Keeping Your Email Account Safe

Email users can help reduce the spam outflows in the Internet. When a user signs up for something online, he should be careful while checking checkboxes and must not check checkboxes for additional offers. Else, he will receive email from partners of the site he signed up at. It is advisable to use freebie accounts to fight spam. Create a few freebie accounts, direct them to your main account, and use those freebie accounts to sign up for something online. If an account is spammed disable or abandon it. One word of caution: Never use your primary email address to sign up for anything. At the very least a user should use three accounts: one for business, one for personal stuff and another for online shopping .

There are many freebie accounts available in the market today, the primary of which are AOL/AIM, AOL My eAddress, Excite, Fast Mail, Google Mail, Goowy, Hotmail/MSN Inbox, Lycos, MyWay Mail, Rock.com, and Yahoo!

If a user plans to use a freebie account as his main account, it is recommended that he use Gmail. Google Mail is arguably the most productive well thought out free email offering available, with highly efficient spam filters, loads of disk space for messages, and has Google with third party plug-ins to increase productivity.

There are also expendable email address services that have more selective disabling features than regular free email accounts. Having your own domain might include 50 to 100 email addresses as part of your hosting package. You can use these addresses for newsletter or shopping sign ups and redirect each account to a main account.

Whatever you may go about doing, never publish your main email address anywhere online. You can use freebie accounts, which can be dropped when necessary. Use a CAPTCHA image based code to separate spambots from human visitors. Encode your email address like me*AT#hotmail#DOT*COM so that humans can easily read them.

Few of the ISPs add junk mail header status information to messages passing through their mail servers. If the email client is suitable, you can write a “filter rule” to ditch any message whose header includes “X-Spam-Status:Yes”. The disadvantage is that there could be false positives on spam needing you to check the spam folder on a weekly basis.

You can also write your own command line email filters in a scripting language like Perl or Python; both of which have superior regex pattern matching abilities. Write a program to grab your email (copies) off POP or IMAP email servers. Build a frequency table for the keywords by saving the IPAddress information for each message. If the data is saved for long term profiling keep the spam information in a separate database. If some words in the message raise flags, compare their frequency counts against other words. This step should be manual until you build up long-term profiles. If its spam, delete the original copy of your mail server. An Operating System like Linux gives you the facility to integrate custom filters into your email client.

Phishing – Types And Precautions

The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing
Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

  1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
  2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
  3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
  4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
  5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing
People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

(more…)

Phishing – Types And Precautions

The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing
Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

  1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
  2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
  3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
  4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
  5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing
People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

(more…)

New Malicious Web Links Increase By 508%: says IBM

IBM’s X-Force 2009 Mid-Year Trend and Risk Report says that there has been a tremendous increase of 508% in malicious web links over Internet during first half of 2009. The malicious content was found even on trusted sites, including search engines, blogs, bulletin boards, personal websites, online magazines and mainstream news sites.

“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,”says X-Force Director Kris Lamb.

“The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content, and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”

Highlights of the report include:

Vulnerabilities rate decreases by 8%
The number of new vulnerability disclosures in the first half of 2009 was 3,240, an eight percent decrease over the first half of 2008. This is at the lowest level in the past four years. The number of new, high severity vulnerability disclosures is down by nearly 30 percent in comparison to 2008. Sun replaces Microsoft as the top spot of vendor with the most vulnerability disclosures. When it comes to OS vulnerabilities, Sun Solaris surpassed Apple in terms of new OS disclosures.

Spam and Phishing
In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. Online payment targets now make up 31 percent.

Malicious websites continue to flourish
The overall number of countries with at least one malicious link has significantly increased, up 80 percent over the entire year of 2008. The number of new malicious Web links increase by 508%. Malicious websites are opting new techniques to entice users to click on malicious links. Apart from Gambling and Pornography, Search Engines and Social Media Web sites like blogs and bulletin boards are also in the top categories of Web sites compromised or simply abused by attackers to host malicious links.

Trojans continue to take up a greater percentage of new malware
Trojans continue to take up an even greater percentage of the new malware discovered this year. They have increased by 9%, comprising 55 percent of all the new malware discovered in the first half of this year in comparison to 46 percent in 2008. Information-stealing Trojans are the most prevalent malware category.

Trends of Unwanted Internet Content
The report says that Unwanted or “bad” Internet content is associated with three types of Web sites: adult, social deviance and criminal. About 8% of current Internet comprises of unwanted content.

Conficker conflict
“Conficker was created by the cybercriminals as a platform for mass distributing any executable content they want – it can be an updated version of Conficker, and more importantly monetize this distribution platform by distributing other types of malware.

Blended threats such as Conficker will try to infiltrate systems using a number of possible means. Computers protected by weak passwords, unsecured shares and without latest security updates are more likely to be infested with Conficker worm. Infected removable devices (USBs and external hard drives) have high possibilities of spreading it.

This recent report from IBM exposes the dramatic increase in vulnerabilities and threats over Internet. It is a major concern this time where a vast percentage of businesses are shifting to Internet for transactions like marketing, selling, providing services, payments, etc. It also puts millions of internet users at stake. It is high time for online businesses and internet users to get aware of these threats and precautions.

Beware of eMail from US VISA Lottery

An email pretending to offer even to pay the flight ticket to US along with VISA and accomodation, is very rare to find. The new VISA lottery scam email interestingly has all these features. This scam email offers you a single visa for about 980 USD and a family visa for 1520 USD. A flight ticket along with accommodation in US! Very enticing, isn’t it?

But, “We advise everybody not to fall for such things because you will be very disappointed,”says Sorin Mustaca of Avira.

According to what he wrote in Avira’s blog

“And now, as usual, comes the funny part, as in any scam attempt we’ve seen.

  • Despite the fact that it is mentioned in the picture the “Asia-Pacific agent” for the VISA processing, the contact email addresses are in … Europe. They belong to a free web mail system in the Czech Republic.
  • The text is very hard to read because it is full of grammatical mistakes and sentences which don’t make too much sense.”

The image of this scam email is attached below.

Click to Enlarge
Click to Enlarge

Courtesy: Avira Blog.

Safety measures to buy a Product Online Securely

The main advantage of online shopping is its convenience where anybody can search and buy a product at a click of their mouse of their PC.

However, online shopping has some concerns and risks associated with it. A lot of these risks are basically people dependent and can be prevented by being a little vigilant and following some basic precautions.

Precautions to keep online shopping secure:

Selecting a website: It is little difficult to check for a reliable website for shopping online. As we know, creating a website is quite easy has no restrictions. One must make sure that the website that they are transacting with is reliable. Always opt for buying from companies you already know. If you are planning to buy from an unknown website, start with smaller orders till you are contented with their service and reliability.

The URL of the website also helps you to find if the website is reliable or not. It should start with https://. The “s” that is displayed after “http” indicates that Web site is secure. Often, you do not see the “s” until you actually move to the order page on the Web site.

Checking if website is secure: Make sure the website is consistent on security grounds. The company may be reliable, but if it has no proper mechanism to secure their customer’s information from hacking, it is troublesome. Try to find if the merchant stores your data in encrypted form. Be sure to read privacy and security policies of the website before providing your personal information to them.

Checking for its reputation: Though there is no good logic to prove relation between reputation and reliability, reputed businesses cheat very rarely. Thus, it is good to go with the reputation of the website before doing business with it. You can check this with the help of search engines. Reputed businesses often have first page search listings.

Checking for its usability: Usability of the website helps you to attain certain knowledge on its credibility. Popup windows are always troublesome while doing the transaction in any website. Stay away from popup windows, and if possible, from the sites which allow them.

Run Antivirus Software: Before doing any online transaction one must update their antivirus software, which can help you to stay secure from unwanted cookies and applications.

Reveal Only the Bare Facts: It is common for any online merchant to ask you to signup before ordering a product. However, make sure you disclose only data which is mandatory and makes sense to provide. You do not require providing your social security number to any eCommerce merchant. If the site is trying to push you on edge to get too much information, it is recommended to simply leave the website.

Rechecking: Before doing or finalizing payment to the merchant make sure that the shopping cart has all and only the products that you have selected. You can add or delete any product only at this stage.

Payment Options: When it comes to payment options for purchasing online, there are many options like credit cards, debit cards, cash and cheques. Of all these options, credit cards are the safest option for purchasing online. It is recommended to have a separate credit card for e-commerce purchasing so that it will help in tracking dissolute credit charges easily.

Recheck again: After the transaction is complete, recheck for transaction details. Try to record them if possible. Finally, don’t forget to sign off from the site.

Online shopping is a trendy boon for shoppers, only if they are cautious during the transaction.