Staying one step ahead of spams and scams

1 Mar

March 1, 2010

By Geoff Meeker

Okay, so you already know about the Nigerian scam – “we have umpteen million bucks to share if we can use your bank account” – and its many derivatives. And you are familiar with those phishing scams, which say your account has been suspended or tampered with, and please log in for security reasons.

Yeah, those online attempts to get your banking, credit card and other personal information are pretty lame.

But computer hackers are getting ever more sophisticated, developing new tricks and tactics, and casting them onto the Internet to see what they can reel in. And as web surfers become more savvy, the scammers and spammers keep getting better at their game.

Because nowadays, one click is all it takes to download something nasty to your computer. We might open a page out of curiosity, with no intention of inputting credit card information, not realizing that the simple act of opening the page can begin a download process that gives someone else access to your computer or turns it into a spam-sending machine.

There isn’t space to describe the malware, spambots and viruses that are out there, but we can talk a bit about how to avoid them. Off the top, everyone should subscribe to a virus protection program, such as Norton 360. Beyond that, the best advice I can offer is don’t click! Email friends to confirm they actually did send that file, and if not, delete it.

Not surprisingly, many spammers focus their attention on Facebook. Not long ago, I received an email on my smartphone, advising of a friend request and offering a link to log in and respond. I very nearly clicked it, before realizing that the ‘email alert’ function in Facebook was turned off. Someone was phishing for my password.

Because we’re in a password-protected environment, we can develop a false sense of security when logged onto Facebook. Just last week, friend Steve Outhouse was tricked into clicking something nasty.

“A notification popped up that my friend David ‘liked my photo’,” Outhouse told me. “I couldn’t recall any photos I had posted recently, so I wondered which one it was. I clicked on the notification, and instead of taking me straight to the photo – which it normally would – it told me that I needed to allow an application to have access to my system before I could see the photo.”

Curiosity won over caution, Outhouse said, and he clicked on the ‘allow’ button. “Immediately, the words ‘error, error’ came up on my screen, and a window popped up to tell me that I had sent the same notification to a large number of my Facebook friends. I couldn’t believe I had fallen for a spam note like that, but apart from the mild embarrassment, my bigger concern was that I had installed something on my system – or unleashed something on other people’s systems – that could cause harm. So far it doesn’t seem like that’s the case, but I’ll be more vigilant in future.”

Beware of any offer in Facebook that sounds too good to be true – the latest one is a free upgrade to Facebook Gold, a feature that doesn’t exist, but, upon clicking, immediately spams your friends with a similar message. And who knows what else?

Scammers want Facebook passwords for the personal information in your account, which enables identity theft, and for impersonation schemes that target everyone on your friends list. (“Friends please help! I am stuck in Copenhagen with no money. Wallet and password have been stolen. My vacation is ruined and I am devastated. Can someone lend me some money? Please send direct message for wiring instructions.”)

Spammers are also taking aim at Twitter, sending direct messages to people, urging them to click a link (for anything from nude photos to a free iPod). Once you do, it may already be too late. You could be infected.

Sometimes, it’s people – not spambots – who are behind the scam, and these can be the trickiest. Last year, I used Google Adwords to promote a product I sell. I entered keywords to target my ad to specific Internet searches, and my business information, including credit card number for billing purposes. Within 12 hours, I received an official-looking email from ‘google adwords’ advising me that my credit card had been declined, and could I please retry or enter a new number. It looked legitimate and the timing made total sense, but, when I checked my account page, it showed all was normal. If I had clicked the link and entered the information, somebody would have snared my credit card number.

Apparently, someone saw my Google ad, clicked through to my site, found my email address and sent the bait. Fortunately, I didn’t bite, but you can see how sly the scammers have become.

So keep those two words top of mind, whenever a friend or stranger dangles something interesting: don’t click! Verify before opening. The best defence is awareness, so I recommend you visit www.hoax-slayer.com to stay abreast of the latest scams and hoaxes. It’s an entertaining site, and a real eye-opener.

Geoff Meeker is a communications consultant with a soft spot for technology. He also writes a blog about the local media scene, which is hosted at http://www.thetelegram.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: