Exids IT Solutions

PC users are the “weakest link” in computer security

IBM has recently suggested that PC users are the weakest link in the security chain in its Security Threats and Attack Trends Report for 2005.

Ironically, this has happened from the fact that computer systems have become more secure, queuing criminals and fraud experts to bypass security in other ways.

Computer Email Scams: Hook, line and sinker

This brings to mind tactics like Phishing, where an individual masquerades as a trustworthy person and sends you an email with a link to click.  This link is supposed to take you to their website, and for all intents that is exactly what it appears to do.  The thing about these computer email scams is that you aren’t taken to the site you think you should be taken to – instead, you are taken to a “clone” site. But the site looks real, perhaps because you have been there before – so you enter in all the personal information that it requires to update, or login to your profile.

What just happened is that you have submitted ALL of that sensitive information to someone, somewhere in the world that is now collecting it and preparing to use it fraudulently. This computer email scam is a very quick method of gathering information, and is usually much more profitable than installing spyware on a computer if the information is used effectively.Watch what you click.  If you click a link in an email, and it takes you to a page requesting personal information, think twice.  Any financial institution, government, or online business should not provide you with a link to update personal information.

What’s the current email scam on the internet that is the most popular?

Two of the most popular phishing scams are for Chase bank online phishing, and Paypal.  These companies will not ask you to update information in an email.  Avoid becoming a victim by learning to identify phishing emails and knowing how to defeat phishing.

So what should you do when you receive a suspicious link?

The answer is simpler than you think.  Type the web address into your web browser manually to get to the web site in question.  This is the only method to beat phishing, and ensures that you are directed to the legitimate company’s website.  There are also other things you can do to help become a victim of phishing, but the method of typing in web addresses manually is currently the only fail safe method.

Scam email reporting: How to go about reporting an email scam

When you receive an email that is obviously a scam, the very first thing you should do is notify the company that the computer email scam is spoofing.  Much like reporting spam, you can usually attempt to forward the email to the email address abuse@domainname.com. For example, if the computer email scam was spoofing paypal, you could forward it to abuse@paypal.com.  This is not the recommended way of doing things because usually these addresses are reserved explicitly for reporting spam; however it is quick and clean if you are in a rush.  Not all companies have an abuse@ address either.

Scam email reporting is usually most effective if you can determine where the phishing website is hosted.  Many of the spoof sites host on free servers – if you can figure out what server they are hosting with, you can usually contact the server hosts and they will shut down the site immediately.One of the problems with trying to report email scams related to phishing is that the spoofed sites may only be up for a few hours to serve its purpose, and then abandoned once enough information is collected.  Because of this problem, the only real solution to these current email scams is to avoid them.

Anti-Phishing software

There’s a lot of anti-phishing software out there that can assist in detecting phishing.  Since phishing has moved from computer email scams to the web, some links you click on in websites can also send you to a spoofed website. Microsoft has been working on anti-phishing technology in its upcoming release of their new web browser Internet Explorer 7.0.  This should help reduce the number of people being victims of phishing, but still will not capture every attempt.In the meantime, other companies like Webroot Software (http://www.webroot.com/), PostX (http://www.postx.com/) and WholeSecurity (http://www.wholesecurity.com/) which was recently acquired by Symantec provide anti-phishing software solutions that you may be interested in checking out if you or your company is looking for an immediate response to the phishing threat.

Popularity: 1% [?]