Security Corner

July 7, 2010  12:42 AM

How to Recognize and Avoid Email Scams–Part 2

Ken Harthun Ken Harthun Profile: Ken Harthun

In Part 1, I presented the FTC’s list of the 12 most common email scams and a few of their tips for protecting yourself. In this issue, we’ll explore email scams in more detail and repeat the tips for how to avoid them.

As we learned, email scams continue because they are profitable. Savvy scammers can send out millions of emails per day and even if just a small percentage of people are duped, the numbers can be huge. Obviously, you don’t want to be a victim, but some of those emails can be very convincing; how can you recognize a scam? As always, “if it sounds too good to be true, it probably is”. Let’s look at some actual examples, many of which are being caught by my email spam filters.

Business Opportunity Scams

Most of these scams promise a lot of income for a small investment of time and money. Here’s one I get almost every day:

Subject: ***Automated Money Making System – set up it ONCE – forget about it and make money EVERY day***
From: “Giedrius”
Date: Mon, 1 Jun 2009 15:17:36 +0300
To: <xxx@xxxx>

Dear Internet Friend,

Find out the completely automated twitter growth & money making system for people that want to set up a system ONCE, forget about it, and have it grow and make money EVERY day!

Sounds tempting, doesn’t it? Just set up your Twitter account to do this and get rich – Not! A couple of things stand out: 1). I don’t know anybody by the name of “Giedrius” and 2). I’ve never done business in Lithuania (.lt). My spam filter caught this, but not everyone is as lucky.

Work At Home Schemes

E-mail messages offer the chance to earn money in the comfort of your own home.
Here’s one:

Subject: 400 tested “Work at Home” websites
From: “WEB Review Agency”
Date: Sun, 31 May 2009 20:10:19 -0400
To: <xxx@xxxx>

See instructions above to stop receiving announcements from this advertiser.
This announcement is sent via your permission from a partner site.
To stop further announcements:

Or Write:
Pacific Valley West, LLC
375 N. Stephanie St., Suite 1411
Henderson, NV 89014

That’s a real street address, but no “partner sites” I belong to have permission to send me anything unsolicited. Completely bogus.

Easy Money

These are similar to Business Opportunities scams which often tout the ease of getting into the business. Offers such as “Learn how to make $4,000 in one day,” or “Make unlimited profits exchanging money on world currency markets,” appeal to the desire to “Get-Rich-Quick.” Here’s an excerpt from one I get all the time: “Your blueprint to $48,000 a month passive income!” If it’s so easy, why aren’t we all millionaires? And why are they selling the information instead of working the plan themselves?

Investment Opportunities

These scams may tout outrageously high rates of return with no risk: “Get a Forex Robot that is capable of doubling your money every month!” This implies that all you have to do is use the robot and double your money. Often, there’s wording to suggest the promoters have high-level financial connections; that they’re privy to inside information; or that they guarantee the investment.

Get Something Free

The lure of valuable, free items — like computers or long distance phone cards — gets consumers to pay membership fees to sign up. After they pay the fee, consumers learn that they don’t qualify for the “free” gift until they recruit other “members.” It’s really a pyramid scheme in disguise. Here’s one, and what do you know, it’s our old friends Pacific Valley West from the work at home scam above:

Subject: Receive a Free DELL Laptop Computer
From: “Confirmation Number – DLL6752″
Date: Mon, 01 Jun 2009 11:44:22 -0400
To: xxx@xxxxx

Confirmation Number – DLL6752
Recieve a Free DELL Laptop Computer:
To Stop Recieving Announcements About This Offer:

Take An Offer
1700 7th Ave.Suite 116 #363
Seattle WA 98101
See instructions above to stop receiving announcements from this advertiser.
This announcement is sent via your permission from a partner site.
To stop further announcements:

Or Write:
Pacific Valley West, LLC
375 N. Stephanie St., Suite 1411
Henderson, NV 89014

Someone close to me once didn’t believe me when I told them this is a scam, so I locked down my PC and browser, set up a Mailinator email address and proceeded to “sign up” for my “free” Dell laptop. It wasn’t long before my friend realized that by completing all the “offers” I was required to complete to “qualify” for the laptop, I could buy one outright.

Health & Diet Scams

These offer “scientific breakthroughs”, “miraculous cures”, “exclusive products”, “secret formulas”, and “ancient ingredients”. The one below (the embedded image containing the actual claims has been stripped) claims that this “Power Colon Cleanse” formula will get rid of extra pounds and inches. More than likely, you’ll simply be flushing your money down the toilet (literally).

Subject: Lose the Waste, Lose the Weight?
From: Cleanse Your Body (
Sent: Tue 6/02/09 12:44 PM

<.jpg image removed>

These examples should give you a good idea of what an email scam looks like. In Part 3, we’ll take a look at Trojan horse emails, phishing scams, and the Nigerian 419 scam.

Now, let’s repeat those tips from US-CERT:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

See you next time!

July 4, 2010  12:13 AM

Network Gremlins Attack Bewildered Geeks

Ken Harthun Ken Harthun Profile: Ken Harthun

You just never know what you’re going to run into in this security business. Sometimes, what looks like a security issue isn’t one at all. Here’s one that had us baffled for a couple of days.

A small manufacturing firm specializing in small jet engines & parts (I’d love to have one of their 450 hp turbines in my car!) called to say that their network was “going up and down.” The owner was frantic and believed he had been hacked. The problem seemed to occur in the same time window every afternoon. When I and another engineers went out the next morning (thinking we would scan and clean any malware before the attackers accessed the system), the network was fine; all of the servers and PCs were up and responding. Malware scans found nothing–no viruses, trojans, rootkits or spambots. I told the owner that I believed he was clean and his network secure.

He didn’t believe me. He made me stay until the problem surfaced.

Sure enough, later that day, the gremlins appeared. Every XP machine would either get “Network Cable Unplugged” or “This connection has limited connectivity” messages. Same thing on the servers. A minute or so later, they’d re-establish connection and be fine for a few minutes only to repeat the same sequence over and over again. We watched this for an hour or so.

We figured it had to be a problem with the 3Com switch, so we put in a known-good spare and left it. Didn’t work. Same thing kept happening. It didn’t make sense that anything else could be responsible, except maybe for new manufacturing machines that were recently installed in the shop. Power surges from that equipment could be causing problems. So, we checked the line monitors and there were no obvious problems. We were off to the races.

I went into the system event logs on the servers and found hundreds of warnings and information entries that went “link down”/”link up,” many of them in the overnight hours. This being an industrial area, I began to consider dirty power and brownouts on the power grid as the source of the problem.

But they had a battery backup unit in place, so that should handle brownouts and filter any noise on the AC current. On a hunch, I went up and pulled the plug on the UPS just to make sure it was doing its job.

The network went down. Problem solved. Turned out to be a faulty UPS that wasn’t reporting itself as faulty.

Problem solved. Owner relieved. Network is still secure.

June 30, 2010  8:40 PM

How to Recognize and Avoid Email Scams – Part 1

Ken Harthun Ken Harthun Profile: Ken Harthun

I’ve written on this subject several times, but the message bears repeating. Email is the main source of all virus and Trojan horse infections on the Internet. This was true in 1996 when email was not nearly as widespread as it is today and it’s still true in 2010. While email provides us a convenient and powerful communications tool, it also provides cyber-criminals with an easy means for luring potential victims. The scams these criminals attempt run the gamut of old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you must understand what they are, what they look like, how they work, and what you can do to avoid them.

Email Scams are Profitable

UCE–Unsolicited Commercial Email, or “spam”–is the starting point for many email scams. Before email came along a scammer had to contact each potential victim individually by mail, fax, telephone, or direct personal contact. These methods would often require a significant investment in time and money. To improve the chances of contacting susceptible victims, the scammer might have had to do advance research on the “marks” he or she targeted.

Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. The economics of scale work in the criminals’ favor. In short, it’s cheap to scam people and it doesn’t take much to make a profit at it. Scammers only need to fool a small percentage of the millions of people they email for their ruse to pay off. Think about it: If you send out a million emails (most of the time, scammers send out many more than this) and one in 10,000 persons is duped, you’ll get 100 responses. If your scam nets $50 for each of those, that’s a cool $5,000. Not bad for a few minutes’ work.

Examples of Email Scams

The FTC has a list of the 12 most common email scams posted on their site ( Among those listed are these:

  • Business Opportunity Scams
  • Making Money By Sending Bulk E-Mailings
  • Chain Letters
  • Work-At-Home Schemes
  • Health And Diet Scams
  • Easy Money
  • Get Something Free
  • Investment Opportunities

Anyone who has an unsecured email account has seen one or more of these at one time or another. I used to get one every day from “Oprah Winfrey”–”Lose 20 pounds in 20 minutes [exaggeration] with Amazing Acai berries in your beer! [more exaggeration].” Most people don’t fall for them, but most scammers are much more subtle.

Next time, we’ll explore email scams, Trojan horse emails, phishing, and more in much greater detail. For now, US-CERT recommends that everyone:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

June 30, 2010  8:27 PM

My Top Five Security Tools

Ken Harthun Ken Harthun Profile: Ken Harthun

Over the years, I’ve accumulated hundreds of tools and utilities that I use to help others–and myself–stay secure on the Web. In fact, I’ve compiled these into my Geek Toolkit which I’ve made available to everyone on my website. Several of these tools stand out as evergreen utilities in the ever-changing security landscape. Here are my top five (no particular order):

AxCrypt–I’ve written about this one before. Easy and elegant encryption software: Software for Secure Computing: Easy Email & File Security with AxCrypt.

TrueCrypt–Without question, the best Open Source full-drive encryption software going:

Password Meter–Tests passwords with the most complete set of rules I’ve found. When this says they’re Very Strong, they are. Here’s my implementation of the Open Source script:

RootkitRevealer–Sysinternals has always been at the top of my list for great tools. RootkitRevealer is an advanced rootkit detection utility that detects the presence of a user-mode or kernel-mode rootkit. Get it from

Malwarebytes Anti-Malware–Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. I’ve used it for several years as my preferred companion to SpyBot S & D.

What are your top tools?

June 27, 2010  9:19 PM

My Top Five Biggest Security Issues

Ken Harthun Ken Harthun Profile: Ken Harthun

How long have you been in the security business? Less than a year? Five years? Ten Years? Regardless of your time in service, chances are you’ve seen a number of number of issues that show up on a regular–if not predictable–basis. Here is my top five list.

5. Unpatched OS & Software–For whatever reason, the user has disabled software updates or simply ignores the notifications. Their most recent infection (which they have more frequently) is the result of an exploit of a vulnerability that has long since been patched. Believe it or not, there are still some XP systems out there on SP1.

4. Poor E-mail Security Practices–Some people will simply click on any link anyone sends them. They fall for anything. Send them a “Thank you for your order!” message with bogus links and they’ll happily open it and click the links to find out what they ordered (knowing they didn’t order anything).

3. Bad Search & Surfing Habits–It’s no secret that some people are looking for things that appeal to the prurient interest; furthermore, there  is plenty of content that caters to the more base human emotions. The scammers and cybercriminals know this and exploit it with impunity. Many of these sites have been compromised and will infect a system immediately when visited.

2. No Firewall–It’s surprising the number of systems I find with no firewall enabled (See #5) that are plugged directly into their ISPs connection. Granted, a lot of ISPs now use NAT on their routers which delivers a modicum of protection; however, with inexpensive routers available everywhere, there’s no excuse not to have your own NAT router installed under your complete control.

1. Weak/No/Visible Passwords–I’ve been able to guess users’ passwords about 50% of the time knowing some basic information about them. The other 50% of the time, I’ve just looked on the bottom of their keyboard for a sticky note with their password written down.

No matter how much I write, no matter how much I admonish users to choose secure passwords, they just keep doing the same stupid things over and over again. How hard it is to make your password secure by just changing a few characters? Instead of “josh1995,” why not “J0sHl9(5?” That rates as “Very Strong” on the Ask the Geek Password Meter.

What are your issues?

June 27, 2010  2:59 AM

Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

Ken Harthun Ken Harthun Profile: Ken Harthun

This was first revealed on June 10, 2010 in Microsoft Security Advisory (2219475). It was updated on June 15th.

Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability. Microsoft is also aware of limited, targeted active attacks that use this exploit code.

This problem is related to the HCP protocol. It’s still not patched, but here is a workaround for it:

Unregistering the HCP Protocol prevents this issue from being exploited on affected systems.

Using the Interactive Method

1. Click Start, click Run, type Regedit in the Open box, and then click OK

2. Locate and then click the following registry key: HKEY_CLASSES_ROOT\HCP

3. Click the File menu and select Export

4.In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save. Note This will create a backup of this registry key in the My Documents folder by default.

5. Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes.

We hope Microsoft will issue a patch shortly.

June 26, 2010  3:30 PM

Scam Alert: Thanks for Your Order!

Ken Harthun Ken Harthun Profile: Ken Harthun

Nothing new about these phishing scams, but it seems they’ve gotten more frequent. I’ve gotten my share of them before, but now two in as many days. Here’s the first one purportedly about my order that I never placed.

