Phishing is an email technique used by people who try to obtain your personal and financial information so that they can then purchase products or open up credit lines in your name. The emails they send are designed to deceive you and often look as if they came from a credible source.

Over the years, I have received dozens of emails that look like they came from departments in real companies such as eBay, Paypal, Amazon, etc. Sometimes the emails look like they cam from the security department or sometimes they look like they came from the “Account Team”.

There are obvious components of fraudulent email that all phishers will use to obtain your trust and personal information.

1. The From line. Often times the “From” line will include an official-looking email address that is different by one or two characters from a real department in a legitimate company that you may or may not be doing business with.

2. The Email Greeting. If your email starts off with a “Dear Sir” or “Dear User” then you know that the sender of the email does not know you by name. A legitimate source will contact you with the proper salutation which includes at the very least your last name.

3. A Warning Message. Phishing emailers will try to create fear or panic by stating that the message is urgent and that if you don’t act soon you will lose account privileges or you will soon be unable to access your account altogether. To keep your account open and accessible you are requested to please login and verify your account by providing private information.

4. Fraudulent Links. You may be asked to click on a reasonable looking link that takes you to a website that also looks legitimate. Clicking on the link will take you to a site that asks for your personal information or, worse, launches a virus. Never click on links if you suspect a false email source.

5. Attachments. Never click on an attachment if you do not trust the source. As with fraudulent links, attachments can also be used to download spyware or viruses.

If you suspect you have received a phishing email send or forward the email to spam@uce.gov – and to the company or organization impersonated in the phishing email. You can also report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group is a consortium of ISPs, security vendors, financial institutions and law enforcement agencies that use these reports to fight phishing.

If you think someone has used your information to steal your identity then please go to the Federal Trade Commission’s Identity Theft website, ftc.gov/idtheft, to learn more about how respond to and recover from identity theft.

Telltale Signs of a Phishing Email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Wired’s Threat Level Blog is reporting that the University of Tennessee student accused of hacking into then vice presidental candidate Sarah Palin’s email account has been hit with three more felony charges.  21 year old David Kernell has already been indicted on one count of violating the Computer Fraud and Abuse Act, and now will also face charges of wire fraud, identity theft, and obstruction of justice. Here’s an excerpt:

Threat Level broke the story last September that someone had obtained unauthorized access to Palin’s e-mail account by using publicly available information about her to reset her password to “popcorn.” He then posted the screenshots of e-mail in Palin’s account, as well as her new password, to a forum at 4chan.org under the username “Rubico”, enabling other intruders to access Palin’s account. Bloggers quickly traced the name Rubico to an e-mail address — Rubico10@yahoo.com — that Kernell was known to use, prosecutors say.

If convicted, he faces up to two years in prison and a fine of up to $40,000. Ironically, Kernell has sought to have prosecutors barred from referring to him as a hacker, even though that is exactly what he is. He claims he gained access to the account by simply guessing the answers to Palin’s security answers (which is a powerful reminder to make them as complex as possible rather than use things anyone could easily find out about you), but the mere fact he did so shows his intentions were to gain access to someone else’s account, and then when he changed Palin’s password and posted it on a public message board it’s obvious he was encouraging others to do the same. Hopefully he will learn a painful and expensive lesson!

More Charges Filed Against Palin Email Hacker

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

You know how to spot emails that are phishing for information from you and you can identify emails that contain spam. You also know not to open attachments in emails from senders whose identities are suspect or unknown.

But what do you do if you want to file a complaint? Who do you contact? What agencies are out there to investigate these criminal activities and how much information do you provide?

The first place you should contact is the Internet Crime Complaint Center (IC3).

http://www.ic3.gov/default.aspx

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).

IC3 is the hub between those agencies and can receive complaints about not only criminal activity pertaining to false or fraudulent email but also to the whole umbrella of cyber crime. IC3 will receive the complaints, review and evaluate the complaints and if needed refer the complaints to other agencies.

IC3 also functions as a hub for email and Internet complaints for federal, state, local and international agencies. It is a central referral mechanism for them.

You do not need to be the person who has actually been the recipient of the false or fraudulent email to be the person actually filing the complaint. As someone who has information about the fraudulent email use or just an innocent third party observer you can still file a complaint.

Information that you will be asked to provide include your contact information such as: your name, mailing address and telephone number. You will also be asked to provide the name, address, email address, telephone number, and Web address, if available, of the individual or organization you believe defrauded you.

Also required are specific details on how, why, and when you believe you were defrauded and any other relevant information you believe is necessary to support your complaint.

After the Internet Crime Complaint Center (IC3) has thoroughly reviewed and evaluated  your complaint they may decide to refer it to an appropriate federal, state, local, or international law enforcement or regulatory agency. Every complaint that is referred is sent to one or more law enforcement or regulatory agencies that have jurisdiction over the matter. More than likely it will be assigned to an investigator who will contact you if more information is needed. However, the IC3 does not guarantee that your complaint will be investigated.

You may file complaints involving one or more components of the Internet, such as websites, chat rooms, and/or email. Internet crime involves the use of the Internet to communicate false or fraudulent representations to consumers which may include crimes, but are not limited to, advance-fee schemes, non-delivery of goods or services, computer hacking, or employment/business opportunity schemes.

So the next time you receive false or fraudulent email contact the IC3 and report the crime.

Filing Complaints About False or Fraudulent Emails

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

There have been a rash of email scams related to the election. Besides the usual nonsense viral emails that describe the candidate of your choice as the boogeyman, complete with “absolute proof” that they eat babies and are BFFs with Osama bin Laden, there are some more dangerous ones floating around. One tries to tell people that they will be unable to vote if their home is in foreclosure, which is not true and would, of course, be unconstitutional if it were.

On the subject of voting and technology, I am always surprised and dismayed when technologists and IT people, who otherwise try to find a digital solution to virtually anything including buying soda from a machine, start talking about how e-voting can’t work and we should continue to use paper ballots. I’ve seen techies describe in print how e-voting “threatens democracy” and even referring to an “electoral apocalypse”. C’mon people, we can make a machine re-create the Big Bang, but we can’t create a serviceable electronic voting machine? I don’t believe it.

There have been some well-known flaws in US e-voting systems, although in other countries it has worked well–most notably, in Switzerland. The benefits to e-voting would be enormous, if it’s done right: Cost savings, reduction of paperwork, greater accuracy, and faster results. Short-term, we can create a paper trail to correspond to the e-voting to provide a failsafe.

There is, of course, an argument to be made about its security, as there is with any type of technology. But in the big picture, e-voting is a given. It just makes sense to try to make it work–and in fact, paper ballots have been tampered with as well for as long as people have been voting. Fraud would be nothing new in an electronic ballot.

For the record, the GAO did recently issue findings of an audit of the Election Assistance Commission. According to an article in Ars Technica, the certification process for voting machine manufacturers is incredibly vague and has caused significant delays–and this is what the main problem is, not the technology itself. It’s the bureaucracy behind it that should be in place to certify and regulate it.

Electronic voting could work

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators