[Update: it appears that the spam I cited is not used to harvest passwords. According to the Internet Storm Center, clicking the link will take you to a site where you are get a request to download an application (which, not surprisingly, contains a virus).]

What would e-mail be without spam? Most of us, as individuals, are aware of the dangers and problems associated with unsolicited e-mail, which has been with us since the first one was sent in 1978 (an advertisement for a computer by DEC). Becuase the best defense against spam is an educated user, it is worth taking time to teach students a few basic things.

Much spam these days involves phishing: attempting to get personal information, usually by pretending to be a trusted site (PayPal, eBay, your bank, Amazon, etc.). Students should know to never click on any link in an e-mail message. Links can easily be spoofed, leading you to different places than you would expect, like this link that takes you to Walt Disney World. Instead, if you ever think you have received a legitimate e-mail, visit the website from your browser without clicking the link. Also, any request for personal information, even from a trusted source, should be treated skeptically.

In the past few days, I have gotten some clever spam. Take a look at this message I received in my inbox yesterday (I have replaced some information with “XXX”):

From: kbfwc@monetizeit.net
Subject: Login Information
Date: August 22, 2007 8:24:55 AM CDT
To: Matthew Thibeault

New Member,

We are so happy you joined MP3 World.

Membership Number: XXX75538394
Temp Login ID: userXXX4
Temp Password ID: XXX7

Your temporary Login Info will expire in 24 hours. Please login and change it.

Follow this Link: MP3 World

Membership Support Department
MP3 World

Of course, I hadn’t joined any new service. This e-mail is a variation of a classic scam, one I first heard of from the great hacker Kevin Mitnick. He suggested a method to access a Fortune 500 company’s network: set up a website where people would create their own account (in this case, apparently for free music). He reasoned that many people would choose the same username and password as they used elsewhere (some of us use the same password for everything—we’ll talk about that in a future post). He would just take all the passwords and usernames he received, and try to login to Fortune 500 companies with each.

Again, we can all help make sure that people use common sense to keep themselves safe. Especially as our lives are increasingly lived online, security is a big issue that we should always keep in mind. We’ll talk more about this throughout the semester.

If you want to know more, a fascinating article was in the August 6 article of the New Yorker, which is conveniently available online.


Explore posts in the same categories: Quick bytes

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: