. If the spyware is a keylogger, the e-mail address is stolen the moment you type your e-mail address into a web form, this can be the page where you log into your e-mail account or when you sign up for a newsletter or web service. The most common method used by spyware is the extraction of e-mail addresses from the e-mail accounts set up with e-mail clients like MS Outlook, Outlook Express or Thunderbird. The spyware may even pull all the addresses from your address book and you may end up becoming a distributor of spam without even knowing it. I don't think your friends and family will be chuffed if they receive porn spam because of your inability to control yourself. If you continue to browse porn websites with the same computer used by your children for e-mail and other Internet activities, don't be surprised if they suddenly ask you out of the blue about Viagra or genital enlargement patches.
When your e-mail address lands on a spammer's list, you are in a catch-22 situation. It is futile to try and get your e-mail address removed from this list. By the time you succeed in getting your e-mail address removed, which is in any case unlikely to happen, your e-mail address will be distributed among many other spammers. Once a spammer has your e-mail address, it is an open channel for him to send you absolutely anything under the sun and no spammer is ethical, they don't mind how many children they pollute with porn spam, as long as someone reads their e-mails, they are happy.
Porn and spam have 2 things in common, they waste bandwidth and they are the same thing over and over again. Many people believe that porn is only innocent mischievousness. Whenever you encounter cyber crime, porn and adult related content is often involved. In a recent article by Scambusters.org (http://www.scambusters.org/fakeantivirus.html) it was mentioned that adult sites are special favourites for causing trojan infections, taking control over your computer once you visit the website. I find it hard to believe that something that's responsible for things like trojan horses, identity theft, spam and many other cyber crimes, can be innocent.
Taking action against the injustice committed against our children, committed against the people who don't want this junk shoved down their throats, is really hard with poor legislation and so many people supporting the sites responsible for it. Many people browse porn websites without realising the dangers they pose (no pun intended). Off course many people don't care about these dangers, even if they know about it. It is just like any other addiction, people smoking crack don't care about the negative effects it has on their health. Next time when you have to convince someone about the harmful effects of porn, tell them about the dangers of visiting these sites. Educating people about the dangers of web porn and porn spam is the best way to battle an ever-increasing problem in cyber space.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Before we get to this week's article, just a little interesting background information. The article was initially titled "Hardcore Porn - Fuel For Spyware And Spam". According to EzineArticles, this is in violation of Section 2-a of their Editorial Guidelines, more specifically "Website/Author/Brand Names are not Allowed in Your Title". My idea behind the words "Hardcore Porn" was to emphasise the hardcore facts that we are stuck with the most explicit and disgusting material shoved down our throats (and the throats of our children) everyday. I had to change the title to get it approved on EzineArticles, hence I stuck to the same title here.
Do you think Hardcore Porn is a brand name? Generally speaking, isn't this exactly the reason why we are stuck with this junk in our mailboxes? A brand being protected instead of our freedom to use the Internet without being plagued by psychopaths and sex maniacs. What do you think? Please post your comments.
Article written by Coenraad De Beer
People can't thank you enough when you helped them to get rid of spyware from their computer. But this gratefulness soon changes to disgruntlement when you tell them they need to stay away form their favourite porn websites, 3d sex games, sexy desktop mates and screen savers if they do not want to fall victim to another spyware attack. For these people it is too much to sacrifice, but what they don't realise or don't want to accept, is that all these things are not worth the damage they may cause.
Porn is not good for the human psyche, it becomes an addiction just like any other addictive substance. Whether you believe porn is immoral or not, is beside the point, it remains a fact and it is no good for your computer either. But lets forget about the adults for a while and think about our children. In homes where everyone does not have his or her own computer, is a family computer, used by each member of the family. If mom or dad surfs porn websites, do you think it will remain for the eyes of mom and dad only? Unfortunately no. It is not only mom or dad who gets hooked on porn, the family computer gets hooked as well, hooked by spyware. These websites make sure you come back for more by constantly throwing offensive pop-up advertisements in your face while browsing the Web or simply by working on your computer while being connected to the Internet. The spyware does not know and does not care who is in front of the computer screen, it is only the ad that counts.
A while ago I worked with a HijackThis log from someone struggling with annoying website redirects and Google warning him about being infected with spyware. I replied with the disinfection instructions, but also warned him about the adult related software that caused the infections. I never received any response from him, he was probably not prepared to get rid of his virtual desktop girlfriend. I guess he must love her very much for being willing to sacrifice his own online security, privacy and the freedom to browse without being redirected to websites he does not want to visit. Not my idea of an ideal relationship. The best of all is that this person also had Parental Control Software installed on his computer. This is either a naughty teenager bypassing the content filters installed by his parents, or even worse, a father who believes the content filters will prevent his children from being exposed by the filthy software installed on the computer. Parental content filters and control software are designed for Internet adult content filtering, like offensive images, websites, e-mails and text, not spyware or adult related software already installed and allowed to run on your computer. Using parental monitoring software (which does not block content) may help you monitor the activities of your children online, but it does not prevent them from being exposed to adult content in the first place. Anyway, what does it help to monitor your children if you can't set them a better example yourself?
With all the free e-mail services available today, everyone with Internet access have their own e-mail account, even your children. Some spyware programs are also e-mail address harvesters. When a child uses the same computer a parent or older family member use for browsing porn sites, chances are good that this poor child will fall victim to endless offensive, disgusting and explicit adult related e-mails. Everyone who uses the infected computer is at risk. If the spyware is a keylogger, the e-mail address is stolen the moment you type your e-mail address into a web form, this can be the page where you log into your e-mail account or when you sign up for a newsletter or web service. The most common method used by spyware is the extraction of e-mail addresses from the e-mail accounts set up with e-mail clients like MS Outlook, Outlook Express or Thunderbird. The spyware may even pull all the addresses from your address book and you may end up becoming a distributor of spam without even knowing it. I don't think your friends and family will be chuffed if they receive porn spam because of your inability to control yourself. If you continue to browse porn websites with the same computer used by your children for e-mail and other Internet activities, don't be surprised if they suddenly ask you out of the blue about Viagra or genital enlargement patches.
When your e-mail address lands on a spammer's list, you are in a catch-22 situation. It is futile to try and get your e-mail address removed from this list. By the time you succeed in getting your e-mail address removed, which is in any case unlikely to happen, your e-mail address will be distributed among many other spammers. Once a spammer has your e-mail address, it is an open channel for him to send you absolutely anything under the sun and no spammer is ethical, they don't mind how many children they pollute with porn spam, as long as someone reads their e-mails, they are happy.
Porn and spam have 2 things in common, they waste bandwidth and they are the same thing over and over again. Many people believe that porn is only innocent mischievousness. Whenever you encounter cyber crime, porn and adult related content is often involved. In a recent article by Scambusters.org (http://www.scambusters.org/fakeantivirus.html) it was mentioned that adult sites are special favourites for causing trojan infections, taking control over your computer once you visit the website. I find it hard to believe that something that's responsible for things like trojan horses, identity theft, spam and many other cyber crimes, can be innocent.
Taking action against the injustice committed against our children, committed against the people who don't want this junk shoved down their throats, is really hard with poor legislation and so many people supporting the sites responsible for it. Many people browse porn websites without realising the dangers they pose (no pun intended). Off course many people don't care about these dangers, even if they know about it. It is just like any other addiction, people smoking crack don't care about the negative effects it has on their health. Next time when you have to convince someone about the harmful effects of porn, tell them about the dangers of visiting these sites. Educating people about the dangers of web porn and porn spam is the best way to battle an ever-increasing problem in cyber space.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Labels:
adult content,
porn,
sex games,
Spam,
Spyware
Wednesday, April 04, 2007
Internet Security Is More About Prevention Than Disinfection
By Coenraad De Beer
Almost everywhere you go on the Internet, you come across victims of malware, hackers, phishing attacks and e-mail scams. These victims turn up like wounded civilians at all the malware removal forums and the security divisions of community driven web sites, seeking for help and advice to recover from the damages caused by these malicious threats. It is like a war ground, claiming casualties everyday. As with any war, you suffer a lot of casualties when you allow the enemy to get past your defences and it is even worse when you have no defences at all.
