Security Corner


July 21, 2010  1:23 AM

Facebook is in trouble with Germany

Ken Harthun Ken Harthun Profile: Ken Harthun

The German government has very strict privacy laws and they like to enforce them. Specifically, saving private information of individuals who don’t use the site and haven’t granted it access to their details is a no-no.

An official in the German government recently accused Facebook of illegally accessing and saving personal data of people who don’t use the social networking site. I’m sure it happens through their “tell a friend” feature. In fact, Facebook has asked me to upload my contact list from my email accounts–the “tell a friend” thing–so that Facebook can then invite those people to join under the strength of my recommendation. That’s OK, but apparently Facebook retains the contact information, whether or not the people choose to join; that’s not OK particularly to the Germans.

“We consider the saving of data from third parties, in this context, to be against data privacy laws,” Johannes Caspar, a German data protection official, said in a statement. Facebook has until Aug. 11 to respond formally to the complaint.

I support Germany’s position. I use Facebook mainly to keep up with other family members and friends that are scattered about the world. At one point, I started taking on “friends” whom I really don’t know on the basis of their being “mutual friends” of my friends. I recently decided that, beyond my real friends and family, I don’t want connections. So, short of just canceling my Facebook account completely, I’m eliminating connections with anyone whom I haven’t personally had contact with. In other words, if I haven’t interacted with them on a social level, they’re gone.

And I certainly don’t want Facebook to share my email address with others or even keep it on file.

July 19, 2010  1:28 AM

Sunbelt’s ClearCloud DNS Sneak Peek

Ken Harthun Ken Harthun Profile: Ken Harthun

Sunbelt Software, maker of Vipre Anti-Malware software, is about to release a new DNS service, ClearCloud DNS, that is designed to prevent users from  inadvertently accessing dangerous websites. The service is so new, that Sunbelt hasn’t even finished building their website about it. As I write, the “What is ClearCloud?” page on their site, http://clearclouddns.com, still has Greek text in place–you know, the “Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce auctor mollis luctus” stuff. However, one server at 74.118.212.1 is functional at this time.

They do have some information in their FAQ:

What is ClearCloud™?
ClearCloud is a service that provides safe and reliable web browsing by preventing you from going to websites that are known to perform malicious activity. It’s like having a GPS in your car that won’t let you turn down a street with known criminal activity.

How does it work?
At heart, ClearCloud is a DNS server. DNS stands for Domain Name System. Every website on the planet is located by a number address, known as an IP address, similar to a phone number. For example, Sunbelt’s IP address is 64.128.133.180. While some folks can remember the phone numbers of all of their friends and family, most of us save phone numbers in our cell phone by their names.

DNS works the same way. It’s really a big phone book of all the IP addresses and website names, known as URLs (Universal Resource Locator), the address “name” of the website. It’s much easier to remember “www.sunbeltsoftware.com” than to remember “64.128.133.180.”

I’ve been using OpenDNS for a couple of years with filters enabled, but it appears that Sunbelt Software is being proactive about not even listing the DNS addresses of known malicious sites. Malware that assumes you’re just using regular DNS may try to trick you with a spoofed address like CityBank.com to get you to go to a bad site. That site won’t be available if you use ClearCloud DNS.

I’ll keep you posted on this, but if you’d like to check it out, you can visit their site and see for yourself.


July 18, 2010  4:21 PM

I Just Scored 65.1% on the LastPass Security Challenge

Ken Harthun Ken Harthun Profile: Ken Harthun

Last week, I posted the results of my first LastPass Security Challenge where I scored 55.7%. I was a bit shocked that my security was lacking and vowed to fix it:

You can bet that I’m going to be hard at work fixing these issues and I’ll take the challenge again and again until I’m satisfied with the score. I plan to address one issue at a time to see how it affects the score. As I complete each stage, I’ll post the results here along with an explanation of what I did.

The first thing I did was address the duplicate password issue on 48 sites. On those sites, the password was actually quite strong at 10 characters long, but the number of duplicates lowered the overall password strength rating to under 5%. On each of the sites, I used the LastPass secure password generator with options set to use 10 characters consisting of upper and lower case letters and numerals (this passes my password meter test with a rating of “Strong”). Here are the highlights:

  • Top strength rating for passwords is 100% – my average is 58.9% Still way too low.
  • 20 unique passwords are used on more than one site – a definite no-no.
  • 141 sites are using duplicate passwords – some of these are OK, but poor practice.
  • 42 of my passwords score below 50% strength rating.
  • Average password length is 8.4 characters – slightly improved.

Will I ever get a 100% rating? Probably not, since there are sites I have stored in LastPass that I don’t consider important enough to devote any time to securing (news sites, blog comments, and the like). But I do intend to keep working on this until I get the highest rating I can attain without unnecessary effort.

You have to be a LastPass user to take the security challenge, but if you are, give it a try and see if you can beat my score! https://lastpass.com/?securitychallenge=1.

Stay tuned.


July 17, 2010  11:20 PM

OMG! My Account is Pending Suspension!

Ken Harthun Ken Harthun Profile: Ken Harthun

I got this email last week and I confess that my initial reaction was one of concern and disbelief. Then, rational thought took over and I realized that I don’t have any association with Citibank. Here’s what it said:

Subject: Account Pending Suspension

Dear Citibank client,

You account may have been used by a third party.  For your
protection, we decided to suspend access to it.

To  remove the suspension, please confirm your identity
with us.

To do this, please download and complete the attached
html form.

We are sorry for the inconvenience, but your security
is our primary concern. 

Kind Regards,

Customer Service

Copyright © 2010 Citibank

If you take the bait, here’s the page you get:

Obviously, this isn’t a Citibank site, but I’ll bet some people have fallen for it. I’ll also bet their bank accounts have smaller balances than they should have!


July 16, 2010  2:07 AM

Novel Password Generation Idea That Helps You Save Money

Ken Harthun Ken Harthun Profile: Ken Harthun

Save money by generating passwords? You read it right. As far as I know, this is a completely original system that is a perfect incentive for everyone to generate secure passwords. If you use this system faithfully, it will help you save hundreds–maybe even thousands–of dollars per year; at the same time, it will keep you secure on the web. Of course, you could just use LastPass, but who am I to tell you what to do?

Open your wallet. You heard me–this requires cash to implement. Grab the largest denomination bill you have in there (mine is completely empty…). The bigger the bill, the more money you’ll save.

Look at the serial number; it should be at least 10 characters (that’s what it is on my dollar bill–actually, it’s my wife’s money… I’m broke).

Type the serial number into a text editor, shifting every other character.  That’s your password. Here’s an example: My dollar bill has the serial number B86407872D. That becomes B*6$0&8&2d (note that shifting the case of an already capital letter reverses the case–D becomes d). Take a pencil and make a note in the white space on the bill what this password is used for. Fold it up and put it back in your wallet where you won’t spend it.

How does this help you save money? Well, now you can’t spend the bill because its serial number is your password reminder. Don’t cheat and write the password down; it defeats the purpose. I recommend you use 20’s, 50’s and 100’s as they can add up quickly depending on how many secure passwords you need. Now, when it comes time to change your passwords, simply use new bills and deposit the old ones into your savings account.

If you use 50’s for six passwords and change them every three months, you’ll save $1200 a year.

In my case, I’ll save $24 a year, but, hey, that’s a nice dinner out as a reward for being security conscious.

I hear the moans and groans, people. Yes, it’s very insouciant of me, but I’m not kidding. It does work.

Your comments?


July 11, 2010  11:30 PM

I Just Scored 55.7% on the LastPass Security Challenge

Ken Harthun Ken Harthun Profile: Ken Harthun

Back in 2010 February, I wrote about LastPass and touted its ease of use. I also talked about how easy it made the habit of using secure passwords:

Besides the convenience of having all of my site login information in one place I like the the way LastPass makes it easy for me to use secure passwords. Since all I have to remember is the master password to be able to log into LastPass, I don’t have to fudge around with mnemonic systems and such to make easy-to-remember complex passwords; I simply use the program’s built-in password generator to get strong, random password strings.

What I didn’t realize (until today) was how insecure I really am. The LastPass Security Challenge securely analyzes the strength of your passwords, alerts you if you have any duplicate or weak passwords, and tells you how to make them more secure. Of course, being a security wonk who has written countless articles on the subject, I know how to make them more secure. The problem–I’m embarrassed to say–is that I haven’t even taken my own advice.

For obvious reasons, I don’t want to give away too much information; however, I’ll hit the highlights:

  • Top strength rating for passwords is 100% – my average is 57.1% Yikes!
  • 25 unique passwords are used on more than one site – a definite no-no.
  • 204 sites are using duplicate passwords – some of these are OK, but poor practice.
  • 48 of my passwords score below 50% strength rating.
  • Average password length is 8.3 characters – 10 characters would be better.

You can bet that I’m going to be hard at work fixing these issues and I’ll take the challenge again and again until I’m satisfied with the score. I plan to address one issue at a time to see how it affects the score. As I complete each stage, I’ll post the results here along with an explanation of what I did.

I also want to give a mention to Steve Gibson who does the Security Now! podcast with Leo LaPorte each week. Episode 256, “LastPass Security,” delivers Steve’s “long-awaited, in-depth review and evaluation of LastPass. Steve explains the nature of the need for high-security passwords, the problem that need creates, and the way the design of LastPass completely and in every way securely answers that need.”

You have to be a LastPass user to take the security challenge, but if you are, give it a try and see if you can beat my score! https://lastpass.com/?securitychallenge=1.

Don’t forget to leave your scored in the comments.


July 11, 2010  9:54 PM

How to Recognize and Avoid Email Scams – Part 3

Ken Harthun Ken Harthun Profile: Ken Harthun

In Part 2 I gave you some real examples of common email scams and some analysis to help you recognize them. In this, the final installment, we’ll explore Trojan horse emails, phishing scams, and the Nigerian 419 scam. I’ll also leave you once again with the US-CERT tips on how to avoid the common scams.

The Trojan Horse

Just like that historical gift the Greeks gave to the citizens of Troy, the Trojan horse email is a masquerade. Regardless of whether it appears desirable or something requiring attention, it actually contains a dangerous payload. Here’s a copy of a real email reported to snopes.com that contains Trojan-laden attachments, the usual means of spreading the malware:

From: Internal Revenue Service (fraud.dep@irs.gov)
Subject: Complaint Case Number 98473953 against Edward Walsh

Dear Edward Walsh,

You have received a complaint in regards to your business services .The complaint was filled By Mr. Kevin Ferguson on 05/29/2007/

Complaint Case Number: 875487596
Complaint made By Consumer Mr. Kevin Ferguson
Complaint registered against : – TildenPacific Property Trust
Date: 05/30/2007/
Instructions on how to resolve this complaint as well as a copy of the
original complaint are attached to this email.

Disputes involving consumer products and/or services may be arbitrated.
Unless they directly relate to the contract that is the basis of this
dispute, the following claims will be considered for arbitration only if
all parties agree in writing that the arbitrator may consider them:
Claims based on product liability;
Claims for personal injuries;
Claims that have been resolved by a previous court action, arbitration, or
written agreement between the parties.

The decision as to whether your dispute or any part of it can be
arbitrated rests solely with the IRS.

The IRS offers a binding arbitration service for disputes involving
marketplace transactions. Arbitration is a convenient, civilized way to
settle disputes quickly and fairly, without the costs associated with
other legal options.
© 2007 Council of IRS, Inc. All Rights Reserved.

Just so you know, the IRS does not initiate taxpayer communications through email and I’m sure other countries’ revenue authorities don’t either.

The Phishing Scam

Phishing scams are emails designed to obtain someone’s private personal and financial information such as credit card accounts, bank account logins and passwords and other sensitive information. They are often disguised as being from the financial institution or credit card company itself, like this actual PayPal phishing scam:

Security Measures – Are You Traveling?

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

We recently noted one or more attempts to log in to your account from a foreign country. If you accessed your account while traveling, the attempt(s) may have been initiated by you.

Because the behavior was unusual for your account, we would like to take an extra step to ensure your security and you will now be taken through a series of identity verification pages.

IP Address       Time       Country
80.69.115.16  Oct 27, 2005 12:47:01 PDT Germany
80.69.115.16  Oct 29, 2005 18:37:55 PDT Germany
217.160.77.45 Nov 14, 2005 16:42:16 PDT United Kingdom
217.160.77.45 Nov 15, 2005 16:58:03 PDT United Kingdom

Click here to download PayPal security tool

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.

We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.

Thank you for using PayPal! The PayPal Team

Looks official, doesn’t it? Well, if the person clicks the link, an executable, named ‘PayPal-2.5.200-MSWin32-x86-2005.exe’ is downloaded. That program is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for ‘paypal.com’ will be transparently redirected to a phishing website. Were the person will be asked to enter credit card information. Gotcha!

The Nigerian 419 Scam

The perpetrators of Advance Fee Fraud (AFF), known internationally as “4-1-9″ fraud after the section of the Nigerian penal code which addresses fraud schemes, are often very creative and innovative. They are also often quite gullible, if not downright stupid. If you want a good laugh, visit www.419eater.com and see what the scambaiters are up to. The email exchanges posted there are absolutely hilarious at times. A WARNING, though: 419 scammers are not nice people, they are thieves, liars, and generally very nasty, therefore you can expect some small use of adult language and themes on that website.

The dead giveaway that you have received one of these scam emails is an offer by the sender to transfer millions of dollars to you for whatever reason they invent in their particular version of the scam. Here’s an actual letter:

Subject: HELP ME TO SPREAD GOODNESS

My beloved,

It is my pleasure to contact you for a business venture which I intend to establish in your country.Though I have not met with you before but I believe, one has to risk confiding in someone to succeed sometimes in life.

There is this amount of FIFTEEN Million US Dollars which my Father deposited with a security company which he wanted to used for his political ambition in our Country before he was kidnapped and killed by unknown gun men. Hence my father and mother is dead, I do not have any other hope rather than this funds which is why I contacted you.

Now I have decided to invest these money in your country or any where safe enough outside Africa for security and political reasons. I only give all praises to God who made every thing to be like this, my father is gone, I can count you as my father if you wish to be a Daddy to me. [Pass the sickbag]

Hence this investment shall be made in your company upon your withdrawal of the consignment, I do not have money to work on this and will commit suicide and die [And die? Suicide just isn’t good enough these days] if I cannot secure my late father’s treasure which he got for his family.

I want you to help us claim and receive the consignment which will be sent to you through diplomatic means to your address to avoid any traces of the funds and to enable you plan for the investment in your Country.

I will like to invest part of the money into these three investment in your Country but, if there is any other business that is better than my suggestion, I will be very glad to follow your advice.

1). Real estate
2). The transport industry
3). Five star hotel

If you can be of an assistance to me, I will be pleased to offer to you 20% Of the total fund while the balance will be invested by you. I need your understanding and honesty to this project, I assure you to always be your brother.

I await your soonest response.

Respectfully yours,
Miss Jani Adams

I hope you are now better equipped to spot email scams on your own and know how to handle them (DELETE!). Nevertheless let me refresh your memory on those tips from US-CERT:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security


July 7, 2010  12:42 AM

How to Recognize and Avoid Email Scams–Part 2

Ken Harthun Ken Harthun Profile: Ken Harthun

In Part 1, I presented the FTC’s list of the 12 most common email scams and a few of their tips for protecting yourself. In this issue, we’ll explore email scams in more detail and repeat the tips for how to avoid them.

As we learned, email scams continue because they are profitable. Savvy scammers can send out millions of emails per day and even if just a small percentage of people are duped, the numbers can be huge. Obviously, you don’t want to be a victim, but some of those emails can be very convincing; how can you recognize a scam? As always, “if it sounds too good to be true, it probably is”. Let’s look at some actual examples, many of which are being caught by my email spam filters.

Business Opportunity Scams

Most of these scams promise a lot of income for a small investment of time and money. Here’s one I get almost every day:

Subject: ***Automated Money Making System – set up it ONCE – forget about it and make money EVERY day***
From: “Giedrius”
Date: Mon, 1 Jun 2009 15:17:36 +0300
To: <xxx@xxxx>

Dear Internet Friend,

Find out the completely automated twitter growth & money making system for people that want to set up a system ONCE, forget about it, and have it grow and make money EVERY day!

http://twitter.8.sritis.lt

Sounds tempting, doesn’t it? Just set up your Twitter account to do this and get rich – Not! A couple of things stand out: 1). I don’t know anybody by the name of “Giedrius” and 2). I’ve never done business in Lithuania (.lt). My spam filter caught this, but not everyone is as lucky.

Work At Home Schemes

E-mail messages offer the chance to earn money in the comfort of your own home.
Here’s one:

Subject: 400 tested “Work at Home” websites
From: “WEB Review Agency”
Date: Sun, 31 May 2009 20:10:19 -0400
To: <xxx@xxxx>

——————————————–
See instructions above to stop receiving announcements from this advertiser.
This announcement is sent via your permission from a partner site.
To stop further announcements: http://racerring.com/dbm83/httpd/forms/ddce3cau.php?101253&16219614

Or Write:
Pacific Valley West, LLC
375 N. Stephanie St., Suite 1411
Henderson, NV 89014

That’s a real street address, but no “partner sites” I belong to have permission to send me anything unsolicited. Completely bogus.

Easy Money

These are similar to Business Opportunities scams which often tout the ease of getting into the business. Offers such as “Learn how to make $4,000 in one day,” or “Make unlimited profits exchanging money on world currency markets,” appeal to the desire to “Get-Rich-Quick.” Here’s an excerpt from one I get all the time: “Your blueprint to $48,000 a month passive income!” If it’s so easy, why aren’t we all millionaires? And why are they selling the information instead of working the plan themselves?

Investment Opportunities

These scams may tout outrageously high rates of return with no risk: “Get a Forex Robot that is capable of doubling your money every month!” This implies that all you have to do is use the robot and double your money. Often, there’s wording to suggest the promoters have high-level financial connections; that they’re privy to inside information; or that they guarantee the investment.

Get Something Free

The lure of valuable, free items — like computers or long distance phone cards — gets consumers to pay membership fees to sign up. After they pay the fee, consumers learn that they don’t qualify for the “free” gift until they recruit other “members.” It’s really a pyramid scheme in disguise. Here’s one, and what do you know, it’s our old friends Pacific Valley West from the work at home scam above:

Subject: Receive a Free DELL Laptop Computer
From: “Confirmation Number – DLL6752″
Date: Mon, 01 Jun 2009 11:44:22 -0400
To: xxx@xxxxx

Confirmation Number – DLL6752
Recieve a Free DELL Laptop Computer: http://outerinside.com/dbm83/l.php?409827&16219614
——————————————
To Stop Recieving Announcements About This Offer:

http://outerinside.com/dbm83/l.php?409828&16219614

Take An Offer
1700 7th Ave.Suite 116 #363
Seattle WA 98101
——————————————–
See instructions above to stop receiving announcements from this advertiser.
This announcement is sent via your permission from a partner site.
To stop further announcements: http://outerinside.com/dbm83/httpd/forms/c26cbb9u.php?101772&16219614

Or Write:
Pacific Valley West, LLC
375 N. Stephanie St., Suite 1411
Henderson, NV 89014

Someone close to me once didn’t believe me when I told them this is a scam, so I locked down my PC and browser, set up a Mailinator email address and proceeded to “sign up” for my “free” Dell laptop. It wasn’t long before my friend realized that by completing all the “offers” I was required to complete to “qualify” for the laptop, I could buy one outright.

Health & Diet Scams

These offer “scientific breakthroughs”, “miraculous cures”, “exclusive products”, “secret formulas”, and “ancient ingredients”. The one below (the embedded image containing the actual claims has been stripped) claims that this “Power Colon Cleanse” formula will get rid of extra pounds and inches. More than likely, you’ll simply be flushing your money down the toilet (literally).

Subject: Lose the Waste, Lose the Weight?
From: Cleanse Your Body (CleanseYourBody@beneaththehorizonoasis.com)
Sent: Tue 6/02/09 12:44 PM
To: xxxxx@hotmail.com

<.jpg image removed>

These examples should give you a good idea of what an email scam looks like. In Part 3, we’ll take a look at Trojan horse emails, phishing scams, and the Nigerian 419 scam.

Now, let’s repeat those tips from US-CERT:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

See you next time!


