About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Monday, September 13, 2010

On trust

Computer security is a complex and continually changing field, but there are a few elements that keep cropping up.  One in particular is that with increasing security measures in software, hackers and virus writers are increasingly using psychology to convince a system's user to bypass security for them.  Much like an old-fashioned con-man or fraudster will persuade a user to give them access to their home or bank account, many modern viruses and hacking attempts utilize social engineering to spread viruses.  By either impersonating someone you may know or stealing and using their account, hackers may try to get you to open a file or click on a link they send you.  This gives them control of your computer for their nefarious ends and allows them to use your accounts (email, facebook, twitter, and others) to infect your friends.  There are numerous examples of this in the wild right now, and in particular one of my friends recently fell victim to some variation of one of these.  No matter where you are, always be careful of what you click, always run an up-to-date antivirus software, keep your software up to date (particularly Windows and Adobe Acrobat), and always pay attention to possible warning signs of infection (not being able to go to certain websites, antivirus being disabled).

It's not just your friends that hackers and scammers impersonate to get you to trust them.  Particularly if you work on sensitive material (such as military or other government matters), there are quite a few attacks out there impersonating government officials to spread viruses or steal money.  The FBI's "E-Scams and Warnings" page currently has a long list of attacks impersonating government officials.

The only way to protect yourself against these sorts of attacks is to be suspicious of any email that comes into your inbox and any page you view on the internet.  Just because something claims to be from a particular source doesn't mean that's really where it comes from.  Learn to identify malicious email and stay safe out there.  Don't worry, if you've fallen for one of these scams, here is some advice of how to recover.  Also, I strongly urge everyone to report these scams to the Internet Crime Complaint Center (http://www.ic3.gov).

The Internet is a dangerous place, but we can all do our part to keep it a bit safer.

No comments:

Post a Comment