Cyber Top Cops Articles: The Latest In Cyber Security

Anti-virus vs Internet Security. What is the Difference? Which One is the Best?

2014-09-02T20:02:00.000+02:00

People often ask me what the difference is between an anti-virus package and an Internet security suite. The basic difference between the two is that an anti-virus package can only protect you against malware, while an Internet security suite protects you against various kinds of cyber attacks. In order to explain the difference a little bit better, lets take a look at the development of anti-virus applications over the years.

A little bit of history

I take you back to 2005, when guys like Mike Healan were advocating the clear distinction between adware and spyware. Back then, you had a scanner for each type of malware, as a matter of fact, the term malware was seldom used in those days. You had a separate scanner for adware, spyware and viruses. As time went by, the need arose for a single scanner, that can protect you against several types of malware. I believe ewido Networks was one of the first companies to release such a scanner, namely ewido Anti-Malware. Ironically ewido changed the name of their product from ewido Anti-Spyware to ewido Anti-Malware and later changed it back to ewido Anti-Spyware. This was most likely more of a marketing strategy than anything else.

Grisoft (now known as AVG Technologies) acquired ewido Networks and incorporated the features of ewido's products into their own line of products. One of these products were called AVG Anti-Malware, which was basically a combination of AVG Anti-Virus and AVG Anti-Spyware. Companies like Lavasoft, who originally focussed on anti-adware software alone, later added anti-virus and Internet security suites to their line of products.

The standalone anti-virus application

Today the term 'anti-virus' refers to software that protects you against all kinds of malware, but a decade ago you were vulnerable against any kind of malicious software that did not fall under the limited definition of a virus. I prefer to use malware as the collective term for all kinds of malicious software, but the word 'virus' seems to have stuck over the years and it is no longer limited to the technical definition of a virus, it now includes trojans, spyware, backdoors, downloaders, etc. I believe most people associate viruses with all kinds of malware and therefore the anti-virus companies decided to stick with this term.

So there you have it, an anti-virus application will protect you against all kinds of malware, including potentially unwanted programs (which is a topic on its own), but it does not protect you against all kinds of threats. This is were an Internet security suite comes in.

The Internet Security Suite

An Internet Security suite basically consists of 3 main components, a malware protection shield, a firewall and a spam filter. Anti-virus companies realised that although an anti-virus shield prevents malicious code from being executed, it remains a reactive and not a proactive means of fighting malware. Whether the malware is dormant or active, it needs to enter the system in order to be detected by the anti-virus software. So in order to take a proactive approach in the fight against malware, you need to catch the malware at the main entry points to the system, namely the network and e-mail (removable storage came into the equation at a later stage).

Obviously, a firewall is not just there to detect malware before it enters your system, it also prevents unauthorised access to the system from the outside and it ensures that the information that leaves your system, is transmitted through the proper channels by applications that has the necessary authorisation to do so. A firewall works on a basic set of rules, but is more heuristic in nature compared to an anti-virus scanner that needs an up-to-date malware signature database in order to detect the latest malware.

Spam filters (or mail scanners) have become redundant over the years, due to the increased effectiveness of online mail services against spam (or dangerous e-mails containing malicious attachments). Cloud computing makes it much more effective to filter out the junk at server level, so e-mail clients have less spam to deal with. Client-based spam filters have evolved into a second layer of spam protection, catching the ones missed by the server-side spam filter. Apart from filtering unsolicited junk mail and malware, it also keeps you safe from e-mail scams like advance fee fraud and phishing. Although client-based spam filters are redundant these days, they are still very useful if you access your e-mail via an e-mail client like Outlook or Thunderbird.

Many Internet security suites goes far beyond a malware scanner, firewall and spam filter. Some include parental controls, identity theft protection, instant messaging scanners, link scanners for your browser and some even have an isolated area that you can use for online banking and shopping. Other suites have special sandboxing features through which you can run an application in an isolated virtual environment, preventing the application from accessing critical areas of your system. This allows the user to evaluate the behaviour of an unknown or suspicious application before granting it full access to the system.

The main aim of an Internet security suite is to provide comprehensive protection against various threats, not just malware. It should be there when you browse the Internet, do online shopping, read your e-mails, download files, chat to your friends, connect to a local network, execute an application, always ready to intervene whenever it detects a threat to the integrity of your system or data. When you need more than just malware protection, you need an Internet security suite.

Making the right choice

So the question arises, how do I know if I need more than just malware protection? Is an Internet Security suite really necessary for home use?

To answer these questions, you need to ask yourself, how much information do I need to protect? Do you use your PC for a lot of financial purposes, do you shop online or transact with your bank quite a lot. Do you store a lot of personal and sensitive information on your home computer, information that could cause financial losses if leaked to the wrong people? If you answered yes to any of these questions, it might me a wise move to get an Internet Security suite.

Price is always a factor. An Internet Security suite may cost more than a standalone anti-virus application, but avast! INTERNET SECURITY for example (at the time of writing this article), is only $5 more than avast! PRO ANTIVIRUS and for that you get a firewall and a spam filter extra.

But what about the free version, why pay for something if you can get it for free? Remember, the free version only has basic protection against malware, which is much better than no protection at all, but the free version only applies to home use, most free anti-virus applications prohibits their use in a commercial environment. Secondly, even if it is only for home use, you will not be protected against all the threats covered by the paid version.

So here are the pros and cons of Internet Security suites and standalone anti-virus applications:

Standalone Anti-virus Pros

Cheaper than Internet Security suites
Less components means better performance
Paid version provides better protection than free version

Standalone Anti-virus Cons

Does not provide comprehensive protection against all threats, only malware
Might clash with 3rd party firewalls and spam filters

Internet Security Suite Pros

Provides comprehensive protection against several kinds of threats
Easy to maintain, central control, no clashes between components

Internet Security Suite Cons

Costs more than a standalone anti-virus, but only a fraction more
May cause performance issues due to the vast number of components

Conclusion

If you run a business, I highly recommend an Internet Security suite, especially if your data is an important asset to you. Most home users will be fine with a standalone anti-virus application, but as soon as you start to use the Internet for financial purposes or store a lot of important information on your home computer, you might want to consider an Internet Security suite.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Windows XP, End Of Life or End Of The World? How Can I Stay Safe on Windows XP?

2014-04-21T00:00:00.000+02:00

I guess by now you have heard that Microsoft ceased support for Windows XP on the 8th of April 2014. In some circles this is old news, the April 2014 End Of Life was already known in September 2010, when Microsoft announced that Windows XP will no longer be sold after 22 October 2010. Many people mistook this date as the date when Windows XP machines will stop functioning and this is mainly due to the manner in which the end of life date was announced, many sources made it sound like the end of the world for Windows XP users. But is this really the end of the world? In this article we will look at whether you should upgrade to a newer version of Windows and how you can stay safe not only on Windows XP, but on every other operating system as well.

First of all, your Windows XP machine will not stop functioning, but will continue to operate as it always did. The only difference is that you will no longer receive any Windows Updates because Microsoft will no longer develop patches for Windows XP after 8 April 2014. According to Microsoft, existing updates and fixes will still be available, but I guess after some years Microsoft might even pull these from their servers. The biggest concern by Microsoft is your security and to quote from their end of life page; “PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system”. Technically, this might be true, because should a hacker discover a flaw in a core component of Windows XP, it could be exploited to circumvent any security measures on a Windows XP machine and Microsoft will not be fixing that flaw. But is it fair to say that every XP machine should not be considered to be protected? In my humble opinion, no! There are a couple of things you can do to make sure your Windows XP computer is safe and secure.

I've read quite a lot of articles about Windows XP coming to end of life and from the comments on these articles, it is clear that a lot of people are not really worried about this. Some people feel that Windows XP is a very old system and people should have upgraded ages ago, while other believe that Windows XP still caters for all their needs and that they can continue to use the system without any foreseeable risk or problems. I am one of those people who have used Windows XP for years (and still do to a certain extent) without a single phone call to Microsoft for support. Whenever I ran into problems I always found a solution on the Internet and chances are you will still find solutions to Windows XP problems, because forums and articles will remain on the Internet for years. Computer repair shops will still have people with the necessary expertise to troubleshoot issues on Windows XP and many issues on Windows XP can still be addressed by a system restore or a re-installation, so it is not as if these tools are going to vanish now that Windows XP has reached its end of life.

The stark reality remains that at some stage it might be necessary to upgrade to a newer version of Windows, because certain hardware might not work on Windows XP, for example in the near future you might not be able to connect your mobile phone to your Windows XP machine. This has already been seen with the Nokia Lumia phones (running Windows Phone off course, so it is no surprise that support for Windows XP is pathetic). In order to connect a Nokia Lumia phone to a Windows XP machine, you need to install Service Pack 3 with Microsoft Windows Media Player 11. The lack of hardware support on Windows XP will boil over to many devices including DVD players, printers and graphics cards, because the manufacturers will no longer develop drivers for these devices. But the chances of installing a new DVD player or the latest graphics card in an old machine, running Windows XP is fairly grim. I still use an old Pentium 4 machine with an AGP slot for my graphics card, so I won't even be able to install a PCI Express card on that machine, so why would I worry about Windows XP drivers for a PCI Express card if I can't even install the hardware on the machine? Still, some people are running Windows XP on fairly new machines, so when they decide to buy new hardware in the future, they may be forced to upgrade to a newer Windows version because there won't be any drivers to run the hardware on Windows XP and I think this should be the only reason to move away from Windows XP.

Many companies still run Windows XP on their computers because their in-house software was developed on Windows XP and upgrading to Windows 7 or even Windows 8 is not financially viable at the moment. I can also speak out of experience. Years ago I developed a program in Windows 98 and had to make some modifications to it to make it work under Windows XP. I know comparing Windows 98 to Windows XP is not the same as comparing Windows XP to Windows 7, but it remains a pain in the neck to port your software to a new operating system. I could afford making the modifications, because I did not make any money from this software and I did not have any loss in production while I made these modifications, but certain companies cannot afford the downtime, so they opt to stay on Windows XP. If your software works well in Windows XP and you can continue to run your business using Windows XP, why upgrade? If it is not broken, why fix it? But in the end, I will still advise companies to develop Windows 7 or 8 solutions on the sideline, while running your in-house software on the Windows XP machines in the mean time. Should the time come when you are forced to upgrade, you will be ready to make the transition without too much effort. This is easier said than done for small and medium enterprises, who do not have the necessary manpower and financial resources to make such a transition, so they opt to stay on Windows XP for as long as possible. However, when your business model depends on software running on Windows XP alone, I think it is time to consider other alternatives, because you might face bankruptcy in the face if you are forced to leave Windows XP.

Right, so in a business environment, it might be necessary to upgrade to a newer version of Windows, but what about the individual, the normal man on street? I believe they have the least to worry about. If you are a happy Windows XP user, why upgrade now? When the time comes where a upgrade is inevitable, you will most likely have to buy a new PC, because older PC's can hardly handle Windows 7, so what are the chances of running a future version of Windows on a Celeron, Pentium 4 or Dual Core? (Yes I know, technically you can run Windows 7 for example on a Pentium 4 or Dual Core, depending on the size of the processor and RAM, but in the end they perform pretty poor when compared to running Windows XP on these systems). What about the Windows XP user who has a newer computer that can handle Windows 7 or 8 quite well? The question is not really about what your computer can handle, the question is, is it necessary to upgrade, merely out of a security point of view? I guess it depends on who you are and what you do on your computer. Unless you are a celebrity or high profile figure, chances are small that you are going to be targeted by hackers, but you still run the risk of getting infected by malware, leaking out personal and sensitive information to the creators of the malware. In order to get infected by malware you need to do something to introduce the malware to your system and even if the malware is exploiting a certain unpatched vulnerability in Windows XP, the malware still needs access to your system to make use of that vulnerability. So if you do not browse questionable and dangerous websites, if you are not “click-happy” (clicking on every link you see) and ignore strange and suspicious looking e-mails you have a lower risk introducing malware to your system.

So it boils down to clever computer use in general and not a specific operating system, so here are a couple of tips to keep you safe and secure on your PC (whether you are on Windows XP, Windows 7, Windows 8 and in some instances these tips are even good practice for Linux users).

