EGUSD Information Security

When people think of “cyber-crime” most people think of hackers, viruses and other malware, etc.  In other words, they think in terms of attacks based on technology, and that can be defeated by technology such as antivirus software, firewalls, etc.

In reality, most cyber-criminals rely more on human nature than technology to achieve their goals.  This is called “social engineering”, and it is on what most online scams are based.  The criminals rely on greed, on the trusting nature of people, or on the compassion for others to either get your personal information, or in some cases, get you to give them your money willingly.

Continue Reading »

Well, it was only a matter of time until someone figured out how to use the H1N1 “swine flu” scare as a part of a scam. 

Continue Reading »

People are probably going to get tired of reading this, but it is one of the most important lessons you can learn to protect yourself online.  Whenever you receive an e-mail with a link or visit a new website, think carefully before clicking!  So many of the viruses and other malware being spread today only succeed because the cyber-crimimals are able to persuade users to click on a link that launches the attack.

Continue Reading »

A new phishing scam is showing up and being caught by the district’s spam filters.  Please be wary of these scams in your personal e-mail accounts.

The scam comes posing as a message ostensibly from the Social Security Administration:

From: credentialj3@sermar.be [mailto:credentialj3@sermar.be]*
Sent: Mon 11/23/2009 5:28 PM
To: [Name Deleted]
Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

——————————————————————
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

If you click on the link, it takes you to a page that requests you “verify” your personal information, including your Social Security number. If you are foolish enough to do so, the site will say that it is generating a report on your account status.  You will then be asked to download a file called “statement.exe”, which is presented as a self-extracting ZIP archive.  In reality it is a Trojan called Zeus that will steal any banking information on your computer and turn your machine into a “zombie”, part of a bot-net controlled by criminals without your knowledge.

Pleast note a couple of characteristics of this phishing message.  First, the sender could be from any number of domains, but it will NOT be from “ssa.gov”, the domain of the Social Security Administration.

Second, if you hover your mouse over the link, you will see that the domain address of the link STARTS with “http://statements.ssa.gov”.Sounds official, right?  But remember that the true domain of a web URL is the last two components of the URL before the first “/”.  For example, in the address “http://www.egusd.net/”, the domain is “egusd.net”.  Looking more closely at the URL from the phishing e-mail I examined, the URL was “http://statements.ssa.gov.ujilld.be/”. So the actual domain this URL is directed to is “ujilld.be”, which is located somewhere in Belarus. The scammers added the “statements.ssa.gov” to the beginning of the URL to fool the unwary.

Finally, remember that agencies like the Social Security Administration will neve ask for your information in this manner.  If you receive e-mails like this and are concerned, go to the phone book and look up the number of the agency in question and call them. 

Happy Thanksgiving!

While Mac users may not be as susceptible to infections of malware such as viruses or Trojans, they are just as likely to be a victim of cyber crime as Windows users, according to a survey commissioned by security firm ESET.

This is because the most common cause of cybercrime losses are due to “phishing” attacks.  Users are equally at risk to these ploys, regardless of the operating system they use. “Phishing” attacks rely on social engineering methods to get users to reveal information about themselves, and are not dependent upon any specific software or operating system vulnerabilities.

Read more at SC Magazine Online.

Here is another e-mail forwarded to me from a district employee, a variation of the Nigerian scam:

Continue Reading »

One of our district employees forwarded to me an e-mail they received that purported to be from the GMail tech support team:

Continue Reading »

An e-mail purporting to be from Verizon Wireless is hitting mailboxes around the globe. The e-mail warns the reader that their Verizon Wireless account is over the limit.  The message has a ZIP file attached named “balancechecker.zip”.  This contains an executable file that the reader is asked to run in order to check their account balance.  In reality, the file installs a Trojan known as Regrun.  Trojans are usually designed to allow remote users to take control of the infected systems.

The district spam filter is correctly identifying these e-mails and preventing them from reaching district e-mail boxes.  If you receive messages such as these in your personal e-mail, immediately delete them.

Malware authors frequently used methods designed to panic users into making mistakes.  There is a whole class of malware based on this method, known as “scareware”.  Here are few ways to identify it and to avoid becoming a victim.

Continue Reading »

The FDIC is warning consumers about e-mails that warn that your bank is about to fail. These e-mails are an attempt to get users to download files that will install malicious software on their systems.

According to the Washington Post:

The messages arrive with subjects such as “FDIC has officially named your bank a failed bank,” and “Check your Bank Deposit Insurance Coverage.” The missives warn: “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”

Recipients are instructed to click a link that opens one of dozens of Web sites with names crafted to look like fdic.gov. The links lead to a counterfeit FDIC page that offers a copy of “your personal FDIC insurance file” to see whether your coverage has been impacted.

The files are offered as Adobe PDF or Microsoft Word documents, but downloading the files show them to be executable programs (.exe files). According to M86 Security Labs, the files will drop a copy of the Zeus/Zbot password-stealing Trojan on victim PCs.

As mentioned in a previous post, the purpose of these e-mails is to create a sense of crisis so that you will act without thinking.

Fortunately, our spam filter is catching these e-mails before they ever get to our district e-mail accounts. However, you may come across them in your home/personal e-mail accounts. As always, be very careful about clicking on any link in an e-mail, and always verify who you are dealing with before giving any personal information

For more, see:
http://blog.washingtonpost.com/securityfix/.