The Geek Weekly: Live

The Best Defense Is a Good Offense

From the Editors of The Geek Weekly

Just about everyone with an email account has heard from an earnest but grammatically challenged Nigerian at least once. If you send over your bank account information, he’ll be able to transfer his leftover oil money or his chunk of a deceased tyrant’s estate, out of Nigeria -- and he will cut you in on a percentage. The infamous "419" scam (the number refers to a section of Nigerian criminal code) has claimed thousands of victims in the United States.
You would think that in our increasingly wired world, Internet users would mostly know better than to fall for promises of "rissk-free!" but vaguely illegal cash. And yet Interpol recently told The New York Times that as more people come online, such Internet fraud is only rising. Scams and other more technologically complex attacks are getting all the more sophisticated. It’s important to be aware of the sheer variety of threats out there -- even if you yourself are far too savvy to send your social security number to every long-lost cousin of a dictator who asks.
Of course, you shop only at trusted sites, you change your password every month, and you never open attachments or take candy from strangers. Still, if you spend time online -- IM, peer-to-peer file sharing networks, or even on a network at the office -- then you’re exposing yourself to online attacks more often than you’re likely to know. No matter how comfortable you are with technology, it’s worth familiarizing yourself with the range of potential online threats.
Phishing for your info
The basic format of the 419 has spawned a host of new higher-tech versions of phishing. In turn, spam and phishing can lead you to infected Web sites or encourage you to download harmful malware or spyware. The Web is and should remain a social and interactive medium. On the other hand, every time you visit an unfamiliar Web site or download new files, you’re a potential target. Being aware protects your pocketbook and your mental health.
A good spam filter will catch most routine spam these days. But some phishing emails mimic the email addresses of legitimate organizations to get into your inbox. And attacks have become increasingly sophisticated. For example, one phishing email looked like it was from eBay and asked users to update their accounts. A link sent users to a replica site -- the URL was only a few letters off and the graphics looked right. After the users were done "updating" their credit card information, they were redirected to a page within eBay’s actual site that made the whole transaction look legitimate. Users suspected nothing until strange charges appeared on their statements.
Scare tactics
Banks have had similar scams perpetrated in their names, with scammers sometimes creating entire shadow sites to mimic the banks’ Web sites. Phishers play on your emotions to bully or intimidate you. They threaten to close accounts or fine you if you don’t respond immediately.
Some recent phishing scams have stooped to new lows: They email (or call) families of enlisted men and women in Iraq and claim that the soldier has been medevaced to a hospital. Of course, treatment can’t proceed unless the families provide sensitive personal information.
Even if you don’t fall for the email, phishing includes seemingly harmless or helpful Web sites. One phisher’s site came up in search engines when users looked for information about a specific vulnerability in Internet Explorer. The site detected when users actually had the problem in their browser, and then infected them with keystroke-logging malware. By visiting the site, users let code onto their machines that recorded whatever keys they pressed on their next stop -- like their password when they went to check their balance at the bank’s secure site.
Dangerous networking and downloads
Any time you download, you could be letting a nasty virus into your computer. Other common openings for bugs to crawl in include IM and peer-to-peer file sharing networks. While most of us use peer-to-peer networks purely for legal, copyright-violation-free activities, even innocuous and friendly-looking directories can hold files that, once downloaded, carry Trojan horses or other attacks. Peer-to-peer networks can open your hard drive up to prying eyes when you leave your machine connected to the network for long periods of time. Some file-sharing software bundles adware or spyware with it when you sign the End User License Agreement. Once you click on the agreement, a program could begin tracking your every move online and sending it back to advertisers, or worse.
Other dangers
If the IM software you use isn’t secure, you could unwittingly give up the answer to a common security question by simply chatting with a friend. Mention the friend’s hometown or yours, and you could be supplying ammunition for the bad guys. IM messages mostly get sent unencrypted over the Internet, and attackers can sometimes listen in.
If you somehow let a bot onto your machine, your hard drive could be taken over as a server. You could end up unknowingly inflicting “miracle pill” spam on everyone in your address book and beyond. You could also lose precious information on your computer, at home or at work, if your hard drive gets corrupted. Or if harmful adware creeps in, you could just end up with a maddeningly slow machine.
It’s worth staying current on prevention to avoid the worst pitfalls. The best course of action is to keep anti-spyware and virus protection updated, and be knowledgeable of the forms threats can take.

Joshua Cole writes frequently about technology and computing.