|
|
Spoofing
& Phishing |
Q: Ok. I finally understand what spam is and I just
delete e-mail messages from people I don't know or with subject lines that I
don't want. But now I hear about people getting messages from me that I didn't
send. Also, I see messages from big companies (like eBay and my bank). What's
that all about?
A: Unfortunately, the bad guys have found some new
ways to infect our e-mail. As you mentioned, spam is unwanted e-mail that
(usually) marketers send out by the thousands hoping to get a few people to
respond and click on the links they provide.Often a message will tell you that
you can be removed from the list or unsubscribed, by responding back to a
special e-mail address. Don't do this.
This is a technique of these people to determine if your e-mail address is
active - then they can sell it to other spammers as a "live one." You'll start
getting even more junk email! Just delete any messages that you
don't like the subject of (Mortgages, Viagra, Make $ at home, porn, etc) without
even opening them up. The same with messages from people or companies you don't
know or are not interested in.
But that brings us to the current problems
as you mentioned.
A term called "Phishing" is used to refer to e-mail
messages that you receive that seem to come from a legitimate company that you
may have an account with - AOL, Bank of America, eBAY, Microsoft, PayPal,
American Express, other banks and so on. If you have accounts or do business
with such companies, you obviously want to read their correspondence - and that
is what the Phishers are counting on. The typical scenario is that the message
from, say AOL, will tell you there is some trouble with your account. Maybe it
warns you that someone may have broken into your account so you need to confirm
some information. Usually the message directs you to click on a link and go to a
web page to "update" or "confirm" your information. The page looks just like an
AOL (or eBAY or PayPal or…) page.
The Phisher hopes that you will be
fooled into providing the information asked for on that page. Then they can use
that information to really access your account and do damage. You wouldn't
"confirm" important information to someone who calls you on the phone so don't
be fooled just because you are on-line.
Here's what you need to remember.
Legitimate companies such as the ones mentioned
above will NEVER send you an e-mail and ask you to confirm your password,
credit card number, social security number, account number or any other
information.
If you get such a message, delete it because it
is NOT from the real company. You may want to save some of the messages
to a separate folder and alert the Attorney General's office as Phishing is a
serious crime. Also, Microsoft and the others will NEVER send you a message with
an attachment that they want you to open or a program to run. If you get
something like that, delete it without opening it.
Spoofing...
But what about when you get a
message that appears to be from a friend or a friend gets something from your
address? This is a new problem area called "Spoofing." Certain viruses will grab
every e-mail address they can find on your system (like from your address book).
Spoofing is when the virus grabs one of the addresses from you for the "From"
field and another for the "To" filed. So it looks like the message (usually with
a virus or some other problem attached) came from someone in your address book -
and hence you are likely to trust it.
Spoofing is a tricky situation to
deal with because the message comes from someone familiar, maybe even yourself!
The best defense is prevention. Keep your anti-virus definitions up to date so
that you will not be infected by these spoofing or other viruses. You may also
want to devise a strategy with your most common e-mail buddies. If you are the
type who likes to send messages with attachments to your friends and vice versa,
come up with a little code so that you all know the message is really from you
and OK to open. For example, you could tell your e-mail buddies that if you send
them an attachment (pictures or whatever) you will include a certain word in the
subject line or the body of the message. So if they get a message supposedly
from you with an attachment and it does not have the secret word, they should
delete it. Decide on a word or phrase that won't come up naturally in spam
messages.
E-mail is still a fantastic tool but unfortunately we have to
be more and more careful in how we use it. Have fun but be smart and safe.