Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

"Attention Required"

I have a disturbing personality quirk. I have had it for a very long while, actually– I don’t respond well to the words “mandatory” or “required”, and I don’t do too well with “urgent” or “now!” either..

When someone (say, my mother) would tell me to, “get over here now“, I knew I was in trouble and I would move slower than grass grows.
When a Mandatory Staff Meeting was being held (back in the days before self-employment) I was famous for always having some trick worked out that allowed me to escape attendance.. because we all know that “Mandatory Staff Meeting” translates into English as “torture session – guaranteed to drive you insane.”

So, armed with that knowledge about me, you will understand why I ignored this e-mail for several days…
email
IRS Notification – Tax Refund – Attention Required.

.. and if you read me regularly (or, happened to catch this article) you know that when I did take an action on this e-mail, I marked it as Junk, unopened.

What?! (you say) How could I disrespect the IRS?! (you say)
Well, for one, the IRS does not e-mail you important documents (neither does your bank, or Pay Pal, or..). And, the IRS — like almost every other Government institution — uses “dot gov” in its URL. In fact, the Internal Revenue Service’s web address is www.irs.gov.
IRSscam

These particular phraudsters haven’t tried spoofing the URL, instead they’ve set up a similar looking name, hoping that I wouldn’t notice.
This classic phishing attempt is using “social engineering” to try to get me to reveal information that will allow cyber-criminals to adopt my identity. It is using my conditioning (to reacting) to Authority. It is appealing to my greed. It is telling me to “act now” (or miss out). In it is a hyperlink that would take me to a very realistic-looking fake IRS website.
This phraudster, or gang, probably had a network of zombie computers send out a million of these e-mails.. because he knows that for every phishing-savvy person, who deletes at a glance, there’s 3 who’ve never heard of phishing.

Tip of the day: Pay attention to details, and know that IRS phishing e-mails are an everyday occurrence, and an estimated 6,000 fake IRS websites are in daily operation. Don’t even open e-mails you suspect may be a scam.
Yes. I’m repeating myself. But, at least a part of someone’s identity is being stolen every two seconds (global) at an estimated cost to business of $25 billion a year. That’s 15,000,000 victims a year.

Today’s free link(s): Folks, I don’t usually do this (in fact, I never have before).. but I bet you don’t know that you have a heuristic bogus Website detector built right into your machine, and all you have to do is turn it on. I wrote an article on how to do that, and the link to it is here.

Firefox users have this protection as well, and it is already enabled. When you see this..
image
you’ve stumbled across a cyber-criminal’s site. I have been using the new version of Mozilla’s Firefox browser, Firefox 3, for a while now, and am satisfied enough to recommend it. To get it, or just read more about it, click here.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

July 24, 2008 Posted by | advice, computers, e-mail, Firefox, how to, Internet, Internet scam, Phishing, phraud, security, spam and junk mail, tech | , , , , , , | 2 Comments

IRS e-mail is ID Theft ploy (repost)

Too many obligations, too little time. When it rains, it pours. Etc. and so forth. And so today I must re-post a prior article. This article on e-mail security –and “phishing”– appeared quite recently, but it is tax season and the advice contained is important; so,…

The bad guys just keep getting better and better at what they do, and it is up to us to become ever more alert, wary, and defensive. Regular readers of this series will be aware of “phishing” e-mails, but for a quick recap; phishing e-mails are generally spam (unsolicited) messages containing a “hyperlink” (a click-able link to a website), and the link takes you to the spammer’s/hacker’s malicious website. The idea is (usually) to get you to enter information, which the bad guy can then use to fraudulently pass themselves off as you.. this is a type of Identity Theft.
(Folks, if you haven’t read Wikipedia’s page on phishing, may I suggest that you do? It is very enlightening and interesting. I have included a link in the second sentence– click on the [blue] word phishing.)

The odds are very, very good that you, Dear Reader, have already received –and recognized– a phish. Perhaps it was an <URGENT> email from some bank stating that “your information needed updating”.. and that you needed to hurry, hurry, hurry and do something about it.
Only, you have never banked at that particular bank.
(My example is often used for Pay Pal phishes, as well.)

There is a new phish that is aimed at those folks who are waiting for their tax rebate, and this phish is very well done. None of the ‘give-it-away’ amateurish typos and poor grammar are there; the page mimics the real site very well, and sometimes, the e-mail contains your name.
This is from a report by Message Labs:

“Spammers are taking advantage of the approaching tax season with a new outbreak of fraudulent e-mails about taxes. These fraudulent tax related e-mails appear to come from the IRS’s Web site, http://www.irs.gov/, but is actually a fake site hosted by spammers on domains originating in Russia and other former Soviet countries.
“They are working to convince consumers that these e-mails are real by making it seem like a real IRS site,” said Paul Wood, senior analyst at MessageLabs.

All links within these e-mails go to two or three phishing pages. If a recipient clicks on the link and completes the form requesting personal and financial information, the site then redirects to the actual IRS Web site.

“Some of these e-mails we’ve intercepted have a person’s name in them. Having these kinds of personal details make it more convincing,” Wood added.

I would like to remind you, Dear Reader, that reputable institutions do not use e-mail to notify you of “strange account activity”, nor to get you to “update your information”. The IRS is no exception.
I would also like to take this opportunity to remind you not to click on links you receive in e-mails, but to Copy >Paste the link into your browser’s address bar… and if the e-mailed link was unexpected and unsolicited, don’t even do that.

I also recommend you turn on your browser’s phishing filter if you haven’t already done so. My How To is here, https://techpaul.wordpress.com/2008/01/18/phishing-phraud/.

Today’s free link: As my loyal readers know, I like to play games on my computer from time-to-time. While drag racing is not really my thing, I did have fun with the online game Street Challenge. If you’re into fast cars and you like going for the checkered flag, check this game out.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 5, 2008 Posted by | advice, computers, how to, PC, Phishing, privacy, security, spam and junk mail, tech | , | 1 Comment

High quality IRS phish

The bad guys just keep getting better and better at what they do, and it is up to us to become ever more alert, wary, and defensive. Regular readers of this series will be aware of “phishing” e-mails, but for a quick recap; phishing e-mails are generally spam (unsolicited) messages containing a “hyperlink” (a click-able link to a website), and the link takes you to the spammer’s/hacker’s malicious website. The idea is (usually) to get you to enter information, which the bad guy can then use to fraudulently pass themselves off as you.. this is a type of Identity Theft.
(Folks, if you haven’t read Wikipedia’s page on phishing, may I suggest that you do? It is very enlightening and interesting. I have included a link in the second sentence– click on the [blue] word phishing.)

The odds are very, very good that you, Dear Reader, have already received –and recognized– a phish. Perhaps it was an <URGENT> email from some bank stating that “your information needed updating”.. and that you needed to hurry, hurry, hurry and do something about it.
Only, you have never banked at that particular bank.
(My example is often used for Pay Pal phishes, as well.)

There is a new phish that is aimed at those folks who are waiting for their tax rebate, and this phish is very well done. None of the ‘give-it-away’ amateurish typos and poor grammar are there; the page mimics the real site very well, and sometimes, the e-mail contains your name.
This is from a report by Message Labs:

“Spammers are taking advantage of the approaching tax season with a new outbreak of fraudulent e-mails about taxes. These fraudulent tax related e-mails appear to come from the IRS’s Web site, http://www.irs.gov/, but is actually a fake site hosted by spammers on domains originating in Russia and other former Soviet countries.
“They are working to convince consumers that these e-mails are real by making it seem like a real IRS site,” said Paul Wood, senior analyst at MessageLabs.

All links within these e-mails go to two or three phishing pages. If a recipient clicks on the link and completes the form requesting personal and financial information, the site then redirects to the actual IRS Web site.

“Some of these e-mails we’ve intercepted have a person’s name in them. Having these kinds of personal details make it more convincing,” Wood added.

I would like to remind you, Dear Reader, that reputable institutions do not use e-mail to notify you of “strange account activity”, nor to get you to “update your information”. The IRS is no exception.
I would also like to take this opportunity to remind you not to click on links you receive in e-mails, but to Copy >Paste the link into your browser’s address bar… and if the e-mailed link was unexpected and unsolicited, don’t even do that.

I also recommend you turn on your browser’s phishing filter if you haven’t already done so. My How To is here, https://techpaul.wordpress.com/2008/01/18/phishing-phraud/.

Today’s free link: As my loyal readers know, I like to play games on my computer from time-to-time. While drag racing is not really my thing, I did have fun with the online game Street Challenge. If you’re into fast cars and you like going for the checkered flag, check this game out.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

February 22, 2008 Posted by | advice, Phishing, privacy, security, spam and junk mail, tech | , | Leave a comment