An anti-malware application is just as good as its resident shield. Anything that gets past an active resident shield will seldom be detected by any anti-malware protection system. Today's generation of anti-malware packages have heuristic detection technology helping them to detect virus- or spyware-like activity without actually knowing anything about the threat. But heuristic analysis is only a secondary layer of protection, your primary line of defence against malicious software is a definition or signature file containing the details and characteristics of specific malware threats. Even firewalls and spam filters have definition files in the form of blacklists. Neglecting to keep your signature or definition files up to date is like neglecting to pay your monthly insurance premium. Your insurance company will refuse to pay out any claims because you did not maintain your insurance policy. An update a day keeps the malware at bay.
A decent anti-malware application will isolate any known malware before it enters your system, but becomes vulnerable when unknown malware enters your system undetected. It is harder for anti-malware applications to take over a system, already infected with malware, than protecting a clean system from getting infected. Anti-malware software is primarily designed to protect your system from getting infected and its secondary objective is to neutralise threats as quickly as possible before they start to spread throughout your system. I have seen how top class anti-virus systems self-destruct when they are infected with high-risk viruses that were already present on the system, before the anti-virus software was installed. It basically means that the virus infects critical components and files of the anti-virus application, the anti-virus application detects these infected files and delete them or move them to the virus vault. If the anti-virus software deletes any of its critical components, it will eventually shut down, crash or become inoperable. The only way to repair the damaged anti-virus software is to re-install it.
Installing an anti-malware application on a system already infected with malware can be troublesome. Many viruses and spyware are aggressive and kill the setup wizard of many well-known anti-virus and anti-spyware packages, preventing them from gaining control over the system. They even terminate some anti-malware scanners if they attempt to disinfect infected files or remove any threats. It is a case of taking over some territory and defending it. Malware can be programmed to do almost anything in order to retain control over your system and it is hard to get rid of stubborn and aggressive programs refusing to surrender to an anti-malware package. Viruses and spyware are normally small, operate very fast and are very flexible. They mutate all over your system, making it hard for anti-malware applications to pin them down. On Microsoft Windows systems, you can always start your computer into Safe Mode when malware refuses an anti-malware application from being installed in Normal Mode, but many anti-malware applications rely on the Windows Installer, something that is normally disabled under Safe Mode. When it comes to disinfecting an infected system, you can't expect the installer to rely on faulty, damaged, infected or disabled components of the operating system. Off course it is not possible to make the anti-malware application completely independent, but at least develop its own independent installer, with built-in malware protection. This will make it possible to run the software under Safe Mode, where many malicious programs are automatically disabled, making the job of disinfection a little easier for you and the anti-malware application.
Unfortunately there are people under the false impression that they are untouchable when they have an anti-malware application installed on their system. Any defence system will eventually fail if you continue to expose it to constant attacks. I have come across people asking for the best anti-virus protection because they have a friend or cousin using their computer to browse porn web sites, but they do not want to confront this person about it, they rather want to increase the protection on the computer. Porn sites are polluted with viruses and spyware, not viruses alone. It is because if this approach that people fail to remove spyware from their computer, because they are using the wrong tools for the job. You can't protect your system effectively against spyware, or remove spyware from your computer if you are using an anti-virus package or vice versa. You can't keep viruses from infiltrating your system by using a firewall alone. It may block a virus attempting to enter your system through a blocked port, but it will not be able to block a virus travelling through a trusted application like your browser.
Today you need protection against malware (viruses, spyware, rootkits, trojans, etc) not just viruses or spyware alone. You also need a firewall and a good spam filter. You need a browser that protects you from phishing attacks, browser hijackers and pop-up windows. Anti-malware applications are not super applications, they have their limitations and you can't expect your system to stay malware free if you constantly expose it to malware attacks from porn, illegal music and pirate software web sites. You can keep your system clean, your identity safe and prevent someone from destroying his/her life with junk like porn, by disallowing anyone (including your cousin) from using your computer for illegal and indecent activities. Who do you think is going to take the fall for illegal porn, music or pirated software? Your cousin? I don't think so, especially if YOUR computer and YOUR Internet connection were used. Even if you can prove it wasn't you, you will still be seen as an accomplice.
So what is the bottom line? Internet security is more about prevention than disinfection. The large number of single purpose disinfection tools, available for specific threats, is proof of this. Definition files are mainly for prevention and detection purposes. When a malicious program exploits vulnerabilities beyond the reach of definition files, you need a specific tool to get rid of it and often a special patch to prevent re-infection. This is why anti-malware developers have to release new versions of their software on a regular basis to stay abreast of the latest threats and vulnerabilities. Developing anti-malware applications, limited by strict standards, protocols and rules, is like arming a S.W.A.T. team with water pistols when they need to go up against a group of terrorists armed with AK47's. Malware does not play by the rules, it is time that anti-malware developers follow the same route, but without compromising the stability and performance of our computer systems.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Almost everywhere you go on the Internet, you come across victims of malware, hackers, phishing attacks and e-mail scams. These victims turn up like wounded civilians at all the malware removal forums and the security divisions of community driven web sites, seeking for help and advice to recover from the damages caused by these malicious threats. It is like a war ground, claiming casualties everyday. As with any war, you suffer a lot of casualties when you allow the enemy to get past your defences and it is even worse when you have no defences at all.
An anti-malware application is just as good as its resident shield. Anything that gets past an active resident shield will seldom be detected by any anti-malware protection system. Today's generation of anti-malware packages have heuristic detection technology helping them to detect virus- or spyware-like activity without actually knowing anything about the threat. But heuristic analysis is only a secondary layer of protection, your primary line of defence against malicious software is a definition or signature file containing the details and characteristics of specific malware threats. Even firewalls and spam filters have definition files in the form of blacklists. Neglecting to keep your signature or definition files up to date is like neglecting to pay your monthly insurance premium. Your insurance company will refuse to pay out any claims because you did not maintain your insurance policy. An update a day keeps the malware at bay.
A decent anti-malware application will isolate any known malware before it enters your system, but becomes vulnerable when unknown malware enters your system undetected. It is harder for anti-malware applications to take over a system, already infected with malware, than protecting a clean system from getting infected. Anti-malware software is primarily designed to protect your system from getting infected and its secondary objective is to neutralise threats as quickly as possible before they start to spread throughout your system. I have seen how top class anti-virus systems self-destruct when they are infected with high-risk viruses that were already present on the system, before the anti-virus software was installed. It basically means that the virus infects critical components and files of the anti-virus application, the anti-virus application detects these infected files and delete them or move them to the virus vault. If the anti-virus software deletes any of its critical components, it will eventually shut down, crash or become inoperable. The only way to repair the damaged anti-virus software is to re-install it.
Installing an anti-malware application on a system already infected with malware can be troublesome. Many viruses and spyware are aggressive and kill the setup wizard of many well-known anti-virus and anti-spyware packages, preventing them from gaining control over the system. They even terminate some anti-malware scanners if they attempt to disinfect infected files or remove any threats. It is a case of taking over some territory and defending it. Malware can be programmed to do almost anything in order to retain control over your system and it is hard to get rid of stubborn and aggressive programs refusing to surrender to an anti-malware package. Viruses and spyware are normally small, operate very fast and are very flexible. They mutate all over your system, making it hard for anti-malware applications to pin them down. On Microsoft Windows systems, you can always start your computer into Safe Mode when malware refuses an anti-malware application from being installed in Normal Mode, but many anti-malware applications rely on the Windows Installer, something that is normally disabled under Safe Mode. When it comes to disinfecting an infected system, you can't expect the installer to rely on faulty, damaged, infected or disabled components of the operating system. Off course it is not possible to make the anti-malware application completely independent, but at least develop its own independent installer, with built-in malware protection. This will make it possible to run the software under Safe Mode, where many malicious programs are automatically disabled, making the job of disinfection a little easier for you and the anti-malware application.
Unfortunately there are people under the false impression that they are untouchable when they have an anti-malware application installed on their system. Any defence system will eventually fail if you continue to expose it to constant attacks. I have come across people asking for the best anti-virus protection because they have a friend or cousin using their computer to browse porn web sites, but they do not want to confront this person about it, they rather want to increase the protection on the computer. Porn sites are polluted with viruses and spyware, not viruses alone. It is because if this approach that people fail to remove spyware from their computer, because they are using the wrong tools for the job. You can't protect your system effectively against spyware, or remove spyware from your computer if you are using an anti-virus package or vice versa. You can't keep viruses from infiltrating your system by using a firewall alone. It may block a virus attempting to enter your system through a blocked port, but it will not be able to block a virus travelling through a trusted application like your browser.
