Email
fraud & web abuse
E-mail fraud and web abuse can pose several risks- both personally and professionally. A disorganized and poorly maintained computer not only deteriorates performance but leaves you exposed to liability for the content retained.
Purpose:
To provide some insight into abuse problems that impact you. To outline how laws are being applied and their implications to your computing safety. To illustrate how you can reduce your exposure to out of control e-mail and web abuse.
1.- Wrong place- All of us have received email or arrived at web sites that are not representative of our normal computer use- by intention or not. For example, you can end up in a loop of repeating porn sites which is disconcerting at best. Your computer is very adept at retaining web site addresses & access information and all messages you send and receive- regular email, blog contributions, chats & instant messaging. 2.-Social Networks- Virus delivery method- Evaders are using social networks, like Facebook, ,uTube and several seemingly free subscription sites to delivery very harmful trojan viruses. A recent sneaky email (June 2008 onwards) has been infiltrating Facebook uses by posing as a Friend's email that invites you to view a video of yourself caught on camera. Once you accept the email, it asks you to download a plug-in (a new Flash player) to view it. You may feel this is reasonable since the Friend's email even has their Facebook photo attached. Once you agree and download the bogus Flash player, the virus is entrenched on your system. This new version of an old virus has key logging capabilities which means anything you input into your computer can be captured and forwarded to another system- the bad guy's! Note- Watch for a .cz domain name which is a give away or if you know you have the latest Flash Player update (Adobe Flash Player version 9.0.124.0- Aug. 7, 2008)3.- Retention- Your computer keeps records of all the web sites you visit including pages accessed, the frequency, duration and related temporary files. It keeps logs which can be easily revealed to show your recent computer use and to track your Internet & network activities and email and instant messaging activities.
EMAIL Spam
Most people have several email accounts for personal and business use which all contain personally identifiable information used for different reasons. Despite using aliases or other methods to hide your identity, all communications are traceable back to your computer's origin-including proxy servers. On your own computer, it does not care what information you would prefer to keep confidential. Files are retained on all email (opened or not) and the content that you viewed, received or sent. Regardless of whether you wanted it to or not. Even those embarrassing emails that are soliciting favors, selling little blue pills, etc.
What can I do to protect myself from spam email? 1.- Be wary of opening any email you are not very familiar with. Thieves are making email look and feel like the real thing including knocking off real logos from financial institutions. 2.- Shun and delete email that suggests any "Urgent call to action" on your part. When opened, you can be re-directed to pop-ups or links which are bogus. Typically, you will find the URL (located in your address bar- which shows what web site you are currently viewing) will not be legitimate. For example, instead of showing:
http://www.bankof america.com/personal_accounts_help/info.html - a false web address will appear which a completely different location, like: http:iamabout2ripuoff.com/give_me_your_bank_acct#.php
These types of emails are created to scare you into revealing personal info over the Internet that info can later to used to simulate a new "you"- the one from the dark side:) If you open one by mistake. be sure to check to make sure the site you have reached is legitimate. Start a new session on your browser by clicking the IE icon in the bottom left of your screen & type the real web URL (www.mybank.com) in your address bar. The web sites the thieves have created can look and fell link the real thing.
We have not come across any legitimate bank that would ask for personal details, like account #, password, name, address, etc. in order to conduct a transaction of an urgent nature. A prime tip off for you is that the address bar will not change the URL from http:// to https:// indicating you have reached a secured connection. If you think a site is bogus or may have revealed your information to a illegal site, pick up the phone and call your bank to confirm. 3.- To see a recent list of recent scams , check out the Royal Canadian Mounted Police site: phonebusters.com . There is the ability for you to report suspended fraud activities. 4.- Make sure the antivirus or internet security package has a good spam email filter and firewall. Windows Defender does not full into the class. Take the time to identify to the software which email address you are prepared to accept email from. Will it protect you from every bad email. No!
You need to practice you own form of due diligence. A data destruction program will further assist you in eliminating the deleted email, programs and files. As a precaution when we open an fraudulent email, we will go to our last "Restore point" in Windows and restore our computer to an early time to help delete the installation of harmful software contained the email. Office software files, emails & their opened attachments are recoverable even if you delete them in your email program or from your Recycle bin. File recovery software programs are readily available. Anticipate that everything you have typed, sent, received, viewed or loaded on your system can be retrieved unless you take preventative measures.
No one will dispute the benefits of e-mail for delivering & receiving and distributing small or large volumes of information quickly and cheaply. The web is a fantastic resource for finding and gathering information on a wide variety to topics. On the other hand, the same characteristics can work against you without some discipline on your part to control their use. For example, it is easy to send an email in anger or more often, when sufficient care is not taken in the wording or meaning. Human curiosity drives searches for information or content- in intentionally or otherwise that can leave you exposed. Spam messages are retained in your inbox regardless of whether you wanted to receive them. Instant messaging leaves a trail of the content of the conversation on your system, their system(s) and the service provider's system.
In a business situation, the employer is usually held responsible for the actions of their Staff in manners involving harassment, obscenity or defamation and abuse of IPR's in the course of their employment or even incidental to their employment. It is wise not to use your employer's systems for your personal email, chats or personal searching.
Authorities are becoming more adept at tracking down perpetrators and spammers with the cooperation of internet service providers and employers. No organization is immune to inter- office e-mail or systems being used to spread or store appropriate and illegal images, copyrighted materials, etc. Governments have passed or are contemplating much tighter controls and laws over spam email. Though some laws are bring counteracted somewhat by personal privacy laws. Recent news stories indicate that despite their best efforts that over 75% of all email is spam related. Spamhaus has been monitoring the origins on bogus email worldwide indicates the worst offenders operate openly in the United States- China- Russia- South Korea- Germany- Japan- Canada- France & Italy- respectively. A recent large bust by police in New Zealand will probably result in fines for the perpetrators in the million dollar range- a fraction of what was made with no guarantee the abuse will stop. Due to international reach of email, major industrialized nations are not doing enough to curb abuse despite the high cost of wasted time and productively estimated at over $50 billion a year.
