Problem: Due to the nature of Internet e-mail, there’s no universal method to determine whether a message is from the supposed sender. This is especially problematic when such messages have attachments. E-mail attachments, even from a known source address, can be harmful.
Solution: To reduce the likelihood of compromise, take the following precautions:
- Don’t open attachments without confirming that they were purposely sent from a trusted source
- Don’t open any attachment from any unknown source under any circumstances
- If it’s discovered that an otherwise trusted source was compromised and their account was used to send malicious attachments, temporarily treat that source as an unknown source until you are satisfied that the compromise is completely resolved
Problem: Phishing attempts to trick victims into following Web links to false versions of otherwise trusted or familiar sites. Phishing is often distributed through e-mails that look similar to official messages from a known entity, like an e-commerce site, social network site, or a financial service site. Victims who click on false URL links may be fooled by the seemingly valid looking spoofed site into providing their log-on credentials.
Solution: The only real defense against phishing is to not click on links sent via e-mail, IM, discussion forum, or other communication service where the sender cannot be authenticated. To find out if a message is real, visit the correct URL for the valid site, log-in, and then check for an online-in-account message inbox. If a duplicate copy of the message is found within the real site, then the original communication was valid. If not, go to Snopes.com and see if someone else has already posted about the potentially false message you received.
Problem: A variation of phishing attacks is called Vishing and refers to VoIP phishing. Malicious social engineers can use VoIP software to make phone calls with false/spoofed caller ID. A common ploy is to use the Caller ID of a bank and request that the victim provide their name, account number, and other private information under the pretext of confirming identity before discussing a matter of importance about their account.
Solution: NEVER provide your private/personal details when someone calls you. If it really is important, ask for a phone number and ticket number or incident code so that you call them back. Don’t call the number they provide. Instead, look up the correct number (on a statement or from their Web site). If the call turns out to be legitimate, then continue with the discussion. If the call turns out to be false, then inform the organization that you received a false call of someone impersonating them and that you want to check your account for any recent unauthorized or suspicious activity.
Drive-by downloads of malicious code
Problem: It’s not safe to freely surf the Internet. There are a growing number of malicious Web sites that can distribute malicious code to your system just by visiting them, usually with some form of auto-executing script.
Solution: It’s important to use the most current version available of your browser and configure its security settings to minimize or eliminate auto-execution of mobile code or client-side scripts to all but specifically selected trusted sites. Some plug-ins, such as NoScript, assist with this.
Problem: Closely related to drive-by downloads are pop-ups. Three of the more insidious forms of pop-ups are pop-unders, false-frame, and false information pop-ups.
A pop-under appears under or behind the current browser instead of above it. The problem with pop-unders is you likely won’t notice them until later and might not realize that they are pop-ups or that they could have been launched by less-than-trustworthy sites. If you end up clicking on their content or sometimes even attempt to close them, you could trigger a malicious code infection.
A false-frame pop-up is coded to hide the O/S or browser window control frame that usually appears around applications. This frame is where the close, minimize, maximize, and resize controls are located. False-frame pop-ups show only an image that often includes a fake frame. While the screen might show a close button, it’s not really there. Instead, every pixel of the pop-up image is coded as a “please harm me” command.
False information pop-ups display animations that seem like they are real programs. Some act as if they are scanning your hard drive searching for malicious code or processing system performance. The results they display after the smoke-and-mirrors activity are false but could be convincing enough to make someone believe they have a hardware, configuration, or malicious code problem. These pop-ups often offer to fix the issue if you will download their “free tool” or pay a flat fee. In every case, the tool is itself malicious and your money is flat out stolen.
Solution: If you use a tabbed browser, configure pop-ups to appear as additional tabs. When these tabs open, close them with the tab’s the close button. If a pop-up still appears as a new window, then don’t trust the frame. Instead, use a keyboard command, like ALT+F4 (Windows) or CMD+W (Mac) to close it. You can also try using taskbar or dock close commands or open a task manager and kill the entire browser process tree. It can be a hassle to re-launch a browser and re-open sites, but that is a small inconvenience over having to wipe the entire system due to a malware infestation.
It’s more important than ever to be cautious, ask questions, don’t accept information at face value, and be a bit skeptical. An ounce of prevention is absolutely better than a pound of cure.