Today you need protection against malware (viruses, spyware, rootkits, trojans, etc) not just viruses or spyware alone. You also need a firewall and a good spam filter. You need a browser that protects you from phishing attacks, browser hijackers and pop-up windows. Anti-malware applications are not super applications, they have their limitations and you can't expect your system to stay malware free if you constantly expose it to malware attacks from porn, illegal music and pirate software web sites. You can keep your system clean, your identity safe and prevent someone from destroying his/her life with junk like porn, by disallowing anyone (including your cousin) from using your computer for illegal and indecent activities. Who do you think is going to take the fall for illegal porn, music or pirated software? Your cousin? I don't think so, especially if YOUR computer and YOUR Internet connection were used. Even if you can prove it wasn't you, you will still be seen as an accomplice.
So what is the bottom line? Internet security is more about prevention than disinfection. The large number of single purpose disinfection tools, available for specific threats, is proof of this. Definition files are mainly for prevention and detection purposes. When a malicious program exploits vulnerabilities beyond the reach of definition files, you need a specific tool to get rid of it and often a special patch to prevent re-infection. This is why anti-malware developers have to release new versions of their software on a regular basis to stay abreast of the latest threats and vulnerabilities. Developing anti-malware applications, limited by strict standards, protocols and rules, is like arming a S.W.A.T. team with water pistols when they need to go up against a group of terrorists armed with AK47's. Malware does not play by the rules, it is time that anti-malware developers follow the same route, but without compromising the stability and performance of our computer systems.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Labels:
Internet Security,
Malware,
Spyware,
Viruses
Wednesday, March 28, 2007
Scammers With A Death Wish
By Coenraad De Beer
Scammers come up with the craziest ideas these days. It is hard to believe that people still fall for the ridiculous e-mail scams in circulation all over the web. It is even harder to comprehend how scammers think they are going to swindle people into believing their devious lies and unbelievable stories. Unfortunately, online scams are a harsh reality. On the one side you have innocent, uninformed victims walking into the traps of merciless con artists and on the other side you have scammers following a "shoot in the dark with a shotgun" approach to claim as many victims as possible.
Online fraud is a serious matter, but you can't help laughing at the creative, yet ridiculous ideas of online scammers. Last month I received a link exchange request from someone running a password recovery website providing a password recovery service for people who lost their e-mail account password. The only problem is that they hack e-mail accounts without confirming the real owner of the e-mail account. The other absurdity is that you can normally contact your service provider when you loose your password and don't need a password recovery service if you are the real owner of the e-mail account. Sometimes I wonder whether cyber criminals have any brain cells between their ears or whether they are simply looking for attention. It is even more absurd, even hilarious, when they are trying to scam anti-fraud activists and cyber law enforcement agencies. I know that many of these scam e-mails are sent in bulk by spam bots and the spammers never really know who receive their junk e-mails, but some scammers make it just too easy for cyber law enforcement agencies to track them down.
It is not odd for one person to receive several phishing scams on a single day, each one pretending to come from a different bank or financial institution. The best of all is the fact that these phishing scams are carbon copies of each other, the only difference in each e-mail is the logo and trading name of the financial institution. Scammers discredit their fellow scammers by sending similar e-mails on the same day to the same recipient. If I receive a phishing scam from a bank, of which I'm not even a client, I will most definitely not respond to a similar e-mail, received on the same day, using exactly the same message, even if I am a client of this institution. If everyone starts to read their e-mails more carefully and in detail, you will soon see the ordinary e-mail user being able to identify a scam just by looking at the pattern, words, techniques, formatting and writing style used by many scammers.
One of the latest schemes used by 419 scammers is the Law Enforcement Agency scam. 419 scammers seem to be less successful with their usual e-mail scams, most probably because of what I mentioned in the previous paragraph. Lottery scams, company representative scams, scams involving war victims, cancer victims, plane crash victims, you name it, have flooded our mailboxes so much that we can smell these scams a mile a way just by reading the subject line. Unfortunately you still get people who are unaware of these threats and 419 scammers usually claim victims among these people. The Law Enforcement Agency scam involves 419 scammers trying to swindle previous victims of these scams. The "agency" allegedly apprehended a group of fraudsters and recovered millions of "pounds sterling" stolen from innocent victims. (I wonder why they haven't recovered any dollars). These funds will then be disbursed to victims filing a claim with this "agency". Victims need to supply loads of personal details as well as the amount of money stolen from them. The scammers claim that the victim will not spend any money until the cheque (notice a cheque and not a secure electronic transfer) is issued to him/her. Just ask yourself, why the need to pay money to reclaim something that was lawfully yours? Do the scammers honestly believe that people will fall for a lousy scam like this? People desperate enough to get their stolen money back will most certainly walk into this trap and spend more money only to loose more money and scammers are bargaining on this. Luckily you get people who learn from their mistakes and will never make the same mistake twice, so the scammers can forget to scam vigilant people who already experienced the trauma of loosing a lot of money to empty promises from a total stranger.
Scammers from Nigeria have tried to become partners of cyber security agencies in an attempt to infiltrate and destroy anti-fraud organisations from the inside. Online scammers have become nut cases, fanatics, digital suicide bombers and kamikazes, trying every trick in the book (and some stupid tricks of their own) to reach their idiotic goals. It is just sad that they continue to claim victims with their amateurish schemes. Perhaps these scams are so amateurish that people struggle to see through them. It is a case of horribly underestimating your enemy, the worst part being unable to identify your enemy, even worse, not even realising that your are dealing with an evil opposing force.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software. Visit our Hoaxes, Spams and Scams Section and educate yourself with real life examples of online fraud.
Scammers come up with the craziest ideas these days. It is hard to believe that people still fall for the ridiculous e-mail scams in circulation all over the web. It is even harder to comprehend how scammers think they are going to swindle people into believing their devious lies and unbelievable stories. Unfortunately, online scams are a harsh reality. On the one side you have innocent, uninformed victims walking into the traps of merciless con artists and on the other side you have scammers following a "shoot in the dark with a shotgun" approach to claim as many victims as possible.
Online fraud is a serious matter, but you can't help laughing at the creative, yet ridiculous ideas of online scammers. Last month I received a link exchange request from someone running a password recovery website providing a password recovery service for people who lost their e-mail account password. The only problem is that they hack e-mail accounts without confirming the real owner of the e-mail account. The other absurdity is that you can normally contact your service provider when you loose your password and don't need a password recovery service if you are the real owner of the e-mail account. Sometimes I wonder whether cyber criminals have any brain cells between their ears or whether they are simply looking for attention. It is even more absurd, even hilarious, when they are trying to scam anti-fraud activists and cyber law enforcement agencies. I know that many of these scam e-mails are sent in bulk by spam bots and the spammers never really know who receive their junk e-mails, but some scammers make it just too easy for cyber law enforcement agencies to track them down.
It is not odd for one person to receive several phishing scams on a single day, each one pretending to come from a different bank or financial institution. The best of all is the fact that these phishing scams are carbon copies of each other, the only difference in each e-mail is the logo and trading name of the financial institution. Scammers discredit their fellow scammers by sending similar e-mails on the same day to the same recipient. If I receive a phishing scam from a bank, of which I'm not even a client, I will most definitely not respond to a similar e-mail, received on the same day, using exactly the same message, even if I am a client of this institution. If everyone starts to read their e-mails more carefully and in detail, you will soon see the ordinary e-mail user being able to identify a scam just by looking at the pattern, words, techniques, formatting and writing style used by many scammers.