PC Safety Tip #1: Only browse trustworthy websites

The hardest part for this tip is how to identify a trustworthy website. This discussion is a whole article on its own, but generally speaking, stay away from sites involved in piracy, pornography or advertised through spam. Rather stick to well-known sites with a good reputation and as a rule of thumb, use your gut feeling, if something is bothering you on a website, rather stay away from it.

PC Security Tip #2: Do not be “click-happy” but rather “click-vigilant”

Do not click on every single link or ad you see on the Internet or in an e-mail. You should NEVER click on any link in a suspicious e-mail and stay away from ads making unrealistic promises, or claiming that you have a new message, or that there are problems on your PC that needs fixing, or that you are the quadrillionth visitor to their site and that you have won a boat trip to the Bahamas. Use your common sense and once again follow your gut, if it sounds to good to be true... it probably is.

PC Security Tip#3: Uninstall all 3rd party software that you do not use

This is a very useful tips for Windows XP users, because you automatically close down vulnerabilities in your system by removing unused software. Over time we install a lot of programs and some of them is only used once to perform one specific task. If you do not think you are going to use a specific program again, rather uninstall it.

PC Security Tip#4: Refrain from adding programs to your system tray / Windows startup

Not all programs give you the option of adding it to the system tray, but normally these programs load at startup, so if you want to remove them, remove them from the Windows startup. As a rule of thumb, if you are not using it constantly and if it is not a security program, remove it from your Windows startup. Rather launch it when you need it, than having it run in the background, filling up your memory and introducing vulnerabilities to your system. Disable stuff like the Adobe and Java Updaters and rather update them manually. Do not leave your GPS updating software running in the background, rather launch the updater when you actually want to update your GPS. Refrain from leaving programs like TeamViewer running in the background, especially if you do not need remote access to that computer on a constant basis.

PC Security Tip#5: Do not install browser toolbars or plugins / add-ons

For Windows XP users, this is a must, especially if you want to make sure you are closing down any possible weaknesses in your system. Browser plugins and toolbars are the most vulnerable parts of your browser and is normally exploited to do drive-by installs. These plugins and toolbars are normally developed by 3rd party developers and do not go through all the security standards and checks that the browser's own components had to go through.

Plugins are normally useless, unless it is a plugin for a specific, useful purpose like a dictionary. Try to stay away from all browser plugins or add-ons, but if you really need to use a browser plugin, make sure it is from a trustworthy developer and that the plugin is widely used.

While there are exceptions to plugins, browser toolbars are always useless, even the ones developed by anti-virus companies. I haven't come across a single toolbar that made my life easier. They are normally used for ads and change stuff in your browser that you never asked them to do. So stay away from browser toolbars, period.

PC Security Tip#6: Do not open attachments from unknown senders

You should not even open attachments from known senders if the e-mail look suspicious. I've seen malware sending itself to everyone on the victim's address book, so it may appear as if your best friend sent you a photo, but the attachment is actually an executable (EXE) file containing malware. Use care when opening e-mails.

PC Security Tip#7: Never let your browser save your passwords

This is once again a little common sense and good practice. The safest storage space for a password is your brain, but we all tend to forget our passwords sometimes, so rather store it in some offline location or device. Never store your passwords on a device that has Internet access and make sure the device is encrypted. I am not a big fan of a password manager, but if you have to use one, once again, use it on a computer without Internet access.

PC Security Tip #8: Only use trusted USB drives on your PC and disable Autorun

You should not trust any USB drive unless you use it yourself and even if you use it yourself, do not plug it into a computer that doesn't have an anti-virus on it. If you have to borrow it to a friend, colleague or family member, make sure you scan it with an anti-virus scanner before using it again. Use a tool like Panda's USB Vaccine to protect the USB from getting infected with Autorun malware. This tool can also be used to disable the Autorun feature on your PC altogether, which is a must for Windows XP users. Do not take any chances with USB drives on your Windows XP machine, you are more likely to get infected by a USB drive than being infected by a malicious e-mail.

PC Security Tip #9: Use an alternative browser and dump Internet Explorer

Microsoft might have stopped developing patches for Windows XP but alternative browser developers will continue to support Windows XP for quite some time. So I suggest a browser like Firefox, Chrome or even Opera. Remember, these developers will continue to update and fix their browsers, but Microsoft will no longer patch Internet Explorer 8 (which is the latest version you can install on Windows XP). Support for IE8 died when Microsoft pulled the plug on Windows XP.

PC Security Tip #10: Use an up to date anti-virus and firewall solution

Why did I not mention this as the first tip, it seems pretty important to have this in place before anything else, right? Well, that's not entirely true. If you follow tips 1 to 9 down to the last letter, without any compromises, I will even go so far as to say that you can remain safe and secure without any anti-virus software. I am not promoting the use of a PC without anti-virus software, I'm merely illustrating the point that you can minimise the risk of becoming a cyber crime victim, by having some good PC security habits.

It is not good enough to have an anti-virus application as your only line of defence against cyber attacks, these days you also need a good firewall on your PC (especially Windows XP users). Your best bet would be an Internet Security suite like avast Internet Security, but if you cannot afford the paid version, at least use a free anti-virus and firewall application.

Most people are running their Internet connections through a router these days. Make sure you are utilising the firewall features of your router and if possible, use a router with NAT (Network Address Translation) capabilities. Having a software firewall on your PC, combined with a NAT router is a great way of controlling both inbound and outbound traffic on your computer.

Conclusion

Windows XP is an old system, you can't argue that fact, but it has been and always will be a great and stable operating system. At some stage you will have to upgrade to something newer, but it has to be your own decision. I don't have a problem with Microsoft pulling the plug on Windows XP, but I have a problem with Microsoft bullying their loyal users into upgrading, by using scare tactics through claims that all Windows XP machines are suddenly insecure.

Should you upgrade immediately? Not necessarily, you can continue to use Windows XP for as long as it does the job for you. The purpose of this article is to illustrate that PC security is not only vested in a secure operating system, but also through safe and secure computer usage practices and habits. It is not the security flaws on its own that makes an operating system insecure, but the way you use that operating system, where those security flaws can be exploited.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Buying a Verifiable Degree Online – Is It Legal?

2013-01-03T09:00:00.000+02:00

A couple of weeks ago I got an e-mail from someone asking me if the website Verifiabledegree.com was legitimate or not. So I decided to check the site out and see what it was all about. I almost fell off my chair when I saw the load of hogwash on this site and the lies they are trying to sell, so I thought it would be a good idea, not only to discuss the content of this specific website, but also buying university degrees in general.

At first glance this website should already give you loads of warning signs. On the main page there is not only this cheesy image of a girl studying (no offence to the girl in the photo), but the site is poorly designed with several parts overlapping each other. If these guys were really serious about making a good impression they would have spent more time on the design of this website:

So they say their degrees are:

Reliable, legal and official: That would be a no-brainer. Who wants an unreliable, illegal and unofficial degree?
Secure: What does that mean? Will they send it to you in a fireproof safe?
Confidential: So does that mean you can't show your degree to anyone, because it is confidential?
Registered: Another no-brainer, what is the use of an unregistered degree, if there is such a thing anyway.
Recognised: Any degree can be recognised it all depends on by whom. It will bring you no joy if it is only recognised by the guy who will pay you $1 an hour.

On their main page they also have the following text in an image:

Now this is very odd, especially if you take into account the importance of having your website crawled by the search engines. Everyone wants to rank high on Google, Yahoo and Bing, but you can't do this if you put all your important keyword rich text in an image. They either do not now how to optimise their website for search engines or they do not want to be found by them. So lets take a look at what they are saying here. You can get a degree from ANY university worldwide, within DAYS! Well I can already tell you about a dozen universities who will never hand out degrees like candy. So this is just a downright lie. How in the world can something like this be legal and above board? As a matter of fact, I can't see how anyone in his/her right state of mind can believe in junk like this. I think you have a better chance of losing weight with one of those ridiculous weight-loss pills than getting a legal university degree through these guys.

Lets take a look at the first paragraph on their "About" page:

"We help you purchase a university degree online. You can get a university degree very quickly that is verifiable, legal, accredited, and registered. You don’t need to attend any college or university, don’t need to do any coursework or assignments, and pass any examination."

No coursework, assignments or exams? That sounds too good to be true... wait a minute it is too good to be true. If it was really possible to obtain a verifiable, legal, accredited and registered university degree, just by paying a couple of bucks (okay, maybe a couple hundred), why is there still so many conventional universities in business where you actually study and write exams? Big names like Stanford, Cambridge, Oxford, Harvard, etc. would have been obsolete by now if this was for real.

At the bottom of the main page they also have the following "About Us" statement:

"For 20 years, Verifiabledegree.com continues its mission to help individuals build their dreams by providing degrees that are fast, authentic, verifiable. reliable, and 100% legitimate. With over 100 linkages to accredited universities worldwide, it gives hope to those who want to upgrade lifestyle, change career, build confidence, and create a better future"

Over 100 linkages to accredited universities worldwide? I thought you guys said I could get a degree from ANY university in the world? According to some sources on the web there are over 9,000 universities world-wide, so over 100 linkages is cutting it a bit short.

They also have a Reputation page where the picture becomes more clear about who these guys really are. According to this page, instant degrees review have said some nice things about them. Who is instant degrees review? Well, they link the text "instant degrees review" with the Wikipedia page for Bachelor of Fine Arts, so much for linking to the page of the reviewer. One interesting piece of text on this page is the following two sentences:

"The instant degrees review will also tell you that confidentiality is guaranteed by the institutions offering the instant degrees. It is also a legally binding on your part never to reveal the link between the institution providing you the instant degree and the name of the institution from which you graduate."

Right, so that is where the confidentiality part comes in. You are not allowed to say that you bought a degree from University ABC through Verifiabledegree.com. Who in this world will ever be so dumb to buy a degree and then spill the beans about the source of the degree during a job interview. Someone as dumb as that should not even be allowed to buy a degree. By the way, what is a legally binding? Is it some sort of glue only sold by lawyers?

On their FAQ page you will find more inconsistencies about their services, for example:

Q: Do I have the right to know the name of the university where I got the accredited online degree?

A: Based on the confidential agreement with the university, we cannot release the name of the university or college to you. However, we guarantee that the degree is authentic, accredited, verifiable and legal. This is also to protect the privacy of our existing customers. We are 100% confident that our service is extremely secured.

Wait a minute, we just learned that you are not allowed to reveal the link between the institution providing the instant degree and the name of the institution from which you graduated, but how on earth can you do that if you don't even know from which university you graduated. Just imagine what your degree certificate will look like. "From the University of .... um... we can really say. This is to certify that .....". Yeah, that is going to help a lot to get that job you always wanted. Employers will never notice this, right?

Q: What makes you different from other university online degree services?

A: We had been in business for more than 20 years and we became online in 2000. Thousands of our customers had acquired their accredited online degree through us. We provide transcript, student records, reference letter, appreciation letter, acceptance letter and graduation letter. In addition, we can also offer lawyer certification and notarization (no lawyer will be that dumb if the paper is diploma mill). If you want, we can also provide graduation grown and hood for your graduation from our list of universities. We can also provide several public universities degree for you (extra fees may apply). Please check out if other providers can do this.

This is where the site starts to sound like a 419 scammer. Just read the answer again. We became online in 2000, who speaks like that? We provide transcript, sounds like some indigenous tribal leader. Why would you need a lawyer to certify and notarize an original, legitimate degree certificate, that is already adequately valid in its own right? If you need a lawyer to certify it, then there must be something wrong with it. "(no lawyer will be that dumb if the paper is diploma mill)", there they go with that tribal tone again. But they are right, no lawyer will be that dumb, only one who bought his/her law degree.

Last, but not least, they can provide your graduation grown (or perhaps hey meant gown) and hood that matches the colours of the so-called university where you apparently graduated. Why would you want something like this? The answer is simple, so that you can take a bunch of fake photos in your graduation gown and hood. Can't you see what these swindlers are doing, they are cooking up fake academic records. All these records do not matter anyway. Employers don't give a damn about your student records, acceptance, appreciation or any reference letter for that matter, they are only interested in your qualification and a valid, legitimate, original certificate to prove that you obtained it in an honest way. Do you really think your graduation gown is going to convince your employer that you deserve that promotion? For all we know you could have worn that gown in your high school Batman play.

On their Reasons To Get Degrees page, found under the Services section of the website, that makes no logical sense anyway, they also make the following claims:

Free verification? Isn't that the purpose of the official degree certificate issued by the university?
Perfect supporting documents: The cooked up stuff I mentioned earlier.
Not a diploma mill? According to Wikipedia a diploma mill "is an unaccredited higher education institution that offers bogus academic degrees and diplomas for a fee". This site fits that description perfectly.
You do not sell life experience degrees, but you make the following statement on the very same page: "To get instant degrees, people are required to sign a work experience declaration. Using a credit system, it is then converted into a degree. A network of legally established colleges and universities are involved in the process of issuing instant degrees and this service has grown massively over the last decade." So you just call it work experience, same difference.
Not a scam? Why would you want to make such a statement? If you offer honest and legitimate services there is no need to convince people that you are not a scam. It is normally a sign of a scam when people go to great lengths to convince you to the contrary.
No bad reputation and no negative news? Well, you don't have a good reputation or any positive news either. If they have been in the business for over 20 years, why haven't I heard about them before?

So what about ordering and payment options? On their Shipping and Payment FAQ page they have the following interesting questions and answers:

Q: What is your payment scheme?

A: We accept one-time fee only. We don’t ask for additional fees.

Anyone will expect to pay in advance to obtain a degree, so why the need for a question like this? Are they trying to tell us that this is Advance Fee Fraud?

Q: Where do you accept payments if we get your degree online?

A: We accept these payments from

Western Union
Alertpay (in special occasion)

Do I need to say any more. There is a reason why some pages sounded like a 419 scammer. Western Union is a very popular payment method used by scammers.

Q: Do you accept credit cards?

A: Yes, we do. If you get your degree online, it is even better to use your credit card for fast service.

That is the last thing you should do. Do you also get that sense of eagerness from these guys to get their hands on your credit card information?

When we move on to the ordering page itself, you will notice that it is not SSL encrypted. This means your personal and credit card information will be transmitted over an insecure connection. If this was really legitimate company, they would have gone through the trouble of purchasing an SSL certificate so that you can (1) verify that they are safe to buy from and (2) that your information will be encrypted during the transaction. It is very important to note, that being in the possession of a valid SSL certificate, does not make the vendor necessarily absolutely trustworthy, but the absence of one on a site where you need to enter sensitive information, tells you that they are not concerned about the safety of your information.

A hilarious part of the ordering page is the section where you can choose your grades to be shown on your academic transcripts. From an A+ to an F. Who would want to buy a degree with an F on all of the transcripts? I would rather study and aim for a C than paying money to get an F. The choice of grades do not affect the price of the degree, so whether you choose an A+ or an F, you still pay the same amount and that's perhaps the most ridiculous part of this site. So what about the price. According to their site an Honorary Doctorate degree, with all the fake transcripts, gown, hood, etc. will cost $1190. That is a lot of money for an F, but hey look on the bright side, the graduation cap comes in different sizes, so you are sure to find a cap that will fit.

The link to the Contact page is www.verifiabledegree.com/get-degree-online. On any conventional website, you would have seen the word “contact” somewhere in that link, but this link has absolutely no connection to a contact page (most of the linking structure on this website makes no sense at all). So whoever designed this website... must be a retard. The contact page only has a simple contact form. There is not even an e-mail address and for a company, who has been in business for 20 years, I find it a bit odd that they do not have a physical address or a telephone number listed on this page. This means, they do not want to be found and what kind of people do not want to be found, the kind who wants to take your money and run away.

As expected the WHOIS information for this domain is protected by whoisprivacyprotect.com, so I had a feeling in my gut that it would have been a waste of time looking up the WHOIS information.

So we had a look at this website and I think it is clear that these people are a bunch of crooks. But what about buying university degrees in general. I think it is just unethical and dishonest. Don't you think it is unfair to hold the same title as someone else, who studied 5 years and paid thousands of dollars to obtain the degree through blood, sweat and tears, while you only had to pay $1190, did not even open a book and got your qualification within two weeks? Sure, $1190 is a lot of money, but it is nothing compared to the amount of money you need to complete a 5 year study course. Just imagine how poor the quality of our workforce would be if everyone could buy a degree, wouldn't that beat the whole purpose of a formal education. The whole idea behind a degree is not that piece of paper, but it is to educate yourself in a specific area and to lay a proper foundation so that you are qualified to follow a specific career. Of course nothing replaces experience, but without the education, you can't expect to get very far.

Apart from being dishonest and unethical, just think about the dangers of appointing unqualified people in important posts. Strangely enough, Verifiabledegree.com does not sell any medical, aviation, emergency service or military related degrees, but they do sell degrees in engineering, law and accounting. These are very professional fields of work, with a lot of responsibilities. Imagine a structural engineer with a purchased degree, assigned to the construction of 10 story building or a large bridge, or an accountant with a purchased degree assigned to the finances of a large corporation listed on the New York Stock Exchange. What about a lawyer with a purchased degree assigned to defend an innocent person accused of murder and facing the death penalty? Just think about the chaos if we let unqualified people do the jobs of people who took years of studies and experience to develop and hone their skills. And who said it all stops when you get your degree, most professional careers require continual professional development, to stay ahead of your game. How do you expect someone with a purchased degree to do continual professional development without the foundation of a proper education? It is practically impossible.

The reality is, people do buy fake degrees, unqualified people are placed in positions due to things like affirmative action and employment equity. In South Africa we have first hand experience of people who have the necessary qualifications (not really sure how they got them), but they can't do the job and even worse, people appointed in certain positions of responsibility without any formal education, but that is not the subject of this discussion. You can't honestly buy a degree, you have to earn it through hard work and perseverance. This is how it always was and how it always will be until the end of time, it is as simple as that.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

What's New at Cyber Top Cops?

2013-01-02T12:54:00.000+02:00

First of all, may 2013 be a prosperous year for all of you. Yes, the holidays are coming to an end (for some the holidays already ended) and for most people it will be back to work and school very soon. Although I had a great vacation I also had a very busy one. In between the relaxation and quality time with family and friends, I also spent some time working on new projects here at Cyber Top Cops. I am really exited about these projects because I believe they will make us more effective in the battle against cyber crime. So lets take a look at what is new at Cyber Top Cops

SHPAMEE Project

Although this is not a new project, I have made some improvements to it. These improvements were mainly made behind the scenes, so you won't really notice anything different, but I have upgraded our scam example publishing tool which makes it possible for me to process scam examples quicker and easier.

Cyber Criminal Profiles

This new project is a visible enhancement to the SHPAMEE Project. Although it is still in it's baby shoes, I believe this will add a lot of value to the spam examples we publish on our site in the future. The main idea behind this project was to get all the information collected about a cyber criminal during an investigation, out to the public. The main focus of this project is 419 scams at the moment, but the infrastructure of this project allows us to do much more than just 419 scammers. It is not really a project completely on its own, but it is rather tightly integrated into the SHPAMEE Project. At the bottom of each e-mail example you will see a heading “Related Cyber Criminal Profiles”. The system uses keywords from the e-mail example and searches the Cyber Criminal Profile database for cyber criminals that could possibly be related to the specific e-mail example on display. For an example of how this works, visit the following spam example page:

http://www.cybertopcops.com/419-scam-xig-precious-stones-ltd-business-opportunity-scam.php

When you click on one of the profile links, it will take you to a profile page for that specific cyber criminal. It will highlight all similarities between the cyber criminal and the example page, in red, so that you can see why this cyber criminal was flagged as a related cyber criminal for that specific spam example.

In the spam example mentioned above you will find Mrs Kwesi Jane as the first related cyber criminal. At the bottom of the cyber criminal profile page you will find a cross reference back to the spam example and any other spam example the cyber criminal might be linked to, as well as a list of other cyber criminals related to the one on display. When you click on any of these related cyber criminal links, it will take you to the related cyber criminal's page where the similarities between the current cyber criminal and the related cyber criminal will be highlighted.

The database is almost non-existent, with only 4 active profiles at the moment. These 4 initial profiles were used to test the functionality of the system and now that the infrastructure is in place for more cyber criminal profiles, we can expand the database over time. A 419 scam example only tells you so much about the cyber criminal involved, but the new Cyber Criminal Profile system allows us to tell you so much more about a specific scam, not just about the main peanut in the packet, but also about everyone else involved in a scam (or at least every other alias used by a scammer). Who knows what kind of links this system will identify when we add more profiles to the database?

Malware Sample Database

Most of my time went into this project. Over the years we have collected hundreds of malware samples, submitted by members of the public through our Malware Sample Upload Form as well as samples collected from spam e-mails and links reported through our Malware Site Report Form. But working through these samples and links was quite a tedious task, so I developed a system to make my life easier and at the same time provide feedback about the samples we have analysed so far. The malware sample information pages provide very basic information about the sample and which malware scanners you can use to remove it from your system, but I will add more information to these pages as time goes by.

This database is not just about a bunch of information pages. Visitors can also upload files to compare it to our database and if no match is not found, you can submit the sample for further analysis. I have also added an RSS feed, to keep interested parties up to date when we add new samples to our database. This feed can also be a great way for visitors to get some feedback about a malware sample submitted for analysis.

A lot of effort went into these projects and I really hope it will serve the Internet community well. I would like to see these projects as work in progress, because I am never done with them, every now and then I get an idea to expand or enhance a project or sometimes I just find a way to do the same thing, only better and more effective. But to make these projects more effective we need the help of the Internet community. We need you to report cyber crime!

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Are You Utilising Your Internet Security Suite To Its Full Potential?

2012-09-08T22:25:00.001+02:00

A lot of people have Internet security suites installed on their computers, but many people have no idea how much protection their Internet security suite really can offer. For long it has been the perception that an Internet security suite is basically an anti-virus combined with a spam filter and a firewall. That's true, these are the basic components of an Internet security suite, but as time went by, security software vendors had to develop additional, value added tools, in an attempt to stay ahead of the cyber criminals. Most people only rely on the automatic features that are enabled by default, mostly those running in the background, but some Internet security suites have a wide variety of useful tools, just lying around without ever being used. In this article I will highlight those tools in a couple of popular Internet security suites to make you aware that your Internet security suite can do so much more.

I will start off with my favourite Internet security suite, namely avast! Internet Security.

avast! Internet Security

avast! has a great feature called the Sandbox component. This allows you to run suspicious programs in a virtual environment, sandboxing the program completely and preventing it from making any changes to your computer. This is useful for testing out software from unknown vendors, because a program, that is for instance not digitally signed, is not necessarily a malicious program, but you have the comfort of testing it in a protected environment before allowing it access to your system. The Sandbox component automatically kicks in when avast! identifies a suspicious program, but you can use this feature on any executable file by right-clicking the file and choosing “Run in sandbox” from the context menu.

The SafeZone desktop environment is another underrated feature of avast! Internet Security. It works basically the same as the Sandbox, but in a broader context, it not only protects the browser, but creates a complete virtual desktop environment where you can conduct online transactions safely and privately.

The last feature I would like to mention for avast! Internet Security is the Site Blocking feature. So, what makes this feature worth mentioning? Basically the ability to block sites based on specific keywords. This can be utilised as a small parental control tool, by blocking not only specific inappropriate sites, but sites containing certain keywords in their URL's. This is in no way a replacement for a comprehensive parental control tool, but if you don't have parental control tools on your computer, this tool may come in very handy.

Outpost Security Suite Pro

Outpost Security Suite Pro may not have the virtual environments of avast!, but it has a great tool that protects sensitive information from being transferred from your computer, over an insecure connection. It is called the ID Block feature. This is a handy little tool, but you need to use it very carefully. The idea behind this tool is to remove parts of your sensitive information before transmitting it over an insecure connection. This means the ID Block feature will not interfere when you are entering credit card information on a secure page, that uses SSL encryption to transfer your information over the Web. So how does it actually work? You need to add your sensitive information to the ID Block feature so that it can know what to look for. You will not enter your complete credit card number or social security number for instance, only a significant portion of it, so that the ID Block feature can replace that part with asterisks (*), when the information is transferred over an insecure connection like e-mail, unencrypted web pages or an instant messaging program, that doesn't use SSL to encrypt your information. You can also use the ID Block to protect parts of your passwords, so that you never enter them inadvertently on an unencrypted page.

Outpost Security Suite Pro also has a site blocker called the Site and Ads Blocker. Apart from blocking websites as a whole, you can also block unwanted elements on a web page. The site blocker can also be used as a parental control tool, just like the Site Blocking feature of avast!

Perhaps the most underused tool of Outpost Security Suite Pro is the File & Folder Lock. This tool prevents any other program from modifying, deleting, moving or renaming a specific file or folder, so it basically works like a read-only file or folder, the only difference is you can't remove the lock if you don't know the master password of the security suite. This is a very useful feature for files and folders containing important information that is seldom or never changed. This can also be applied to important program and system files to prevent malware from patching them with malicious code.

Kaspersky Internet Security

It has been a while since I reviewed Kaspersky Internet Security, but the latest version seems to have two new features.

The first one is the Safe Money mode, it works basically like avast!'s SafeZone component, but not as a separate virtual environment but it is a special secure mode inside your browser.

The second new feature is the Secure Keyboard, a virtual keyboard you can use on banking and shopping sites when you have to enter credit card, banking or other sensitive information. This prevents key loggers from stealing important information because they monitor the keys being pressed on your physical keyboard and since you are not using it in these cases, you are no longer exposed the dangers posed by these spyware programs.

Kaspersky Labs was one of the first security software vendors to introduce an integrated parental control tool in their Internet security suite. Although it is not the most comprehensive parental control tool, it has enough features to help the parent perform most parental controlling tasks, like exercising control over applications, games and websites used by your children and blocking, limiting or logging your children’s communications, as well as blocking the transfer of private data, such as phone or credit card numbers.

There are many other good Internet security suites that I did not discuss here, but you should be able to identify a certain pattern here. Most Internet security suites have additional features that include some virtual environment where you can conduct online transactions safely, an identity theft protection feature and some form of web filtering feature. The message I'm trying to get across here is to pay attention to the additional features of your Internet security suite, you paid for this stuff, so why not use it? Don't wait until something bad happens, use all the security tools at your disposal, better be safe than sorry.

If you need any help with the features discussed in this article, feel free to leave a comment on the blog, or e-mail me with your questions.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

MailWasher PRO, Spam Filter and Spam Reporting Tool

2012-09-01T13:48:00.004+02:00

If you are one of those people who often report spam to anti-spam organisations like SpamCop, KnuJon and Cyber Top Cops, I bet you always wished you had a tool that can combat spam and report it to anti-spam organisations at the same time. Well, you can stop wishing because such a tool has been available for quite some time now and it is called MailWasher PRO. In this article I will give step by step instructions on how to use MailWasher and how to configure it so that you can filter and report spam more efficiently.

MailWasher has quite a unique approach to spam filtering, by getting rid of your spam before you download it with your e-mail client. This saves bandwidth and the time of scanning through the multitude of junk in your inbox to find your good e-mails. Most e-mail clients already have a built-in spam filter (like Mozilla Thunderbird and Microsoft Outlook), but MailWasher does not attempt to replace these built-in spam filters, but rather complement them. You should see MailWasher as your first line of defence against spam and your e-mail client's built-in spam filter as a backup for the spam that got past MailWasher.

Where do I get MailWasher? Visit Firetrust.com and download the 30 day trial version of MailWasher PRO. There is also a free version available, but you can only use it with one e-mail account, you won't have a recycle bin for your deleted e-mails and the preview pane is very limited. If these limitations do not bother you, I recommend you download the free version.

Now how does MailWasher work? It is really simple, you open MailWasher before opening your e-mail client, let MailWasher check your e-mails, tell MailWasher which ones are spam and which ones are good and finally, click on the Wash Mail button and let MailWasher do the rest. After “washing” your e-mails, open your e-mail client and download your e-mails from your spam-free e-mail account.

So how exactly do you tell MailWasher which e-mails are good and which ones are bad? Well, each e-mail has a thumbs-up and a thumbs-down icon next to it. If you click the thumbs-up icon, MailWasher will identify the e-mail as good mail and if you click the thumbs-down icon, MailWasher will identify the e-mail as spam. Over time, MailWasher will get better at classifying your e-mails correctly, so you won't have to train MailWasher all the time. If you are not following what I am saying, watch the 60 second MailWasher PRO, quick start video.

One way of improving MailWasher without doing any manual training, is by setting up custom filters under the Spam Tool Settings. To do this follow these steps:

Click on Settings.
Click on Spam Tools.
Click on Filters.
Click on Add Filter.
Give your filter a name, for example avast! Spam Filter, you may leave the Description field empty.
Make sure Filter Type, is set to Spam and that the sentence under Rules reads: Apply filter to e-mails that match Any of the following rules.
Click on Add Rule.
Change Entire message to 'Subject'.
Enter the text *** SPAM *** in the text input box.
Click on the Save button at the bottom of the window.

This filter will work great with the anti-spam component of avast! Internet Security. avast! also uses the tag *** PHISHING *** for phishing e-mails, so you can add a second rule by repeating steps 7 – 9 above, and adding the text *** PHISHING *** instead of *** SPAM ***. This should work with any spam filter that modifies the Subject of identified spam e-mails, you just need to change the text, specified in step 8, to the appropriate tag added by your spam filter. For example Kaspersky Internet Security adds the text [!!Spam] to the subject line when it identifies an e-mail as spam, so if you are using Kaspersky Internet Security, replace *** SPAM *** in step 9, with [!!Spam].

This does not necessarily have to correspond to a specific spam tag added by a spam filter, you can also add filters for words found in the subject line, commonly associated with spam, for example: Enlargement, Supplement, Pharmacy, Congratulations, etc. You can even add a couple of other words, that's not appropriate for me to mention in this article, but I think you know what I mean. This will keep vulgar and inappropriate e-mails out of your mailbox and MailWasher will mark them as spam automatically. The possibilities with these custom filters are endless.

The other great thing about MailWasher is its Spam Reporting Tool. That's right you can report spam to SpamCop, KnuJon and Cyber Top Cops all at once. To set up a spam reporting service, follow these steps:

Click on Settings.
Click on Spam Tools.
Click on Spam Reporting.
The SpamCop service will already be created, so double-click it to open its settings.
Replace the text in the Email to field with your own SpamCop reporting e-mail address. It should be in the format submit.SPAMCOPID@spam.spamcop.net. Replace SPAMCOPID with your unique SpamCop ID.
Choose the e-mail account through which MailWasher must send the report.
Choose the colour of the report service. This is the colour of the icon that will appear next to the e-mail under the Reporting column.
Choose a letter of the alphabet to identify the spam reporting service easily. The letter 's' will already be assigned to the SpamCop Service.
Click on the Save button at the bottom of the window.
Click on Add Service.
Type Cyber Top Cops next to Service name.
Type spam@cybertopcops.com next to the Email to field.
Leave Email content blank.
Repeat steps 6 – 9. Choose the letter 'c' in step 8.
Repeat step 10 – 14. Choose the letter 'k' in step 8. Instead of Cyber Top Cops in step 11, type KnuJon and instead of spam@cybertopcops.com in step 12, type KNUJON@COLDRAIN.NET or your unique KnuJon reporting e-mail address.

Now you are properly equipped for the battle against spam, without breaking a sweat. All you need to do now is to mark the appropriate spam reporting services before clicking on Wash Mail. To do this go back to your Inbox in MailWasher, right-click on the column bar with the different headings and select Reporting from the list. When you mark an e-mail as spam, also click on the reporting service icons under the Reporting column. If you followed my instructions correctly you will have 3 icons next to each spam e-mail, where each icon correspond to the colour and letter your chose in steps 7 and 8 above.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Should I Use Parental Control and Monitoring Software?

2012-08-18T23:54:00.000+02:00

A while ago I wrote an article about Reconciling Parental Control Software with Internet Security Principles. My view on parental control and monitoring software hasn't change much since then and I still feel that monitoring software can pose a huge security risk if not used correctly. However it seems like more and more anti-virus vendors are integrating parental control tools into their Internet security suites and one tend to wonder why.

I was viewing a couple of questions on Yahoo! Answers and WikiAnswers the other day and I noticed quite a lot of teenagers asking the question on how to bypass blocking software in order to view porn. I even saw a question from a grandfather for advice on how change his password to prevent his grandson from using his computer for porn, while he is asleep at night. I will agree that this is no new trend, but porn usage among teenagers are an ever increasing problem and the only way to battle it, is to control the way your children and grandchildren are using your computer, their own computer or even the family computer.

Now before I discuss this topic any further, I would like to make it very clear that I'm not trying to tell parents how to raise their children, but I'm merely focussing on the role that computers are playing in our lives and the threats they pose to our children and how we should manage it as part of your parental duties. Parental control and monitoring software are useful tools to control and understand your child's online activities, but it is in no way a substitute for your responsibility as a parent to protect your children from being exposed to inappropriate content. Sure, we cannot lock our children up and never allow them to play outside, so they are going to be exposed to things we don't like, but we need know about those exposures and react to them as quickly as possible. Parental monitoring software is just one of those things that can make it easier for us to with these threats.

For starters I am not a big fan of installing parental monitoring software on a computer that's used to conduct online transactions. The monitoring software could record your credit card number for instance and should someone break into your computer and gain access to the recorded logs, then you will have a lot of trouble. The same principle applies to bank account information, passwords and pins. So if you have to use parental monitoring software, always use it on your child's own computer or on a family computer that's never used to conduct online transactions.

Another thing that's important is to tell your children that everything they do on the computer, is monitored. This creates an open relationship and if they have nothing to hide, then they should not have a problem being monitored. Any family computer should be in a room where there is a lot of traffic, yes sometimes you need your privacy on a computer when you send an e-mail or chat with someone in confidentiality, but as a parent you need to know who your teenager is chatting to, to whom are they sending e-mails and what kind of e-mails are they reading. Online predators often introduce themselves as teenagers and a parental monitoring tool can be the difference between your child meeting an online predator in real life or you putting an end to a relationship that could possibly harm your child. However there should be a good balance between allowing your child to socialize with known friends and family online and denying your child certain activities online when you are not around. Some parents could end up being totally paranoid and deny their children all forms of socialising on the web. But in the end, you remain responsible for who your child socialise with and you need to exercise the necessary control until your child is at an age where you can trust their judgement.

I'd like to get back to the point that you need to be open about the fact that you are monitoring your children's online behaviour. It is not a matter of distrust, but you would want to know when your child has been exposed to inappropriate content. Not every child will necessarily have the confidence to speak to you about something that they saw online, especially not when they think it is their fault and that they will be punished for accidentally stumbling across inappropriate content. But this can also be a sign of a larger underlying problem between a parent and a child, because your child should always feel free to talk to you when he/she is uncertain about something. But you may ask the question, can a child really stumble across inappropriate content by accident? Well there is no rule of thumb here, but the general perception would be that you can't stumble across porn if you weren't looking for it. This is not always true though and there are many exceptions to this perception.

Last month I investigated a spam e-mail that places the recipient under the impression that he/she can get free $100 meal coupon at McDonalds. The link in the e-mail has nothing to do with McDonalds, that's only to get your attention and to make you click on the link, but the actual link takes you to a random porn site. What child will pass on the chance of getting a $100 free meal coupon at McDonalds? Most children will click on the link, some out of curiosity and other out of gullibility. Do you really want your children to be exposed to the filth on the Internet without knowing about it? Wouldn't you prefer to speak to your child about what they saw and that the images they saw are wrong? Wouldn't you prefer to be the one to confront your teenage son with the information recorded by the parental monitoring software, instead of his friends telling him that browsing porn sites is acceptable? And this is where the openness comes into play. If your child did not know he/she was being monitored and you confront them with the data from the parental monitoring logs, you will most likely break their trust and end up alienating them rather than teaching them what is right and what is wrong.

I bet the following question comes to mind. If I tell my children that they are being monitored, won't they find another way to view porn, like at a friend's house, a cellphone or at the Internet café? First of all, you should be involved in the choice of your children's friends. Secondly, your child should not visit a friends house where there is no trustworthy adult supervision. Thirdly, a child's phone should only have voice services and no data services (yes I know a lot of people will disagree, but you will have absolutely no control over their online activities if they can browse whatever they want on their phone) and finally, an Internet café is not the place for a child to be on its own. People tend to view the Internet as some virtual world, totally separate from our everyday life. But it is as integrated into our lives as choosing the right food for your child to eat. If you exercise control over the physical things that could hurt your child, why not exercise control over the psychological things that can scar your child for life?

