Articles
Security From 30,000 Feet
Survey the vast landscape of threats and learn where to zoom in for more detailed views.
Just about everyone with an email account has heard from an earnest but grammatically challenged Nigerian with this deal: if you just send over your bank account information, he’ll be able to transfer his leftover oil money, or his chunk of a deceased tyrant’s estate, out of Nigeria—and he will cut you in on a percentage. The infamous "419" scam (the number refers to a section of Nigerian criminal code) has claimed thousands of victims in the U.S. You would think that in our increasingly wired world, Internet users would mostly know better than to fall for promises of "rissk-free!" but vaguely illegal cash. And yet Interpol recently told the New York Times that as more people come online, such Internet fraud is only rising. Scams and other more technologically complex attacks are getting all the more sophisticated, and it’s important to be aware of the sheer variety of threats out there—even if you yourself are far too savvy to send your social security number to every long-lost cousin of a dictator who asks.
Of course, you shop only at trusted sites, you change your password every month, and you never open attachments or take candy from strangers. Still, if you spend time online—on IM, on peer-to-peer file sharing networks, or even on a network at the office—then you’re exposing yourself to online attacks more often than you’re likely to know. No matter how comfortable you are with technology, it’s worth familiarizing yourself with the range of potential online threats.
The 419 scam is low-tech, relying as it does on the naïveté of its targets to get them to divulge personal and financial information. But international scammers use spam technology to find their victims, and the basic format of the 419, while as old as time, has spawned a host of new higher-tech versions of itself—mostly known as phishing. In turn, spam and phishing can lead you to infected Web sites or can encourage you to download harmful malware or spyware. The Web is and should remain a social and interactive medium. On the other hand, every time you visit an unfamiliar Web site or download new files, you’re a potential target. Being aware protects your pocketbook and your mental health. Identity theft, or just plain online theft, can mean anything from a day-long headache to a year-long trauma, and the loss of anything from a few hundred to many thousands of dollars.
Spam messages promising too-good-to-be-true stock tips or pills to "Lose 47 pounds in a week!" are easy to spot and delete (and a good spam filter will catch most of them these days). But some phishing emails mimic the email addresses of legitimate organizations to get into your inbox. In 2003, a phishing email looked like it came from eBay® and asked users to update their accounts. A link sent users to a replica site—the url was only a few letters off, the graphics looked right. After the users were done "updating" their credit card information, they were redirected to a page within eBay”s actual site that made the whole transaction look legitimate. Users suspected nothing until strange charges appeared on their statements. Banks have had similar scams perpetrated in their names, with scammers sometimes creating entire shadow sites to mimic the banks’. Phishers plays on your emotions to bully or intimidate you. They threaten to close accounts or fine you if you don’t respond immediately. Some recent phishing scams have stooped to new lows: They email (or call) families of enlisted men and women in Iraq and claim that the soldier has been Med-evaced to a hospital. Of course, treatment can’t proceed unless the families provide sensitive personal information.
Even if you don’t fall for the email, phishing includes seemingly harmless or helpful Web sites. One phisher’s site came up in search engines when users looked for information about a specific vulnerability in Internet Explorer® (a vulnerability is a problem in the browser”s code that allows hackers or viruses to get at your computer via your browser). The site detected when users actually had the problem in their browser, and then infected them with keystroke-logging malware ("malware" is a mash-up of "malicious" and "software" and basically just means any code that is out to get you). By visiting the site, users let code onto their machines that recorded whatever keys they pressed on their next stop – like their password when they went to check their balance at the bank’s secure site. (See Sandra’s story for a real-life account of this problem.)
Any time you download, you could be letting a nasty virus onto your computer. Other common openings for bugs to crawl in include IM and peer-to-peer file sharing networks. While most of us use peer-to-peer networks purely for legal, copyright-violation-free activities, even innocuous and friendly-looking directories can hold files that, once downloaded, carry Trojan horses or other attacks. Viruses, worms, Trojan horses - these are all just different names for harmful code that can hijack your machine. Peer-to-peer networks can open your hard drive up to prying eyes when you leave your machine connected to the network for long periods of time. Some file sharing software bundles "adware" or "spyware" with it when you sign the End User License Agreement—you know, those "Click here if you agree to these terms" contracts that everyone clicks on and no one actually reads. This means that once you agree, a program could begin tracking your every move online and sending it back to advertisers, or worse.
Say you’re chatting with a friend online about an upcoming wedding, and your friend asks if your mother kept her maiden name (even if you personally wouldn’t be caught dead IM-ing about weddings, the point remains): If the IM software you were using wasn’t secure, you could have unknowingly given up the answer to a common security question. IM Messages mostly get sent unencrypted over the Internet, for the most part, and attackers can sometimes listen in.
If you somehow let a bot onto your machine, your hard drive could be taken over as a server, and you could end up unknowingly inflicting ”miracle pill” spam on everyone in your address book and beyond. You could also lose precious information on your computer, at home or at work, if your hard drive gets corrupted. Or if harmful Adware creeps in, you could just end up with a maddeningly slow machine that won’t go online without popping up incessant ads for a timeshare in The Pocono’s. All in all, it’s worth learning the basics, so that you can avoid the worst pitfalls. Read up on Preventative Medicine, install spyware and anti virus protection from Norton Internet Security on your machine. Then you can browse, chat and email in peace, and you won’t find yourself afraid to log onto Facebook®. Unless of course that fear comes from your age-inappropriate addiction to Facebook, in which case you need a different kind of help.
