best first line of computer security defence: you
Alan Zisman (c) 2008 First published in Business
February 12-18, 2008; issue 955
High Tech Office
though it’s a new year, computer security concerns pop up like it’s
2007. Lately, I’ve received e-mail messages purporting to be from
PayPal and TD Canada Trust.
The PayPal message claims “Unusual
Activity Detected in Your Account” and requests that I click a link and
enter information about myself in order to secure my account. It notes
that ignoring this request may result in account limitations or closure.
TD message claims to be “An Important Message” and assures me that my
“accounts and assets are safe.” But in order to meet requirements of
“the Financial Services Authority,” they ask all online customers to
verify account information, “a smart and simple way to add an
additional layer of protection … Click here to securely log on.” It
claims to be signed by COO Jarrett Lilien.
Both messages look
professional: no glaring spelling or grammar mistakes marking them as
amateurish scams. Both are very professional scams – so-called phishing
messages, trolling for user log-ins and passwords in order to empty
your account. These messages continue to circulate because they work
often enough to be profitable.
Both Internet Explorer 7 and
Firefox browsers have optional phishing protection, but you have to
turn it on. Either can be helpful, warning you if clicking on a link
takes you to a web address known to steal user information. But like
other computer security options, if you count on software to keep you
safe you won’t be.
Always be suspicious of e-mails requesting
that you click on a link to log in to a financial website. Banks and
services like PayPal don’t e-mail users in these ways. If you’re not
sure, phone or e-mail your financial service directly. But don’t use a
phone number listed in a possibly suspicious e-mail message – some of
these are fraudulent.
A simple step can often prove fraudulent
intent. The link in the would-be PayPal message has blue text appearing
to be a paypal.com address; the link in the other message just reads
“click here.” But hover the mouse over either link, the link’s target
appears at the bottom of the screen, at least if the status bar is
enabled in the view menu. The would-be www.paypal.comlink actually goes
to a U.K.-based page with an address starting “smilesmail,” not PayPal
at all. The “click here” link points to a Japanese site named “ent-so”
rather than TD. Fraud, apparently, is international.
that comes in your e-mail box can lead you to giving log-in information
to strangers. Other messages warning of security dangers also take
advantage of credulous users. I got two e-mails forwarded labelled
‘IMPORTANT WARNING!!!’ (yes, all caps and lots of exclamation points)
warning of a PowerPoint file entitled Life is Beautiful circulated as
an e-mail attachment. Apparently Microsoft, Norton and AOL are warning
users that it’s a virus invulnerable to antivirus software.
“PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS.”
pause before mass mailing everyone you know. Yes, viruses may arrive as
e-mail attachments. But have you ever seen a Microsoft, Norton or AOL
e-mail warning about computer viruses? No. That’s because there aren’t
any. A quick Googling of some text from the warning, like “PowerPoint
Life is Beautiful” brings up a series of links (including one from
respected anti-virus company McAfee) suggesting it’s a hoax.
the instructions to forward the Life is Beautiful warning to all your
friends isn’t actually harmful (unlike a similar hoax message that
suggested users delete a Windows system file that it claimed was
evidence of a virus infection), but it wastes everybody’s time and adds
to a climate of hysteria.
Whenever an e-mail tells you to do
something, pause before clicking. Take a deep breath, think about it
for a moment, and ask yourself whether PayPal, the TD Trust, Microsoft
or Norton is really the source of the message. If need be, a little
research will show they aren’t. (Remember, Google is your friend.)
Antivirus and anti-phishing software can help, but in the end, you’re
your best defence. •