HOME
TOPICS
ABOUT ME
MAIL
The morons who create viruses know how to get your attention.
|
| technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983
T e c h n o f i l e
Don't let fake e-mail warnings fool you
July 3, 2005
By Al Fasoldt
Copyright © 2005, Al Fasoldt
Copyright © 2005, The Post-Standard
Spammers and the morons who create viruses know how to get your attention. All they have to do is tell you your Internet service provider has "suspended your account."
I'm referring, of course, to fake warning notices flooding the e-mail system worldwide over the last few months. At first, most of them carried Windows viruses. When you click the link carried in such e-mail messages, you invite a live virus into your Windows PC.
But now spammers and spyware authors -- which in many cases might be the same people -- are pulling off the same stunt. Spam- and virus-fighting software alone can't deal with this effectively. You have to be very careful.
If the message is spam, the link typically does only one thing: It tricks you into confirming that your e-mail address is valid. Your address is then sold with hundreds of thousands of other confirmed addresses from the "harvest" of that particular day. (These are called "known good addresses" and are quite valuable.)
If the message is spyware, the link tries to plant a tiny program on your Windows PC -- Macs and Linux computers are not vulnerable -- and uses that tiny invader to track your Internet habits, either through unwanted pop-ups or actual spy software that shows almost no trace of its activity.
(Frustrated Web surfers already know that pop-ups put advertising onto their screens. But spyware popups are designed to forward information about their victims' Internet habits to a spyware data-collection site each time the victim clicks the popup window to close it. They send more detailed information each time the victim clicks a link within a pop-up.)
Here are typical virus, spam and spyware messages, along with their fake, or "spoofed," senders, found in my own mail, over the period of only 10 minutes on a Friday night:
"Your Account is Suspended For Security Reasons" -- allegedly sent by "support at twcny.rr,com." TWCNY is Time Warner of Central New York, or Road Runner. It did not send this message. It was a fake.
"Notice:***Your email account will be suspended***" -- also allegedly sent by Road Runner. It was not sent by Road Runner or any agency of Time Warner. It was a fake.
"Warning Message: Your services near to be closed" -- allegedly sent, again, by Road Runner. It's not even in normal English and was not sent by Time Warner. It was another fake.
"Your password has been updated" -- allegedly sent by Road Runner. Neither Road Runner nor Time Warner sent it, and my password was not updated or changed in any way. It was a fake.
"PayPal Flagged Account" -- with the seemingly ominous warning that "If you choose to ignore our request, you leave us no choice but to temporarily suspend your account." This had the spoofed sending address of "Service" (just "Service") and was not sent by PayPal. It was yet another spoof.
What can you do about these fake warnings?
First, remember that any idiot can spoof the address of e-mail messages. That means you cannot trust the "From:" address of e-mail you receive. I'm not saying you should start distrusting your mom when an e-mail arrives from her wishing you a happy birthday; if it looks like she wrote the letter -- and it's your birthday -- then enjoy your big day and tell her you love her.
But what about mail from "Service" that tells you your eBay account will be suspended? I've got one big piece of advice: BE SUSPICIOUS. Don't open the letter. Just trash it. I've heard from people who've opened such letters and clicked on the link inside even when they didn't even have an eBay account. They told me they did that to "tell eBay there was a mixup." (But eBay didn't send the letter, so replying makes no sense.)
Always trash e-mail that looks suspicious. Don't open it. You may not realize that e-mail software is notoriously unsafe; simply opening a letter to read it can trigger a confirmation, returned secretly to the sender, that you did indeed read the mail and that you e-mail address is valid.
The second best protection against Windows viruses, spam and spyware that come in the mail is smart software. If you have a Windows PC, you absolutely need good an antivirus software and good spyware detection and removal software.
I recommend two free Windows programs: AVG antivirus from http://free.grisoft.com/freeweb.php and Ad-Aware Personal from www.lavasoftusa.com/software/adaware/. (Note that both companies offer free and paid versions of each program; make sure you get the free ones.)
Caution: I've heard from a reader who "found" the Ad-Aware site by using a search engine, rather than going directly to the address shown here. The search results took him to a spyware site that installed a suspicious program with a similar name to Ad-Aware. Don't use a search engine to find Ad-Aware; go to the site listed here.
That's the second best protection for Windows users. The best protection is common sense. You should already know that eBay isn't going to cancel your account when you don't even have one. Use your noggin, as my mother used to tell me when I was a kid. If something looks suspicious, don't open it.
Finally, Windows users should realize that viruses and spyware are Windows problems. Apple's Macintosh computers are not affected by those three threats and are worthwhile alternatives to Windows PCs in other ways, too. Linux PCs are likewise unaffected by those problems, and can be an excellent choice if you don't mind the occasional awkwardness of Linux.
| |