============================================
From Lifehacker 5/2014 – by Alan Henry
Most of us know spam when we see it, but seeing a strange email
from a friend—or worse, from ourselves—in our inbox is pretty disconcerting. If
you've seen an email that looks like it's from a friend, it doesn't mean
they've been hacked. Spammers spoof those addresses all the time, and it's not
hard to do. Here's how they do it, and how you can protect yourself.
Spammers have been spoofing email addresses
for a long time. Years ago, they used to get contact lists from
malware-infected PCs. Today's data thieves choose their targets carefully, and
phish them with messages that look like they came from friends, trustworthy
sources, or even their own account.
It turns out that spoofing real email
addresses is surprisingly easy, and part of why phishing is such a problem.
Systems Engineer, aspiring CISSP, and Lifehacker reader Matthew tipped us off
to how it works, but also took us by surprise by emailing a few of us at
Lifehacker from other Lifehacker writers' email addresses. Despite the fact
that we knew it was possible—we’ve all gotten spam before—it was more
disconcerting to actually be tricked by it. So, we talked to him about
how he did it and what people can do to protect themselves.
Note: What follows is
a rather technical write up, designed for more computer-savvy individuals. If
you want a more basic rundown on avoiding spam and scams, we've got one of
those too.
The Complete Guide to Avoiding Online Scams (for Your Less Savvy Friends
and Relatives)The Complete Guide to Avoiding Online Scams (for Your Less Savvy Friends
and Relatives)
Our readers are a savvy bunch who aren't likely to be taken in
by an online scam—but we've all got those friends and relatives we worry about.
Here's our definitive guide to helping them stay safe online.
When
training your loved ones how to keep themselves safe online, you should remind
them of the rule your parents probably taught you: If it sounds too good to be
true, it probably is. Using a little common sense goes a long way to realizing
that you aren't going to suddenly win the Spanish National Lottery when you
didn't even know you had a ticket. That said, here's a few tips that you should
share with your less-than-savvy friends and family to help them avoid falling
victim to an online scam.
Never, Ever Click a Link to Your Bank or Financial Institution From an Email
Legitimate
banks or financial institutions like Paypal will never email you asking you to
click a link to verify your information, reset your password, or login to view
anything. You should simply create a browser bookmark to your bank, and when
you receive an email, use the bookmark or type in the bank name manually into
the address bar.
Combined with training your parents to look for the special lock icon in the address bar, this should prevent them from giving away their bank login.
Combined with training your parents to look for the special lock icon in the address bar, this should prevent them from giving away their bank login.
Never Give Out Your Email Password
It's
become a trend in "web 2.0" sites to ask people to invite your
friends to join by entering your email address and password into their web
site—but this is something you should always avoid. Not only will you most
likely end up spamming all of your friends with invite requests, but some sites
will keep that information and continue to spam your friends forever. Of
course, that is secondary to the fact that all your password reset requests
will go to your email address—so if the wrong people get your password, they
can access your entire online life. You should simply never give that
information out to anybody for any reason.
Use Strong Passwords (and Secret Questions)
If your
password is as simple as your spouse's name, it won't even matter if you give
your email password out, since it can be guessed easily by scammers or hackers
trying to get in. You'll want to make sure to read our guide on
how to choose and remember a strong password—but your security lesson
doesn't stop there. The weak link in your email security is those secret
questions and answers that most sites ask you to enter to help you reset your
password. Even if your password is tough, often your secret question isn't—so
you should make sure to protect your email account with strong secret questions.
Do Not Buy Anything from an Email You Didn't Ask For
The
easiest way scammers get you is by dumping spam in your inbox for everything
from cheap watches to fake male-enhancement products—which is not only going to
be bogus but probably redundant. The easiest and simplest rule is to never buy
anything from an email. Sure, you could probably make an exception for email
newsletters from sites you trust, like Amazon, but remember—it's relatively
easy for scammers to pretend they're Amazon, just like it's easy for them to
pretend they're your bank. Just make sure that you aren't buying, or even
clicking on, anything from an unsolicited email. (You can always go straight to
Amazon and search for the product they're advertising.)
The
biggest thing to avoid is anything involving Western Union, Moneygram, wire
transfers, money orders, or dealings with any financial transaction. The
scammers will ask you to deposit a check or money order and wire transfer the
money back to them—and it's not until later that you find out it was a forgery.
I personally know somebody who was scammed out of $12,000 this way.
Do Not Give Out Your Personal Info or Social Security Number
This
should go without saying, but no legitimate site is going to ask you to enter
your Social Security number unless you are applying for credit. You should be
very careful not to divulge your personal information to anybody online. The
same thing goes for sites that ask you to re-enter your personal information,
even though in some cases, like your bank, they should already have that
information.
Learn to Use a Modern Browser's Security Features
The
latest versions of Firefox and Internet Explorer have enhanced support for
checking certificates from trusted web sites—you can click on the lock icon to
see all the information about the certificate.
In addition, the latest browser versions maintain a list of phishing and malware sites, and will warn you any time you try and access a known bad site. Internet Explorer makes checking the URL even easier by highlighting the root domain name so you can more easily detect a new phishing site.
In addition, the latest browser versions maintain a list of phishing and malware sites, and will warn you any time you try and access a known bad site. Internet Explorer makes checking the URL even easier by highlighting the root domain name so you can more easily detect a new phishing site.
Ignore Web Site Popups Saying You Have a Virus
Last
Friday half of my day was wasted removing a malware called Advanced Virus
Remover from somebody's PC because they clicked an ad that said they had a
virus, and then installed the "recommended" software, which proceeded
to hold their computer hostage. These "scareware" viruses are
becoming commonplace, and there are so many different names that it's
impossible to keep track of all of them.
The
simple solution is to pick a single antivirus app for your loved ones and train
them to know exactly which one they have installed. My mom's PC came
pre-installed with Norton Antivirus, and I've trained her to ignore any other
messages unless they come from Norton—and that if she isn't sure, she should
click the X in the upper right-hand corner of the screen, or even just turn the
PC off entirely and restart it. It's not a perfect solution, and I'd rather
have her using Microsoft Security Essentials, but she's used to it now and
it's a whole lot better than spending a day removing a scareware virus from her
computer.
===========================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County, NJ.
=========================================
In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County, NJ.
=========================================
No comments:
Post a Comment