We are recieving calls from people complaining they are
being attacked by viruses and spyware after clicking on links
DO NOT UNDER ANY CIRCUNSTANCES CLICK LINKS IN
EMAILS-EVEN IF YOU KNOW WHO THEY ARE FROM.
If you are unsure of an email ask the person you recieved it
from if they sent it. Once you click the link a virus or spyware
program is downloaded and your problems will begin. Your
computer will be used for spamming and you will be getting
pop ups telling you that you are infected with viruses or that
your registry is damaged. You will also have a keystroke
logger installed to steal your passwords. You will get pop ups
saying you need to buy a program to fix these problems.
These infestations mutate and know how to block your efforts
to eradicate them so beware.
BANKS, CNN, MICROSOFT AND MSNBC DO NOT SEND
EMAILS ASKING FOR SIGNIN INFORMATION OR ASK YOU
TO SIGN UP FOR NEWS ALERTS.
If you have doubts about your bank, sign in using your normal
procedure OR TYPE THE ADDRESS IN THE ADDRESS BAR.
DO NOT CLICK LINKS IN EMAILS FROM BANKS. THEY WILL
BRING YOU TO AN OFFICIAL LOOKING PAGE THAT IS
FAKE AND STEAL YOUR LOGIN INFORMATION AND THEN
CLEAN OUT YOUR ACCOUNT.
USE YOUR HEAD
Criminals have now gone 'vishing'
by Kim Commando
You receive e-mail supposedly from PayPal asking you to call, claiming that your account has been
compromised. Or, a company you don't know calls threatening collection. It's scary. Before you give out any
personal data, there's something you should know.
You could be the target of vishing, or voice phishing. It's the latest twist on phishing scams.
Phishing attacks rely mostly on e-mail and try to trick you into divulging private information that will be used in
identity theft. For example, you receive a message purportedly from a bank or a store claiming that there's a
problem with your account requiring immediate attention. The e-mail directs you to a malicious website that looks
legitimate and appears to have a legitimate Web address. The site is designed to trick you into disclosing
sensitive information. Or, it infects your machine with malicious software designed to steal information. Either
way, you become a victim of credit card theft or worse.
ASK KIM: Remove porn links
Popular Web browsers incorporate anti-phishing tools. Unfortunately, criminals are one step ahead. They're
using the telephone to catch you off guard.
Vishing leverages voice over Internet protocol (VoIP). Internet-based phone service makes it easy to spoof
telephone numbers. Criminals can make a different name and phone number appear on caller IDs.
How do vishing attacks work?
There are several variations of vishing scams. In one attack, a criminal calls via VoIP, spoofing the phone
number so your caller ID displays the name and number of a reputable organization, such as a bank, store,
government agency or website.
When you answer the call, a prerecorded message greets you. It directs you to another phone number. If you
call, you're prompted to enter personal information via telephone keypad. The key tones are captured and
decoded. The criminals just got your information.
Another variation begins with e-mail. Unlike with phishing messages, you're not directed to the Web. Rather,
you're instructed to call a telephone number and tricked into revealing personal data when you call.
Or, you receive a call from a spoofed number. This time, you speak to a real person. The person requests
account numbers and other data.
The caller could invite you to join a bogus online research network where you'll be paid to install special software
on your computer. The software is spyware that steals sensitive information.
Some vishing attacks start with a prerecorded incoming call in which you're directed to a website to supposedly
resolve an account problem. The site is a phishing site.
How to spot a vishing attack
Vishing methods vary, but there are several hallmarks of vishing attacks.
First, the information presented in the attack is upsetting or exciting. For example, you could be threatened with
a lawsuit over an unpaid bill, although you may never have done business with the company.
Vishing attacks usually demand an urgent response, claiming that you run the risk of account closure or credit
The visher may ask you to take a poll and then direct you to install a spyware program.
Vishing attacks usually aren't personalized. They probably won't reference a real account number. The visher
may not even know your name.
How to protect yourself
Suspicion and vigilance are your best weapons. Be wary of incoming communications. Do not rely on caller ID to
identify callers. E-mail addresses are not trustworthy, either.
Never give out personal information in these circumstances. Instead, call the organization to ask if the
communication is legitimate. Check your account paperwork for the correct phone number.
If you have never done business with an organization, ignore the communication. It's your safest bet.
Kim Komando hosts the nation's largest talk radio show about computers and the Internet. To get the podcast or
find the station nearest you, visit: www.komando.com/listen. To subscribe to Kim's free e-mail newsletters, sign
up at: www.komando.com/newsletters. Contact her at firstname.lastname@example.org.
Your Home & Small Business IT
at an affordable price