TECH TIP: How to Spot Fraudulent Email With Bogus Links

A listener forwarded me an email that appeared to be from LinkedIn notifying them of a "new message".

What concerned this gentleman, and quite wisely, was that he didn't know a "Catherine Patterson". While only one of many clues, it was enough to raise the caution flag and seek assistance. Fortunately he asked questions before clicking the links.

I shared the following; perhaps it will be of value to you as well:

You can check the validity of links in Outlook emails by holding your mouse over the link URL. If the URL shown in the mouse-over does not match EXACTLY the URL you’d expect (i.e. linkedin.com -> linkedin.com or at least somethinghere.linkedin.com) you can bet this is bogus. In the example you forwarded, the URL *displayed* is www.linkedin.com but the email code would send you to some crazy amrpartners dot com dot br URL.

While it’s POSSIBLE this is an email re-direct from their email provider, the “.br” domain, among other clues (i.e. you don’t know Catherine Pathttp://www.blogger.com/img/blank.gifterson) makes me confident it’s fraudulent. You can always log in to linkedin.com separately to see if Catherine HAS in fact sent you a message.

Short version: If the mouse-over URL does not equal the displayed URL (and the domain of the site you’ve heard of), simply press delete.




More information on this topic from anti-virus maker Trend-Micro.

What clever tricks have you seen from spammers? If you have a tech question, feel free to reach out: techexpert AT brianwestbrook DOT com

Botnets: Is Your Computer Commiting Crimes?

KXL Tech Expert Segment for 30 November 2007

By some estimates one in four computers connected to the internet is working overtime – without your knowledge. These hijacked systems could be hacking into computer systems, stealing identities or flooding websites in an attempt to shut them down. Called “botnets”, these underground, and mostly hidden, networks are being shut down thanks to International law enforcement efforts spearheaded by the FBI.

Protecting your system from becoming a drone in a hacker’s botnet army requires safe computing practices. While some opt for drastic measures such as pulling the plug on your internet connection – you can leave your system running and keep it focused on the tasks you choose and from doing a hacker’s dirty work.

Keep your operating system current.
All computer software – and the operating system (i.e. Windows, Mac OS) especially– requires periodic updates. Security updates and vulnerability patches should be installed immediately to plugs holes in software that can be used to take over your system. For most home users, setting the updates to download and install automatically is usually recommended. To keep your computer at work patched, ask your IT Help Desk for their plan to keep your system up-to-date (they may have special concerns, procedures, or prefer to test updates before they get installed).

Run the latest anti-virus software – regularly.
The anti-virus software you got with your new system last year will only help you squash bugs that were identified last year. If you haven’t updated the data files for your anti-virus software, you may be operating under a false sense of security. All anti-virus software is capable of checking for the latest definition files (the list of what exploits are out there and how to inoculate against them) – but some must be configured to do so.

Look for spyware.
Spyware, like virus infectons, are malicious bits of code completing tasks you never intended. A good anti-spyware program is called “AdAware” (the basic version is free) and will clean your system of known software that could be extracting your personal data and sending it to the cyber crooks. Having a machine full of spyware could make your computer an easy target for enrollment in a botnet's virtual network of evil.

Check your firewall – or get one.
A firewall is a device that sites on your home or office network between the computers you use and the Internet. Acting as a gatekeeper, the firewall prevents unwanted traffic from directly accessing your computer. A “front door” to your home network, you can choose which traffic (and from who) to let in – and keep out the bad guys. You can also run firewall software that monitors incoming network traffic on an individual computer – a handy option for those using one or two computers connected online directly. Most recent operating systems include a built-in basic firewall.

Use good passwords and change them often.
Perhaps you've been tempted by that “special offer” or met someone online who has been dying to meet you (and 100,000 of her closest friends) – but were you the subject of a phishing attack? “Phishing” is a tactic to extract personal information (passwords, credit card numbers, etc.) by posing as seemingly legit websites. Victims often click on enticing offers received by email or in response to notifications that appear to be from a bank or online merchant. If in doubt, close the email and contact that company directly – either by phone (“did you send me this email?”) or by accessing the website directly (i.e. typing the address into your browser manually – don’t click the link from your email), or via. a trusted search engine. “If it smells like a phish...”

Watch for suspicious signs and get help.
Is your computer not quite acting like you think it should? Are you finding it takes longer to perform routine tasks? Are the lights blinking when nobody’s home? Suspicious behavior or degraded performance could indicate your computer is being used in a botnet. Have it checked out by an expert who can monitor system processes and check for other vulnerabilities.


While no single tip will completely block hackers, and new exploits and tactics are being discovered constantly – practicing safe computing will help keep your system out of the hands of the bad guys.

Listen to this report, originally broadcast on KXL-AM Friday November 30: kxl_techexpert-botnets_20071130.mp3 (MP3)

Do you have additional tips? Any horror stories you’d like to share? Drop me an email (techexpert AT brianwestbrook DOT com) or post to the comments – I’m here to help.

Hijacked Myspace page could mean trouble for everyone

Tech Expert Bonus Post

It might not be a jumbo jet, but a hijacked Myspace page can open the door to many problems -- identity theft, stolen data, or an inbox full of spam. It can affect not only the owner of the hijacked Myspace page -- but anyone who visits the page.

Since I get asked this question quite a bit -- I figured I'd post (if anything so I can point users here rather than re-typing the story... lazy? yup!).

Background
Typically the Myspace hijack is introduced when a page owner decides to pimp their profile out with one of the many available "free layouts" abundant on the web. Installing this code on your page can introduce a trojan-like code that will result in those visiting the site in being phished of their myspace login. Here's how...

Threat Details
While browsing Myspace (or a similar site), an unsuspecting user / victim clicks a link appearing to be from a myspace "friend" (often this link is to "Send Message" or "Add as a Friend". (See screenshot with this post, personal information hidden to protect the innocent.) The link you click then prompts you with a "you must be logged in to do that" page... and without too much thought... ("oh, myspace must've logged me out or something, right?")... . and without checking the URL (i.e. look for "login.myspace.com"), you've actually provided your myspace login information to the bad guys (who then cleverly re-direct you to the content you originally requested / your myspace home / someplace else that seems logical and doesn't raise your suspicion). The bad guys can now post bulletins / messages as YOU and spread the illegitimate login link to other victims...but wait, there's more...

Now where this gets *really* bad is when you've used the same password in myspace as you have for your email account.

Let's say your Myspace login is your email address (myspace@yourdomain.com) and a password (hijackvictim). If you, like many other users, have set your myspace password to be the same as your email password... I (representing evil-doers everywhere) can now log into your email account. Muhahaha....

And, as I'm sure you know, once I've got access to your email address... I can use the "forgot my password' link for a variety of sites -- obtaining access to bank accounts, ebay, etc. etc... (Click this link [mp3] for my 12 Feb 2007 report for Newsradio 750 KXL on identity theft.

Recommendation
My suggestion: Change your myspace password immediately to something VERY DIFFERENT from anything else associated with that email address. Change every other login that uses the same password to something new and unique to your myspace account -- do it now.

While not foolproof, some users pick a default password ("D0n't@sk!" and change it for every site... slighty... say, "D0n't@sk!a" for myspace.com since "A" is the first vowel... something you can remember, but that keeps your passwords unique... it's a start. (For more on good password techniques, listen to my report from 19 Feb 2007 here [mp3])


Quick Tips:

1. Change your myspace password to something unique (even if you don't think you've been hijacked, change it now!)
   
2. Don't use the same password for myspace as you do email, bank accounts, etc. (this is good advice in general, but especially for sites like myspace)
   
3. If in doubt, follow these steps: Open a new browser window to the site you're trying to view.
   
4. Just because it *looks like* Myspace (or your bank's site, etc.) -- doesn't mean it is!
   
5. Avoid clicking links in emails or online messages from strangers (and even then, do so with caution!)
   

For more on this story, visit:

• OnGuardOnline.gov Phising page - http://www.onguardonline.gov/phishing.html
  
• FTC (anti-)Spam site - http://ftc.gov/spam/