North Star Strategic IT – Your Denver IT  Support company

Anti-phishing software works by searching for any phishing content that may exist in an email.  It is normally used as a complementary service to your email service in the form of a toolbar.  This toolbar will display the real name of any website you visit and any fake websites phishers tend to use.

This software offers a backup defense for blocking phishing attacks and sites that might have been clever enough to get through your browser’s built in protection.  Here are a few of them:

Earthlink Toolbar Scamblocker

• Earthlink provides a free toolbar for your browser that includes a Scamblocker, which is used to protect you from phishing scams and pop ups.
• It works by warning you if you attempt to connect with a page that is on Earthlinks blacklist of fake sites.
• It analyzes every site you visit and display the security rating of the web page on the toolbar.

Earthlink’s Scamblocker can be downloaded at this link:
http://www.earthlink.net/software/free/toolbar/

Netcraft Anti-phishing Toolbar

• Netcraft is provides a tight knit community where when one person reports a phishing email, the listed URL is blocked for all Netcraft members.
• By displaying the website’s hosting location, it helps expose fraudulent URLs.  For example, if your bank is located in the U.S. and the hosting location is listed as Poland, it is most likely a scam.
• The toolbar will also detect URLs that use certain letters or characters to deceive.

The Netcraft Anti-phishing Toolbar can be downloaded at this link:
http://toolbar.netcraft.com/

North Star Strategic IT – Your Denver IT  Support company

TrustWatch Toolbar

• Trust Watch offers a free toolbar designed to protect you from phishing attacks, identity theft, and internet fraud.
• It performs checks in real-time to inform you if the website you are attempting to visit has been verified by a legitimate third-party organization, and whether or not it is safe to send personal information through the site.
• It is equivalent to performing a credit check.

The TrustWatch Toolbar can be downloaded at this link:
http://toolbar.trustwatch.com/

Stopzilla Anti-Spyware 5.0

• Stopzilla is an ant-spyware program that detects and prevents phishing attacks, popup ads, spyware, adware, and any other form of malicious applications, as well as hijack protection.

Stopzilla can be downloaded at this link:
http://www.stopzilla.com/

Spybot – Search and Destroy

• Sybot Search and Destroy is a free to use anti-spyware program.
• The largest benefit of this program is that it will write-protect all of your computer’s host files, which is the main target of phishing spyware.

Spybot can be downloaded at this link:
http://www.safer-networking.org

Webroot’s Phish net

• Phish Net uses a dynamic blacklist that aids in protecting phishing attacks.
• It works by storing personal data (eg. Credit card numbers, bank accounts, etc.), and alerting you as to whether or not it is a trusted site when you attempt to enter personal information.
• It will also alert you to any redirects that may have happened during the transmission of your data, as well as make sure the site has an encrypted connection before transmission.

Webroot’s Phish net can be downloaded at this link:
http://www.webroot.com/consumer/products/

North Star Strategic IT – Your Denver IT  Support company

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Denver IT Support: Anti-phishing Software

Bandwidth
Spam costs everyone valuable internet bandwidth that is used for spam instead of legitimate business or personal use. Bandwidth is the rate at which data is transmitted, particularly the amount that can be transmitted in a specific amount of time. The lower bandwidth rate, the slower information travels.

Think of it as a traffic jam on a major highway, the more spam there is the more delays there are in the transmission of important business information. Internet service providers must then increase bandwidth to handle the larger volume. This is not free and you can guess where the additional cost will end up – on your internet bill.

Viruses, Worms and Malware
Viruses have become commonplace and devastating. Spammers will include viruses and malicious software in the messages they send out disguised as attachments. Some of these viruses will silently install on your machine and give the hacker any vital information stored in your system. Identity theft is perpetrated many times this way.

Viruses are also created with the single purpose of destroying property. Consumer reports recently studied the cost of damage that has been done to computers in this manner. The cost is over eight billion dollars worldwide in the past two years alone. This number does not include costs of anti-spam and virus software that consumers have felt compelled to purchase.

Productivity
While spam is irritating, it also eats up your valuable time just filtering through it to find your real email among all the spam. For businesses that receive hundreds or thousands of important emails daily, the cost in productivity is substantial. Spam calculators, like the one available at cmsconnect.com, estimate the lost time to be nearly 50 hours per employee and almost $1000 per person per year. That is a significant amount of money and time.

Lost Messages and Data
Spam blockers and filters that are supposed to be protecting us from the bad emails often grab legitimate correspondence as well. Even one lost important email from a client or supplier can cost money and relationships.

Identity Theft
The latest in the long line of schemes to bilk you out of your money are phishing frauds. Phishing uses what looks like an official email from a company you do business with. The message will be worded in such a way that the spammer hopes you will input your personal information, thereby allowing them the opportunity to steal your identity and more. This scheme alone has wound up costing victims billions of dollars.

Spam has become a drain on society, at least from an economic and productive standpoint. Everyone but the spammer is paying an extreme amount of money for his or her actions.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

The Costs of Spam

As the spam epidemic has grown the government has enacted the CAN-SPAM act (Controlling the Assault of Non Solicited Pornography and Marketing). This act has attempted to legislate the activities of any company hoping to send bulk commercial email as well as companies that are marketing their products in the messages. It has created stiffer penalties for those who violate it and gives the consumer the right and the way to ask that spammers cease and desist.

The CAN-SPAM act was signed in January of 2004. This act covers any and all emails whose express purpose is advertising or promotion. Even including ones whose contents are only available online. The act also covers what is considered transactional or relational messages. In other words, messages from websites that you may have had a previous transaction or relationship with. This rule applies to both new and existing customers. None of the correspondence may contain false routing information.

Several federal agencies have been charged with enforcing the act. The Federal Trade Commission and the Department of Justice both have been given authority to enforce the CAN SPAM act. It also gives the internet service providers an outlet to sue violators in order to recoup any losses they may have incurred.

Other Major Provisions of the Law

• Bans the attempt to fake any information in the header or subject. In other words, they must identify correctly what the message is and the routing information as well. To and from information must also be accurate. This way you know exactly who sent the email and from where.
• No misleading subject lines. The subject line must not be falsified to make the recipient open the email thinking it is safe. It must clearly state the subject of the email message.
• All of these types of emails must offer a way for the recipient to opt out of future emails from the same sender. All such requests to get out of receiving email must be honored by the sending company and your email address must be erased from their list or database. The commercial company will have a maximum of ten days to stop sending you messages.
• When it comes to commercial bulk emails these must be easily identified as advertisements or solicitations. They must include the sender’s actual mailing address as well.
• Recipients must be warned in advance of any sexually explicit material in the email before they open it. This must be somewhere in the subject line.

Violators of this legislation face serious penalties. Each violation can carry a fine as high as $10,000 per incident and in some instances; the commercial mailer could face incarceration.

Along with the CAN SPAM is the Digital Phish Net, or DPN, which was enacted in 2004. This is a mutual effort between law enforcement officials and the internet industry. The whole purpose is to identify and punish spammers who are performing illegal activity by phishing. Internet auctions, financial groups and internet service providers are all working to fight this type of cyber crime. They get involved by providing information on violators in real time to police.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Spam – What is Your Protection Under the Law?

It is always best to immediately contact a company directly if you have any doubts about an email you received asking for information. Use the contact number listed on your invoice or statement, because the contact number on the email will most likely direct you to the identity thief.

You should never click on any links in an email you find suspicious. If you do, you put your computer at risk of very harmful Trojan horse spyware, which will install keyloggers on your system. Doing so allows hackers direct access to any and all personal information stored on your computer, which is used to steal your identity and boost their financial status.

Do not, under any circumstances, fill out a form that has been sent in an email requesting personal information.  Any requests for personal information should be flagged as spam.  The growing technology of HTML allows phisher to create professional and sophisticated forms.  And any information you fill out directly ends up in the hands of the phisher. Any links in unsolicited emails are harmful and should not be trusted. Phishers can create links that pose as though they are legitimate. Phishers uses methods such as misspelling addresses or using sub-domains that include a legitimate business name.

Links can also be masked to look like a legitimate company’s web page, but clicking will actually send you to a phisher’s website. Avoid cutting and pasting a link into the browser and take the time to type it out.  This will allow you to bypass clicking the link of the suspected phishing email. Be on the lookout for emails that are impersonal, as legitimate companies will contain at least some piece of specific personal information that only you would know. For example, your bank will usually include a portion of your account number in the email.

Remember that it is a phisher’s mission to steal from you leaving them endless amounts of time to invent creative ways to get personal information out of you. Make sure you are protected with updated anti-spyware and ant-virus software at all times.  The use of anti-spam filters will also eliminate the amount of phishing spam that reaches your inbox. Always take caution when opening attachments in any emails, even if they seem to come form people you have met.

Always report any phishing emails you receive in order to eliminate and get rid of phishers. Send a copy of the email to the real company being used as a cover and also send them to: spam@uce.gov and reportphishing@antiphishing.org. The emails you send will be used by the Anti-Phishing Working Group to help fight phishing.  This organization is a coalition between the internet industry, and financial institutions and law enforcement.

Forewarned is forearmed, stay informed by visiting the Federal Trade Commission’s Identity Theft website: www.consumer.gov/idtheft.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Don’t Fall for the Phisher’s Bait

Do not Preview
If your email comes with a preview option, you will want to disable this function. The reason this is so important is many spam type emails contain an imbedded code that will infiltrate your computer leaving you prone to viruses, Trojans and more. Check the options available to you with your current email provider to change these settings.

Do not Fall for the Phisher’s Hook
A lot of spam is creatively camouflaged to get you to unknowingly give out your private personal information. The emails will look deceptively like the ones you may receive from your bank or other financial institution; they are attempting to sucker you into giving them your social security number, bank account number, private passwords or other identity related information. This is called phishing and is an illegal activity. When you respond to these emails, you are vulnerable to identity theft, credit card fraud or other financial internet criminal activity.

Friend or Foe?
Even though an email has been sent from a friend, do not assume that it is safe to view the attachments. You would be better served to contact your friend and make sure that they sent the email and the attachment. Often spammers are prone to attach viruses to their messages and if opened will take over your email program and send the message to all the contacts in your address book. Now all your friends will think that you have sent the message and the vicious cycle continues.

Read your Email in Plain Text
Well-informed spammers are known to use the program JavaScript to include unseen malicious code in the message. An example of this type of code is a virus that installs itself on your computer and gives the criminal access to your banking or other financial information and you are completely oblivious. To protect yourself from this type of scam change the display settings so that you are viewing all your messages in plain text. This will block the script from being able to get in your computer.

Never Respond
Whatever you do, don’t click on banners or reply to spam messages. If you do this, you have alerted the spammer that your address is a live email address and you will be flooded with more spam. Unless you know you have subscribed to a specific site do not click the unsubscribe button in a spam email. This is just another way they trick you into confirming that your email is valid. Of course, never forward any junk emails that come in the form of chain letters.

Most importantly use your common sense when dealing with spam, it is the best filter you can have. Use caution when checking your email, the best filters cannot keep out all spam messages.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Five Tips to Protect Yourself from the Spam in Your Inbox

Phishing Scams

The phishers send out emails that appear to be from a company you normally do business with. They include a link in the email for you to follow to go to the company website. When you click the link and go there, it looks the same as the company site, but it is a fake website designed by the scam artist. You have been asked to go to this website to update your personal information. If you follow their instructions and do this, your information will be in the hands of criminals. They will use this to withdraw money from your bank or credit card account, and perhaps even obtaining new credit cards in your name and maxing these out.

Phishers even target well-known companies by imitating their emails and websites. Companies such as EBay, PayPal, Bank of America, Wachovia bank and others have all been used by phishers in an effort to steal money from their customers.

Work-At-Home Scams:
These types of scams can be very attractive to someone needing money. They claim to show you how to make lots of money from home with no experience and a small investment. They offer “secrets” to making tons of money working at home for a few hours a week. It is often said these are the secrets “gurus” used to generate thousands or millions of dollars monthly or yearly on the internet. These get rich quick programs will cost you from $20 to hundreds of dollars to receive your success kit that will not earn you a cent.

These opportunities may involve anything from pyramid schemes to crafts, stuffing envelopes, medical billing, data entry, and more. They will ask you to pay a fee to get your kit, for instance, the assemble crafts at home scheme. You will be shipped materials and instructions to make a craft. They promise to pay you a certain amount for every piece you produce, however your product will never pass their inspection regardless of how well you do the work.

With the medical billing scam, they will tell you to buy a list of doctors to do the medical billing work for. These may or may not be real doctors and have no interest in your medical billing service.

Credit Repair Scams:
This scam promises to erase your bad credit so you can get a loan, mortgage, credit card, or other form of credit.

This type of service will more than likely cause more problems than it solves. They rarely do what they claim to do and they have been known to recommend fraudulent behavior such as advising you to use a bogus social security number.

Guaranteed loans:
Many emails claim to be able to give you unsecured credit, guaranteed. This includes a credit card without a good credit rating, home equity loans when you do not have any equity in your home.

This is often credit offered by an offshore bank.

This scam is often combined with a pyramid scheme. They want you to refer family, friends, and online associates to buy into the scam and pay you a small commission for your referrals.

The home equity loan consists of a list of lenders who will not loan you money unless you are qualified to borrow it. You never get any credit cards and the pyramid scheme cannot continue to sustain itself and will fail.

Chain letter scams:
The chain letter is an old gimmick. You are asked to send a small payment to around six names on a list and put your name at the top. You then forward the list using bulk mail. This scam will claim to be legal by a technicality such as you are paying to put your name on a list or other nonsense. This is untrue.

Chain letters are illegal for the most part and it is unlikely to gain any money from them. Most lose money when participating in chain letters.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Popular Email Scams on the Internet Today

Scammers normally launch their attack with a mass mailing of spam emails, millions of email clients are targeted in one single mailing. The subject of the email is designed to trigger an immediate response from the user. Many people will respond without thinking and divulge personal information to the scammer.

A phishing email may include wording such as this:

“Online security alert.”

“Please click on the “sign in to online banking” to continue the verification process and ensure all information to you account is well filled.”

The email is often a very good copy of one from a website you trust such as PayPal, EBay or your online bank account. Most of them do a good job of displaying the logo’s and graphics of the company they are pretending to be. In some cases, it is very difficult to tell the difference between a scam email and a legitimate one from the company. A good tip is to look for incorrect grammar, poorly written text, misspelled words, or typos such as in the above example, which is a quote from an actual phishing email.

The email will tell you to follow their link to the website and log in to update your account. Although the link appears to be the link of the actual company, it is not. The scammer knows how to cloak the link it will take you to a website they have set up for phishing purposes. If you hover on the link in the email and look at the address bar at the bottom of your browser, you will see the web address the link is pointing to. The website will be a replica of the Company website, however it is, in reality, only a copy designed to steal your financial information. You may think you are on the company site and give out your personal information. This information, instead, will be in the hands of thieves.

What are the Consequences?
If you are taken in by this scam and give out your information, you may have your identity stolen, your bank or PayPal account cleaned out, become the victim of credit card fraud, among other things.

The crooks may use the information for their own gain or sell it to other criminals for a profit. They can set up an account for automatic online payments from your account to them for fraudulent payments. They will be able to access your bank account, PayPal, credit card, or other account and transfer money to their own bank accounts. They may also be able to withdraw money from your account using an ATM by making a copy of your card and using your pin number.

Even if a small number of people are taken in by the fraud, it still proves very profitable for the thieves. They are not spending any money to send these emails to millions of users. A one percent response is all it takes for them to make big profits.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Phishing-101

These programs come in many forms, the most common of which are viruses, Trojan horse, malware and adware. Being knowledgeable about their presence and how they work will protect you from this kind of spam.

Viruses
Viruses are computer programs that were designed for one thing: to infect your system and cause major damage without your knowledge. Viruses come in many forms, including but not limited to:

The Boot Sector Virus
This is a virus that infects the innermost operations of your computer, the hard drive. More specifically the boot sector, which is the programming that allows your computer to start up. Boot sector viruses can bar your computer from performing and may force a hard drive format, which will effectively wipe out any and all information on your computer in a manner of minutes.

The Program Virus
Commonly known as an executable file, these will have an .exe extension. When the program it infects is run the program will be activated. At activation, it will infect many programs on your PC, rendering them useless.

The Macro Virus
Number three on the list is a virus that targets specific documents like Microsoft Word. Activation occurs when the document is opened and run. One of the many actions it can perform is erase dates from documents or other areas of your PC.

Malware
Malware is actually a shortened description meaning malicious software. This program will spread throughout your hard drive causing mayhem and destruction. Malware can install a program on your computer that you did not authorize or want. This can effectively eat up huge portions of your computers resources slowing your system to a crawl.

Trojan horse
Named appropriately, the Trojan is much like its Greek counterpart. The program will seem sweet and innocent until it is opened. Inside is all kinds of malicious code which, when it is set free, will create devastation in its wake. This is another program that can run undetected on your system giving spammer’s unlimited access to your computer and any information there. They will commonly search for bank account information and passwords. The hacker can then also put messages on your PC screen.

Adware
Similar but not identical to malware, adware is also used for malicious purposes. Adware has gone beyond what can be considered good advertising. In fact, it has given such a bad name to software that people are missing out on some great programs that they could benefit from. The program generates pop-ups or similar aggravating advertising that often freezes or locks up the desktop. Too often adware is so sophisticated that the average user is unable to remove it or even recognize that it is there.

Along with displaying annoying ads from the advertiser, adware may also track your online activity sending reports to the spammer about where you go and what you do online. This gives the company information they use to target you for even more spam advertising.

Spam is annoying but it is not the most detrimental thing you can open from your inbox. Attachments that come in the messages can do some real damage. It is very important that you never open attachments from unsolicited emails.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

Spam Protection – Know Thy Enemy: Viruses and Malware, Trojans and Adware

What is Spam?
Junk mail or spam is defined by most in the internet world as unsolicited commercial email, or UCE. This email is sent out en-masse to a large number of recipients who never requested it. The contents of a spam message can range from an innocuous advertisement to a malicious program that can take over your computer and do untold damage.

Common commercial spam often contains pyramid schemes, porn sites, mortgages, chain letters, credit repair, illegal pharmaceuticals, and pirated movies or software. Spam that is more serious may contain viruses that can destroy your computer or lurk collecting sensitive information. Trojans are a good example of this kind of virus. They will often steal your contacts list and email themselves to all your friends. Phishing frauds are also often included and these will work to get your personal and financial information.

Who Spams?
Those responsible for spam are called spammers. In the internet world, there are two basic types of spammer. There are honest business people who comply with all the laws and legislation and have the consent of consumers. Consumers usually join the mailing lists by opting in on a similar website, for instance a lottery or future specials.

Then there is the other side of the coin, the dishonest spammer. They will scheme and do practically anything to get your email address. They then use their malicious programs, breaking the law and stealing whatever information they can.

These spammers range from the person alone in the basement to large multimillion-dollar enterprises with many employees. Many of these companies are moving to foreign countries to avoid the long arm of US law officials.

Where do the Spammers Get your Email Address From?
Spammers are very resourceful and can harvest email addresses from all sorts of places. Mostly they use Newsgroup harvesters and Spam bots that troll the net looking for places they can extract email addresses. Newsgroup harvesters target forums and newsgroups where security is at a minimum. Spam bots are rambling around searching anywhere and everywhere for email addresses they can snag, typically they search for the @ symbol.
On average, a spam bot can seek out and harvest nearly 30,000 email addresses in sixty minutes or less, and they work tirelessly 24/7 all year round.

Some companies sell CD’s that contain hundreds sometimes thousands of valid email addresses. They may sell for as little as twenty-five bucks and are a real steal for anyone interested in spamming.

Why do Spammers Spam?
There is one simple reason that spammers spam – money! Millions of dollars can be made from some of their activities. Recent studies have proven that for every million spam messages they send out will result in about 100 valid sales. When you consider this is racking up $50-$100 per sale in commissions, it is easy to see why they do it. It would not be difficult at all to rake in a $100,000 annually. The best part is for the most part spam is nearly free!

Why do spammers persist when it is becoming more and more difficult and the fines are increasing? Because that even with a tiny response margin of one sale per 10,000 emails it can still be quite lucrative. If no one ever responded to the spam emails then the money would dry up and the entire practice would cease. It is sad that a very small portion of people can make the price of spamming worth the effort.

Provided by Jim Horton - North Star Strategic IT
Your Denver source for IT computer support, network consulting and planning, voice over IP (VoIP) solutions, and so much more. Cisco Partner - VoIP and Unified Communications Microsoft Partner - Small Business Server Specialists Schedule time with one of our highly qualified network technology specialists

The What, Who, Where and Why of Spam