Springtime for Hackers (and Spammers)

With the coming of spring at long last, it seems there's a bumper crop of internet "weeds" - you know, those annoying things that sprout up everywhere you turn, no matter what you do?  We all know they are out there, lurking just beneath the surface, waiting to sabotage our best efforts, but they somehow manage to surprise us anyway.

The internet "weeds" to which I'm referring are the hackers and spammers who lie in wait to catch unsuspecting users and take advantage of whatever they can.  They are out there all the time, but it seems that in the past couple of weeks, they are popping up everywhere, so I wanted to share a few experiences.

The Phone Calls:  This is particularly applicable to business owners.  If you have a website that has a phone number on it, you can be pulled into this scheme.  A person calls and asks for the name of the business owner (in my case - me).  Once you've confirmed that you are the owner, they tell you they are calling from the security department.  As soon as I hear this, I know it is a scam, but I play along, and it goes something like this:
Them: "I'm calling from the security department."
Me:  "What security department?"
Them:  "From your internet provider."
Me:  "And what internet provider might that be?
Them:  "From the world wide web."
Me:  "What about the world wide web?"
Them:  "You know, w w w."
Me:  "I know what the world wide web is.  Why would they be calling me?"
Them: "About your security."

This is about the point where I get tired of playing "stump the dumb criminal" and hang up. The point is that it is a phishing expedition in which they will make up vague answers until you bite and start sharing security information.  Don't do it.

Your internet provider, website hosting company and the world wide web (which is not a single entity) are all internet based. As such, they are most likely to contact you via e-mail telling you to log into your account for important information.  Real providers don't tell you to click a link in an e-mail or ask for information directly through an e-mail.  And if they did call you, they would clearly identify themselves.

This particular garden variety pest is counting on your desire to be nice, so they'll keep you going till they wear down your barriers. Don't be nice.  Be smart.

Phony Phacebook Phishing:  If you suddently get a facebook friend request from someone you think you might already be friends with, go and check your friend list before you click "accept."  In this scheme, they look for infrequently used profiles.  They copy the profile picture and publicy shared data, like hometown and high school and create a duplicate account, then go phishing for that person's friends.  Should you accept the request, you will almost instantly get a message along the lines of "Have you heard the good news?"

Once again, they are asking vague, leading questions in hopes that you'll blurt out something personal that they can use to further their masquerade as your friend and find out more about you.  If this happens, immediately unfriend them and change your password.  This is particularly important if you have credit card information attached to your facebook account for advertising, gift buying or other purposes.

Phony E-mail:  This comes in two main varieties.  The first is most common.  Similar to the facebook situation, they troll for rarely used accounts and figure out the passwords, often using complex automated algorithms to do so.  Once they are in, they start sending e-mails to all your contacts, usually with a link in them, hopeing that the recipient will trust it because it comes from you and click on the link.  The result of clicking on the link can be anything from just having to look at their junk advertising to having your computer taken over or crashed.  If this happens, change your password.

The other scenario is that someone breaks into a rarely used account and copies it, using your contact list and making it seem as though the spam is coming from you.  Changing your password may not help in this situation and you might have to involve your internet provider to figure it out.

A Word to the Wise:  If you get an e-mail from someone you know and all that's in it is a link, and possibly their name, verify that they actually sent it before you click on it.  Unless you have a desire to scientifically observe the effects of a virus on your computer.  Most people will tell you why they are sending you a link.  If it's only a link it's almost guaranteed to be spam or malware.

Why do people do this?  Could be for free advertising, could be to utilize your computing resources without having to pay for the privilege or it could be for kicks - just because they CAN.

A Word About Passwords:  They are your first line of protection against fraudulent use of your accounts, which can lead to anything from annoyance to computer breakdowns, fraudulent use of your credit card or bank accounts or complete identity theft.  I'm sure you've heard it before - use good passwords and change them often.  It's an extra thing to do, but the stakes are high.

DO NOT USE THESE PASSWORDS:  Password, 1111, 1234, the word "email" or your email address, your name, address, phone number, child's name or pet's name.  These are the easiest to guess.  Don't make it easy for them.  Even if you have to write it down (somewhere secure) nonsense is harder to figure out than real words.

Change your password at least once per quarter, if not once a month and at any hint of trouble.

I am not an internet security expert, so I'm sure there are many people who know more about this than I do.  I am just a small business owner (www.buildingyourimage.com) who would love to rip these "weeds" out at the root, but has to settle for giving my fellow internet users a heads up about the most frequent scams.