Online Safety: Trojans and Phishingby Brandon Clark

Blog, Special Interest June 17, 2010 9:54 am

By Brandon Clark, Harrell’s LLC Support Specialist

It’s hard to believe that email is almost 40 years old (Ray Tomlinson is credited as having sent the first email message in 1971). Today, pretty much everyone has an email address. For ease of use, reliability and convenience, you just can’t beat the good old email message.

As with any technology in widespread use (including email’s younger brother, the World Wide Web), there are folks trying to exploit email for their own personal gain, and at your expense. We’re all familiar with spam by now, and most modern email programs have some kind of spam filter that greatly reduces electronic junk mail, but some of the bad stuff still gets through. This article explains two common uses of email that make crooks a lot of money: trojans and phishing.

Falling victim to either of these can lead to identity theft, computer problems, loss of data, or someone taking control of your PC without your knowledge. Don’t be fooled by these types of emails, even if your junk mail filter is!

Trojans

Getting its name from probably the most famous event of the Trojan war (specifically, the Trojan horse), the trojan is a type of malware that you actually allow onto your PC, thinking that it’s safe. Trojans are primarily distributed via email, and show up as something fun and harmless, like a new screen saver, a hilarious video, helpful program, etc. You think you’re getting something interesting, but when you open the file, you release the bad code on your PC.

I remember my first day working a real technical support job several years ago. My boss ran into my office saying that his PC had a virus. On further investigation, I found that he double-clicked a file attachment in an email message that appeared to be someone at his bank.

“Do you know this person?” I asked. He admitted that he did not, that it was someone who apparently worked for the bank. I asked him what sort of file was included in the email, and he said the email promised that it was a “cool new screensaver” or something like that. I asked him if it made sense that someone at a financial institution would send out screen savers, and he admitted that it did not. He never had another issue with an email trojan as far as I know.

The lesson here is to never open an attachment in an email message unless you’re 99% sure of the source and the intent. Grandma sending photos? Sure, open away. A business partner sending an Excel spreadsheet? Probably fine. A message from UPS asking you to open the attached file, saying “we were not able to delivery postal package“? Delete!

The bottom line is that email trojans can be avoided (and deleted) easily — you just have to know the signs. If you’re not sure about a particular email message, ask your IT department, or contact the sender to find out if it’s really their message.

Phishing

Hyperlinks are an integral part of the Web and email. They really make life easy; instead of telling you that the Smithsonian has a really great Web site with a lot of good information (but sorry, you’ll have to ask around for the address), I can just say check out the Smithsonian’s web site and the link does all the work.

The problem with links is that they can lie. Did you click the Smithsonian link in the last paragraph? If so, you’ll notice that you went to the Museum of Science and Industry’s web site in Tampa. While this example is harmless, (the real Smithsonian web site is here, by the way) Internet crooks use a very similar technique to steal your bank’s web site login information.

Phishing scams frequently use the names and graphics of real banks to make you think they’re legit. They do a great job of looking like the real deal, when in fact all they really do is trick you into signing into a fake page with your username and password.

Here’s an example:

Notice the Bank of America logo at the top? The copyright notice at the bottom? Something about “security enhancement”? All lies in this case. This email was not from Bank of America. If the recipient clicks that link and attempts to sign in to update their account, they hand over their username and password to a 3rd party, which can be used by the scam artists to steal money and account information from the real Bank of America web site.

The good news is that spotting a fake is pretty easy if you know what to look for.

First, understand that a financial institution will never send you an email like this asking you to click a link to update your account. Always open a new browser window and type in the web address of the bank yourself: if you type out bankofamerica.com you’ll know that you will end up at the right web site. If you think your account might be in jeopardy, call the bank’s customer service number.

Your next line of defense is to keep in mind that the people behind these emails are generally not English majors (ok, that’s an understatement). Let’s look at some of the exact wording from this message:

• We have believed that someone other than you…
• ..we have temporarily suspend your account..
• Bank of America is proud to announce about their new…

Bank of America is a large company. They can afford proofreaders and folks who know how to use proper English. Occasional typos happen, but there are too many grammatical problems in the body of that email message for it to have any chance at being legitimate.

Remember when I said links can lie? Here’s how the bad guys make those links look real.

They will put a link into the email that looks like this:

If you look at the bottom left of your browser window, you’ll see where you’re really going:

Web addresses (also called URLs, or Uniform Resource Locators) are very exact. Making one tiny change to the part after the “www” can send you somewhere completely different. In the above example, you’re not going to bankofamerica.com, you’re going to rz.com. The part that matters most is what’s immediately to the left of the .com — that’s the actual domain.

Be safe out there, and if you have any questions, use the form at the bottom of this page.

Share : Tweet this Share on Facebook Digg this Delicious LinkedIn Email this