July 4, 2010  12:13 AM

Network Gremlins Attack Bewildered Geeks

Ken Harthun Ken Harthun Profile: Ken Harthun

You just never know what you’re going to run into in this security business. Sometimes, what looks like a security issue isn’t one at all. Here’s one that had us baffled for a couple of days.

A small manufacturing firm specializing in small jet engines & parts (I’d love to have one of their 450 hp turbines in my car!) called to say that their network was “going up and down.” The owner was frantic and believed he had been hacked. The problem seemed to occur in the same time window every afternoon. When I and another engineers went out the next morning (thinking we would scan and clean any malware before the attackers accessed the system), the network was fine; all of the servers and PCs were up and responding. Malware scans found nothing–no viruses, trojans, rootkits or spambots. I told the owner that I believed he was clean and his network secure.

He didn’t believe me. He made me stay until the problem surfaced.

Sure enough, later that day, the gremlins appeared. Every XP machine would either get “Network Cable Unplugged” or “This connection has limited connectivity” messages. Same thing on the servers. A minute or so later, they’d re-establish connection and be fine for a few minutes only to repeat the same sequence over and over again. We watched this for an hour or so.

We figured it had to be a problem with the 3Com switch, so we put in a known-good spare and left it. Didn’t work. Same thing kept happening. It didn’t make sense that anything else could be responsible, except maybe for new manufacturing machines that were recently installed in the shop. Power surges from that equipment could be causing problems. So, we checked the line monitors and there were no obvious problems. We were off to the races.

I went into the system event logs on the servers and found hundreds of warnings and information entries that went “link down”/”link up,” many of them in the overnight hours. This being an industrial area, I began to consider dirty power and brownouts on the power grid as the source of the problem.

But they had a battery backup unit in place, so that should handle brownouts and filter any noise on the AC current. On a hunch, I went up and pulled the plug on the UPS just to make sure it was doing its job.

The network went down. Problem solved. Turned out to be a faulty UPS that wasn’t reporting itself as faulty.

Problem solved. Owner relieved. Network is still secure.


June 30, 2010  8:40 PM

How to Recognize and Avoid Email Scams – Part 1

Ken Harthun Ken Harthun Profile: Ken Harthun

I’ve written on this subject several times, but the message bears repeating. Email is the main source of all virus and Trojan horse infections on the Internet. This was true in 1996 when email was not nearly as widespread as it is today and it’s still true in 2010. While email provides us a convenient and powerful communications tool, it also provides cyber-criminals with an easy means for luring potential victims. The scams these criminals attempt run the gamut of old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you must understand what they are, what they look like, how they work, and what you can do to avoid them.

Email Scams are Profitable

UCE–Unsolicited Commercial Email, or “spam”–is the starting point for many email scams. Before email came along a scammer had to contact each potential victim individually by mail, fax, telephone, or direct personal contact. These methods would often require a significant investment in time and money. To improve the chances of contacting susceptible victims, the scammer might have had to do advance research on the “marks” he or she targeted.

Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. The economics of scale work in the criminals’ favor. In short, it’s cheap to scam people and it doesn’t take much to make a profit at it. Scammers only need to fool a small percentage of the millions of people they email for their ruse to pay off. Think about it: If you send out a million emails (most of the time, scammers send out many more than this) and one in 10,000 persons is duped, you’ll get 100 responses. If your scam nets $50 for each of those, that’s a cool $5,000. Not bad for a few minutes’ work.

Examples of Email Scams

The FTC has a list of the 12 most common email scams posted on their site (http://www.ftc.gov/opa/1998/07/dozen.shtm). Among those listed are these:

  • Business Opportunity Scams
  • Making Money By Sending Bulk E-Mailings
  • Chain Letters
  • Work-At-Home Schemes
  • Health And Diet Scams
  • Easy Money
  • Get Something Free
  • Investment Opportunities

Anyone who has an unsecured email account has seen one or more of these at one time or another. I used to get one every day from “Oprah Winfrey”–”Lose 20 pounds in 20 minutes [exaggeration] with Amazing Acai berries in your beer! [more exaggeration].” Most people don’t fall for them, but most scammers are much more subtle.

Next time, we’ll explore email scams, Trojan horse emails, phishing, and more in much greater detail. For now, US-CERT recommends that everyone:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: