Guide to safe internet use for children
vanish.org
Anonymity
Privacy
Security

Spam and Phishing
Spam
  • What is it?
    Spam is unsolicited or undesired email messages.
  • How do they do it?
    Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users address books. Botnets, which are networks of virus-infected computers, are used to send about 80% of spam.
  • Why do they do it?
    If spamming didn't work, spammers wouldn't send it.
    They are either trying to sell you something or they are trying to entice you into downloading software. This software will be used to harvest your financial information or to turn your computer into a bot.
  • Can I protect myself?
    Some people do, some people don't.
  • What do I do about it?
    That is the easiest part.
    When you receive it – You delete it!!!
    Under no circumstances do you click on any links.
    No matter how tempting.
    That includes the "remove me from this list" link.
    How easy is that – end of Spam tutorial.


Phishing
What is Phishing?
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as an email from a legitimate organisation. Communications purporting to be from popular social web sites, auction sites, online payment processors [including banks] or IT administrators are commonly used to lure the unsuspecting public.

These emails often direct users to enter details at a fake website whose look and feel are almost identical to the legitimate one An example of a phishing e-mail, disguised as an official e-mail from a bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. An attack email does not look to be too complicated to succeed.

How to recognize phishing email messages or links
Microsoft has a nice guide that explains what to look for. BustSpammers.com have two more examples of PayPal and Chase fraudulent emails.

Now for a practical demonstration. Try the SonicWALL Phishing IQ Test and see if you pass. An excellent tuition tool that will take you through all 10 answers [even if you scored 10] and explain how each question is set up.

What is Spear Phishing?
A type of phishing attack that focuses on a single user or department within an organization. Spear phishing attempts are not initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. The spear phishing emails appear to be sent from organizations or individuals the potential victim would normally receive emails from, making them even more deceptive. Most people know to ignore email overtures from a Nigerian prince offering riches in exchange for a bank account number. That is a scam, but what if the email appears to come from a colleague down the hall? And all he asks is that you add some personal information to a company database?

Examples of spear phishing emails are shown here and here and here.

Can I protect myself?
Unless you have access to large amounts of money or classified information it is unlikely you will become a target. Spear phishing takes time and money to set up and the rewards need to justify those expenses. It is much more likely that you will forget all you have read on this page and just end up being a bot in someone elses scheme.



Vanish.Org Copyright © 2006 All rights reserved