Even ignoring the nuisance factor, spam creates congestion on the communications networks driving the cost we all pay to use the Internet. What is more disturbing is that spam causes an atmosphere of distrust and lack of confidence surrounding the reliability of Internet use. Should these countries decide to get tough on spammers, it will not prevent them from launching attacks from other jurisdictions. We define hard core spam as the type that tries to scams money and soft core as advertising. Since most providers of services and software participate in spam email and monitoring, the fight will be more over who can send legitimate spam. Expect more volume over the coming months, unless you decide to be more proactive in blocking new sources. Downloading free or shareware software is a large source of spam and spyware. Offers to buy software licensed programs at a tenth of their original selling price is just an invitation to be bombarded by with all sorts of operating and legal problems. Even the P2P and torrent programs that allow file sharing are full of intrusive programs, such as players, spyware, let alone the actual files themselves that are of dubious origin and content.
Should you already be inundated with spam email, it maybe a good idea to consider a new email address where you can have a fresh start and better control over your contacts to avoid future infestations. People on your contact list can be easily transferred and will not mind knowing you have a more reliable service since their identity is also at risk. Free email services are becoming more intrusive as they build a profile on your use and preferences and sell your email addresses unabated to others. By clogging our screens with advertising, they can target the types of spam and volume you receive based on which email you open and ads your click on. This practice is what scares legislators the most since they sure do not want to appear to be picking on the Microsoft's and Coke's of the world.
Advice:
Personal:
So what constitutes computer abuse and obscene materials? If you find the an e-mail or material offensive, rude or even very suggestive, it will probably be considered offensive to others. Since cut & paste and forwarding is so easy and inexpensive, a spammers biggest asset is their mailing list which they buy or trade to others over and over again. Many email lists grow into the hundreds of the thousands of names.
The first step is to conduct your own computer use in a responsible and safe manner as follows:
- Do not getting caught up a ring of cc'd e-mails and attachments, especially involving co-workers, since your e-mail address will appear in the forwarded message.
- Do not use third party email services at work, such as hotmail, yahoo or an instant messenger program. Your interactions and messages will likely be retained by the system(s).
- Read over your organization's "Systems Acceptable Use Policy" (SAUP) and stick to the guidelines. Violating these Policies has resulted in many "stand back from your computer & clean out your desk" situations.
- Invest half an hour a week cleaning out your in and send box. Save only items that are of genuine value to a separate directory or files for historical purposes.
- Do not open or respond to unknown emails since they help spread your own personal address e-mail around the internet. If your email package allows it, blacklist these unknowns and delete the email(s).
- Run a comprehensive form of data destruction program to cleanse your own Recycle bin old email, instant messaging, uTube traces, etc. and wipe them from your drives using a choice of strong algorithms. Use it whenever you want to make sure a file is unrecoverable. As a routine, schedule a cleaning at daily or at least weekly to cover all bases. You can not rely on emptying the Recycle bin using the desktop icon or deleting the file manually in My Computer. Programs you have uninstalled or deleted will need some extra effort to find the left over files- shareware programs are the hardest to delete since they want to stay on your computer to track your activities- toolbars, P2P programs, bit torrents, free virus-spyware programs, such as iMesh, uTorrent, Spy Sheriff, etc.
- Do not send an email or participate in a chat or blog using content that you would not write out on paper and hand personally to the other person.
- Do assume that the organization you work for does not notice that the amount of personal use time your spend and overheads you incur on their systems, printers and other resources. This is something that computers do exceptionally well.
Organizations:
Organizations and companies need to take a pro-active role to keeping their their information and Staff safe. Consideration needs to be given to complying with local and federal laws. For those trading or exchanging information internationally, due diligence must be exercised to satisfy other
national requirements.
- Ensure your "Systems Acceptable Use Policy" (SAUP) is up to date, relevant, enforceable and distributed often. It is not enough to just rely on a Staff member's consent to your SAUP that involves monitoring. There need to be justification in the interest of providing a balanced approach to preventing outside intrusion and that other alternatives have been thoroughly investigated.
- Determine "Whom, When and Where", it is value to the organization to have access to the Public internet or email system and which users absolutely need access through permissions. For example, the shipping department does not need access to human resources records and vice vera. - Web sites- Do not post personal email addresses on your site unless you want to receive a considerable amount to spam generated from spiders that crawl web pages looking for that information. It is sometimes more effective to change site email addressees frequently that to try to combat mounting spam- after the fact.
- We have found the company- sponsored blogs are not the place to air out differences or opinions in public.- Antispyware software is a necessity in preventing your systems from becoming compromised by botnets through false emails and bogus web sites which can emulate your network addresses and take control of your system operations.- a Firewall program is your first line of defense when it comes counteracting abuse. The program needs to be able to block or blacklist incoming and outgoing traffic you decide is inappropriate. The time you spend setting up & training the software is well worth it in the long run since intruders are always persistent. The Windows firewall in our humble opinion is far to basic and predictable because of its wide spread use. We suggest the following standalone program or one bundled with an antivirus or Internet security program. In terms of your organization's systems monitoring, applications need to flexible enough to blend in with your User Policies. They should not put undue strain or excess overheads on your servers. There are several other considerations that need to be addressed since computer security is an important need in every facet of your operation.