Several things are obviously wrong with this message; the scammers are either stupid or this is a randomly-generated message.

First off, the email is not addressed to my email address. Next, all the links point to the same .kr site. Finally, none of the numbers are consistent; for example, Subtotal of items $84.99, Total before tax $46.99, Total for this Order $68.99, The following item was ordered $36.99. Huh?

Here’s the other one I got the next day, purportedly from for a laptop purchase.

This one is actually more accurate; at least, it came to the right email address. I didn’t order anything, of course. Again, all the links point to the same place; when I tested the link, I got this message from OpenDNS:

They just never give up.

By the way, if you’re not using OpenDNS by now, you should be. I’ll tell you why in an upcoming post.

June 25, 2010  1:01 AM

Physical Security: What is Lock Bumping?

Ken Harthun Ken Harthun Profile: Ken Harthun

Bump Key (Source: Wikipedia)

For many years, Locksmith Professionals have utilized several methods and tools to bypass pin and tumbler locks for legal purposes. One such technique is called “bumping.” Lock bumping, also referred to as key bumping is an attack technique using specially cut keys that can defeat conventional pin and tumbler locks. There’s nothing new about this but the Internet, in part, has popularized the subject. In fact, according to a Wikipedia entry, “a US patent first appears in 1928 by H.R. Simpson called a ‘rapping’ or bump-key. Then, in the 1970s, locksmiths in Denmark shared a technique for knocking on a lock cylinder while applying slight pressure to the back of the lock plug. When the pins would jump inside of the cylinder, the plug would be able to slide out freely, thus enabling the locksmith to disassemble the lock quickly.”

Search “lock bumping” on the Internet, and you’ll find plenty of how-to videos to tell you how to do it. Here’s one that’s particularly informative and has some good graphics (just ignore the misspelling of “shear line”):

These days, several manufacturers make bump resistant and bump proof locks, but if you have an older lock, you’re vulnerable. Consider changing over to newer technology. Why? According to statistics provided by the National Crime Prevention Council (NCPC) and the Department of Justice, nearly 2/3 of all break-ins occur with no sign of forced entry. How many of these break-ins can be attributed to lock bumping is uncertain, but it’s a good bet that at least some of them are.

June 23, 2010  1:12 AM

Scam Alert: Oh, No! My Domain is Expiring!

Ken Harthun Ken Harthun Profile: Ken Harthun

Every once in awhile, I get a letter from “Domain Registry of America” warning me that my domain is about to expire: “As a courtesy to domain name holders, we are sending you this notification. . . When you switch today,” etc., etc. And heck, they only want $50.00 (save $10!) for 2 years (Recommended). Better yet, they offer me 5 years for only $95.00 (save $55!) (Best Value). I pay $8.99/year for most of my domains. Some of them I got for $0.89 for the first year and $6.99/yr thereafter.

It’s the best legal scam on the Internet, duping the uninformed into parting with more money than they should. Yes, it’s a completely legal con as far as I can tell. Well, maybe; the FTC doesn’t like them: Court Bars Canadian Company from Misleading Consumers in Marketing of Internet Domain Name Service.

The Federal Trade Commission has requested that a federal district court enjoin Domain Registry of America, Inc., an Internet domain name re-seller, from making misrepresentations in the marketing of its domain name registration services and require it to pay redress to consumers. According to the FTC, the company told consumers that their domain registrations were expiring, leading many consumers unwittingly to switch their domain name registrar.

This was in 2003. Why are they still at it? They are still misleading consumers with their misrepresentations; unless the fine print on the back of the letter–which requires a magnifying glass to read and even then is hard on the eyes–covers them sufficiently.

I call it a scam. What do you think?

June 22, 2010  12:29 AM

Reader Survey: Please Give Us Your Feedback

Ken Harthun Ken Harthun Profile: Ken Harthun

As you know, IT Knowledge Exchange is a community-based technical information portal that is dedicated to providing the highest quality IT news, technical support and commentary from your industry peers. What you may not know is that you are a vital part of how this community functions and what features are provided. With that in mind, I’d like you to participate in our first-ever, site-wide reader survey on IT Knowledge Exchange. The feedback from this survey is being used to decide how we build out the community, so your participation means more blog-related features in the future.

Please take five minutes out of your busy schedule and complete the survey. You’ll find it here:

As always, I invite you to comment on what I post here and I assure you that your voice is heard. Please take this opportunity to voice your opinions to management.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: