Cyber Crime Made Easier Through Impersonality

By Coenraad De Beer

What makes you suspicious when someone from your bank comes to see you to update your personal details? The most obvious answer is the fact that the bank never does this. Why can’t they call you and ask you to come to the bank, why do they need to send someone in person to come and see you, in fact why do they need to update your details in the first place? This seems rather obvious to many people but once they get an e-mail asking for the very same thing, they seem to loose their reasoning ability. The main reason for this is the fact that the e-mail is impersonal and your normal instinctive reactions that kick into place when someone personally asks you for this information do not necessarily do their job when you are confronted in an impersonal way.

The impersonal nature of e-mail makes it an easy way of asking for things that would have been hard to ask when you were facing the person face to face. Unfortunately fraudsters discovered this and are using it to steal critical and personal information from people with a technique called phishing. They disguise their request for information with the logo, letterhead and e-mail address of a well-known and trusted company and create a false sense of security among the recipients of the e-mail and lure them into a trap. Anyone can create a web site that looks like a corporate site, so you can’t trust any site that looks like a corporate one. If you look more closer to the content of these sites (and e-mails) you soon discover certain inconsistencies, some are small and some are more obvious. But little things like spelling errors, bad grammar should start flashing warning lights right away.

People should realise that real organisations never ask for critical and important information though e-mail, nor the telephone or any other means of communication. You have to supply these details in person to an official of the company at one of their offices. E-mail is very insecure and can be intercepted in many different ways. And by the way, why would banks want to confirm your credit card information or pin numbers, they have it on record and they were the ones who issued you the credit card number, why would they want to confirm or update it, what is there to update when it comes to a credit card number, pin or password?

It seems like people have a different set of rules for reasoning in the real world and on the Internet. People are more suspicious on street than on the Internet. One of the main reasons for this may be a lack of knowledge of how things on the Internet work. Everyone knows you can’t trust a hawker on the sidewalk but many people trust almost any web site because they can’t see what’s going on behind the scenes. For all you know a bum can run a corporate looking web site from an Internet cafe. It is general knowledge that you can’t trust the hawker on street, but several decades ago people did not know it. Once it becomes general knowledge how fraudulent web sites look and how they operate, you will see a decline in phishing scams of this nature. Unfortunately, fraudsters always find a new way of tricking people and the educational process of identifying scams and fraud will start all over again.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against malicious software.

Firefox 1.5 vs. Internet Explorer 7 - It Is A Matter Of Trust

By Coenraad De Beer

Firefox has been around for a much shorter time than Internet Explorer and still it is much more secure and reliable. Microsoft has released the newest version of their web browser, Internet Explorer 7 Release Candidate 1. Already you can see complaints everywhere about bugs and problems experienced by people who upgraded to the newest version. Internet Explorer 7 boasts an array of new features, but almost all of them have been around in Mozilla Firefox for quite some time.

I guess the one feature Microsoft is bragging with the most is the new tabbed browsing interface. This is nothing new to Firefox users and I would rather trust a browser that has been using this feature for a couple of years because it had enough time to straighten out all the bugs and problems associated with it. Internet Explorer 7 is new to the world of tabbed browsing and one wonders how many problems will one experience with this feature before Microsoft gets it right. I’m not saying that there are any problems with its tabbed browsing feature, but if they could not even get the basics right in the past one does not have much trust when they come up with a brand new feature.

Later versions of Internet Explorer 6 introduced a built-in pop-up blocker. Users of Mozilla Firefox has been enjoying pop-up blocking long before Microsoft decided to add it to their browser. With its pop-up blocking feature and enhanced security, Firefox has been much less vulnerable to virus and spyware attacks than Internet Explorer. Firefox may not be 100% secure but security issues gets fixed in a much more timely fashion than the ones in Internet Explorer. The main reason for this effective attention to bug fixes is the fact that Firefox is Open Source software. Many people argue that it poses a great security threat having your source code available to the public, because it is easier to discover and exploit vulnerabilities when you have access to the code. This may be true, but the fact that the source code is available to anyone, creates a bigger pool of software developers contributing to the development and enhancement of the software, which results in faster and more effective releases for bug fixes and security issues. You are left at the mercy of Microsoft to get the problems in Internet Explorer fixed and all of us know how slow their response sometimes are when it comes to resolving security issues.