One of the latest schemes used by 419 scammers is the Law Enforcement Agency scam. 419 scammers seem to be less successful with their usual e-mail scams, most probably because of what I mentioned in the previous paragraph. Lottery scams, company representative scams, scams involving war victims, cancer victims, plane crash victims, you name it, have flooded our mailboxes so much that we can smell these scams a mile a way just by reading the subject line. Unfortunately you still get people who are unaware of these threats and 419 scammers usually claim victims among these people. The Law Enforcement Agency scam involves 419 scammers trying to swindle previous victims of these scams. The "agency" allegedly apprehended a group of fraudsters and recovered millions of "pounds sterling" stolen from innocent victims. (I wonder why they haven't recovered any dollars). These funds will then be disbursed to victims filing a claim with this "agency". Victims need to supply loads of personal details as well as the amount of money stolen from them. The scammers claim that the victim will not spend any money until the cheque (notice a cheque and not a secure electronic transfer) is issued to him/her. Just ask yourself, why the need to pay money to reclaim something that was lawfully yours? Do the scammers honestly believe that people will fall for a lousy scam like this? People desperate enough to get their stolen money back will most certainly walk into this trap and spend more money only to loose more money and scammers are bargaining on this. Luckily you get people who learn from their mistakes and will never make the same mistake twice, so the scammers can forget to scam vigilant people who already experienced the trauma of loosing a lot of money to empty promises from a total stranger.
Scammers from Nigeria have tried to become partners of cyber security agencies in an attempt to infiltrate and destroy anti-fraud organisations from the inside. Online scammers have become nut cases, fanatics, digital suicide bombers and kamikazes, trying every trick in the book (and some stupid tricks of their own) to reach their idiotic goals. It is just sad that they continue to claim victims with their amateurish schemes. Perhaps these scams are so amateurish that people struggle to see through them. It is a case of horribly underestimating your enemy, the worst part being unable to identify your enemy, even worse, not even realising that your are dealing with an evil opposing force.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software. Visit our Hoaxes, Spams and Scams Section and educate yourself with real life examples of online fraud.
Labels:
419 Scams,
Online Fraud,
Online Scammers,
Online Scams,
Phishing
Thursday, March 22, 2007
Spammers Replying To E-mail You Did Not Send
By Coenraad De Beer
Spammers are always on the lookout for ways to bypass our spam filters. Lately they have been very successful at this, because many people are complaining that tons of e-mails are getting past their spam filters. Spammers are combining old techniques with new ones, making it hard for even the most advanced and best trained Bayesian spam filter to keep junk mail out of our mailboxes.
Last year I came across a poster on Yahoo! Answers asking for advice on a strange e-mail she received. According to this poster she received a reply from someone on an e-mail she never sent. She immediately thought that the spammer hacked her e-mail account, sent an e-mail to himself and then replied to it. This is not impossible, but there are easier ways to do this, without hacking an e-mail account.
E-mails are plain text documents that can be modified and manipulated with a simple text editor like Notepad. The spammer simply saves any e-mail to a file, opens it with Notepad and puts your e-mail address in the "From" field. The spammer then imports it into an e-mail client and replies to this manipulated e-mail. This is only one of many ways to manipulate an e-mail message.
Spammers normally use a technique called hash busting. Hash busting is when you add random text at the beginning or at the end of an e-mail. The text makes no sense and consists of excerpts from books, articles and news bulletins. This text randomises the size, as well as the contents of the e-mail, making it hard for spam filters to find a pattern in the e-mail to base its filtering decisions on. For instance, an e-mail consisting of an image only will normally be flagged as spam, but if someone adds random text below the image, it changes the pattern of the e-mail and the spam filter can no longer use the criteria mentioned earlier to label the e-mail as spam. There are legitimate e-mails like this and the spam filter needs additional training to know which e-mails with embedded images, containing text below the image, are spam and which ones are not.
Some spammers realised that people became suspicious of the senseless text in spam e-mails, so they started to hide the text by making the colour of the text the same as the background colour. Other spammers make the size of the text so small that it appears like a horizontal line between paragraphs or at the bottom of the e-mail. The techniques used to conceal the hash buster text are easily detectable by a good spam filter because no decent person will send someone else an e-mail with hidden text or text that cannot be seen with the naked eye. So the spammers fail more often to get their e-mails through the spam filters when they use cloaking techniques like this.
Spammers needed a way to make the hash buster text look legitimate to the user as well as the spam filter. This is when they came up with the idea of pretending to reply to an e-mail message that was never really sent to them in the first place. The spammer creates the forged e-mail with hash buster text and then replies to it. The spammer still enjoys the benefits of the hash buster text coupled with a better chance to get past any spam filter, because the e-mail appears like a legitimate reply to a previous e-mail sent by the victim. A reply to an e-mail you sent to someone else is seldom unwanted and the spam filter will therefore be less suspicious about it, unless it contains specific keywords and phrases that trigger the spam filter.
But there are more consequences for the victim than just a spam filter not being able to filter the e-mail as spam. Spammers can include anything in these fake e-mails. They can even pretend that you enquired about one of their products. Instead of spamming you with an unwanted e-mail, they pretend to send you a reply to your initial enquiry, an enquiry you never sent. Abuse departments can easily use this as an excuse not to take action against the spammer. They may argue that the spam victim did not receive an unwanted commercial e-mail, because the victim enquired about something and the accused simply replied to that enquiry. Luckily abuse departments need to prove that the original e-mail was really sent before rejecting the complaint, but we all know that very few abuse departments actually take any spam reports serious these days.
It is because of the lack of proper legislation as well as poor implementation and enforcement of existing legislation that we have to deal with waves of spam every day. We are constantly one step behind cyber criminals and our current spam filters cannot keep up with all the tricks and techniques used by spammers to force their junk down our throats. There is a widespread appeal for better filtering and alternative communication methods. There is merit in developing better spam filters, but how do you replace a communication medium like e-mail without disrupting individuals and businesses that depend on it every day to stay in contact with friends, family and clients? What's the use of taking away a communication medium if you do not take action against the individuals who abuse it? It will only be a matter of time before spammers start to abuse the system replacing e-mail. You need to take action against the root of the problem and not the infrastructure through which the problem occurs.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Spammers are always on the lookout for ways to bypass our spam filters. Lately they have been very successful at this, because many people are complaining that tons of e-mails are getting past their spam filters. Spammers are combining old techniques with new ones, making it hard for even the most advanced and best trained Bayesian spam filter to keep junk mail out of our mailboxes.
Last year I came across a poster on Yahoo! Answers asking for advice on a strange e-mail she received. According to this poster she received a reply from someone on an e-mail she never sent. She immediately thought that the spammer hacked her e-mail account, sent an e-mail to himself and then replied to it. This is not impossible, but there are easier ways to do this, without hacking an e-mail account.
E-mails are plain text documents that can be modified and manipulated with a simple text editor like Notepad. The spammer simply saves any e-mail to a file, opens it with Notepad and puts your e-mail address in the "From" field. The spammer then imports it into an e-mail client and replies to this manipulated e-mail. This is only one of many ways to manipulate an e-mail message.
Spammers normally use a technique called hash busting. Hash busting is when you add random text at the beginning or at the end of an e-mail. The text makes no sense and consists of excerpts from books, articles and news bulletins. This text randomises the size, as well as the contents of the e-mail, making it hard for spam filters to find a pattern in the e-mail to base its filtering decisions on. For instance, an e-mail consisting of an image only will normally be flagged as spam, but if someone adds random text below the image, it changes the pattern of the e-mail and the spam filter can no longer use the criteria mentioned earlier to label the e-mail as spam. There are legitimate e-mails like this and the spam filter needs additional training to know which e-mails with embedded images, containing text below the image, are spam and which ones are not.
Some spammers realised that people became suspicious of the senseless text in spam e-mails, so they started to hide the text by making the colour of the text the same as the background colour. Other spammers make the size of the text so small that it appears like a horizontal line between paragraphs or at the bottom of the e-mail. The techniques used to conceal the hash buster text are easily detectable by a good spam filter because no decent person will send someone else an e-mail with hidden text or text that cannot be seen with the naked eye. So the spammers fail more often to get their e-mails through the spam filters when they use cloaking techniques like this.
Spammers needed a way to make the hash buster text look legitimate to the user as well as the spam filter. This is when they came up with the idea of pretending to reply to an e-mail message that was never really sent to them in the first place. The spammer creates the forged e-mail with hash buster text and then replies to it. The spammer still enjoys the benefits of the hash buster text coupled with a better chance to get past any spam filter, because the e-mail appears like a legitimate reply to a previous e-mail sent by the victim. A reply to an e-mail you sent to someone else is seldom unwanted and the spam filter will therefore be less suspicious about it, unless it contains specific keywords and phrases that trigger the spam filter.
