|  BlueWolf's Howl   | Comics and Art  | Higher Level  | Photography  | Poetry and Stories  |
|  Chess  |  Letterboxing  |
|  2003 Blogathon Archive  |   2005 Blogathon Archive  | 8th Layer Archive  | Blue702 Archive  |

BlueWolf's Howl

« Another task completed | Bluewolf's Howl | One Book Closer »

December 16, 2016

Real from Fake

This morning I received an email from "Robert" telling me that I've been selected to be part of The Network of Professional Women. Really? Being in the computer field, I knew how to check this. Granted, I have been getting these "honors" for decades. Before the current computer age, these things used to come in the snail mail. [This is how long this scam has been around.]

But this interested me this morning due to the current trend on reporting fake news, hacking, etc. I knew immediately by looking at it that this was a scam. But how many other people would not recognize this?

Of course, part of this immediate reaction came from the question of why anyone named "Robert" would be interested in starting/running/participating in a Network of Professional Women. You may call that bias, but I have never experienced any male that was interested in promoting female prominence. Certainly, I have met some males that treat female coworkers as equals, but none that promoted female camaraderie. They can't even figure out why we go to the bathroom together. Perhaps there are a few, but the only reason to do so would be to make money off this group. Maybe there are some who would do so to help their wife build a group, but none would do it out of any emotional benefit for themselves. But I would think that even if they did want to build a Women's Network, they would be smart enough to at least put a female face on the contact.

Even if the email came from "Sarah," I would still have recognized it as a scam. And I would want other people to recognize this as a scam. Really - it would not be that hard to change the email client that sent this email to read a different name. But the content is still a scam and how do I recognize and prove that?

Before you read ANY email, always look at the sender. Is this someone you know? Depending on the mail client that you use to read the email, this may display the "name" or the "email address." Granted, we may want to read mail from more than just our close friends. But if the displayed name and the email address is "off" in some way, this should start your suspicion machine. For instance, Robert's email address for a Women's Professional Network was info@marketcap.site. You probably know your friends' email addresses, but what about legitimate businesses? Use your common sense. Just as a few examples: FTD Flowers ftd@e.ftd.com, Dick's Sporting Goods dsg@email.dcsg.com, etc... Now, if the email address doesn't look funky, that doesn't guarantee that it's a valid email. A virus or Trojan can send email from your friend's computer with their address. And creating "one-off" domains is very easy. Would you be able to notice the difference between an email sent from "dcsg.com" from one sent from "dsgc.com" - both would look like Dick's Sporting Goods. And, it should be noted, that it is not that difficult to "spoof" email addresses.

So once an email passes the "sender test" in your eyes, take a look at the content and body of the email. Your friends are probably always going to send you links to "interesting stuff" in their emails. That's always going to be the toughest scenario to deal with. Is this a real email from your real friend, or is it something that got sent from their computer (or your computer) with their address on it and a malicious link from a virus trying to spread itself? This is why you should use a good antivirus program on your computer. It won't catch everything, but it will catch most things. Do you really want to take a risk of identity theft over $50 a year (the approx. price of antivirus software)? But that risk is up to you.

The more important links are in the body of emails sent to you from a supposed business address. These are called "phishing" emails. They are fishing for dummies that click the links. These links can do any of a number of things. Note that this is how the DNC and DNCC were hacked. If you look and there's a difference between what the link displays for the site and what you see when you _mouse over_ (but do not click), that's another indication that it's not a legitimate email. Just putting your mouse over a link normally shows a "tool tip" little pop-up box that shows where the actual code that created the link will take you.

Here is a (non-malicious) example of this:
See our great deals at Dunkin Donuts at http://www.dunkindonuts.com.

Although the link to www.dunkindonuts.com would actually take you there, clicking on the link will take you to Honey Dew donuts. This is what they do to make you click a link and take you to where they want you to go rather than where you think you're going. And this could be either their site (with malicious content) or it could be a mock-up of the "target" site. In the case of dunkindonuts.com, instead of sending you to Honey Dew, they could send you to a page that looks EXACTLY like the real DD page, but hosted somewhere else. And when you sign in, the username and password combination goes to their servers - and now they have your login. Now either one of two things could happen. Either they can forward that information to the real DD site (and log in as you) and commit what is called a "Man-in-the-Middle" (MitM) attack or they can redirect you to the real site. When they do the MitM attack, you send them the info - they relay it to the real site - and send you back the real response. Meanwhile they are saving all the info you are sending to the site (such as your credit card number and CVV code). If all they want is the login, they can send you to the actual site (which will make you log in again) and you go about your business. Why would they do that? Less time, less effort and you will probably ignore the initial login as a typo of the password or a "glitch" in the site.

To be honest, I NEVER click on a link in ANY email. You should develop this rule also. That doesn't mean I'm going to ignore legitimate information in legitimate business emails. But I know the address to any business that I patronize. I go directly to that in a browser rather than click on a link.

So if you ever get an email that says "our site has been compromised, please click here to log in and change your password" - DON'T believe it. Your service provider - be it Cox, Verizon, ATT, etc. - NONE of them will (or should) send you such a link. NEVER.

You shouldn't get anything like that from any other business site, either. But you might. When businesses see IT as a cost rather than an enabler - well, businesses always try to cut costs. This leads to under filling positions or not hiring the best that money can buy. When business executives believe that compliance equals security - they only spend the time, money and effort to become compliant. And some businesses only do that because there are laws with penalties for not being compliant. What ends up happening at some places is that your precious identity and credit card transactions are being protected only to the level of compliance by the cheapest labor possible. Tasks that should be performed by three people are normally done "as well as possible" by just one person. Top positions that should be filled by people with 15 years experience are offered to people with 6-8 years of experience for much less money. In other industries, you might be able to get away with that. In security, it's not advisable. And there's no way to tell which businesses are doing this and which ones are not. You would think that lesser businesses would eventually be breached. That is likely. But it's unlikely you would hear about it unless the company is large and the attack is widespread.

So basically, it's up to you to protect your information and your computing devices. So don't click on email links.

And if you see an offer - take the time out of your busy life to investigate it before jumping on any "fantastic" deal or "honor" that costs you money to be honored. As you can see above, just clicking the link can be dangerous/costly - even if you don't fall for the pitch itself. So have fun, but be careful and stay safe!

Posted by BlueWolf on December 16, 2016 10:55 AM