Wednesday, March 01, 2006

Believe, But Not Everything

Some will say, “Whatever you can believe, you can achieve!” or “Just believe in yourself”, and lots of other things that motivate and inspire.

And I agree with those things. It’s important to have vision. It’s important to daydream, and then to act on those dreams.

It’s also very helpful, when dealing with the ‘net, to have a certain dose of healthy skepticism. This may come as a shock to many, but let me let you in on a little secret: Not everything you read on the net is true!

What?! How can this be!?

Well, even though the ‘net is relatively new in the history of the world, lying isn’t. And since it’s really the same old people that are on the net as existed before the net, most are great, wonderful honest people, but some are not. Let me give you some examples of some of the lies that have spread, some benign, others dangerous:

A long time ago, an email circulated claiming that Microsoft and AOL were testing an email tracking system, and they’d pay you as much as a dollar for every person you forwarded that message to. This one was relatively tame. The only danger in getting sucked into this one was that if you sent it to your family and friends you might annoy them, or get yourself embarrassed when one of them pointed out that it was all bogus.

Then there was the “Bear Virus”, AKA “jdbgmgr.exe”. In this email, the letter warned you of a terrible virus and gave you instructions to search for and find the infectious file on your computer, named jdbgmgr.exe. But the “virus” was the email itself. It turns out that everyone has the file, not because they contracted any virus, but because that file was an integral part of windows, and it was on everyone’s computers. And the email showed you how to delete it!

Fortunately, that was OK, because, while it was integral, it wasn’t a critical file. Unless you like debugging java programs.

The Nigerian money scams, where someone claiming to have a big, big chunk of money spirited away somewhere, and is looking for someone to help them get it out of their country. I understand that some people actually got caught in the scam and lost some significant chunks of money. This one’s very malicious.

The most common one I see right now are the “phishing” (pronounced “fishing”) scams. These emails try and cheat you out of critical financial access information, that the perpetrators can then use to empty your accounts.

An official-looking email comes in (and I currently get three to four of these A DAY), from somewhere like PayPal or eBay, or some other money or financial institution. I’ve even gotten these from banks that I know I have no accounts in!

Of course, even though they look real, they’re not from PayPal or the bank. It’s someone disguising the email. It’ll say that I need to verify some information in order to keep my account active. Conveniently, they’ll provide a link for me to click on. When I do, without realizing it, I’m taken to a website that looks very much like the spoofed company’s site, but is in reality not. There’s a form for me to input my account number and my PIN or password. In one easy step, I’ve given them access to my money.

So how do you protect yourself from all these dangers? The first is to have, like I said, a healthy dose of skepticism. Look at everything with a cocked eye. Ask yourself, “Why would a government official from Nigeria be offering ME 15% of 20 million dollars?”

A second line of defense is to check things out. When I get a suspicious email, I’ll go first off to http://snopes.com and check it out. There’s reports on almost all of these, and you can see if it’s real or bogus.

When you get an email that you think is phishing, the best thing you can do is to not click on the link in the email. Rather, go to a web browser and type in the address of the site (like http://paypal.com), and then login with your username and password. Then check your account. If you do that, you’ll know that you’re in your real account. In fact, most communication from the real companies now will tell you to do this, and not include a link anyway. Here’s some more ways to detect a spoof at PayPal’s site.

Just don’t believe everything you read, OK?

No comments:

Post a Comment