I first published this back in September. Since then, a couple of things have been happened that require that I update this.
We are all by now familiar with the Nigerian bank scam or one of its variants. You know the routine – you get an e-mail from someone who has a relative that left them a huge sum of money but it is somewhere where they can’t get it. So they need your help and your money to get it. We have even received this as a note from the FBI!
But I have noticed lately a number of messages coming from friends and family through Yahoo e-mail accounts. The first few of these had nothing on the subject line and only a link to a web site but the last one did actually have content in the message. It was so poorly written that it just added to the suspicious nature of the message.
I don’t think these messages contained a virus or anything like that (no attachments and my security alarms didn’t go off). The links did work and went to rather questionable sites. All of this lead me to believe that I wasn’t receiving the message from a friend.
Now, when I get these weird, strange, suspicious messages I communicate with the sender through an alternate channel and let them know what is happening. (In one case, the “sender” received a message from about 15 friends within minutes of receiving the suspicious note!) In the case of those who were using a Yahoo account, the problem appears to be at that level and not on the individual computer. Unfortunately, the only solution seems to be to close or stop using that particular account.
I have no idea what the goal these “hackers” is. It may be to plant a cookie on the recipient’s computer for later work; it may be a new way to send spam type e-mail; it may be something entirely different. But it does appear that somehow the “hacker” has gotten into the on-line system and gotten hold of the address book associated with the e-mail account in order to send out these messages.
But these message reinforce the safety protocols that should be in place. First, and foremost, make sure that you have an up-to-date security program in place on your own computer. If you have a wireless network in place, make sure that it is secure and “invisible” to the outside world. You do not have to be a technical wizard to insure that the security of your computer system is up-to-date; you will need a technical expert to fix the problems if the security is not.
And if you get a “strange” e-mail from someone you know, it always helps to check with them via alternative routes. I think in this day and age, when we rely on electronic communications as a substitute for personal contact, we are more vulnerable. I like computers and the accompanying technology; it has made things far easier for me. But I sometimes wonder if we are relying more on the technology than we are on our own creativity. These “messages from friends” and various scams seem to reinforce that idea. Too many people “trust” requests that they receive in an e-mail, especially if it comes from someone they know or a company that they do business with.
And, finally, when someone says that their new device cannot be “hacked” or is immune to a virus, that sounds to me like an open invitation for trouble. Any device can be, given enough time and effort, can be “hacked”.
I just wanted to highlight a technical problem that I see happening more and more these days. The next step is up to you.
After I published the above notes, I updated the post with the following:
To update this, I just received an e-mail that was ostensibly from the IT department of the college where I am presently doing some part-time teaching. My folders now contain the dreaded DGTFX virus and I need to send my e-mail address and password to the IT team right now to have the virus removed. Failure to do so will result in my account being terminated! That wasn’t was written but that was tone of the message.
The key to this is that no IT department is going to send out such a message and no IT department is ever going to send you such a request.
I confirmed that this was a phishing attempt because I called the college IT department for confirmation (which they did not do and which confirmed what I suspected). Also, I did a quick search and found some 1300 references to this new virus, all which stated that it was clearly a phishing attempt.
So, if you get such a message, contact your IT department and let them know what is happening and then delete the message. If you have responded, then start changing your passwords and make sure that any other confidential information has not been compromised. I would be interested in knowing what attempts have been made on your accounts.
And now, I got the following note from NPR:
The Zombie Network: Beware Free Public WiFi -- http://www.npr.org/templates/story/story.php?storyId=130451369&sc=emaf
I haven’t had this problem simply because I haven’t seen any such networks. I have seen some of the ad hoc networks that can be created and of course no
Additional thoughts on the matter of e-mail scams and hacks and what to do:
23 September 2007 — “For What Is The Truth?” – notes about what to do and what not to do with messages from friends
5 May 2008 — Virus Warning – note about the “The Bad Times Virus” (humorous)
7 April 2009 — “So Where Is He?” – detailed notes about e-mail hoaxes
14 July 2010 — “Let’s Think About This For A Moment” – references to the earlier works