Phishing is an email technique used by people who try to obtain your personal and financial information so that they can then purchase products or open up credit lines in your name. The emails they send are designed to deceive you and often look as if they came from a credible source.

Over the years, I have received dozens of emails that look like they came from departments in real companies such as eBay, Paypal, Amazon, etc. Sometimes the emails look like they cam from the security department or sometimes they look like they came from the “Account Team”.

There are obvious components of fraudulent email that all phishers will use to obtain your trust and personal information.

1. The From line. Often times the “From” line will include an official-looking email address that is different by one or two characters from a real department in a legitimate company that you may or may not be doing business with.

2. The Email Greeting. If your email starts off with a “Dear Sir” or “Dear User” then you know that the sender of the email does not know you by name. A legitimate source will contact you with the proper salutation which includes at the very least your last name. Continue reading Telltale Signs of a Phishing Email

Wired’s Threat Level Blog is reporting that the University of Tennessee student accused of hacking into then vice presidental candidate Sarah Palin’s email account has been hit with three more felony charges.  21 year old David Kernell has already been indicted on one count of violating the Computer Fraud and Abuse Act, and now will also face charges of wire fraud, identity theft, and obstruction of justice. Here’s an excerpt:

Threat Level broke the story last September that someone had obtained unauthorized access to Palin’s e-mail account by using publicly available information about her to reset her password to “popcorn.” He then posted the screenshots of e-mail in Palin’s account, as well as her new password, to a forum at 4chan.org under the username “Rubico”, enabling other intruders to access Palin’s account. Bloggers quickly traced the name Rubico to an e-mail address — Rubico10@yahoo.com — that Kernell was known to use, prosecutors say.

If convicted, he faces up to two years in prison and a fine of up to $40,000. Ironically, Kernell has sought to have prosecutors barred from referring to him as a hacker, even though that is exactly what he is. He claims he gained access to the account by simply guessing the answers to Palin’s security answers (which is a powerful reminder to make them as complex as possible rather than use things anyone could easily find out about you), but the mere fact he did so shows his intentions were to gain access to someone else’s account, and then when he changed Palin’s password and posted it on a public message board it’s obvious he was encouraging others to do the same. Hopefully he will learn a painful and expensive lesson!

You know how to spot emails that are phishing for information from you and you can identify emails that contain spam. You also know not to open attachments in emails from senders whose identities are suspect or unknown.

But what do you do if you want to file a complaint? Who do you contact? What agencies are out there to investigate these criminal activities and how much information do you provide?

The first place you should contact is the Internet Crime Complaint Center (IC3).

http://www.ic3.gov/default.aspx

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).

Continue reading Filing Complaints About False or Fraudulent Emails

There have been a rash of email scams related to the election. Besides the usual nonsense viral emails that describe the candidate of your choice as the boogeyman, complete with “absolute proof” that they eat babies and are BFFs with Osama bin Laden, there are some more dangerous ones floating around. One tries to tell people that they will be unable to vote if their home is in foreclosure, which is not true and would, of course, be unconstitutional if it were.

On the subject of voting and technology, I am always surprised and dismayed when technologists and IT people, who otherwise try to find a digital solution to virtually anything including buying soda from a machine, start talking about how e-voting can’t work and we should continue to use paper ballots. I’ve seen techies describe in print how e-voting “threatens democracy” and even referring to an “electoral apocalypse”. C’mon people, we can make a machine re-create the Big Bang, but we can’t create a serviceable electronic voting machine? I don’t believe it.

Continue reading Electronic voting could work