“CONGRATULATIONS: YOU HAVE WON …. “ to be continued

In my previous post about the threats of  mass mails, I’ve mentioned about the risk of revealing your personal data when replying to mass mails. More specifically, it could be a mail from an organization stating that you have won their lottery game and you should be awarded. It could be a mail from your bank stating about the recent problems with your account and asking for your personal data so that they could have proper resolution … There are so many types of tricks to steal your personal data. However, they share the main goal, which is to reach your resources. This is considered as identity theft and I would like to extend my previous post through discussing more about identity theft.

Identity theft, also known as ID theft is a crime in which a criminal obtains key pieces of personal information, such as Social Security or driver’s license numbers, to obtain credit, merchandise, and services using the victims’ name. Identity theft is not a new crime. It has simply mutated to include new technology such as ATMs and transactions on the World Wide Web. The automation of both credit card and banking transactions has made it easier to steal a person’s identity. A credit card is almost always used nowadays as part of a way to verify a person’s identity.  If another person has it in his or her possession and can display it to pretend that he or she is you, then your identity is successfully stolen. This also enables the criminal to steal money by opening up new credit card accounts and running up charges on them.

Arguably, the most common identity theft is phishing scam. In a phishing scam, a company or individual creates an email that appears to be from a respected financial institution – your bank or a website where you might have an account. Phishing scams began in the mid-1990s not to obtain bank or credit card information, but to get free online access. In those days, ISPs like AOL charged by the minute. Phishers would try to obtain AOL members login user id and passwords by sending e-mails appearing to come from AOL’s member services department.  The fake email would ask recipients to verify their user names and passwords. The scammers would then log on, using the victims’ accounts, and run up a bill. Phishers target a variety of customers: from CitiBank (which is currently used in 54 per cent of phishing messages) to AOL, Amazon.com, Ebay, PayPal and others.

At first glance, phishing emails and the associated websites may appear completely legitimate. One recent phishing attempt in the U.S. used the names of the Federal Deposit Insurance Corporation (FDIC) and two of its officials, as well as the Department of Homeland Security. What Internet users may not realize is that criminals can easily copy logos and other information from legitimate businesses’ websites and place them in phishing emails or bogus websites. Additionally, if the recipient of a phishing email clicks on a link it contains, the window of the Internet browser that opens may contain what looks like the true Internet address of a legitimate business or financial institution. Unfortunately, some phishing schemes have exploited a vulnerability in the Internet Explorer browser that allows phishers to set up a fake website at one place on the Internet, which will make it appear as if the Internet user is accessing a legitimate website at another place on the Internet. Most phishing emails include false statements intended to create the impression that there is an immediate threat or risk to the bank, credit card or financial account of the recipient. The phony FDIC emails mentioned above falsely claimed that the Secretary of Homeland Security had advised the FDIC to suspend all federal deposit insurance on the recipients’ bank accounts. Other recent phishing emails have falsely claimed that the recipients’ credit card was being used by another person or that a recent credit card transaction had been declined. As another example, a mass email circulated in the summer of 2004 advising customers of a leading Canadian financial institution, which had experienced information technology problems, that they needed to enter their client card numbers in order to access their accounts. In fact, the email was not sent or authorized by that financial institution. In some cases, phishing emails have promised the recipients a prize or other special benefit.

Although the message sounds attractive rather than threatening, the objective is the same: to trick recipients into disclosing their financial and personal data. People who receive phishing emails are also likely to realize that the senders may have used spamming techniques (mass emailing) to send the message to thousands of people. Many of the people who receive that spammed email do not have an account or customer relationship with the legitimate business or financial services company that is purportedly the originator of the email. The people who create phishing emails count on the fact that some recipients of those emails will have an account or customer relationship with the legitimate business, and may be more likely to believe that the email has come from a trusted source. Ultimately, people who respond to phishing emails may be putting their accounts and financial status at risk in three significant ways. Firstly, phishers can use the data to access existing accounts to withdraw money or purchase expensive merchandise or services. Secondly, phishers can use the data to open new bank or credit card accounts in the victim’s name, but use addresses other than that of the victim. Finally, the Internet users may not realize that they have become victims of identity theft.

The Federal Trade Commission has provided a great deal of information about spamming scams, how to recognize them, stop them, report spam, and protect our identity. Though this phenomenon has been mentioned from times to times growing problem, so many people still naively click links inside emails and give away their account information. We can go along way toward protecting our identity by using some common sense right now.

Reference

http://www.ftc.gov/bcp/edu/microsites/spam/consumer.htm

http://www.ftc.gov/spam/

“CONGRATULATIONS: YOU HAVE WON …. “

Being an Internet user, you have certainly got used to NEWS like “Congratulation”, “You won”, “Donation” pops up or mails coming from nowhere. I’m myself receiving several mails like that a week and even some a day.

It is now a usual scenario when people call in the name and tell that the person has won a huge  amount of money  since his number was chosen in the lottery or his card was chosen and even though they are directly contacting him, they are still playing so wonderful games.  Many people think it is time their luck coming as the number they tell is correct and then such people fall in bad traps. By replying or doing anything to this kind of email, cyber criminals can hack your email account if you are using online banking and reveal your personal information, your bank account is at risk of hacking.

Has YAHOO or MSN & MICROSOFT WINDOWS had any method to warn their users about this risk? Not yet. So far what users can do is to manually use spam filters. There is still no law claiming that it is illegal to cheat people through such kind of spam. Therefore, there has been some cases that the victims finally have to turn to police for help. It’s time to take actions against this kind of widespread cram rather than let non-experienced users wonder about their sudden luck and get cheated.

http://www.symantec.com/business/resources/articles/article.jsp?aid=20080729_spam_report

This phenomenon should have something to deal with the big question that my tutor raised in the discussing time. His question was that between virtual rape and cheating online, which one is more severe. In my opinion, virtual raping or any kinds of motional harassment should leave moral hurt but it has nothing to do with economic perspective.  For online cheating, it does harm both sides.  At the first time I’ve ever received such spam, I got excited about the sudden luck but confused on the other hand. I did think much about that mail and I am quite sure people first time receiving it do too.  Thus does make users upset and a bit angry when finding cheated just like the way that virtual harassment hurts people’s feelings. But that’s just the virtual life, based on some opinions, as we can choose to ignore, delete or choose a new avatar (for virtual rape case) and it does no real harm to us eventually.

To me, on the contrary, it’s a potential risk. It may temporarily cause no harm but will certainly do for non-experienced users in near future unless there are actions in time against it. It will no longer be virtual if some day, your email or bank account gets hacked and your privacy contacts or money get violated. The boundary between virtual and real crime is not clear enough. For such kind of cyber crime, as long as they can make money from it, they will continue.

President Obama’s Twitter Hacked !

As we all know, Twitter is a micro-blogging website used by millions of people including politicians, movie stars, sports celebrities and so on. People use this medium to express their opinions in a status message format which can’t be longer than 140 characters.

http://news.bbc.co.uk/2/hi/europe/8586269.stm

The above news article is about a young Frenchman who hacked into President Obama’s Twitter account. The accused confessed that he cracked passwords by simply trying different possibilities. He also said that it is against his ethics to steal or destroy any information and that his only aim was to prove that twitter is vulnerable to attacks.

The hacker’s act is clearly a cybercrime, however it has made everyone doubt and worry about the website’s security policies. This is called “White Hat” hacking, or ethical hacking, where the hacker’s only intention is to expose the security flaws of a particular system or website.

Now the obvious question is whether anyone can claim to be a “white hat” hacker and get involved in these types of activities?
In my opinion, if ethical hacking becomes an excuse for malicious hackers then there is no end to it. “White hat” hackers should be recognized legally and should work under a recognized firm and hacking should be part of their profession, not their hobby.

http://www.bbc.co.uk/news/10409802

Since the accused was unemployed and hacked into Obama’s account by sheer personal interest, he was given suspended jail terms.

On another note, to what extent is Twitter to be blamed in this hacking issue? Generally speaking, is a single password enough to verify identity when it comes to social networking websites?