But there are more consequences for the victim than just a spam filter not being able to filter the e-mail as spam. Spammers can include anything in these fake e-mails. They can even pretend that you enquired about one of their products. Instead of spamming you with an unwanted e-mail, they pretend to send you a reply to your initial enquiry, an enquiry you never sent. Abuse departments can easily use this as an excuse not to take action against the spammer. They may argue that the spam victim did not receive an unwanted commercial e-mail, because the victim enquired about something and the accused simply replied to that enquiry. Luckily abuse departments need to prove that the original e-mail was really sent before rejecting the complaint, but we all know that very few abuse departments actually take any spam reports serious these days.
It is because of the lack of proper legislation as well as poor implementation and enforcement of existing legislation that we have to deal with waves of spam every day. We are constantly one step behind cyber criminals and our current spam filters cannot keep up with all the tricks and techniques used by spammers to force their junk down our throats. There is a widespread appeal for better filtering and alternative communication methods. There is merit in developing better spam filters, but how do you replace a communication medium like e-mail without disrupting individuals and businesses that depend on it every day to stay in contact with friends, family and clients? What's the use of taking away a communication medium if you do not take action against the individuals who abuse it? It will only be a matter of time before spammers start to abuse the system replacing e-mail. You need to take action against the root of the problem and not the infrastructure through which the problem occurs.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Labels:
Spam,
Spam Filters,
Spammers
Thursday, March 01, 2007
United Against Cyber Crime
By Coenraad De Beer
Two heads are better than one. This is true and this is what we need to combat cyber crime effectively. There is much collaboration between organisations fighting cyber crime and it is important that these organisations work together to make the Internet a safer place for everyone. But there are still a lot of organisations that prefer to work alone and the abuse departments of well-known service providers are ignoring reports from the public and anti-cyber-crime organisations.
Why are people reluctant to report spam to the abuse departments of well-known e-mail and hosting service providers? Many people don't know that such departments exist and other are fed up with the ignorant approach of these departments towards reports from the public. What's the use of an abuse department if it doesn't do anything about the problems and abuse reported to it? But it is not only members of the public who experience these frustrations, anti-cyber-crime organisations have the same problem. These abuse departments eventually decide whether it is necessary to suspend the services of the guilty party or not, no matter how much evidence you provide to support your claim.
It revolves all around money, even the free services generate revenue for these companies. Free web site hosting normally involves adds of the hosting company displayed on the web site. Web sites involved in spamming activities bring in a lot of visitors which means the ads of the hosting company also gets exposure. Why would they want to terminate a web site that brings them a lot of revenue? This means that they are not enforcing their own terms of service, or you can even say their terms of service are only applicable to those who abuse the services without generating any revenue for the company. The problem becomes even worse when the abusing party pays for the services. Why would they want to cancel the account of a loyal client if it is going to cause revenue loss for them? What these companies don't understand is that they are making themselves less popular by being so reluctant to take action against these abusers and they will eventually only attract the criminals, effectively making them accomplices to these criminal activities. I believe most world-class companies will stare bankruptcy in the face if they terminate the accounts of all the spammers and unethical companies making use, or I should rather say, abusing their services.
Money is also the stumbling block for collaboration between cyber crime fighters. A web site owner will not want to refer visitors to a partner's web site without getting something in return. This is understandable to some extent because many anti-cyber-crime organisations provide their services free of charge and generate revenue mainly through advertisements. Without visitors they cannot make money from the ads displayed on their site. But is this enough reason to refuse a helping hand from a partner? A united force is much stronger than a divided force. The scammers love the fact that law enforcement agencies are not working together with anti-cyber-crime organisations to battle cyber crime. Spammers love it when e-mail and hosting service providers do not respond to the reports from anti-cyber-crime organisations and complaints from the public. Cyber criminals are laughing out loud at the divided force against cyber crime, battling to keep their heads above the flood of spam and scams reported to them on a daily basis.
The cyber criminals are constantly one step ahead of cyber law enforcement, it is time we turn the tides and stand united against cyber crime.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Two heads are better than one. This is true and this is what we need to combat cyber crime effectively. There is much collaboration between organisations fighting cyber crime and it is important that these organisations work together to make the Internet a safer place for everyone. But there are still a lot of organisations that prefer to work alone and the abuse departments of well-known service providers are ignoring reports from the public and anti-cyber-crime organisations.
Why are people reluctant to report spam to the abuse departments of well-known e-mail and hosting service providers? Many people don't know that such departments exist and other are fed up with the ignorant approach of these departments towards reports from the public. What's the use of an abuse department if it doesn't do anything about the problems and abuse reported to it? But it is not only members of the public who experience these frustrations, anti-cyber-crime organisations have the same problem. These abuse departments eventually decide whether it is necessary to suspend the services of the guilty party or not, no matter how much evidence you provide to support your claim.
It revolves all around money, even the free services generate revenue for these companies. Free web site hosting normally involves adds of the hosting company displayed on the web site. Web sites involved in spamming activities bring in a lot of visitors which means the ads of the hosting company also gets exposure. Why would they want to terminate a web site that brings them a lot of revenue? This means that they are not enforcing their own terms of service, or you can even say their terms of service are only applicable to those who abuse the services without generating any revenue for the company. The problem becomes even worse when the abusing party pays for the services. Why would they want to cancel the account of a loyal client if it is going to cause revenue loss for them? What these companies don't understand is that they are making themselves less popular by being so reluctant to take action against these abusers and they will eventually only attract the criminals, effectively making them accomplices to these criminal activities. I believe most world-class companies will stare bankruptcy in the face if they terminate the accounts of all the spammers and unethical companies making use, or I should rather say, abusing their services.
Money is also the stumbling block for collaboration between cyber crime fighters. A web site owner will not want to refer visitors to a partner's web site without getting something in return. This is understandable to some extent because many anti-cyber-crime organisations provide their services free of charge and generate revenue mainly through advertisements. Without visitors they cannot make money from the ads displayed on their site. But is this enough reason to refuse a helping hand from a partner? A united force is much stronger than a divided force. The scammers love the fact that law enforcement agencies are not working together with anti-cyber-crime organisations to battle cyber crime. Spammers love it when e-mail and hosting service providers do not respond to the reports from anti-cyber-crime organisations and complaints from the public. Cyber criminals are laughing out loud at the divided force against cyber crime, battling to keep their heads above the flood of spam and scams reported to them on a daily basis.
The cyber criminals are constantly one step ahead of cyber law enforcement, it is time we turn the tides and stand united against cyber crime.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.
Labels:
Anti-cyber-crime,
Cyber Crime
Wednesday, February 21, 2007
The Mental Dysfunction Of A Hoaxer
By Coenraad De Beer
A hoax about the death of former South African president Nelson Mandela has been in circulation among South Africans since last week. This has caused waves of panic and shocked the nation. Mr. Mandela is a role model for many people, not just in South Africa, but worldwide and has always been an icon for peace, so it is understandable why so many people were shocked about this news. But was it possible to prevent the confusion caused by this hoax?
It all started with an SMS stating that Mr. Mandela was on life support systems and the media was refusing to break the news. Soon after that, the hoax started to circulate on the Internet. But like any rumour, people started to make it a bit juicier. It did not take long before the hoax transformed into the message of a deceased Mr. Mandela and the police being put on high alert. I'm not going into the details of what the hoax exactly meant and what is rumoured to occur if this was not a hoax, that is not the purpose of this article, but I would like to discuss the damaging effects of false statements like these and the frustration of dealing with this kind of spam.
The South African media immediately jumped to the conclusion that the message originated from right-wing activists who are trying to create panic among the people of South Africa. I simply don't understand what they will gain from this by creating panic among their own people, so it makes no sense to claim that these messages came from right-wing activists. By making a claim like this, the media simply confirmed what would happen if this was not a hoax, which makes them just as guilty as the hoaxers, creating even more panic.
This simply illustrates the confusion and frustration caused by hoaxes. People start to blame each other, pointing fingers and throwing stones at each other, jumping to all kinds of conclusions and I guess that this was the exact intent of the creators of this specific hoax, creating havoc and chaos. But we are missing the point if we start to blame each other for the result of a hoax. The creator or creators of a hoax should be put in a rehabilitation centre for the mentally challenged. I can see the purpose behind unsolicited commercial e-mails, because it holds financial benefits for the creator and don't get me wrong, I strongly condone any kind of spam. But I can't see any benefit for the creator of a hoax, except for the satisfaction of confusing people and causing panic. This is the sign of a psychopath who needs a straightjacket.
And what about the fools who spread these lies like zombies by forwarding the message to all their friends? They are just as psychotic as the creator, if not worse. I mean, if you get a message from a friend who are unable to verify accuracy and truthfulness of the information and you cannot verify it either, why bother sending it to other people, wasting their time? You only contribute to the problem by letting it spread like a bush fire and other people have to put out the fires afterwards.
There are tons of examples of hoaxes, chain letters and petition lists, created ages ago, but still in circulation today, because people continue to forward them, fuelling the wave of hoaxes and spam filling up our mailboxes every day. So is it possible to prevent a hoax from going this far? Of course, a little common sense and self-control against gossip can go a very long way.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
A hoax about the death of former South African president Nelson Mandela has been in circulation among South Africans since last week. This has caused waves of panic and shocked the nation. Mr. Mandela is a role model for many people, not just in South Africa, but worldwide and has always been an icon for peace, so it is understandable why so many people were shocked about this news. But was it possible to prevent the confusion caused by this hoax?
It all started with an SMS stating that Mr. Mandela was on life support systems and the media was refusing to break the news. Soon after that, the hoax started to circulate on the Internet. But like any rumour, people started to make it a bit juicier. It did not take long before the hoax transformed into the message of a deceased Mr. Mandela and the police being put on high alert. I'm not going into the details of what the hoax exactly meant and what is rumoured to occur if this was not a hoax, that is not the purpose of this article, but I would like to discuss the damaging effects of false statements like these and the frustration of dealing with this kind of spam.
The South African media immediately jumped to the conclusion that the message originated from right-wing activists who are trying to create panic among the people of South Africa. I simply don't understand what they will gain from this by creating panic among their own people, so it makes no sense to claim that these messages came from right-wing activists. By making a claim like this, the media simply confirmed what would happen if this was not a hoax, which makes them just as guilty as the hoaxers, creating even more panic.
This simply illustrates the confusion and frustration caused by hoaxes. People start to blame each other, pointing fingers and throwing stones at each other, jumping to all kinds of conclusions and I guess that this was the exact intent of the creators of this specific hoax, creating havoc and chaos. But we are missing the point if we start to blame each other for the result of a hoax. The creator or creators of a hoax should be put in a rehabilitation centre for the mentally challenged. I can see the purpose behind unsolicited commercial e-mails, because it holds financial benefits for the creator and don't get me wrong, I strongly condone any kind of spam. But I can't see any benefit for the creator of a hoax, except for the satisfaction of confusing people and causing panic. This is the sign of a psychopath who needs a straightjacket.
And what about the fools who spread these lies like zombies by forwarding the message to all their friends? They are just as psychotic as the creator, if not worse. I mean, if you get a message from a friend who are unable to verify accuracy and truthfulness of the information and you cannot verify it either, why bother sending it to other people, wasting their time? You only contribute to the problem by letting it spread like a bush fire and other people have to put out the fires afterwards.
There are tons of examples of hoaxes, chain letters and petition lists, created ages ago, but still in circulation today, because people continue to forward them, fuelling the wave of hoaxes and spam filling up our mailboxes every day. So is it possible to prevent a hoax from going this far? Of course, a little common sense and self-control against gossip can go a very long way.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
Wednesday, February 14, 2007
Green Means Trust, But Does It Mean Security?
By Coenraad De Beer
Green means "Trust", the catchphrase for EV SSL certificates, the new authentication standard for secure web sites. Lets be clear on one thing. SSL encryption is a necessity for any web site collecting sensitive information from its visitors and it is great to see that certificate authorities are making it harder for swindlers to obtain these certificates. But does it mean that an already trustworthy web site, owning an EV SSL certificate, is now even more trustworthy and an already trustworthy web site, not owning an EV SSL certificate, is no longer trustworthy?
The one thing that makes EV SSL stand out from normal SSL certificates is its colour coding system. Green means trust, yellow means suspicion and red means danger. The address bar of Firefox turned yellow for secure web sites using SSL encryption, long before Microsoft came with the idea to make Internet Explorer's address bar green for sites owning an EV SSL certificate. Internet Explorer 7 added tabbed browsing, something that was already part of Firefox, Internet Explorer 7 added an anti-phishing filter, something you could always add to Firefox with the Google Toolbar, so it was of no surprise to me when Internet Explorer 7 suddenly started to make use of colour codes to classify the safety status of web sites.
In a study done by Rachna Dhamija, a Postdoctoral Fellow at the Centre for Research on Computation and Society at Harvard University, it was found that most phishing attacks succeed because of the human factor and not because lacklustre security standards, bugs in the operating system or a faulty browser. Many people simply ignore the warnings and messages given to them, they are not aware of the security features of a browser and therefore don't care if the address bar turns purple for that matter (You can read more about this study at http://www.securityfocus.com/columnists/407). So the colour coding system will only work if people are properly educated about it. But I still have a problem with this system. It can make people completely paranoid when browsing the web. If they don't see the address bar turning green, they will immediately have a negative attitude towards the web site they are visiting. Isn't the main purpose of EV SSL to build trust and customer confidence among Internet users?
Green means "Trust", is only another way of saying a little padlock in the bottom-right corner of your screen means secure. It is a good thing to know that applicants for EV SSL certificates undergoes a very strict validation and authentication process, but this will only last until the standards are weakened again. EV SSL is like normal SSL certificates combined with rigorous validation procedures and a colour coding system, so the core of the certificate itself stays the same. Lets say the user starts to depend on this "Trust" built by EV SSL certificates. Will the user learn how to identify dangerous web sites without this technology? No. What happens if someone bypasses the rigorous validation procedures of EV SSL certificates, will the user blindly trust this site because it has an EV SSL certificate? Yes, most definitely. A driver of a car has an unconditional trust in its brake pedal and will not be able to identify sudden brake failure until it is too late. The trust is placed on an object that cannot guarantee your safety. It is not the pedal that provides the safety, but the mechanical system behind it. The same holds true for EV SSL. You need to teach people how to identify a dangerous web site without the fancy colour coded signs of EV SSL, just like teaching someone on how to identify brake failure without relying on the brake pedal to warn you about it.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
Green means "Trust", the catchphrase for EV SSL certificates, the new authentication standard for secure web sites. Lets be clear on one thing. SSL encryption is a necessity for any web site collecting sensitive information from its visitors and it is great to see that certificate authorities are making it harder for swindlers to obtain these certificates. But does it mean that an already trustworthy web site, owning an EV SSL certificate, is now even more trustworthy and an already trustworthy web site, not owning an EV SSL certificate, is no longer trustworthy?
The one thing that makes EV SSL stand out from normal SSL certificates is its colour coding system. Green means trust, yellow means suspicion and red means danger. The address bar of Firefox turned yellow for secure web sites using SSL encryption, long before Microsoft came with the idea to make Internet Explorer's address bar green for sites owning an EV SSL certificate. Internet Explorer 7 added tabbed browsing, something that was already part of Firefox, Internet Explorer 7 added an anti-phishing filter, something you could always add to Firefox with the Google Toolbar, so it was of no surprise to me when Internet Explorer 7 suddenly started to make use of colour codes to classify the safety status of web sites.
In a study done by Rachna Dhamija, a Postdoctoral Fellow at the Centre for Research on Computation and Society at Harvard University, it was found that most phishing attacks succeed because of the human factor and not because lacklustre security standards, bugs in the operating system or a faulty browser. Many people simply ignore the warnings and messages given to them, they are not aware of the security features of a browser and therefore don't care if the address bar turns purple for that matter (You can read more about this study at http://www.securityfocus.com/columnists/407). So the colour coding system will only work if people are properly educated about it. But I still have a problem with this system. It can make people completely paranoid when browsing the web. If they don't see the address bar turning green, they will immediately have a negative attitude towards the web site they are visiting. Isn't the main purpose of EV SSL to build trust and customer confidence among Internet users?
Green means "Trust", is only another way of saying a little padlock in the bottom-right corner of your screen means secure. It is a good thing to know that applicants for EV SSL certificates undergoes a very strict validation and authentication process, but this will only last until the standards are weakened again. EV SSL is like normal SSL certificates combined with rigorous validation procedures and a colour coding system, so the core of the certificate itself stays the same. Lets say the user starts to depend on this "Trust" built by EV SSL certificates. Will the user learn how to identify dangerous web sites without this technology? No. What happens if someone bypasses the rigorous validation procedures of EV SSL certificates, will the user blindly trust this site because it has an EV SSL certificate? Yes, most definitely. A driver of a car has an unconditional trust in its brake pedal and will not be able to identify sudden brake failure until it is too late. The trust is placed on an object that cannot guarantee your safety. It is not the pedal that provides the safety, but the mechanical system behind it. The same holds true for EV SSL. You need to teach people how to identify a dangerous web site without the fancy colour coded signs of EV SSL, just like teaching someone on how to identify brake failure without relying on the brake pedal to warn you about it.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
Labels:
EV SSL,
Web Site Security
Friday, February 09, 2007
Cyber Crime - A Look Behind The Scenes
By Coenraad De Beer
One evening Victor Victim sits in front of his computer, downloading his latest e-mails. He gets an e-mail with a subject line reading "CONGRATULATIONS YOUR EMAIL ADDRESS WON 1.5 MILLION UNITED STATES DOLLARS". Victor can't believe his eyes and immediately opens the e-mail to see what it is all about. The sender, Mr. Scammy Scammer, requests a lot of personal information including his banking details, in order to transfer the funds to Victor's bank account. Victor is so amazed by the simplicity of the process that he immediately hits the reply button to send Mr. Scammy Scammer the information he requested.
The next morning Victor cannot wait to see if Mr. Scammer replied. He is really impressed to see that Mr. Scammer replied in a timely manner and hastily he opens the e-mail to see when the funds will hit his bank account. To Victor's disappointment he discovers that he needs to transfer $1500 to a foreign location through a money transfer service called Western Union. Victor doesn't have this amount of money on hand and decides to forget about the whole thing. He deletes all the e-mails from Mr. Scammer with disgust and goes to work.
On the other side of the world is Mr. Scammer waiting for a reply from Victor. A week goes by without a reply from Victor and Mr. Scammer realises that Victor did not fall for his scam. He decides to call his friend Phishy Phisher, an expert designer of phishing scam e-mails. Mr. Scammer tells his friend about Victor and sells his information to Mr. Phisher for $300. This may seem like a generous offer but Mr Scammer does business with Mr. Phisher on a regular basis and sells him the information of all the victims who were unwilling to fall for his scam. And even if he scammed the person successfully, he sells the information anyway. Mr. Phisher gives Mr. Scammer a further 20% of the funds he steals from bank accounts compromised with his phishing scam e-mails.
Two weeks later Victor receives a notification from his bank, informing him that they performed a scheduled software upgrade to their online banking system. They urgently request that Victor visits their web site to confirm his banking details. Failing to do so before the end of the week will result in a temporary suspension of his online banking facilities. He wonders why they need to confirm his details, but eventually click on the link provided in the e-mail. Victor does a lot of online banking and cannot afford to loose online access to his bank account. Unfortunately Victor did not take a good look at the URL, failing to realise that he was taken to a fake web site looking like the one he normally use for his online banking transactions. He enters his bank account number and pin and hit the submit button. A page appears within seconds informing Victor that his bank account details have been verified. "Wow, that's fast!" Victor says to himself and logs out of the online banking system.
Three days later Victor tries to withdraw cash from the ATM. The system simply tells him that he has insufficient funds. "That's impossible", says Victor, "I always have money in my bank account." Victor goes to his bank manager to find out what the problem is. His bank manager asks him whether he received an e-mail requesting confirmation of Victor's banking details. Victor confirms this and tells the bank manager that he thinks it is a stupid way of confirming a client's details. The bank manager explains to Victor that this is a phishing scam e-mail and that no bank ever sends e-mails like that to their clients. He also explains how the scam works and that the people behind the e-mail are responsible for the withdrawals from Victor's bank account. The bank is unfortunately not responsible for this breach and cannot compensate Victor for the financial loss. An angry, shocked and disappointed Victor heads home to get some sleep, maybe he will wake up tomorrow realising that this is all just a bad dream.
In the mean time Mr. Phisher decided to contact his colleague Mr. ID Thief. Mr ID Thief is an expert in Identity Theft and often buys personal information of scammed victims from Mr. Phisher and Mr. Scammer. A month later Victor goes through his mail only to find statements and bills for several credit cards, personal loans and retail credit accounts all opened in his name. To make things even worse, each account's credit limit has been fully utilised. The personal loans are settled in instalments and the other accounts have to be settled before the end of the month. Mr ID Thief used Victor's identity to open these accounts in Victor's name and after that he utilised and withdrew all the cash from these accounts. Victor slowly starts to become overstressed about all his financial problems, giving him sleepless nights. Eventually he loses his job because of poor work performance. The debt collectors start to take possession of Victor's personal belongings to settle his debt and in the end he has to move in with his sister just to have a roof over his head. Victor is declared insolvent and his name is placed on the credit bureau's black list of insolvent people. This makes it impossible for Victor to apply for a loan or any kind of credit.
Another month goes by and Mr. Sydney Syndicate from Russia is waiting for his agents to tell him how much money he made during the last couple of months. Mr. Scammer, Mr. Phisher and Mr. Thief are all working for Mr. Syndicate, stealing money from hundreds of people every month. They are allowed to keep 30% of the money stolen from the victims, the rest belongs to Mr. Syndicate and has to be transferred to Russia. The problem is, all the money they stole so far has grown to quite a large amount and cannot be transferred to Russia without the government officials asking some uncomfortable questions. So Mr. Scammer has to think of something to get all this money to Russia. Mr. Scammer comes up with a great idea.
Depressed Victor Victim sits in front of his sister's computer downloading his e-mail. He gets an offer from a very large company to act as the company representative in the United States. Victor is really excited, because he needs a job and the money desperately. The best of all he only needs to deposit cheques from U.S. clients, keeping 10% of the amount for himself and transferring the remaining 90% to the headquarters of the company through Western Union Money Transfer. The company looses money when they have to wait for cheques from the U.S. to clear in their country and need to follow this method in order to speed up the cash flow of their business. Victor does not think twice about this opportunity. He immediately completes the application form and sends it back to the company. The next day he receives a reply from the company informing him that his application was successful and first cheque to be deposited is already on his way.
Two days later he receives a cheque for $1500. He deposits the money into his bank account and waits for the cheque to clear. He keeps $150 for himself, withdraws $1350 and sends it to the headquarters of the company somewhere in Russia through Western Union Money Transfer, exactly like they told him to do. Victor can't wait for the next cheque to arrive. Another cheque arrives a week later, this time a whopping $20000. Victor follows the same routine earning him another $2000. A third cheque arrives for $2388.89. But Mr. Scammer has earned the trust of Victor by now and Victor does not wait for the funds to clear before withdrawing the 90% for the company. Victor withdraws the 90% ($2150 in this case) from his bank account and sends it off to Russia. Only this time the cheque doesn't clear and bounces. Victor looses all his money again and never hears from the company again. Two months later federal agents arrest Victor for money laundering and put him in jail for five years.
Mr. Syndicate is very pleased with his agents, they have served him well. Mr. Theft decides to sell Victor's e-mail address to Mr. Spammy Spammer, because the e-mail address if of no use to him anymore. Mr Spammy Spammer constantly sends Victor spam e-mails about stock quotes, online medications, pornography, business opportunities and instant university degrees.
When Victor finally got out of jail after 5 years he returned to his sister's home with the hopes of finding a job soon. But being blacklisted with a criminal record is not going to make things any easier for him. Later that evening he sits down in front of his sister's computer to download some e-mails. His sister downloaded his e-mails for him while he was in jail and stored them in a separate folder. He almost fell of the chair when he saw thousands of junk e-mails, scams and unsolicited advertisements that came through while he was gone. Victor decided to close his e-mail account and sworn never to use an e-mail account ever again.
This may be excessively exaggerated case of online fraud, but it clearly demonstrates what can happen to you after replying to a cyber scammer appearing to be completely harmless. It all starts with a trivial thing like your e-mail address landing in the wrong hands. It may not always be that easy for scammers to steal your money or commit Identity Theft, but you always walk the risk of financial loss if you don't take care of your personal information. Your personal information is your identity and your identity is a valuable asset to cyber scammers. Be vigilant, don't become a victim of cyber fraud.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software. Educate yourself with examples of real hoaxes, spam e-mails and scams send to real people.
One evening Victor Victim sits in front of his computer, downloading his latest e-mails. He gets an e-mail with a subject line reading "CONGRATULATIONS YOUR EMAIL ADDRESS WON 1.5 MILLION UNITED STATES DOLLARS". Victor can't believe his eyes and immediately opens the e-mail to see what it is all about. The sender, Mr. Scammy Scammer, requests a lot of personal information including his banking details, in order to transfer the funds to Victor's bank account. Victor is so amazed by the simplicity of the process that he immediately hits the reply button to send Mr. Scammy Scammer the information he requested.
The next morning Victor cannot wait to see if Mr. Scammer replied. He is really impressed to see that Mr. Scammer replied in a timely manner and hastily he opens the e-mail to see when the funds will hit his bank account. To Victor's disappointment he discovers that he needs to transfer $1500 to a foreign location through a money transfer service called Western Union. Victor doesn't have this amount of money on hand and decides to forget about the whole thing. He deletes all the e-mails from Mr. Scammer with disgust and goes to work.
On the other side of the world is Mr. Scammer waiting for a reply from Victor. A week goes by without a reply from Victor and Mr. Scammer realises that Victor did not fall for his scam. He decides to call his friend Phishy Phisher, an expert designer of phishing scam e-mails. Mr. Scammer tells his friend about Victor and sells his information to Mr. Phisher for $300. This may seem like a generous offer but Mr Scammer does business with Mr. Phisher on a regular basis and sells him the information of all the victims who were unwilling to fall for his scam. And even if he scammed the person successfully, he sells the information anyway. Mr. Phisher gives Mr. Scammer a further 20% of the funds he steals from bank accounts compromised with his phishing scam e-mails.
Two weeks later Victor receives a notification from his bank, informing him that they performed a scheduled software upgrade to their online banking system. They urgently request that Victor visits their web site to confirm his banking details. Failing to do so before the end of the week will result in a temporary suspension of his online banking facilities. He wonders why they need to confirm his details, but eventually click on the link provided in the e-mail. Victor does a lot of online banking and cannot afford to loose online access to his bank account. Unfortunately Victor did not take a good look at the URL, failing to realise that he was taken to a fake web site looking like the one he normally use for his online banking transactions. He enters his bank account number and pin and hit the submit button. A page appears within seconds informing Victor that his bank account details have been verified. "Wow, that's fast!" Victor says to himself and logs out of the online banking system.
Three days later Victor tries to withdraw cash from the ATM. The system simply tells him that he has insufficient funds. "That's impossible", says Victor, "I always have money in my bank account." Victor goes to his bank manager to find out what the problem is. His bank manager asks him whether he received an e-mail requesting confirmation of Victor's banking details. Victor confirms this and tells the bank manager that he thinks it is a stupid way of confirming a client's details. The bank manager explains to Victor that this is a phishing scam e-mail and that no bank ever sends e-mails like that to their clients. He also explains how the scam works and that the people behind the e-mail are responsible for the withdrawals from Victor's bank account. The bank is unfortunately not responsible for this breach and cannot compensate Victor for the financial loss. An angry, shocked and disappointed Victor heads home to get some sleep, maybe he will wake up tomorrow realising that this is all just a bad dream.
In the mean time Mr. Phisher decided to contact his colleague Mr. ID Thief. Mr ID Thief is an expert in Identity Theft and often buys personal information of scammed victims from Mr. Phisher and Mr. Scammer. A month later Victor goes through his mail only to find statements and bills for several credit cards, personal loans and retail credit accounts all opened in his name. To make things even worse, each account's credit limit has been fully utilised. The personal loans are settled in instalments and the other accounts have to be settled before the end of the month. Mr ID Thief used Victor's identity to open these accounts in Victor's name and after that he utilised and withdrew all the cash from these accounts. Victor slowly starts to become overstressed about all his financial problems, giving him sleepless nights. Eventually he loses his job because of poor work performance. The debt collectors start to take possession of Victor's personal belongings to settle his debt and in the end he has to move in with his sister just to have a roof over his head. Victor is declared insolvent and his name is placed on the credit bureau's black list of insolvent people. This makes it impossible for Victor to apply for a loan or any kind of credit.
Another month goes by and Mr. Sydney Syndicate from Russia is waiting for his agents to tell him how much money he made during the last couple of months. Mr. Scammer, Mr. Phisher and Mr. Thief are all working for Mr. Syndicate, stealing money from hundreds of people every month. They are allowed to keep 30% of the money stolen from the victims, the rest belongs to Mr. Syndicate and has to be transferred to Russia. The problem is, all the money they stole so far has grown to quite a large amount and cannot be transferred to Russia without the government officials asking some uncomfortable questions. So Mr. Scammer has to think of something to get all this money to Russia. Mr. Scammer comes up with a great idea.
Depressed Victor Victim sits in front of his sister's computer downloading his e-mail. He gets an offer from a very large company to act as the company representative in the United States. Victor is really excited, because he needs a job and the money desperately. The best of all he only needs to deposit cheques from U.S. clients, keeping 10% of the amount for himself and transferring the remaining 90% to the headquarters of the company through Western Union Money Transfer. The company looses money when they have to wait for cheques from the U.S. to clear in their country and need to follow this method in order to speed up the cash flow of their business. Victor does not think twice about this opportunity. He immediately completes the application form and sends it back to the company. The next day he receives a reply from the company informing him that his application was successful and first cheque to be deposited is already on his way.
Two days later he receives a cheque for $1500. He deposits the money into his bank account and waits for the cheque to clear. He keeps $150 for himself, withdraws $1350 and sends it to the headquarters of the company somewhere in Russia through Western Union Money Transfer, exactly like they told him to do. Victor can't wait for the next cheque to arrive. Another cheque arrives a week later, this time a whopping $20000. Victor follows the same routine earning him another $2000. A third cheque arrives for $2388.89. But Mr. Scammer has earned the trust of Victor by now and Victor does not wait for the funds to clear before withdrawing the 90% for the company. Victor withdraws the 90% ($2150 in this case) from his bank account and sends it off to Russia. Only this time the cheque doesn't clear and bounces. Victor looses all his money again and never hears from the company again. Two months later federal agents arrest Victor for money laundering and put him in jail for five years.
Mr. Syndicate is very pleased with his agents, they have served him well. Mr. Theft decides to sell Victor's e-mail address to Mr. Spammy Spammer, because the e-mail address if of no use to him anymore. Mr Spammy Spammer constantly sends Victor spam e-mails about stock quotes, online medications, pornography, business opportunities and instant university degrees.
When Victor finally got out of jail after 5 years he returned to his sister's home with the hopes of finding a job soon. But being blacklisted with a criminal record is not going to make things any easier for him. Later that evening he sits down in front of his sister's computer to download some e-mails. His sister downloaded his e-mails for him while he was in jail and stored them in a separate folder. He almost fell of the chair when he saw thousands of junk e-mails, scams and unsolicited advertisements that came through while he was gone. Victor decided to close his e-mail account and sworn never to use an e-mail account ever again.
This may be excessively exaggerated case of online fraud, but it clearly demonstrates what can happen to you after replying to a cyber scammer appearing to be completely harmless. It all starts with a trivial thing like your e-mail address landing in the wrong hands. It may not always be that easy for scammers to steal your money or commit Identity Theft, but you always walk the risk of financial loss if you don't take care of your personal information. Your personal information is your identity and your identity is a valuable asset to cyber scammers. Be vigilant, don't become a victim of cyber fraud.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software. Educate yourself with examples of real hoaxes, spam e-mails and scams send to real people.
Labels:
Cyber Crime,
Cyber Fraud
Subscribe to:
Posts (Atom)