|
|
|
|
We have been seeing a lot of messages coming in through email that have hostile intent. There are two categories these messages fall into:
Spread Virus / WormsThe first category will have a "from" address that will make it look like it has come from local tech support (or something similar). For example, it may look like it has come from webmaster@fratn.com, support@fragahs.com, or some similar address. Then the message will state some convincing reason that you need to look at (ie., open) the attached message or file. Here are two examples we have received recently:
Both of these message then had files attached that carried the Virus / Worm. These files were were named "email-info.zip" and "account-details.zip" respectively. So far our system as been 100% effective at identifying this files as containing viruses and has stripped them before they reached the use; BUT that does not mean that one day a file could slip through. Please just delete any message that you receive that looks like it falls into this category. If you think that it might be a valid message (which would mean that you've been up to no good;) give me a call and I'll let you know if you are in trouble. Identity TheftThere are two types of schemes that are used to perform this Identity Theft Scam: Phishing and Pharming (pronounced "fishing" and "farming") Phishing:This comes in as a message that looks like it comes from your bank or other financial institution. It will state that for some "security reason" you really need to go to their web site and verify your information. There WILL be a link in the message for you to follow. This link will NOT take you to your banks web site, but to the sender's web site that is set up to look just like your bank's. There you will be asked to verify all kinds of information like your:
And the list goes on. It may ask for any or all of these things. NEVER, NEVER, NEVER! respond to an email like this. This is not how banks do things to begin with. Pharming:This type of scheme is very difficult to defend against or even to identify. Pharming is done by a hacker gaining control of what is called a DNS server on the Internet. A DNS server acts like a phone book for the Internet. When you type in a web address on your web browser (ie., www.fratn.com) your computer sends a query to a DNS server asking for the IP address (Internet Protocol) for that web site. This IP address is the numeric address that your computer and the Internet use to route you to the web site. Say for example you bank on line at "www.mylocalbank.com". When you type www.mylocalbank.com into your browser the DNS server will send back the IP address of 111.222.333.444 (This is not a real IP address). If a hacker has gained control of the DNS server you use and replaced the IP address with the address for his server when you type in www.mylocalbank.com, his bogus website will come up. It will have a log-in screen that look very much like your bank's screen. BUT your first attempt to log in will fail and it will ask you to verify more information in order to log in correctly. This is where you give the scammer your financial information. Once you've "verified" the information their system will send you on to your banked real web site... and you will not know that you've been had until you start getting bank statements. On EVERY site that I have logged onto, if I make a mistake typing in my password, the site only asked me to retype the password correctly. I have NEVER seen a site that asked me to verify account information. If you run into this, CALL YOUR BANK to make sure that you (and they) are not being Pharmed. |
|
Send mail to
webmaster@fratn.com with
questions or comments about this web site. |
