| Tennessee Bureau of Investigation
Monthly Security Tips NEWSLETTER |
May 2013 |
|
Volume 1, Issue 4 |
|
| Gone Phishing
Did you know that for only $10, a scammer can send over a million emails to unsuspecting victims? It’s no wonder that phishing is such a widespread issue. To make matters worse, it is getting more and more difficult to tell legitimate email from phishing email. To gain users’ trust, scammers will appear to be legitimate businesses or organizations by spoofing the email address, creating a fake website with legitimate logos and even providing phone numbers to an illegitimate customer service center operated by the scammers. A recently released report cited phishing as the most widely used social tactic to gain unauthorized access to information. Being mindful and observant can help you defend against attacks by being prepared and proactive.
Two Common Types of Phishing Attacks
· Phishing scams are perhaps one of the best-known forms of email scams. One type of phishing scam involves a scammer pretending to have a fortune that he or she is incapable of accessing without the help of someone trustworthy, which happens to be you! The scammers will try to obtain the user’s financial information using an empty promise of sharing the wealth in exchange for their help.
· Spear-phishing is a targeted and personalized attack in which a specific organization or an individual is the target. These attacks will utilize information about the user email addresses, which are similar to those of their acquaintances to entice the users to either divulge sensitive information or download a malicious file. This often requires a lot of information gathering on the targets and has become one of the favored tricks used in cyber espionage.
Beware of Attachments
Don’t trust a file based on its extension. Some common file extensions such as .exe, .zip, .rar, .pdf and .doc can contain malicious code and can open you and your computer up to compromise. While every file attachment received in email is not malicious in nature, it is best to NEVER download and click on a file from an unknown or untrusted user.
Best Line of Defense
When it comes to phishing, you are our first and best line of defense. If you are mindful of potential phishing traps and observant of the telltale signs of a scam, you can better defend against a phishing attack. Here are some easy tips to protect yourself:
· Be cautiousabout all communications you receive including those purported to be from "trusted entities" and be careful when clicking links contained within those messages. If in doubt, do not click.
· Don’t respondto any spam-type e-mails and don’t send your personal information via email. Legitimate businesses will not ask users to send their sensitive personal information through this means.
· Don’t inputyour information in a pop-up; if you are interested in an offer that you see advertised in a pop-up ad, contact the retailer directly through its homepage, retail outlet or other legitimate contact methods.
Be Proactive
· If you believe an email you have received is a phishing attempt, forward it as an attachment tospam.abuse@tn.gov. If you are using Outlook Web Access: From the in-box, right click on the email and select “Forward as Attachment”. If you are using the Outlook 2007 Client: With the email open, left click on the Other Actions button located on the Actions Tab and select “Forward as Attachment”. If you are using the Outlook 2010 Client: With the email open, left click on the More button located on the Respond Tab and select “Forward as Attachment”.
For more information on phishing, visit the OIR Phishing page at: http://www.tn.gov/finance/oir/security/education/
Other Tips
· Never includeconfidential information in the Subject Line of an email. If you must send an email that contains confidential information to someone outside the State’s domain, use the State’s secure delivery solution by entering [Secure Email] anywhere in the email subject line. The words are not case sensitive. However, be aware that any extra spaces or a hyphen inside the brackets will break the rule.
· If you have an administrator account, refrain from web browsing while logged in with those credentials. If your administrative account credentials are compromised, it will provide an attacker with additional access to sensitive data and systems within the State’s network.
|
|
|
|
|
Facebook Scam Alert - What Really Happens When You "Like" |
|
| | | | | | |
Do you think “Liking” someone, something, or some product is harmless? Do you have family in your household that “love to like”? Well then you need to read on. Don’t have time or not a fan of reading? Scroll down to the bottom of this article, right click on the hyperlink, and open it (a video will begin automatically).
You’ve seen those pictures posted on Facebook “type ‘move’ into the comments and watch what happens” or “If I get a million likes my dad will get me a car.” They seem innocent enough, but they are big business, and you are not doing yourself any favors if you like or comment.
The classic example is a colorful picture of a prism with the image from the cover of Pink Floyd’s Dark Side of the Moon album in it. It’s accompanied buy the caption: “OMG it really works ♥ Step 1: Click on the Picture. Step 2: Hit Like.Step 3: Comment "MOVE" Then see the Magic!!” You see in your news feed that your friends have liked and commented on the image, so clearly something amazing must happen when you interact as directed. So you click, you comment, and... nothing happens.
Or at least you think nothing happens. But your activity has now spread this image and the page into the news feed of all your friends.
Like Farming
It’s called Like Farming. Here’s how it works. Someone creates a page and starts posting photos inspirational quotes or other innocent content. You like the page and it now shows up regularly in your news feed. Anytime you interact with a post, that activity shows up in your friends’ news feeds.The more likes the page gets, the more it shows up. The more comments each picture gets, the more power the page gets in the Facebook news feed algorithm.And that makes it more and more visible.
The social engineering of these sites is impressive, stimulating pictures like the Pink Floyd image described above or moving stories of‘causes’ that need your likes for support. The most famous of these revolved around a girl called “Mallory”
"This is my sister Mallory. She has Down syndrome (sic) and doesn't think she's beautiful. Please like this photo so I can show her later that she truly is beautiful." But there is no Mallory. The picture is of a girl named Katie whose mother is horrified that her daughter’s image is being used for the scam.
Scammers Are Making Money Off Your Likes
So why would the owners of these fan pages go to such lengths to scam us into liking? Because there’s money to be made from them.
When the page gets enough fans (a hundred thousand or more) the owner might start placing ads on the page. Those ads show up in your news feed. They could be links to an app, a game, or a service they want you to buy. It could be a “recommendation” for a product on Amazon where the page owner gets a commission for every purchase made through the link. Or more nefariously, the page owner could be paid to spread malware by linking out to sites that install viruses on your computer for the purposes of identity theft. Bottom line: access to your news feed is lucrative.
Fan Pages For Sale
Just as a magazine that sells ads, these pages are a business, and they can be bought and sold just like any other business. Online message board, Warriorforum.com listed multiple sites for sale like this page with almost 500,0000 fans of hamburgers. Price tag to buy the site: $5000. Another site about cuddling has over a million fans and was listed for sale on Warrior Forum for $7000. Many of these postings on Warrior Forum come and go for fear that Facebook will find out about them and take the sites down. For example, I found this Friends TV show page for sale for $8500 but the Warrior Forum listing has since been removed. This page has 1.8 million likes and posts a note right on Facebook stating it’s for sale – no price listed – just a warning against “low offers.” A spokesperson for Facebook says selling pages is specifically against the terms of service, and any page that is sold or engages in fraudulent behavior can be removed. But clearly this is a cat and mouse game,with Like Farms popping up on a regular basis.
How To Unlike
If you’ve liked something and now regret it, you can unlike it. Go to your profile,choose “more” button and choose “likes” from the drop down menu – then “Unlike.”
If you have friends who are over-liking on scammy posts,share this on your Facebook Page so they’ll get the message.
For a video
