Tuesday, February 9, 2010

Protect yourself from phishing and spoofed email

Curiosity doesn't just kill cats. It will kill your computer too if you're not careful. This post is a bit more generic than normal, but with a recent influx in spam hitting the mail server I manage I thought this might be helpful to more than just the employees at the company I work for. 

If you want to test your knowledge about phishing, take the Sonicwall quiz. It can be found at http://www.sonicwall.com/phishing/index.html. If you get 8 or more correct, then I’d say this post probably isn’t going to be useful for you so go ahead and read a different one. Otherwise you may want to keep reading.

To put the amount of spam out there in perspective, between 50-90% of all messages sent to the mail server I manage are spam. Worldwide, spam is said to make up 80-85% of all email sent, and some say that is a conservative estimate.

The first thing to be aware of is phishing. If you don't know what phishing is, the definition according to Wikipedia is "the process of attempting to acquire sensitive information ... by masquerading as a trustworthy entity in an electronic communication". This happens a lot, and if you have an email address you likely have received at least one phishing email. It’s easy to mask the actual site address with something that looks legit. Here is an example. At first glance it looks like I put two links to the Wells Fargo home page, but can you tell what’s wrong with them?



The top link takes you to Wells Fargo, just like you’d expect. The second link will bring you to the Google homepage, even though it looks like it should go to wellsfargo.com. Checking where a hyperlink goes before clicking on it is a good practice to adopt because it can lead to safer web browsing and instant messaging. It’s also a great way to avoid getting any type of viruses or malware. There should never be a link to files that end with .exe, .msi, or any other executable file extension unless you are expecting it from a software vendor. If you accidentally click the link, you should not agree to let anything be installed if you get prompted by the Run/Save/Cancel box. Normally to see where a link goes you can either hover over it with the mouse to see it displayed as a small information box, or hover over it and check the status bar at the bottom of the window. You can try it with the wellsfargo.com links above.

Here’s another one (not a real page, just an example):

http://www.paypal.com-account.login.mywebsite.com/login.asp

Looking at it quickly, you may think this takes you to paypal.com’s login page. However, the secret is to pay attention to the periods and forward-slashes /. This will actually direct you to somewhere on mywebsite.com. Everything else is just fluff to redirect you to a particular page, and the www.paypal.com part is used to make the link look legit. If it had been http://www.paypal.com/account.login.mywebsite.com/login.asp, this would be a page within the paypal.com site because of the / after paypal.com. Technically this URL could still be a problem, but this would only occur if the computer you were using was either severely infected, or if someone hacked Paypal.com itself, both of which are unlikely to go unnoticed.

For more information about Phishing check out any of the following links:



Spoofing is also very common, and I bet almost all of you have some experience with it. Spoofing is the practice of impersonating another email address, which then makes it look like someone else sent the message. If you ever check your Postini junk mailbox you’ll probably find emails in there with your own email address, but the content in the email is about prescription drugs or some other fake ad. This is classic spoofing. It’s very easy to do, and really hard to prevent. The reason it’s difficult to control is that the safety of your email address doesn’t just depend on you, but rather anyone you’ve ever sent an email too. If any of them happen to get infected by some type of malicious software that steals their address book or email addresses, your email is then easily spoofable. It’s so simple to do, practically any computer could be setup to spoof addresses from anyone. There are certain things that can be done on a mail server to detect and reject spoofed messages, but it’s not foolproof and still requires users to follow email best practices. The main thing to remember with spoofing is that just because an email says it’s from someone you trust, that does not make it legitimate. For more about spoofing, check out its Wikipedia entry

Here is the quick list of the 3 most important things to remember when it comes to safe email habits:

1. Before you click on anything, make sure it’s directing you to where you expect to go
2. If you don’t know what something is, don’t click it regardless of who it says it’s from. This goes for both attachments and links
3. Use your best judgment when deciding whether an email is legit or not. If it looks suspicious, it probably is. Also, don’t automatically trust the name in the From field because it could easily have been spoofed


Of course, you should also be running some type of anti-virus and possibly anti-spyware software on your computer to prevent infections as well. If you don't already have something, check out one of my older posts about some free software packages that will help keep your computer from getting infected.

No comments: