Every trick in the book: how hackers take over your computerby Rich PascoSpammers will use every trick in the book to get you to click on their links to malicious web sites, or to open their malicious attachments, or to divulge personal information for identity theft. Here are just a few examples. As P.T. Barnum said, "There's a sucker born every minute." Don't be one of them! Most are designed to create a sense of alarm and urgency, threatening financial harm, embarrassment or inconvenience unless one takes the bait. Others flatter the recipient and/or hint at sexual benefits. Often, the "From:" e-mail address on such fraudulent e-mail messages is forged, or "spoofed", to resemble that of a well-known service (such as Facebook or MySpace). If you have that service in your approved senders list, such junk mail will slip right past your junk-mail filter. You should never trust the "From:" address on any e-mail; it is easy to forge. There have been an increasing number of incidents where a hacker breaks into an e-mail account and sends junk mail to all that person's contacts. Even if an e-mail seems to be from a friend, it may not be, so proceed with caution. For more information see "Spam from your friends: hacked and spoofed e-mail" The "software update" trickYou get an e-mail purporting to be from a known software publisher like Microsoft or Adobe, claiming that your software is out of date and needs to be updated, so click here to install the update. Only problem is, the e-mail didn't really come from that publisher, and the link installs malicious software. Gotcha! In a variation, you visit a dubious web site offering exciting videos (e.g. late-breaking news or erotic videos). In the box where you expect a video, you see a notice stating you need an updated video player, so click here to install it. Gotcha! Legitimate software publishers do not send updates by e-mail. Many applications can be configured to automatically update themselves by connecting directly to their publisher's legitimate server--this is the preferred way to keep your software up to date. And if you do need an update that didn't get installed this way, please directly visit the publisher's web site by going to a known, trusted address, rather than by a link in an unsolicited e-mail or dubious web page. The "notification pending" trickAn e-mail pretends to come from Facebook, LinkedIn, or another popular social-networking site. The "From:" address is forged (spoofed) accordingly, and the body exhibits a phony but convincing replica of that service's graphics and tells you that you have a notification, friend request, or other message pending on their system, so click here to get it. Gotcha! The wise user, upon receiving such an e-mail, will not click on the link in the e-mail without first checking where it really leads. (In some e-mail programs, you can hover your mouse over the link and read the status bar.) Better yet, just delete the e-mail and then log into your networking site in the usual way to see what messages may await you there. The "order confirmation" trickYou receive an "order confirmation" e-mail ostensibly from a known retailer (e.g. Amazon.com) or a known credit card (e.g. MasterCard) confirming a purchase you allegedly made. You know you didn't make the purchase, so you click on a link to view the details. Gotcha! If you suspect that something you didn't order was charged to you, you should go directly to your credit card company by telephone or by the link you trust and usually use—not the link in the e-mail. If you can't corroborate the e-mail, that confirms that it was phony. The parcel delivery problemYou receive an e-mail message telling you that a parcel you shipped could not be delivered, and please click here (or open the attachment) for details. Gotcha! The giveaways are that you didn't ship a package recently, the e-mail comes from a shipping agency you don't patronize, and it is very vague except for the insistence that you open the attachment or click on the link. Besides, how would they know your e-mail address, anyway? The travel reservations trickYou get an e-mail ostensibly from an airline or travel agent saying that they have your reservations, just click here to confirm. Gotcha! Unless the e-mail comes from an agent with whom you already made reservations and includes information which a stranger would not know (such as your full name, travel dates, itinerary, flight numbers, etc.) it's safest to just delete it. "Is this you in this video?"You get an e-mail message, apparently from a friend, asking "Is this you in this video?" You wonder what videos showing yourself might have been posted on-line, so you click the link. Gotcha! In a variant of this scheme, the link takes you to a page pretending to be a video player unable to play the video unless you install a new video driver. Gotcha! Please see my page about executable files. "I liked your profile ... here's mine"This one preys on people having profiles on singles dating or social networking sites. You get an enticing e-mail flattering you on your profile and inviting you to click on a link to see their profile, or open an attachment to see their picture. Gotcha! The dead giveaways are that the e-mail doesn't state which profile the writer saw or where he saw it, or what it was about it he liked. It's vague enough to apply to anybody with a profile anywhere! Also, legitimate social networking services don't give out your e-mail address. If someone responds to your profile, their response will be forwarded by the service, not come directly from the correspondent. If, having read all this, you still feel compelled to reply, then you should ask which profile the person saw and, "Just what about my profile was it that you liked?" Only proceed if you get a credible response to this question. The "job offer" scamYou're looking for work, and you get an unsolicited e-mail purporting to offer you a job. Full details are in this link; click here. Gotcha! To defend against this one, look carefully at the e-mail. Was it addressed to you by name (as a legitimate inquiry would be) or just by e-mail address? Did it come from a job-search site where you have a résumé listed? Are you sure? (Careful: some spammers forge, or "spoof" the address of a well-known job site.) Hover your mouse over the link and look at your status bar; do you know and trust the domain to which it is leading you? Does it urgently request immediate action (within minutes or hours)? Is a salary amount stated in the e-mail? (Legitimate employers save this for a printed job offer letter.) The erotic photo trickAn unsolicited e-mail carries an attachment or link with a cover letter claiming it's an erotic photo. For example, here's one I actually got: Fortunately, my virus scanner deleted the attachment. Yours may or may not. Here's news story about a similar trick.Hey. I am attaching a pic of my big boobs. Enjoy my love! "Your e-mail account will be terminated"This one threatens to cancel the recipient's e-mail account unless certain very personal details are divulged by return e-mail. Of course the e-mail doesn't really come from your service provider (who would already have this information), and your response allows the scammer to steal your identity. Here's one example: Delete this junk mail. If you still suspect something wrong with your e-mail account, contact your service provider by a trusted means.ATTN, We are currently upgrading our database and as such terminating all unused accounts to reduce congestion on the network. To prevent your account from being terminated, you will have to update it by providing the information requested below: ****************************************** PLEASE CONFIRM YOUR EMAIL IDENTITY NOW! Email : ...................... Password : .................. Date Of Birth : .............. ****************************************** NOTE: Your data and information will not be interfered with or tampered we will just record your data back into our data base and send you an email and after 24hours. Warning!!! Account owners that refuses to update their account may lose such an account permanently. Message Code: NXDT-4AJ-ACC Thank you, Mail Support Team. Upgrade on your Webmail Account. The "Credit Card Overdue" trickYou get an e-mail claming that your credit card payment is overdue, but the late fee will be waived if you open the attachment right away, or complete and submit this form. Catch is, the e-mail didn't come from your bank, the attachment installs malicious software on your computer, and the form doesn't go to your bank but sends your personal information to the con artist who sent it to you. Gotcha! What to do instead: Delete the junk mail. If you really suspect something is amiss with your credit card, log in to the bank's web site via a link you trust and check your account activity there. The "Better Business Bureau" trickYou get an e-mail purporting to be from the Better Business Bureau reporting a complaint against you. Details are in the attachment. However, the e-mail is phony and attachment (or link) leads to malicious software. Gotcha!
Index to all of Rich Pasco's articles on e-mail and viruses Copyright © 2010-2011 Richard C. Pasco. All rights reserved. |