Another feature of Internet Explorer 7 is the new anti-phishing scanner. It scans the pages you visit for the possibility of phishing scams. This is a welcomed feature for any browser because there has been an increase in phishing scams over the ears and action has to be taken against them. Now, many people may take the opportunity and throw some stones at Firefox saying that it does not have a built-in phishing scam scanner, but Internet Explorer does. I’m sorry to burst your bubble, but you can add the same feature to Firefox with the Google Toolbar extension. The newest version of Google Toolbar has a feature called Google Safe Browsing that stops the user from visiting a possible phishing site. The fact that you can enhance Firefox with extensions makes it a very versatile browser.

Web developers are jumping for joy with the introduction of the Developer Toolbar in Internet Explorer 7. The toolbar includes tools that assist web developers in troubleshooting and manipulating web pages. Again you can add the same (if not better) functionality to Firefox with the Web Developer Toolbar Extension. This extension for Firefox is packed with so many features that you will ask yourself: “What can this toolbar not do?” There is also better CSS (Cascading Style Sheet) support in the newest edition of Internet Explorer compared to previous versions, but any web developer knows that Firefox has always handled CSS much better than Internet Explorer.

RSS (Really Simple Syndication) feeds are starting to become a web standard and providing support for it is becoming inevitable. Firefox caters for RSS feeds through its Live Bookmarks and the Google Toolbar also supplies its own way of subscribing to RSS feeds through Google Fusion. Windows Vista will be geared towards RSS feeds and that is why Microsoft decided to incorporate support for RSS feeds in Internet Explorer. So once again, Firefox has been supporting this feature long before Microsoft decided to add support for it in their browser.

It took 7 versions of Internet Explorer to get it up to similar standards as Mozilla Firefox that is only at version 1.5 at the moment. Users upgrading from Internet Explorer 6 to version 7 will be introduced to new features, some may be confusing for people not used to things like tabbed browsing and RSS feeds. So if you are willing to learn new ways of browsing the Web, why not switch to Mozilla Firefox, the trustworthy browser that has been doing things right from the beginning.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against malicious software.

For fast, safe and secure browsing, download Mozilla Firefox with Google Toolbar.

Mars Coming To Large View – Is This Hoax Amnesia Or Ignorance

It is unbelievable how many people believe all the nonsense that is circulating the Internet these days. Last year, 30 October 2005, we had the occurrence of Mars being close enough to Earth so that you could be spot it with the naked eye. But many people complained the next day that they saw nothing. The reason was that they have been hoaxed to believe that Mars will be as big is the moon, while it was in fact a bright star in the sky. This year we again have an e-mail circulating the Net, propagating the same lies again and the best of all, the e-mail states that this will only happen again in the year 2287, but according to NASA, this happens every two years.

This phenomenon occurred last year (and in 2003), so this means that the next occurrence is in 2007, not this year. This e-mail is such a classic example of a hoax, that it is totally unbelievable that people still fall for this and distributes these lies to everyone they know. The e-mail states “This month and next, Earth is catching up with Mars”. It takes Earth 365 days to complete an orbit around the sun. Earth’s orbital track is smaller than the orbital track of Mars, therefore it takes Mars longer to complete an orbit around the sun. Now explain to me how do Mars orbit around the sun twice in a matter of two months?

“Mars has not come this close to Earth in the Last 5,000 years, but it may be as long as 60,000 years before it happens again.” It looks like the creators of this e-mail could not make up their minds about how long it will take for the next occurrence. The year 2287 is 281 years from now, almost 3 century’s, now they suddenly speak of 60 millenniums. There are references to several scientific words and phrases in this e-mail that only a NASA scientist will understand, so how is it possible that they can’t do simple maths while they possess the knowledge of an astrologist? NASA states that Earth has not been this close to Mars for the last 60000 years, I guess that is what got them mixed up.

“The encounter will culminate on August 27th when Mars comes to within 34,649,589 miles of Earth”. Notice how they don’t reference the year. This makes it extremely easy to use the same message next year and the years thereafter. It will be really silly if people forward this e-mail in September, but it is not impossible, people tend to miss little details like this because they read their mail like zombies, they don’t always think about what they read. This is maybe the biggest reason why we get so many spam and chain letters forwarded to our inboxes these days.

“Mars will look as large as the full moon to the naked eye.”

I guess once Mars looks as large as the full moon we should start worrying seriously.

Coenraad de Beer - EzineArticles.com Platinum Author

Cyber Top Cops - The Cyber Security Specialists

Don't Become A Victim Of Identity Theft

Identity theft can happen in many different ways. Some are out of your hands and you can do nothing about them, for instance when your information are leaked by institutions due to negligence. But your identity can get stolen in several other ways, ways that can be prevented.

A week ago I received an auto-responder from an U.S. University informing me that the person I contacted was on leave at that moment and would get back to me as soon as he was at the office again. What made my eyes pop out of their sockets was the subject of e-mail they were referring to. Someone sent this person an e-mail about something I don’t even want to mention here, an e-mail, according to them, that was sent from my e-mail address associated with my cyber-security web site. This has been a clear case of identity theft. I guess the spammer who sent the original message did not think I would get an auto-responder informing me about it. I was lucky in this specific case because you never know how much people send e-mails under your own e-mail address.

Some advice to webmasters. Never use the “mailto” tag on your web pages. Spam spiders crawl your website looking for e-mail addresses and specifically “mailto” tags. You make it too easy for spammers to get your e-mail address when you use “mailto” tags. Rather embed your e-mail address in an image with a font that is readable to your visitors and at the same time hard to be converted to text by spam spiders. This will decrease the chances of having your e-mail address spoofed in some kind of spam e-mail and you will also have a smaller chance of receiving spam. This is not foolproof, but will certainly fool less advanced spam spiders.

Never reply to spam e-mails. Many spam e-mails contain a spoofed e-mail address. You will only supply your e-mail to somebody you don’t know a thing about and the best of all, the person may not even be associated with the e-mail in the first place. Other spammers count on the possibility that you reply to their message in order to confirm that your e-mail address is active. If you ignore their e-mail you will have a better chance of not receiving an e-mail from them in the future. The vast majority of spam e-mails do not even contain a valid e-mail address you can reply to. Your reply will most of the times bounce back. It is also dangerous to click on the links of spam e-mails. They sometimes link to web sites that contain malicious software that will turn your innocent computer into a spamming device to do their dishonest promotion work for them.

National lottery e-mails are nothing other than information harvesters. You normally have to supply your social security number or some kind of identification number, telephone numbers, postal addresses, fax numbers, e-mail addresses, even physical addresses. You can’t win a lottery if you haven’t entered one and even if you entered one you should have lottery numbers that correspond with the ones in the e-mail. Lottery competitions normally work on a basis of collecting your prize with a valid lottery ticket. You never receive a notification via e-mail that you have won, you have to watch television or read the newspaper to see if you have the winning numbers. Never reply to these e-mails or phone the numbers supplied in them, these people are only harvesting your personal information, nothing else.

Chain letters is another way of getting your identity stolen. Ever noticed the large number of e-mail addresses contained within chain letters, especially if they have come a long way? By forwarding chain letters to all your contacts, not only makes yourself guilty of spamming, you also walk the risk of supplying your e-mail address to other spammers.

Petition lists is a very clever way of harvesting personal information. These lists are normally about sensitive matters that stir up emotion from the readers in order to move them to forward the list with their name and contact details to everyone they know. Petition lists normally have a statement that if you are, lets say number 100, on the list you have to send the list back to person listed at the top. Now think clearly about this. Lets say you are number 50 on the list and you forward this to 5 other people and each of them forward the list to 5 persons each. You end up with multitudes of the same list, where the first 50 people on the list are the same every time. Do you really think the creator of this list is going to filter trough all these lists and remove all the duplicate entries? No, petition lists is only a way of creating a never-ending source of personal information for spamming and illegal activities.

The FBI is stepping up its fight against online fraud with a new initiative called Operation Identity Shield. It is nice to see the authorities doing something about this, but the root of the problem still lies with the uninformed Internet users. If you don’t have the knowledge to identify these threats, you will take part in identity theft practices without even knowing the dangers they impose.

Coenraad de Beer - EzineArticles.com Platinum Author

Cyber Top Cops - The Cyber Security Specialists

Protocol Against Spam

There has been heavy debate over the effectiveness of the SMTP protocol in a world polluted with spam. There is an urgent need for a new protocol to replace this age-old technology to help battle the ever-increasing problem of spam. But is it really necessary to replace this trusted protocol, is e-mail protocol not the solution to spam we are seeking for.

I guess I have you a bit confused now. The e-mail protocol I’m referring to is not the technology protocol, no I’m speaking of a set of rules that has to be applied to make sure your e-mail reach its destination. This set of rules will make it easier to define the behavior of spam when developing anti-spam controls. Web developers who want their web sites to reach high rankings in search engines have to keep within the rules of the search engines, if they don’t, they won’t reach their targeted audience. Moderators of Internet Relay Chat rooms do not tolerate any behavior that does not comply with the set of rules of the chat room. Crossing the line in a chat room will get you kicked from the room. The same rules apply for discussion forums. Some members like to spam forums with affiliate links and scams. Some forums allow you to place a link to your web site in your signature where other forums disallow the use of HTML altogether. It is very simple, if you don’t stick to the rules you don’t get to use the service.

But applying this to e-mail is not that simple. It is very difficult to deny the usage of e-mail if they don’t stick to the rules. Yes we read that Internet Service Providers ban their members if they get caught using spamming techniques to deliver their message. But do we ever see these measures enforced on someone? Be honest, you would rather have the client use spamming techniques than to loose out on the money the customer is paying. The solution to this problem is to penalise spammers without banning them from using e-mail. Search engines have given us the guidelines to do this. I agree that search engine algorithms is not perfect mechanisms and people familiar with Search Engine Optimisation know that search engines constantly change their algorithms to stay ahead from people exploiting their vulnerabilities. Applying these algorithms to the SMTP protocol is yet another problem. Many ISP’s have spam filters installed on their servers to help filter out spam for their clients, so if you can apply the rules of search engines to these spam filters you will be closer to the solution.

Search engines scan pages for consistency in their content. If the header of a page does not conform to the body of the page you won’t get a good ranking on the Search Engine Result Pages. This will filter out a huge chunk of spam circulating the Internet. Companies who send e-mails with a single image embedded in the e-mail also make it hard for current spam filters to determine if it is spam or not. You need Optical Character Recognition software to scan the contents of the image and convert it to text. This will make anti-spam software very expensive and even the best OCR scanning software still makes errors when they convert images to text. What about pornography? You will also need a special scanner to detect pornographic images. The only solution to this is to make a general rule that it is not proper e-mail protocol to embed only images into an e-mail without proper content. I don’t understand why companies still use this method of marketing. Dial-up users normally download e-mail and disconnect from the Internet to read their messages offline. There is nothing more frustrating than opening a message with only images embedded into it and there is no way you can see what the sender is trying to offer you without reconnecting to the Internet again. People advertising like that never reach me because I simply delete messages like this. If everyone starts to do this it will automatically create a protocol and companies will stop sending e-mails like this. E-mail clients like Thunderbird allow you to hide images embedded into e-mail messages and an e-mail that consists only of images is therefore totally useless if it reaches the inbox of people using this feature. The only ones who will continue using this practice will be spammers.

Search engines detect when you simply place hundreds of keywords on a page that makes no sense at all. Pages like this never rank well and sites using this practice even get banned from most search engines. Have you ever received an e-mail with strange sentences or tons of words at the bottom of the e-mail. These words and phrases are used to confuse spam filters and to make it harder for the software to decide whether it is spam or not. Applying the technology of search engine algorithms here will get rid of yet another chunk of spam.

A protocol that is starting to become a common practice is the usage of text only e-mail messages. Many servers reject e-mails with HTML code embedded into them and only allow text messages to pass through. But this is the common example where little Johnny did something wrong and now the whole class gets punished. Respectable companies use images in their e-mails to compliment the content of their messages. If you can’t use HTML, you can’t format the message to have the look and feel of your company. If you can’t use HTML, you can’t make use of your company logo or include illustrative images of your products in your messages. Why should everyone get punished for people who abuse the same mechanism that respectable and honest organisations use to promote their products? This is why you have to design an e-mail message in such a way so that it still delivers the marketing message clearly without the images and HTML.

I have even seen people suggesting that closed circle e-mail protocols replace SMTP. These protocols are used in companies for internal communication. Servers only allow e-mails to pass through if they have your e-mail address on their safe-list. If you are not on their safe-list you won’t get through. But this is a very unpractical method of filtering out spam, what if a customer wants to contact the sales department or anyone contacting any department for that matter? Another similar method is one that was introduced by Hotmail. Only e-mails from your contact list lands in your inbox, every other e-mail is filtered to your Junk Mail folder. You will have to indicate which e-mails to allow in the future. The rest are deleted automatically after a specified number of days. This method has some merit but can be a daunting task if you want to implement it in a commercial environment. You will have to employ a full-time e-mail administrator to select which e-mails should go through. Both these protocols are very counterproductive measures.

Lets be honest, getting rid of spam is not an easy task. But if everyone starts to ignore spam or messages with the characteristics of spam you should see a decline in the spam circulating the Internet. Spammers will soon realize they are only wasting bandwidth with their useless e-mails and no one is falling for their moneymaking schemes anymore.

Coenraad de Beer - EzineArticles.com Platinum Author

Cyber Top Cops - The Cyber Security Specialists