[SeniorTech] Re: SeniorTech Tip - Beware of Spoofing & Phishing

Q: Ok. I finally understand what spam is and I just delete e-mail messages from people I don't know or with subject lines that I don't want. But now I hear about people getting messages from me that I didn't send. Also, I see messages from big companies (like eBay and my bank). What's that all about?

A: Unfortunately, the bad guys have found some new ways to infect our e-mail. As you mentioned, spam is unwanted e-mail that (usually) marketers send out by the thousands hoping to get a few people to respond and click on the links they provide.Often a message will tell you that you can be removed from the list or unsubscribed, by responding back to a special e-mail address. Don't do this. This is a technique of these people to determine if your e-mail address is active - then they can sell it to other spammers as a "live one." You'll start getting even more junk email! Just delete any messages that you don't like the subject of (Mortgages, Viagra, Make $ at home, porn, etc) without even opening them up. The same with messages from people or companies you don't know or are not interested in.

But that brings us to the current problems as you mentioned.

A term called "Phishing" is used to refer to e-mail messages that you receive that seem to come from a legitimate company that you may have an account with - AOL, Bank of America, eBAY, Microsoft, PayPal, American Express, other banks and so on. If you have accounts or do business with such companies, you obviously want to read their correspondence - and that is what the Phishers are counting on. The typical scenario is that the message from, say AOL, will tell you there is some trouble with your account. Maybe it warns you that someone may have broken into your account so you need to confirm some information. Usually the message directs you to click on a link and go to a web page to "update" or "confirm" your information. The page looks just like an AOL (or eBAY or PayPal or…) page.

The Phisher hopes that you will be fooled into providing the information asked for on that page. Then they can use that information to really access your account and do damage. You wouldn't "confirm" important information to someone who calls you on the phone so don't be fooled just because you are on-line.

Here's what you need to remember. Legitimate companies such as the ones mentioned above will NEVER send you an e-mail and ask you to confirm your password, credit card number, social security number, account number or any other information.

If you get such a message, delete it because it is NOT from the real company. You may want to save some of the messages to a separate folder and alert the Attorney General's office as Phishing is a serious crime. Also, Microsoft and the others will NEVER send you a message with an attachment that they want you to open or a program to run. If you get something like that, delete it without opening it.

Spoofing...

But what about when you get a message that appears to be from a friend or a friend gets something from your address? This is a new problem area called "Spoofing." Certain viruses will grab every e-mail address they can find on your system (like from your address book). Spoofing is when the virus grabs one of the addresses from you for the "From" field and another for the "To" filed. So it looks like the message (usually with a virus or some other problem attached) came from someone in your address book - and hence you are likely to trust it.

Spoofing is a tricky situation to deal with because the message comes from someone familiar, maybe even yourself! The best defense is prevention. Keep your anti-virus definitions up to date so that you will not be infected by these spoofing or other viruses. You may also want to devise a strategy with your most common e-mail buddies. If you are the type who likes to send messages with attachments to your friends and vice versa, come up with a little code so that you all know the message is really from you and OK to open. For example, you could tell your e-mail buddies that if you send them an attachment (pictures or whatever) you will include a certain word in the subject line or the body of the message. So if they get a message supposedly from you with an attachment and it does not have the secret word, they should delete it. Decide on a word or phrase that won't come up naturally in spam messages.

E-mail is still a fantastic tool but unfortunately we have to be more and more careful in how we use it. Have fun but be smart and safe.