February 23, 2008
Privacy & Security Watch: Beware of fake emails appearing to be from a financial institution
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Your money and your identity are precious to you. You money and identity are also of great value to thieves. It is important to be extra vigilant, especially in emails and on the Internet, to protect both.
At the link below, you will find an example of one such real-looking communication, but it could just as easily have been set up to look like it was from whatever bank or financial institution you do business with.
Please note that in order ensure you that you are actually going to the real HSBC website indicated below (they provided this to warn their customers about this particular scam), I have not encoded the link. Please copy it and open a *new* web browser (or new tab), and paste it into your web address bar, and press ENTER. (If you do it on the same page that you are viewing this newsletter on you will need to hit the BACK button on your browser to get back here to read the rest of this article.)
Copy and paste this link to a new web page or new tab:
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
As you saw if you followed the above instructions, someone was very creative and sophisticated. It looks real.
Remember that just because the text looks legitimate, if it is a live link that you can just click on, you need to verify that where the link is going is where the link claims to be going. I'll provide an example:
Click on the below link (which looks just like the link above):
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
Other than the fact that the above is a link you can click on (try it - it will open in a new window), you cannot tell by looking at it that it will actually go somewhere else. And if I had created a fake HSBC-looking web page and pointed the link there, you might not have noticed at all because the resulting page would have looked just like an HSBC page (instead of taking you to ThisIsMyStore.com).
Now, move your mouse over the above link and right-click. You will get a list of options, one of which is "properties". Now click on "properties" and you will see that the link will actually take you to http://ThisIsMyStore.com and not to the secure HSBC page. This is an easy way to check where a link may actually be taking you. But note that the link displayed might still look kind-of legitimate, so it is always safest to go directly to your financial institution's website by entering the proper web address yourself.
* [Please post your job openings here] *
R.L. Kuper, Inc. - Management Consulting
The Kuper Report
http://TheKuperReport.com
Your money and your identity are precious to you. You money and identity are also of great value to thieves. It is important to be extra vigilant, especially in emails and on the Internet, to protect both.
At the link below, you will find an example of one such real-looking communication, but it could just as easily have been set up to look like it was from whatever bank or financial institution you do business with.
Please note that in order ensure you that you are actually going to the real HSBC website indicated below (they provided this to warn their customers about this particular scam), I have not encoded the link. Please copy it and open a *new* web browser (or new tab), and paste it into your web address bar, and press ENTER. (If you do it on the same page that you are viewing this newsletter on you will need to hit the BACK button on your browser to get back here to read the rest of this article.)
Copy and paste this link to a new web page or new tab:
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
As you saw if you followed the above instructions, someone was very creative and sophisticated. It looks real.
Remember that just because the text looks legitimate, if it is a live link that you can just click on, you need to verify that where the link is going is where the link claims to be going. I'll provide an example:
Click on the below link (which looks just like the link above):
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
Other than the fact that the above is a link you can click on (try it - it will open in a new window), you cannot tell by looking at it that it will actually go somewhere else. And if I had created a fake HSBC-looking web page and pointed the link there, you might not have noticed at all because the resulting page would have looked just like an HSBC page (instead of taking you to ThisIsMyStore.com).
Now, move your mouse over the above link and right-click. You will get a list of options, one of which is "properties". Now click on "properties" and you will see that the link will actually take you to http://ThisIsMyStore.com and not to the secure HSBC page. This is an easy way to check where a link may actually be taking you. But note that the link displayed might still look kind-of legitimate, so it is always safest to go directly to your financial institution's website by entering the proper web address yourself.
Labels: data security, id theft, identity, identity theft, Kuper, kuper report, privacy, richard kuper, safe computing tips, security
| FindJobsPostJobs.com | CareerHotList.com |
January 08, 2007
So how secure is your pc?
Richard Kuper
The Kuper Report
http://TheKuperReport.com
So how secure is your pc? According to a January 7, 2007 article in the NY Times titled "Attack of the Zombie Computers Is Growing Threat" by John Markoff, "the bad guys are honing their weapons and increasing their firepower." Programs are secretly installing themselves "on thousands or even millions of personal computers" and then using these computers and their collective combined power to commit crimes across the Internet. For example, the article states: "Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China." Elsewhere in the article, we are told about a program that collected data from 753 infected computers, generated 54,926 log-in credentials, 281 credit card numbers, affected 1,239 companies including "35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts" -- and that was just one file that was intercepted that had collected data over 1 month. One company that monitors such things claims there are more than 250,000 new infections daily.
There were a number of other examples, including the spam regarding a penny stock that boosted the price of the stock significantly - just long enough for whoever spawned it to make a nice profit.
Even more interesting was this paragraph that appears near the end of the article:
"Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely."
So now that you know about these problems, what are you doing to prevent them? Are you making the mistake of Serry Winkler and turning off your antivirus, antispyware, antimalware products, or, worse, have you failed to even install such software or ensure it is up-to-date? Are you perhaps making the ultimate error of being connected to the internet 24x7 logged in with adminstrator rights and no password? If you are accessing the internet from home via cable or dsl, do you have both a hardware firewall and a software firewall? If you have gone wireless, are you sure no one can intercept what you are doing over the air?
There are a variety of very good antivirus, antispyware, antimalware and other products to protect your computer. Some are even available for free or very low cost. Some are bundled as suites.
And before someone tries to give you the old and tired line "just get a Mac", be advised that the recent Mac vs. Windows ads have raised the profile of the Mac and Linux operating systems and attracted the interest of the bad guys. There have been an increasing number of reports regarding breaches of such machines -- perhaps not to the level of Windows machines, but that is primarily because there are fewer such machines in use. Should machines running Mac or Linux continue to grow in popularity and become a larger portion of the user community, rest assured that there are folks out there who will manage to wreak the same havoc on those machines as well.
So make sure to take all the necessary steps to ensure that your computer and data are secure. If you are a company, your responsibilities may be further defined by a variety of laws.
* [Please post your job openings here] *
R.L. Kuper, Inc. - Management Consulting
The Kuper Report
http://TheKuperReport.com
So how secure is your pc? According to a January 7, 2007 article in the NY Times titled "Attack of the Zombie Computers Is Growing Threat" by John Markoff, "the bad guys are honing their weapons and increasing their firepower." Programs are secretly installing themselves "on thousands or even millions of personal computers" and then using these computers and their collective combined power to commit crimes across the Internet. For example, the article states: "Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China." Elsewhere in the article, we are told about a program that collected data from 753 infected computers, generated 54,926 log-in credentials, 281 credit card numbers, affected 1,239 companies including "35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts" -- and that was just one file that was intercepted that had collected data over 1 month. One company that monitors such things claims there are more than 250,000 new infections daily.
There were a number of other examples, including the spam regarding a penny stock that boosted the price of the stock significantly - just long enough for whoever spawned it to make a nice profit.
Even more interesting was this paragraph that appears near the end of the article:
"Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely."
So now that you know about these problems, what are you doing to prevent them? Are you making the mistake of Serry Winkler and turning off your antivirus, antispyware, antimalware products, or, worse, have you failed to even install such software or ensure it is up-to-date? Are you perhaps making the ultimate error of being connected to the internet 24x7 logged in with adminstrator rights and no password? If you are accessing the internet from home via cable or dsl, do you have both a hardware firewall and a software firewall? If you have gone wireless, are you sure no one can intercept what you are doing over the air?
There are a variety of very good antivirus, antispyware, antimalware and other products to protect your computer. Some are even available for free or very low cost. Some are bundled as suites.
And before someone tries to give you the old and tired line "just get a Mac", be advised that the recent Mac vs. Windows ads have raised the profile of the Mac and Linux operating systems and attracted the interest of the bad guys. There have been an increasing number of reports regarding breaches of such machines -- perhaps not to the level of Windows machines, but that is primarily because there are fewer such machines in use. Should machines running Mac or Linux continue to grow in popularity and become a larger portion of the user community, rest assured that there are folks out there who will manage to wreak the same havoc on those machines as well.
So make sure to take all the necessary steps to ensure that your computer and data are secure. If you are a company, your responsibilities may be further defined by a variety of laws.
Labels: data security, how secure is your pc, id, id theft, identity, identity theft, Kuper, kuper report, pc, secure, security, you
| FindJobsPostJobs.com | CareerHotList.com |
Who links to me?
