So, How Does Malware Get on Your Computer?

No one intentionally installs an application that is going to encrypt their files until they pay a ransom, log their keystrokes and report their bank passwords to crooks in Russia, or hijack their web browser to show ads instead of the sites they want to go to. Bad guys have to trick you into going to some web site, looking at an infected message, or clicking on a link to allow them to download their toxic programs.

Basically, YOU have to give the jerks permission to infect your computer.

You’re not likely to click on a button that says, “YES, Download your malware and steal my identity!” Button Requesting Malware

So the people who want to get inside your computer send you clever, urgent messages to get you to unleash their poisonous computer code on your computer. Frankly, the inventiveness and smart marketing techniques these folks use are praiseworthy.

Here’s the invitation to be a sucker that arrived in my email yesterday:

Scam Email

Look!  My Mastercard is going to charged instantly! (A classic injection of urgency to get someone to act NOW!)

I can see the details of this instant charge — and also unleash the evil software embedded in the Word document — by simply clicking. I mean, who wouldn’t want to know why their Mastercard is about to be charged a hunk of money?

Well, probably someone like me who doesn’t have a Mastercard. But, more importantly, YOU!  Even if you have a Mastercard, you should be in the habit of NOT clicking to open attachments or follow links on emails you’re not expecting.

In this case, the scammers messed up somewhat by showing a return address of stroydom [email protected]  That’s an email address without a name, and the “.ru” means it supposedly comes from is from RUssia.  If they’d been smarter, they would have used a generic From name and spoofed the return address, something like “Sarah Jones <[email protected]>”.  Even better would have been spoofing the name and email address of someone I know, if that had access to my email address book.

Every day I get messages trying to trick me into clicking a box or a link that would instruct my computer to let the would-be hackers install their evil code on my system. Then they could take over my machine and lock up my data for ransom… or do something more subtle like watch me login to my bank’s website so that they can learn my password. Many of these attempts are stopped by my email’s spam/malware filter, but some get through.

Here’s what the latest attempt to hoodwink me reminded me:

  • Don’t click on anything in an email unless you know the person who sent the email AND you were expecting a message from them.
  • Use Chrome or other browsers who warn you if you try to go to a site on their dirty list.
  • Use up-to-date antivirus software. That will block the downloading and installation of evil programs… so long as the antivirus program knows about it.

Follow these guidelines and don’t get shocked into clicking where you should’t!

A $3,100 unexpected charge on your Mastercard? Don’t panic. And, don’t click!

Submit to 3000+ Quality Directories — Click Here

A friend is trying to grow her law practice and asked me if she thought this email she received would help get her website noticed:

Subject: Submit to 3000+ quality directories

Do you really know what it takes to quickly
generate high-quality traffic to your Web Site?

Listen up. I must let you in on a few insider *secrets*:

Instead of waiting months to generate sales on your
site, you can start gaining the hits you want right now.

Click here to visit our website

I didn’t click and told her not to go to that site either.

Anyone who is telling you to submit to “3000+ quality directories” is trying to dazzle you with numbers and lead you down a pointless path of quantity.

Think about it.  How many Internet directories do you know about? I’ll guess that you can think of maybe 5, if we stretch the definition to include social networking directories like Twitter and Facebook.  The Internet names that come to mind the quickest, like Google and Bing, are search sites, not directories, so they don’t count.  Directories maintain a list of sites or users, and they provide some information about each entry. True directories like The Open Directory Project and Yahoo! Directory are organized by topic and let you browse as if you were walking down a library aisle.

Even if you were going to combine the number of important search sites and directories, you are still below 50.  You’re way below 50 into maybe the teens if you’re a local business only interested in showing up where potential clients will see you. If you’re selling pet grooming services in San Francisco, you probably don’t care whether or not you’re listed in a Chinese directory.

One search engine optimization (SEO) publication I subscribe to (yes, there are SEO journals!) suggests 25 directories that are worth trying to get in.  Most are manually edited, and they charge a little or a lot to be listed. Yahoo! requires “only (sic) $299″ per year to be listed, but most charges are lower.

Personally, I don’t often use directories, and think I am a typical Internet surfer in that respect. That means a major value of any directory listing is the link which Google sees from that directory to your site.  Google likes links from authoritative directories, like ODP and Yahoo!  When a good directory includes your site , Google lists your pages higher in its search results.

But, submitting to hundreds, or thousands, of unread directories is not going to impress Google or other search engines.  Nor are 3000 submissions going to increase high quality traffic to your site.

Unfortunately, there is no magic bullet for search engine optimization.  There are no automated steps that, if followed, will guarantee that  your site will show up on the top of results for searches that will make you money.

I stopped my friend from wasting her time and money responding to the spam email.  She’ll be better off doing some common sense optimizations that work!  I’ll share in another post what I told my lawyer friend to do to improve her position in Google results.

Today's Phishing Trips

Two phishing attacks are hitting my in-box hard today.

Facebook Phishing AttackOne tries to trick you into logging into your Facebook account to see the new features available to you. This is a really clever angle since earlier this week Facebook unleashed a site redesign which has been widely panned in part because Facebook didn’t pre-announce the changes or explain them.

This phishing email sounds like Facebook is responding to criticism by telling you of changes and inviting you to learn more about them.

Of course, if you do click on the link, you’ll go to a site that looks like Facebook but is, in fact, a fraudulent site somewhere in the European Union. The crooks want you to give up your Facebook user name and password. From there they’ll have access to your Facebook account and can post and send messages coming from “you” to trick your friends into giving up more information. Or worse.

The second attack is an email supposedly from the FDIC telling me that my bank has been taken over. According to a warning I heard on the radio, if you click on the link to the phony FDIC site, you’re asked to put in your bank account number and other identifying information. Guess what happens after you do this?

Practicing Safer Computing

FDIC phishing attackHere’s how I quickly spotted these messages as phony:

  1. I hovered my cursor over the links. Microsoft Outlook pops up a message showing the real destination of any link when the cursor is held over it. In these cases the destination started out with “www.Facebook.com” or “www.FDIC.gov”, but the location kept going and in both emails ended with a “.eu”. This means I’d be taken to crooked sites in the European Union and not to a business or government site in the US. (Check out an earlier post about a phishing attack for more information on uncovering where a link is really going to take you.)
  2. The FDIC mail was sent to an email address that I don’t use for banking. [email protected] simply is not used for those activities, so why would I get messages in that inbox?
  3. I wasn’t expecting email from either organization. I don’t click on links in email when I am not expecting the message. Even when I do get a notice from my real credit card companies or bank, I don’t click on their link. Instead I type the address in myself (or use my bookmarked location).
  4. I am getting multiple copies of each message. They’re being sent to every email address I have displayed on the Internet, and I think I am getting multiple copies to the same email account. No real sender would be so unselectively spammy.

Yeah, I could wind up falling for tomorrow’s phishing attack. I know no one is immune. But, these two didn’t get me. Don’t let them get you!

Major Email Attack Today

Outlook Update email -- it is a fake!You’re not falling for this email, are you?

I have received at least six copies of this bogus email message so far today.

The email message claims to be a Microsoft announcement notifying you of a new update to the Outlook or Outlook Express email programs. Prominent in the message is a link you’re suppose to click on to download the patch from Microsoft.

The link displays as “http://update.microsoft.com/microsoftofficeupdate/KB910737/default.aspx?ln=en-us&[email protected]&id=950469769888131599309836639492603233….7986“. It sure looks like that if you click on the link you’ll be going to Microsoft for a download.

Don’t do it!  The link is a phony!

How do I know?

First, Microsoft doesn’t send emails announcing updates. Their Windows Update program runs and, depending upon your preferences, installs updates or tells you do get them when you have time.

Second, when I read the email and place my cursor over the link, a pop-up tool tip appears showing the real location I’d be taken to. The real location doesn’t end with “microsoft.com”. The real location in the latest email I received ends with “ij1tli.com”. That domain is registered to:
Personal use
3-59-10 Izumi, Suginami-ku
Tokyo, Tokyo 1680063
JP

You could track this domain further, but all we really care about is that it’s not Microsoft!

If you click on the phony link to download the “patch”, you’ll download something. But, it won’t be a patch to your email problem. Instead it will be an evil program. One that maybe tracks your keystrokes when you log into your bank account and then sends your banking username and password to thieves. Or, a program that runs malicious software on your PC that will attack a website or send millions of spam messages.

Don’t fall for this attempt to fake you out. Just delete the emails… and make sure that your anti-virus software is up-to-date!

Renew Your Domain and Pay Too Much

Yesterday a client forwarded an email to me that said his domain name registration was expiring. All he had to do was to click on a link and he’d be taken to a screen where he could renew the name for another year.
ISP Renewal web page
The renewal email is a scam, although possibly not illegal.

What was wrong with this reminder notice and renewal offer?

  • My client’s domain name (www.mycompany.com) is NOT registered with the sender of the email. He uses our recommended registrar, Webmasters.com.
  • The sender of the email notice, ISP Renewal Domain Name Services, prices the one-year renewal at $79.95. We pay $9.95 at Webmasters.com.
  • The renewal web page (at right) displays the logos of well-known companies, presumably to lend credibility to the web page. The companies whose logos are display, Oracle, Cisco Systems, IBM, and Microsoft have nothing to do with the renewal of my client’s domain registration. (I wonder if these companies know that their logos are displayed on the renewal page.)
  • The “from” address of the email is [email protected] The ending “.org” makes it look like the sender is a not-for-profit organization. However, no one has to prove that they are a non-profit to have a .org address. For-profit companies are free to register .org addresses to trick people into thinking that they are a do-gooder organization instead of a profit-making company. This practice isn’t illegal, but it rings my warning bells.

The fine print in the renewal letter does confess that:

If you wish to assign (emphasis added) ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider (sic) . You may also request your resent (sic) Domain Service Provider to extend your domain.

In other words, this company has no relationship with you. But, they want you to pay them to pay your current domain registrar to renew. The fee for this renewal is only 8 times what you would pay yourself.

Although their boilerplate renewal email includes a typo and admits to the worthlessness of the service, I am sure that some businesses fall for this scam. My client almost fell for it!

The truth is that many web site owners don’t know what “domain registration” is. They’re confused by hosting services, domain name registration, and all that “tech stuff”. The email’s conflating of hosting services and domain name registration into “Domain Service Provider” encourages this confusion. So, many owners will simply pay whatever “bill” that comes in to keep their web site up.

This scheme is similar to the phony invoice-looking mailings that businesses receive all the time. You know, the come-ons disguised as bills which the sleazy sender hopes will trick some business owner into paying for something that they haven’t ordered.

Sigh!

Another sleazoid is loose in the market place. All I can do is recommend that if you get an offer from ISP Renewal, trash it. It’s misleading and designed to trick you into doing business with them. And, based on their domain registration renewal ethics, I don’t think you want to do any business with them.