Monday, October 27, 2008

Scam

This could happen to you. Over the weekend someone somehow accessed the email account of a staff member and sent this email out to everyone in the account:

Hi,
I am sorry i didn't inform you about my traveling to Africa for a program called Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education, the program is taking place in three major countries in Africa which are Ghana,South Africa and Nigeria. It as been a very sad and bad moment for me, the present condition that I found myself is very hard for me to explain. I am really stuck in Nigeria because I forgot my little bag in the Taxi where my money, passport, documents and other valuable things were kept on my way to the Hotel am staying, I am facing a hard time here because I have no money on me. I am now in debt of an hotel bill of $650 and they wanted me to pay the bill soon else they will have to seize my bag and hand me over to the Hotel Management., I need this help from you urgently to help me back home,I need you to help me with the hotel bill and i will also need $536 to feed and help myself back home. Can you help me with a sum of $1186 to sort out my problems here? I need this help so much and on time because i am in a terrible and tight situation here,I don't even have money to feed myself for a day which means i had been starving so please understand how urgent i needed your help.
I am sending you this e-mail from the city Lagos, I will appreciate what so ever you can afford to send me for now and I promise to pay back your money as soon as i return home,you need to transfer the money through Western Union, please email me back so that i can email you one of the Hotel Management name that you will send the western union to.
Thanks.
"Name of individual"

Tips to protect yourself:
1. Change your password frequently (using numerals)
2. Be sure your anti-spyware and anti-virus software are up-to-date

1 Comments:

Blogger John Voorhis said...

Some secure computing tips -
-Strong passwords are essential these days - particularly for online backing access, etc. A strong password is at least 8 characters, and should contain upper case, lower case and numbers. If the site / system allows – use “Extended Characters” such as _!@#$%^&*()-=_+ etc. Don’t use obvious words or phrases. Using a word, but replacing letters with a number (eg. J0hn or t3nth) isn’t much safer, as most dictionary attacks account for this.
- A good way to create a password that is strong and you can remember is to use mnemonics with a pattern, For example, I might use the first letter of a nursery rhyme, capitalize the last letter, put a number at the end, and put a extended character as the third character. For example, “Mary, Mary, quite contrary, how does your garden grow” would become mm*qchdygG7, Which a decently strong password.
- We all have a lot of passwords to remember, and a password utility such as KeePass (www.keepass.info) can help you create, save, and organize them. This utilities’ database is encrypted with DOD level strength, so your info stays safe. It will even generate very strong random passwords, and automatically type them in, so you don’t have to remember them. This is what I generally do. I have KeePass generate the strongest password the web site will take, and don’t even bother trying to remember it.
- Don't take a "Why would anyone do it to me? I'm nobody special." attitude. They don't know and don't care who you are, they just cast the widest net to get what they can. This is true for individuals and especially true businesses, large and small. Usually it’s not even an actual human; they typically will use “bots” or programs to try every possible angle to gain access to your system or information.
- Don’t surf to sites where you have to put in sensitive passwords or info from computers that are used by anyone else (Libraries, schools, internet cafes, etc). It is very easy to put programs or devices to capture keystrokes as thus passwords
- Don’t surf to sites where you have to put in sensitive passwords or info, while using a wireless connection that isn’t secured and encrypted (i.e. internet cafes, Starbucks, Panera, libraries, many hotels, etc.). It is fairly easy for hackers to “sniff” (listen in) on other people’s web browsing traffic on those systems. If you have to do this, use a VPN if one is available to you from work before starting to surf.
- Make sure that any site at which you are entering sensitive info is legitimate – if in doubt use Google and enter the web address and see what other people have to say. Also, use the same common sense precautions you would with unsolicited phone calls. For example, if you get an email alerting you to a problem with an account and asking to enter or update information, verify it with the source via another means such as getting the phone number from a trusted source and calling instead.
- Be careful with unsolicited emails. Don’t trust those emails even if they look legit or are from someone you know. The above is a perfect example, it came from the individuals actual account, and even was signed in the unique way the individual usually sign’s their emails. As well, many times a link will look like it is going to a trusted site (such as your bank’s web site, like this: http://www.commerceonline.com), but is really going to another site that is nefarious in nature. Ask yourself: “Do I really need to take the chance of infecting my computer just to see some pictures of puppies” or whatever else was sent?
- Make sure that any site at which you are entering sensitive info is encrypted – look for your browser’s indicator that it is encrypted, usually a padlock icon in the address field.
- Use a good well know antivirus / antispyware / anti-phishing software (usually call an Internet Security Suite), such as Symantec, McAffee, AVG, or TrendMicro and keep it up-to-date. AVG makes a decent free product, and you can scan your computer for free right from the web by visiting http://housecall.trendmicro.com. Even if you are using another product, I suggest scanning with Housecall from time to time to, as it will catch things the other won’t.
- Use a firewall – Windows XP and Vista come with a built in firewall, as do most Internet Security Suites. If you have it, turn it on.


John Voorhis,
Chair, IT / Webcast committee

11:01 PM  

Post a Comment

<< Home