I realise a lot of people have their own opinions on parental control and monitoring software and how to raise a child, but porn is a great danger to our youth these days and it is not just the psychological damages that you should be concerned about, your should also worry about the financial dangers of browsing porn sites. What if your teenager manages to get a hold of your credit card and purchase a subscription to a porn site. You may argue you should not let your credit card lie around for anyone to use. True, but wouldn't you prefer to know when your child is sharing personal information like telephone numbers or your physical address with total strangers? What if your teenage boy uses the family computer to browse hardcore porn sites and infect it with some nasty adware. You don't want your eight year old daughter to be exposed to flashing ads of naked people caused by the junk your teenage son installed on your family computer, now would you? You may argue, I trust my children and they would never do stuff like that. You know your children the best and parental monitoring software is not going to raise your child or make the porn sites go away, but it can be helpful to address an ever increasing problem among our youth before it is too late.

Finally you may ask, what's the use of only monitoring my children's online activities, I also would like to control their access to inappropriate sites. For that you need parental control software. Some programs claim they can monitor and control, but they often tend to do the one better than the other. Certain parental monitoring programs have some form of control over the websites your child can visit, but it is often limited to general blocking features like limiting Internet access during specific times of day. Parental control software, on the other hand, may be good at blocking all kinds of porn sites, but they often suck at monitoring online activities. You, as a parent, need to decide what is the most important to you, simply monitoring your child or exercising control over the sites they visit and when they can use the Internet or specific programs installed on the computer. It all depends on your own unique situation. If you only want to know what your children is doing online, then a monitoring program is best suited for you. If you have a troublesome teenager who can't stay away from porn sites, then you may want to use a more aggressive approach and block access to these sites, by using a parental control program. Personally, I prefer a monitoring program over a control program, mainly because it is harder to bypass a monitoring program, without the parent's knowledge, than a control program. I accept the fact that both can be circumvented by a clever kid, but a monitoring program normally gives the parent a thorough audit trail of the child's online activities and it is easier to spot gaps in the logs of a monitoring program than it is to spot incidents where the control program did not do it's job. Another huge advantage of a monitoring program is that it is easier to tell if your children is responsible when they are online, but with a control program you never really know if your children will stay away from inappropriate sites when you remove the restrictions imposed by the parental control software.

In the end, the big question should not be whether we should use parental control and monitoring software, but ask yourself this question: Do you know what your child is doing online? Remember as a parent you need to be part of every aspect of your child's life and if you don't know what they are doing online, then it is about time that you started taking interest into their online activities.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

The Best Internet Security

2012-08-04T23:17:00.000+02:00

What is the best Internet security suite in the world? I've reviewed quite a number of Internet security suites and all of them have pros and cons, but what if we were able to take all the good features of each Internet security suite and build the perfect Internet security suite of all time? It is not completely impossible, because most Internet security suites have stand alone versions of their anti-malware and firewall components and some even have a stand alone version of their spam filter. Right, so what do you really need for an Internet security suite?

First of all you need a malware scanner and a resident anti-malware shield to protect your computer from malware attacks. Secondly you need a good firewall to control inbound and outbound traffic over the networks you connect to. Finally you need a good spam filter to protect you from e-mail fraud and other types of unsolicited bulk e-mails. I believe these are the most important components of a good Internet security suite. These days Internet security suites contain all kinds of extra features like parental control tools, anti-phishing tools, identity theft protection, special protection for browsers, sandboxing tools to isolate suspicious applications, ad blockers and more.

I have discovered a combination of 3 specific security applications that will protect you against malware, hackers and spammers. I chose these applications because they provide the highest level of protection without affecting the performance of your computer too much.

avast! Pro Antivirus

I will start with malware protection. avast! has the best malware detection rate of all the malware scanners I've reviewed so far. Apart from its good detection rate, it also has an impressive resident shield (or rather several resident shields). You get the File System Shield, Mail Shield (scans your e-mails for malware), Web Shield (protects you against online threats while browsing the Internet), P2P Shield (protection against treats on P2P networks), IM (Instant Messenger) Shield, Network Shield (not a firewall, but adds an additional layer of protection over your network traffic), Script Shield and the Behaviour Shield (heuristic scanner). Apart from these shields, it also provides additional protection through its Auto Sandbox (allows you to run suspicious programs without harming your system), SafeZone (a special secure desktop environment to conduct online transactions safely), Browser Protection (a special web reputation plugin and the ability to run your browser sandboxed), Remote Assistance (enables you to receive technical assistance from other avast! users, remotely) and Site Blocking features.

I guess it is clear from all the shields it has to offer, avast! Pro Antivirus can protect your computer against most threats on its own, but no security suite is complete without a good spam filter and firewall.

SPAMfighter PRO

Some people feel that a spam filter is unnecessary, but I believe a spam filter just adds another useful level of protection to your computer security. You need a spam filter to cut out all those unsolicited scam, malware, porn and enhancement product e-mails, just to name a few. Why waste your time filtering through hundreds of useless e-mails and walk the risk of being scammed or infected by malware? You might argue that the malware scanner should protect you against malware, but if the malware can't even reach your computer, there is even less risk of being infected.

Another big problem these days, is porn and indecent content being distributed and actually forced down the throats of spam victims. You don't want your children to be exposed to these e-mails and a spam filter will not necessarily eliminate the risk of exposure completely, but it will certainly lower it to an acceptable level.

SPAMfighter PRO is a unique community-based spam filter. When I say community-based, I mean that the strength of SPAMfighter lies in the amount of spam reported by SPAMfighter users worldwide. One may argue that a system like this can easily be abused. Yes, maybe, but it has been fighting the spam battle for quite some time now and is very good at identifying spam and leaving your good mail alone. When I reviewed SPAMfighter it did not flag a single good mail as spam and only a handful of junk e-mails were not identified as spam.

One of the main reasons why I like SPAMfighter so much is it compatibility with most popular e-mail clients. Many spam filters tend to work with Microsoft Outlook only, so if they are not compatible with your non-Microsoft e-mail client, they can't do the job at all, no matter how good they are at filtering spam.

Outpost Firewall Pro

These days you can't use the Internet without a proper firewall, providing adequate two-way protection for your computer. Most people think a firewall only needs to protect you from hackers trying to break into your computer, but you walk a greater risk of having sensitive information leaked from your computer to a remote location, than someone trying to gain access to it from a remote location. So you also need something to monitor your outbound traffic as well.

There is not a single personal firewall solution that can beat the level of network security and effectiveness provided by Agnitum's Outpost Firewall Pro. You know a firewall is good when companies like AVG Technologies, Lavasoft and Sophos use Agnitum's firewall technology in their own products. This is not your standard firewall, Outpost Firewall Pro comes with several additional features like Anti-Leak, System Guard, Application Guard, File & Folder Lock, Anti-Spyware scanner, Ads and Sites Blocker and ID Block. You can read more about these features in our latest review of Outpost Firewall Pro. Performance is a big issue to me, because I believe your security software should never handicap your productivity on your computer. The latest version of this firewall (version 7.5.3, also known as the Performance Edition), has been enhanced quite a lot in terms of performance.

Firewalls tend to annoy users with endless prompts and warnings, but Outpost Firewall Pro works in special Auto-Learn mode for a while. During this learning period it suppresses all those annoying prompts while learning more about the programs you often use and the network connections you normally make from your computer. It is not completely prompt-less during this period and you will still be warned about serious attacks and unauthorised connections being made to and from your computer.

What I really like about Outpost Firewall Pro is that it is much more “intelligent” than most firewalls and only bothers the user when there are some serious decisions to be made, decisions that a firewall should not be allowed to make on its own.

The only drawback about this firewall is that it may be a bit too advanced for novice users, but only when it comes to customizing the firewall to suit your needs. Because of its “intelligence” it will make the right choices during the setup process and most of the settings should work out of the box, so novice users won't have to worry about changing any settings to make the firewall work. If you are a novice user, I suggest you install avast! Pro Antivirus and SPAMfighter PRO before installing Outpost Firewall Pro, just to make your life a little bit easier.

Conclusion

avast! Pro Antivirus, SPAMfighter PRO and Outpost Firewall Pro are exceptional security programs, each in their own right. Running them side by side, gives you an edge over malware, spam and hackers.

There are basically only two disadvantages of this setup. Firstly, you can't manage these applications from a centralised location, like with an integrated Internet security suite, so you have to manage and configure them individually. One may argue that the Windows 7 security centre gives you a birds eye view over the status of all your security applications and all three applications have an auto update feature, so is it really such a big deal if you have to manage each one separately, because how much management and configuration do you have to do by hand anyway? It is probably not such a big deal, but I know some people will still prefer to have all these components bundled into one integrated security suite.

The second disadvantage of this setup is cost. It the time of writing this article, avast! Pro Antivirus will cost you $39.99, SPAMfighter PRO will cost you $19.97 and Outpost Firewall Pro will cost you $29. That is a total of $88.96. If you compare this price to that of an integrated Internet security suite, you will find that the latter is much more cheaper. avast! Internet Security will cost you $49.99, Outpost Security Suite Pro will cost you $24.97 and Kaspersky Internet Security will cost you $59.99. These suites may have a couple of extra features and they may be much cheaper, but the level of protection provided by this setup surpasses that of any integrated Internet security suite.

avast! Pro Antivirus, SPAMfigther PRO and Outpost Firewall Pro each has a free version as well, making them a great choice for a free Internet security setup you don't have $88.96 to spend on computer security software.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software

Have We Lost The Ability To Think For Ourselves?

2010-04-27T22:06:00.001+02:00

What do scammers always use to their advantage? What enables con-artists to swindle their victims? What is the most important thing scammers always rely on? Only one thing, the victim's inability to think for himself/herself.

The other day I saw an add for an e-book about some magical way to cancel traffic fines or to get them refunded (I'm not going to mention the name of the book, because it is a load of hogwash and I'm not going to give it any form of exposure except for illustrating my point). For starters, some lines on the website were poorly formatted with some strange HTML coding. Certain pieces of the text were aligned to print over other pieces of text, making some parts of the page totally illegible. This was caused by some funny div-statements used by the web designer. (This guy obviously did not know what he was doing). But it is not important to know what the web designer did wrong, it is more important to note that the seller of this e-book could not be trusted. Why? Because if he can't even format his website properly (or at least get someone to do it for him), how can you be certain that the owner won't steal you money and sell you a piece of junk looking like his website? But lets forget about the poorly designed website for a moment and focus on the product he was trying to sell.

This book, will presumably help you to get your traffic fines cancelled or even refunded by exploiting flaws on parking and speeding tickets. The book is therefore aimed at traffic fines in general and not UNFAIR or INVALID traffic fines (as a matter of fact, the author makes no mention of the words UNFAIR or INVALID on his website). The site does not even contain a single encouragement to motorists to keep within the speeding limit, to put money in the parking meter or to drive safely within the bounds of the laws of the road. No, the sole purpose of this book is to get traffic fines cancelled or refunded, whether you committed an actual offence or not. Now think about this for a moment, why should you buy a book to exploit the loopholes of the law in order to save money in traffic fines, if you can save money by just sticking to the law? In other words you don't need to spend a single penny to save money, you just need to use your damn brain. This book is actually encouraging reckless driving and should be banned. If you really exceeded the speed limit for instance, why should you be able to get the traffic fine cancelled. You contravened a law and you should pay the fine (and don't give me that bull that loopholes in the law is there to be exploited). It is a whole different scenario if you were wrongfully accused of a traffic offence, but this is not what the book is about (or at least that is not the impression the site gave me). But the most disturbing fact is that there are people who will actually buy this book. Really, you got to be brain-dead to buy a piece of junk like this! And this is why I ask the humble question, have we lost the ability to think for ourselves?

Have you ever wondered why people accept so many things and question so very little? I believe this is often the result of a fast paced lifestyle, where there is no time to think about something, you need to make a decision immediately without contemplating. But can we blame our bad decisions on the pressures of modern day life? Any normal person possesses the ability to reason, but it seems as if more and more people are losing this ability by the day. Are we really losing the ability to think for ourselves, or are we deliberately suppressing our ability to reason? I always ask myself these questions when I analyse scam e-mails and fraudulent websites and most of the times I simply cannot understand how it is possible for a healthy mind to be swindled by obvious scams like these. And by obvious, I mean scams containing obvious and common signs of fraud and deceit.

I have to admit, not all scams are that obvious and it has to be mentioned that some of them are quite cleverly designed to look like the real thing. But the majority of scams contain telltale signs of deceit (whether it is a scam e-mail, a fraudulent website, an obscure add in a magazine, a call from an unknown individual or a dishonest salesman). The main problem is, many people only accept the solution or promise presented by the scammer and never pay attention to the means by which the scammer attempts to solve the problem or deliver the promise. The driving force behind the success of almost any scam is money and greed. You need a combination of both to make a scam successful and a greedy victim walks a greater risk of stepping into the trap set by the scammer, without realising it. But greed is not the only factor, ignorance is another weakness exploited by scammers, to improve their chances of successfully swindling their victims.

How long will we be able to use ignorance as an excuse? There are so much information about the latest scams, freely available on the web. Financial institutions post warning messages and examples of scam e-mails on their websites and some companies even communicate directly with their clients about the latest tricks and gimmicks used by scammers. With all this information at our doorsteps and sometimes even in our laps, how can we use the lame excuse of "I didn't know"? Computer illiteracy is also a stumbling block for many people, but computers have become part of our everyday lives and fewer people are computer illiterate these days. But there will always be a technological gap among computer users, because not everyone eat, sleep and drink computers. There will always be advanced and novice computer users and the latter are often at risk of falling for scams, where they don't comprehend the mechanics exploited by the scammer. But this can easily be remedied through a little bit of education. Most online banks and shopping sites have detailed guides and tutorials on the risks and signs of phishing, identity theft and other forms of fraud. These guides are often very detailed, but quite simple and easy to understand, with graphical illustrations and examples, specifically targeted at novice users. But advanced computer users should read these guides as well, because the fact that you know everything about computers does not make you immune to all forms of online fraud.

With all this information at our disposal, how is it still possible for some scammers to swindle their victims? I believe people are not taking the time to familiarise themselves with the risks of online fraud. If you don't know how to use the address bar of your browser, or why the address bar turns green on certain sites or how use your status bar to preview the address of a link, you are like a suicide bomber. It is like driving a car without the proper training, you are a danger to yourself and everyone around you. Like I mentioned earlier, the information published by banks and online shops, regarding the methods used by scammers to swindle their victims, are not that hard to understand (and for goodness sake if you don't understand these guides ask someone you trust to explain them to you). So if we have all the information about the techniques used by scammers and if they are easy to comprehend, why on earth do people still fall victim to these obvious scams? Simply because they don't read the information available to them. If your bank account was emptied by a bunch of crooks, because you clicked on a link in some e-mail about updating your personal details or something like that, then you are either living on a different planet or you haven't been paying attention to the warnings communicated by your bank. Where have you been in the last decade or so? These scams have been an active threat to the online community for several years now, so how is it possible that you haven't heard of these scams before? Honestly, people need to wake up and smell the coffee! Open your eyelids and pay attention to your surroundings! Start to THINK for yourself and stop depending on other people to do it for you!

Unethical marketers are able to convince some people to buy stuff they don't need, simply because some people are like zombies, allowing outside influences to manipulate their thoughts. Scammers follow the same tactics, they force the victim into believing everything they say in their scam e-mails or on their scam websites. The promise of millions of dollars, a valuable object or the threat of suspension of your bank account, is often so sudden (or promising), that people forget to think about the source of the e-mail or the means by which the scammer are communicating with them. The initial contact made by a scammer is a crucial point in the development of a scam. If you can't identify the scam early on, chances are that you won't realise you are being conned, until the damage is already done. The only way to identify these scams is to use common sense and a bit of scepticism. I'm not saying you need to be over-suspicious towards every e-mail and phone call you receive, but you need to look very critical at every form of communication, where you don't know the person on the other side. In other words, ask yourself the following common sense questions (where the answer to each question is obviously NO): Will the bank ask for my credit card number over the telephone? Will my bank send me an e-mail request to update my personal e-mails? Will an official from another country contact a total stranger, in connection with a multi-million dollar transaction? Will the Executive Director of the FBI use a free e-mail service to contact me about some scammers who MAY have contacted me in the past? Will a company like PayPal or Amazon make spelling and grammatical errors in their e-mails? If this is such a great business opportunity or such a revolutionary product, why haven't I heard about it before? Is it possible to make loads of money by simply distributing a chain letter received through the post? The list goes on and on...

You see, by asking a couple of critical questions you will soon be able to identify whether an e-mail, phone call or a letter in the post is a scam or not. It just needs a little bit of reasoning and common sense, there is no rocket science to it. But if you are too lazy to think for yourself, deliberately ignoring the warning signs of common fraud, then you deserve to be scammed!

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software

A Quick Look at Kaspersky Internet Security 2010

2010-04-15T02:08:00.002+02:00

I recently did an in-depth review of the latest Internet security suite from Kaspersky Lab, Kaspersky Internet Security 2010 (KIS 2010). It is certainly an improvement over previous instalments, providing a more comprehensive level of protection against malware based threats. Some components have been divided into smaller, separate components, making the application very flexible in terms of customisation. What does that mean for the user? The user is able to disable unnecessary components in cases where similar protection is provided by a standalone application, for instance a spam filter or parental control application. There are a lot of good things to say about this security suite, but it is definitely not without its faults, I will discuss these in detail a little bit later.

Installation and setup
Very easy and straightforward. Getting the application up and running is child's play and the process is fairly automated, meaning very little user interaction is required during the installation procedure. I have a little bit of criticism against Kaspersky Lab going the opt-out route regarding the participation in the Kaspersky Security Network. With "opt-out" I mean that you need to explicitly opt out from participation and I would like to see this the other way around. But at least Kaspersky Lab gives you the option to opt out, unlike other software developers who never even inform you of participation in their usage data collection programs.

Updates
The software updates itself quite often, with definition updates released several times a day. The software checks for updates on an hourly basis, but certain users report that actual updates are published every three hours on average. Nevertheless, Kaspersky Lab stays up to date with the latest threats and outbreaks, to the benefit of every user of their software.

User Interface
It is quite easy to use the software, making it an attractive option for novice users. Most of the components work out of the box and customising them is no rocket science. However this can't be said of all the components. The firewall component is the least user friendly and making changes to the firewall rules, to make it behave in a way that suit your needs, is an extremely frustrating and time consuming operation.

Performance
You won't need a monster PC to run Kaspersky Internet Security 2010, but you need at least 1 GB of RAM and an 1GHz processor to run the security suite on Windows XP, without compromising the overall performance of your computer (for Vista and Windows 7, double these figures to 2GB of RAM and a 2GHz processor). Off course you will notice a slight decrease in performance, but nothing major. With the processing power of today's standard office computers, you shouldn't have any trouble running the software on one of these.

Real-time Protection
This is where Kaspersky Internet Security 2010 packs the punch. This security suite brags with a whopping 13 different security components, each one of them providing tailor made protection against specific types of threats. You are basically protected against malware (viruses, spyware, trojans, rootkits, etc.), network attacks, spam, phishing attacks, intrusive advertising through banners and even your kids are protected against inappropriate content on the Web. There is more to Kaspersky Internet Security 2010 than meets the eye and only a look under the hood can reveal the different levels of protection provided by this world class security suite.

Threat Protection Tests
This is the core of every security software review, in other words, can the software protect me when the pawpaw hits the fan? Malware tests were satisfactory, although it missed a couple of threats. Malicious files are isolated properly and accidental execution of a known threat is nearly impossible. The heuristic scanner is fairly clever too and the software defended itself perfectly when I tried to disable it by force.

The firewall fared well against the couple of leak tests I threw at it, but I was able to determine the computer's MAC address and the fact that it was up and running, with a simple port scan from another computer. The proper behaviour of a firewall in this case would be to hide the computer completely from an unauthorised computer, connected to the same network. The firewall detected and blocked the port scan, but it did not blacklist the offending PC, because it assumed that its IP address was spoofed. I would have liked an option to block the attacking computer completely, but hey, this is not a perfect world.

The spam filter is the only component in Kaspersky Internet Security 2010 that did not do so well during this review. At first I had loads of issues getting it to work in Thunderbird 2 and secondly, I discovered that there is no support for Thunderbird 3 at all (perhaps in the future?). The spam filter operates quite well in Outlook Express but the actual spam filtering left me wanting. I have to mention though, that the accuracy of the spam filter improved, after training it with more or less 150 spam e-mails, but even after all that training it still allowed obvious spam e-mails to come through. So it is disappointing to see a spam filter, with so much potential (Heuristic analysis, GSG technology for image recognition, analysis of RTF files and self-training text recognition with iBayes), struggling so much when it comes to actual spam filtering.

Value Added Protection
Like I mentioned earlier, during the discussion of the real-time protection, you also get a parental control and anti-banner component with Kaspersky Internet Security 2010. These components are disabled by default, because not everyone will have use for them. However, these simple tools are really impressive in terms of functionality, they do exactly what you would expect from them. The parental control component is easy to configure and very little configuration is needed, because it relies heavily on heuristic detection of inappropriate websites. Heuristic analysis is often something that delivers either a lot of false positives or false negatives, but the heuristic analyser of the parental control component is totally different, it is successful at detecting inappropriate sites, with very few false positives.

People with a vendetta against banner advertising will find the anti-banner component very helpful. Once again it relies on heuristic analysis to detect common banner sizes. The parental control and the anti-banner components, each has a white-list and a black-list, which can be used to explicitly allow (white-list) or block (black-list) specific websites.

Conclusion
Kaspersky Internet Security 2010, is a well rounded Internet security package. There is most certainly some room for improvement in the firewall and spam filtering division, but apart from its faults, it still remains one of the leading Internet security suites in the market. I highly recommend it for home and office use.

To win the battle against cyber crime we need comprehensive protection against online threats. We need to take the necessary precautions to keep our computers free from malware and unauthorised access. In order to achieve this goal, we need the necessary protection on our computers BEFORE an attack strikes. An Internet security suite like Kaspersky Internet Security 2010 can help you achieve this goal.

One golden rule applies to computer security, prevention is better than cure!

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software. For more details about this security suite, read my in-depth review of Kaspersky Internet Security 2010.

Cyber Top Cops Is Back!

2010-04-05T21:32:00.003+02:00

Tuesday, September 02, 2008, the date of my last (but luckily not my final) article. More than a year and a half has passed since my last article. E-mails to cybertopcops.com were left unanswered and the site was no longer updated. Most people who made contact with me during this time, noticed that the site was outdated and no longer maintained. I'm sure a lot of people asked why, so for those who wondered why I disappeared into thin air, here is the explanation.

Those of you who know me well, is aware of the fact that CyberTopCops.com is not my day job and that I'm a very busy man (I work and study at the same time). During this time I took on quite a lot of responsibilities at the firm where I work, which resulted in a lot of overtime. All of the overtime took a bite out of my study time and quite obviously all the study time took a bite out of my CyberTopCops time. To add insult to injury I also had to attend to some personal matters, so I had quite a lot on my plate during the last year and a half. So I hope all my supporters will understand and forgive me for not answering their e-mails (especially my good friend John Masters, thanks for your support during these tough times).

So have things changed all of a sudden? Well, to be honest, no. I kept CyberTopCops.com online because I wanted to come back and continue to fight cyber crime. I tried to make a comeback several times but circumstances prevented me from doing so. I have to mention though, that I did some work on the SHPAMEE project during this time, so even though it seemed that CyberTopCops.com stood still, some of the work continued to happen behind the scenes. I also expanded my PC lab with another computer and converted all my machines from Windows to Fedora Linux (except the one I use to review security software and analyse malware samples). A word of thanks to everyone who continued to submit malware samples, malware sites and spam samples during this time (another BIG reason why I kept the site up and running).

OK, so if things are still as hectic as before, where will I find the time to keep the site updated and write articles? Well I did most of my work during the last couple of public holidays we had over here in South Africa, so I guess I will wait for the next public holiday before I write my next article. No... just kidding. I honestly don't know. All I know is that the desire to return to cyber crime fighting has motivated me enough to do something about the problem. I guess I will have to manage my time a little better and perhaps get some help to keep the site up and running, but I'm a bit of a sceptic and prefer to work alone.

A couple of major events took place in the cyber security field during my absence. SpywareInfo.com expired and was sold to the highest bidder (and yes not to a passionate cyber crime fighter but someone only interested in making as much profit as possible). The same happened to merijn.org (since it had the same owner as SpywareInfo.com). You can read more about this at DSLReports.com. Luckily the good people at SpywareInfo.com was able to continue their work at SpywareInfoForum.com and merijn.org moved to merijn.nu. PLEASE NOTE: The new owners of SpywareInfo.com and merijn.org have been using them for malicious purposes, so I do not recommend visiting them. But perhaps the biggest shock of them all was when Castlecops closed shop in December 2008. This was a huge blow to the cyber security community but I'm sure most of the volunteers have already joined forces with other cyber crime fighting groups. So I guess it is clear I've been out of the loop for quite some time and I have some catching up to do.

I constantly witness cases where people fall victim to cyber crime due to a lack of education. People still walk blindly into the traps set by phishing scammers and malware developers. I recently helped a client to get rid of over 300 infections on a single PC (and another couple hundred infections on every other PC that was connected to the same network), just because they failed to install anti-virus software on their network. This was a classic example of how one PC can cause several infections on every PC connected to the same network. And believe me, the client was quite surprised when I explained the dangers of data mining, identity theft and keystroke logging, not even to speak of the possibility that their PC's were used as hosts for spam distribution.

People often think I exaggerate when I explain the dangers of malware and spam, but their views suddenly change when someone breaks into their bank account or if someone hacks into their e-mail account. The ignorance of most people continues to amaze me. With all the real life stories out there of people falling victim to cyber crime and all the warnings from banks and financial institutions, people still go by their day to day activities without taking appropriate precautions against these threats.

So how can we solve this problem? First of all education (yes I know I tend to sound like a broken gramophone, but one can never emphasise this too much), because education empowers our online community with the know-how to stay safe online without the use of fancy and expensive tools. I also believe mainstream media should play a more prominent role in the fight against cyber crime. We need more stories about victims of cyber crime in the most popular publications. I'm not sure about the press in other countries, but here in South Africa there is almost never a story about phishing incidents or 419 scams (many people over here still don't even know what it is) in our local newspapers or prime time news on TV. Why? Because these stories don't sell newspapers or keep viewers hooked to their TV's. Why? Because journalists don't see them as newsworthy. I realise you can't write an article on every murder, theft or kidnapping, but for goodness sake, make some space for cyber related crimes in your newspapers, magazines and news bulletins on TV and radio. We need to make people aware of these incidents and by making people aware you call them to action to learn more about these threats and how to defend themselves against cyber criminals. Finally, we need better legislation and enforcement of those laws. It makes no sense to have perfect laws but no one is willing and able to enforce them.

So CyberTopCops.com is back in action and I hope to bring you a brand new article once a week, however, I can't promise anything at this moment, but I'll do my very best.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

How To Verify Whether a Suspicious E-Mail is a 419 Scam

2008-09-02T23:33:00.004+02:00

In my last article I explained how to spot a 419 scam by paying attention to the common characteristics of 419 scams. In this article I will explain how to identify a 419 scam by looking at the cold hard facts.

The majority of 419 scammers conform to standard procedures (not standards) and send scam e-mails that can be identified quite easily by analysing these e-mails against a set if common 419 scam characteristics. However, you will always get the case where a scammer sends an e-mail that's out of the ordinary, one that contains absolutely no common characteristics of a 419 scam. It is in cases like these when you need to follow your gut feeling, which is quite easy if you analyse 419 scam e-mails on a daily basis, because you know how a 419 scammer's head works, but it is a problem for people who don't understand how these scammers operate. If you can't spot any common characteristics of a 419 scam in a suspicious e-mail, you will need cold hard facts to prove its fraudulent intent.

It is surprising to see how many people resort to the lazy way of verifying a 419 scam. What do I exactly mean by "the lazy way"? The lazy way is the quick "IS THIS A SCAM?" post on a discussion board or a social community website like Yahoo! Answers, while the answer is readily available through a search engine like Google or Yahoo. Always remember there are only a handful of people (mostly volunteers) who devote their time to battle online crime, so it is a waste of valuable resources if people simply resort to a quick and comfortable e-mail or forum post, to have the answer presented to them by someone else, if they could have found the answer themselves. Don't get me wrong, people should always ask around before acting on a suspicious e-mail, but you should only resort to assistance from someone else, if you are still unsure after looking for the answers yourself.

But there is another problem in asking for help without looking for the answers yourself. If you ask for help in the wrong places you can easily get the wrong answers. Only ask questions in places where you are sure you will get answers from experts in their fields. I can recall an incident in February 2008 where someone asked a question on Yahoo! Answers about a the legitimacy of a website called dhl-postit.com. At this stage there were a couple of Romanian scammers who pretended to sell mobile phones to their victims and used fake courier websites to defraud people from their hard earned money. The website was initially reported to Cyber Top Cops by a victim⁽¹⁾ of this scam and I discovered the post on Yahoo! Answers while doing some research about the fraudulent website. I was shocked by the response to this question. A contributor called Gerry⁽²⁾ told the original poster that the website was safe and that he dealt with them all the time. Gerry's profile is no longer active any more, he most likely got kicked from Yahoo! Answers because there is no doubt in my mind that this guy was the scammer himself. What kind of victim will vouch for a website that only defrauds people? The sad thing however is that the original poster believed him and found the response very helpful. The poster asked the same question in a different section of Yahoo! Answers and even on the second attempt, the poster still received a misleading and inaccurate answer. What lesson can be learned from this example? You should never act on the information found on one site only, you should always look for a second and third, yes even a fourth opinion, just to make 100% sure all the facts add up. If you are still not 100% sure about the e-mail or website, look for expert help.

The sad reality is that many people still doesn't know how to use a search engine, not even to speak of researching an e-mail scam on the Internet, so I will try to explain both in this article, but with the emphasis on finding scam related information on the Internet. I will be using information from a real 419 scam e-mail in my instructions below. For simplicity I will provide instructions from Mozilla Thunderbird as the e-mail client and Mozilla Firefox as the web browser. For the more advanced readers of my articles, please bear with me for a couple of moments, I know this is already common sense to most people, but believe me there are people out there who don't even know how to do a simple search on Google and I'm trying to reach out to them. Chances are good that most of my subscribers already know how to search for scam related information on Google, so if you know someone who has trouble finding stuff on the Internet, please refer him/her to this article, you might just save someone from falling victim to a 419 scam.

Lets say you received an e-mail from contactfbihq016@earthlink.net. To search for this e-mail address in Google, do the following:

Copy the e-mail address from the e-mail itself: Right-click on the "From:" e-mail address and select "Copy Email Address" from the drop-down menu.
Go to Google.com: Open your browser (Internet Explorer, Firefox, Opera, or whatever you use for browsing the web), type www.google.com in the address bar and press the Enter key on your keyboard.
Wait for Google to open and paste the e-mail address in the search box: Right-click inside the search box and choose "Paste" from the drop-down menu.
Now click on "Google Search" and wait for the search results to appear.

It is very unlikely that you will find anything for this e-mail address (at this moment), so lets repeat the process for the "Reply-To" e-mail address, fbiwashingtonfield@fedbureau-ofinvestigation.org. Once again, a search for this e-mail address will most likely deliver no results (except a link to this article perhaps, once a search engine has crawled and indexed this page).

The scam e-mail also contains an instruction to contact someone that goes by the name of Prof. Charles Chukwuma Soludo, so lets do a Google search for "Prof. Charles Chukwuma Soludo".

Copy the text from the e-mail: Select the text "Prof. Charles Chukwuma Soludo" from the e-mail, right-click on the highlighted text and select "Copy" from the drop-down menu.
Repeat steps 2, 3 and 4 above.

Among the search results you will find links to websites like 419.bittenus.com, 419scam.org, 419baiter.com and even Wikipedia. You are basically looking proof that the name of Prof. Charles Chukwuma Soludo is being used in 419 scam e-mails. All four of the websites mentioned earlier will contain this kind of information. Remember this does not mean that the real Prof. Charles Soludo is involved in any 419 scams, it merely proves that 419 scammers are abusing his name to add credibility to their fraudulent e-mails. If you can't find any useful information on a specific web page, simply hit the "Back" button of your browser to return to the search engine results page and choose another link from the results.

Scam e-mails also contain telephone numbers and secondary e-mail addresses, so can you do a Google search for them just like you did with the name of Prof. Charles Soludo. To test yourself, do a search with Google or Yahoo and see if you can find any information about +234-8054740218 and p.charles.soludo@centbnkingonlineng.org.

But how do you identify a fraudulent or fake website? If you want to analyse a suspicious website you need to do the following:

Look for common 419 characteristics. Funny names and e-mail addresses, spelling errors, bad grammar, silly web design mistakes, etc. You will find more details about this operation in my article, How To Spot a 419 Scam.
Do a Google search for the website address and analyse the search results, just like you would do for a suspicious e-mail address (as already explained).
Copy a phrase from the website and do a literal Google search for this phrase (in other words enclose the search phrase in double quotes).
Do a WHOIS lookup on the domain name for more information about the owners, the creation and alteration dates of the domain.

I already discussed points 1 and 2, so I will explain points 3 and 4 in greater detail below:

Do a Literal Search For a Phrase From the Suspicious Website
Why do a literal search for a piece of text from a suspicious website? The idea here is to find another website with the exact same phrase. This will help you to identify other websites containing the exact same content as the suspicious one. 419 scammers often scrape website content from legitimate and trustworthy organisations and pose as legitimate organisations to add credibility to their schemes. But they don't copy the content alone, they copy the layout and graphics as well, in other words they create a complete replica of the original site and only change key elements like the the contact details and sometimes the name of the organisation. But it is important that you search for a phrase that is unlikely to be published or syndicated elsewhere on the web. The phrase has to be a unique piece of text that contains no names, e-mail addresses or anything that has the likelihood of being changed by the scammers.

I know this is easier said than done and most people won't have a clue what to search for or how to analyse the search results. So to make things easy, just copy a piece of text from the home page of the suspicious site, paste it into a Google search box, enclose the phrase with double quotes and click on Google Search. Now look for websites with the same content, layout, graphics and overall design. Several websites with the exact same content and layout is often a sign of a 419 scammer at work. If you can find only one other website with the same content and layout, you probably stumbled across the original website (but this is never a guarantee, you will soon see why).

These search results are not always a clear-cut case and you should always to keep the following in mind:

You may find the original website among the search results as well, so don't just assume that all of them are fraudulent.
The fact that you have found several copies of the same site, does not necessarily mean that they are copies of a legitimate or trustworthy site. 419 scammers can easily design a website from scratch.
The website ranked in the number one spot of the search engine results, is not necessarily the original website. 419 scammers can always use black hat search engine optimization techniques to outrank the original website.
You should never judge a website just because it has been copied on another domain. Content scrapers and plagiarists are all over the web and there are way to many variables to consider when it comes to content syndication. This method only forms a small part of the overall process of identifying fake and fraudulent websites and is never the deciding factor.

Do a WHOIS Domain Name Lookup
You may use any WHOIS service you prefer, but I suggest DNSStuff.com. Simply visit this site and enter the domain name in the WHOIS lookup box and click on the search button. You will be taken to a results page where you can view more information about the domain. There may be a lot of technical information for some users, but in most cases you only need to pay attention to the following:

The creation date of the website. If the website is relatively new, be on high alert. What do I regard as new? Fraudulent websites do not have a very long lifespan (on average, but this is not always the case). I normally use a safety margin of 3 months, but this is no guarantee at all, because a suspended website can always be reactivated after 3 months. The age of the website is merely a sign and is in no way a deciding factor.
Recent changes to the WHOIS records. This goes hand-in-hand with the creation date of the domain, so there is no need to explain this any further.
The owners of the domain. If it is owned by someone who live in one of the 419 scam hotspots, it is most likely a fraudulent website. I discussed these hotspots in my previous article, How To Spot a 419 Scam. Scammers often provide fake personal information, so this is never a reliable source of information. Fortunately you get certain scammers who are stupid enough to tell the public where they live.
Do the owners use a privacy protection service like privacyprotect.org or myprivateregistration.com? You can determine this by looking at the contact e-mail addresses. It is normally a bunch of crooks who use these services, so it is yet another sign of a fraudulent website. (I'm not saying that you are a crook if you use these services, I'm merely referring to the fact that scammers prefer to use these services, because this enables them to hide their true identity. It remains a joke no matter how you look at it, because they provide false information anyway, so what is the use of hiding it?).

Another way to verify whether a suspicious e-mail is a 419 scam, is to do a trace on the sender's IP address. This works a lot like a domain name lookup, it's only called an IP-WHOIS (or IP Info) lookup and DNSStuff.com also provides this service. An IP-WHOIS lookup provides geographical information among other technical information about the IP address, so you basically do an IP-WHOIS lookup to determine the geographical location of the sender. If you have the geographical location of the sender you can easily tell whether the e-mail originated from a 419 scam hotspot. I'm not going into the details of doing an IP lookup because it involves the analysis of the e-mail header and many people don't even know where to look for them. So I will leave this for another article perhaps. I want to keep the methods in this article as simple as possible and I feel that I already overstepped this boundary a couple of times.

If you have any questions about the methods discussed in this article, feel free to ask them in the comments section of my blog and I will do my best to explain.

(1) The person who reported the website to us, never responded to our follow-up e-mails, so I am not sure if this is the same person who asked the questions on Yahoo! Answers, but the fact that the report to Cyber Top Cops came on the same day as the question posted on Yahoo! Answers, makes me confident that this is the same person.

(2) It remains a mystery why Yahoo! never removed this question and the misleading responses from Yahoo! Answers, even after we reported Gerry to Yahoo! Answers. Perhaps he got suspended due to another contravention of the Yahoo! Answers Terms of Service.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

How To Spot a 419 Scam

2008-08-18T21:42:00.007+02:00

419 scams come in different forms and flavours but they all have their sights on one goal only, your money. In this article we will take a look at the importance of spotting a 419 scam and what to look for in a 419 scam.

Brief Background of 419 Scams
This is a very brief description of a 419 scam and I will not even scratch the surface here. Several aspects of the 419 scam goes beyond the scope of this article and I plan to discuss them in future articles. The 419 scam (Nigerian Four-One-Nine) got its name from the article of the Nigerian Criminal Code dealing with fraud. Scammers often demand upfront payments for dubious reasons like processing fees, legal expenses or to bribe certain officials, therefore the scam also became known as Advance Fee Fraud. A 419 scam starts with an unsolicited e-mail from a scammer promising a huge sum of money, but the scammer will create the impression that you need to make a couple of upfront payments before you can lay your hands on this non-existent fund. These upfront payments are normally a drop in the bucket, compared to the huge sum of money you will receive in the end. This makes the scam very attractive to unwary and uninformed people, who are desperate for some extra cash.

The Importance of Spotting a 419 Scam
Prevention is the most important reason behind the successful identification of 419 scams, but this is not the only reason. Registrars, hosting companies, Internet Service Providers and Law Enforcement also need to familiarise themselves with the common characteristics of 419 scams, because their support and cooperation play a huge part in the battle against 419 fraud.

Unfortunately, many registrars and hosting companies fail to take a stand against the fraudulent activities of 419 swindlers. Registrars refuse to suspend the domains of known scammers and hosting companies fail to enforce their Acceptable Use Policies (AUP). There is a reason why registrars and hosting companies are hesitant to suspend the accounts of 419 scammers... Money! These swindlers are their clients, so they are happy to host their fraudulent websites and support their spamming services. With some registrars unfortunately, you will never win, not even if you are Sherlock Holmes. They are simply ignorant to the 419 scam problem and do not care about the lives being destroyed by these scams.

To all the unethical registrars and hosting companies out there, don't tell me you have a hard time identifying Advance Fee Fraud websites, if you own a groceries store, will you knowingly sell Marijuana to your customers? Perhaps that was a stupid question. If you don't mind hosting a fraudulent website, you will probably have no problem selling Marijuana to your customers. But what is the big difference here? If the cops catch you selling illegal drugs to the public, you can kiss your store goodbye, but it is a common misconception that the cops won't do a thing against a registrar who refuses to suspend the domain of a fraudulent website. The actual reason why registrars get away with murder is because complainants do not want to go through all the hassles of filing a complaint with the police and the cops sometimes do not have a clue how to approach a case like this, even if there are laws you can use to your advantage. Yes, I am aware that your local police department won't have any jurisdiction over a webmaster in a foreign country, but even if they did, you are unlikely to get anywhere with a case like this, if you don't have deep pockets and the registrars know that.

I understand that registrars cannot go suspending domains left and right on a mere request or tip from the public, they have to conduct a thorough investigation before they can take any action. Abuse departments are swamped with fraud reports each day and on top of that I believe they get their fair share of false reports as well. Members of the public need to get their facts straight before reporting a fraudulent website to a registrar, this improves the turnaround time of abuse complaints and makes the work of the abuse departments that much easier. I'm not saying you must conduct a full-scale investigation (unless you feel the need to do so), simply take the time to gather all the evidence and present the information to the abuse department in a logical and organised manner. So many people resort to a quick e-mail like "Hey, check out this site, I think it is fraudulent." or "Hey, this guy sent me a fraudulent e-mail and this is his e-mail address, please take him out". Good, you raised awareness about possible fraud, but tell the abuse department why you think the website is fraudulent. Don't just send them an e-mail address of the suspect, send them a copy of the e-mail that was sent to you and don't just forward the damn thing inline, forward it as an attachment or include the full header of the e-mail along with the body. The abuse department will eventually find the e-mail address of the suspect in the copy that you sent to them.

Proper identification of 419 scams by members of the public will make these scams less effective and will eventually lead to a decrease in 419 activities. So lets take a closer look at the characteristics of a 419 scam.

What To Look For In a 419 Scam

The subject of the e-mail, as well as the name and e-mail address of the sender:

By analysing the name and e-mail address of the sender in conjunction with the subject line of the scam e-mail, you can easily identify a 419 scam before opening it. Spotting a 419 scam at first glance minimises the risk of falling for the scam and saves you time (you don't have to read through all the mumbo jumbo of the scammer). This also simplifies the task of reporting 419 scams to cyber security authorities.

Typical characteristics of subject lines, names and e-mail addresses used in 419 scams:

Scammers love to disguise their true identity with the names of high profile figures like State Presidents, Ministers, Ambassadors, Directors, etc.
Subject lines are often typed in uppercase letters only.
They use free e-mail services like Yahoo, GMail, Hotmail/Live, or a free ISP e-mail account. These free e-mail accounts are used in cases where one would expect an e-mail from an official e-mail address and surprisingly enough, there are still people who fall for this lame trick.
There is often an overdriven use of formal and professional titles like Mr, Mrs, Dr, Barr, Sgt., Lt, etc.
Subject lines often have a false sense of urgency. See example (b) below.
The name of the sender is repeated in the subject line. See example (h) below.
Many scammers mistake the Subject for the From field and vice versa. Refer to example (q) below.
Generic greetings like, "My Dear", "Dear Beloved", "Greetings to you", "Dearest Brother" or "Dear Sir/Madam" are sometimes used as a subject line.
Many scammers are hypocrites who pretend to be devoted Christians and will use subject lines like: "GREETING IN THE NAME OF OUR LORD JESUS CHRIST", "My Dear Beloved in the Lord", "Goodness Of God Will Be Upon You", or "YOU ARE THE LORD CHOSEN ONE".

Subject lines contain notices about "Payments", "Lotteries", "Bank Drafts", "Compensation", "Funds" and other financial related terms.
The subject line often contains an instruction to contact a specific individual, department or organisation. For example "Contact my secretary", "Contact the fiduciary agent", "Contact the bank official", "Contact the ATM Department of..." or "Contact FedEx".
Scammers always come up with the strangest and most outrageous e-mail addresses, especially in scenarios where it is quite obvious that the e-mail account is fake. For example, a scammer pretending to be an official from the FBI will use a silly e-mail address like fbiofficial015@example.com. The FBI have their own domain and e-mail servers, so there is no valid reason for using an e-mail account from another domain, or a free e-mail service like Yahoo! or GMail.
It is common practice among 419 scammers to use an e-mail address that consists of a formal title, a name and surname. For example, Mr. John Doe will use an e-mail address like mrjohndoe@example.com.
It is very popular among 419 scammers to start their subject lines with the words: "From the Desk Of".
Lottery scams often have a reference number for the subject line. For example "Award Notice (Ref: LSUK/2031/8161/05)"

To illustrate the characteristics mentioned above, I included a few examples of subject lines, e-mail addresses and fake aliases used by real 419 scammers:

From: Robert S. Mueller, III
E-mail: fbiauthorities@i12.com
Subject: FEDERAL BUREAU OF INVESTIGATION (FBI)
From: Mrs. Inessa Gutseriyev
E-mail: SFI@netti.fi
Subject: An Emergency! Please Act Asap!!!
From: Mr Fred Johnson
E-mail: fred.johnson34@yahoo.dk
Subject: GREETINGS!!Good News
From: Lt. Gen. David Lee
E-mail: china@live.com
Subject: PEOPLE'S REPUBLIC OF CHINA
From: FRED MOORE
E-mail: fredmoore@yahoo.com
Subject: CONTACT ATM PAYMENT DEPARTMENT ZENITH BANK
From: Finance Nigeria.
E-mail: www.fmf.gv.ng@mail05.syd.optusnet.com.au
Subject: From the desk of: Dr. Shamsuddeen Usman
From: Lottery Board
E-mail: smithzazaza@mtnloaded.co.za
Subject: YOUR EMAIL ID HAVE WON YOU MICROSOFT ONLINE LOTTERY
From: Mr. Vincent Cheng
E-mail: mrvincent@yahoo.com
Subject: From: MR. V H C CHENG.
From: mrwalterleoanard@accessbankngrplc.org
Subject: C .B . N PAYMENT ADVISED.(NOTIFICATION UPDATE)
From: Mrs. Alice Jones
E-mail: internet@nuevoexcelsior.com.mx
Subject: Dear Beloved, PLEASE GET BACK TO ME
From: Jubouri Omar
E-mail: jubouri_omar1@yahoo.co.uk
Subject: Request for Business Partnership
E-mail: dhlworlddeliverydispatch05@gmail.com
Subject: PAYMENT OF YOUR FUND
From: Seek Of God Ministry Church
E-mail: nmbsquad@debiansk.org
Subject: Rev Pastor mulla welcoming you to seek of god
E-mail: highcomm1@sohu.com
Subject: FROM BRITISH HIGHCOMISSION
From: MR. EDES ABEBE
E-mail: charity@stella.org
Subject: ARE YOU TRUST WORTHY?
From: Dr. Henry Martins
E-mail: henrymartins@jobproposaloffer.com (Spoofed)
Subject: URGENT JOB VACANCY.......{IMMEDIATE RESPONSE REQUIRED}
From: Warm Greetings From Nokia Company
E-mail: info@nokia.co.uk (Spoofed)
Subject: From Nokia Company
From: DR. GREGORY DAVID
E-mail: phc.comm418@earthlink.net
Subject: FROM POLICY HARMONIZATION COMMITTEE.
From: (SGT) Eric Yonenson
E-mail: yonenson_76@mindspring.com
Subject: Dear Friend
From: BARRISTER.FRANCIS COLE ESQ
E-mail: myofficemail60@gmail.com
Subject: ABOUT MY LATE CLIENT .MR CHARLES JONES.
From: BARR MIKE BEN
E-mail: chi_elor@yahoo.fr
Subject: CONTACT FEDEX EXPRESS COURIER COMPANY BENIN
From: EURO-PW LOTTERY v6.0
E-mail: ryan.larson@ndsu.edu
Subject: PRIZE AWARD NOTICE
From: frankegwu11
E-mail: frankegwu11@o2.pl
Subject: CONTACT MY SECRETARY FOR YOUR COMPENSATION
From: Mrs. Kate Williams
E-mail: katewilliams_comp@yahoo.co.uk
Subject: Claim Your Bank Draft of $500,000.00
From: Thomas Michael
E-mail: tbt40650@ucmo.edu
Subject: Reference Number 799BV90.
From: CHARITY PROJECT
E-mail: SARAH@YAHOO.COM
Subject: With God all things are possible

This is not an exhaustive list of characteristics, but is certainly a collection of the most common characteristics found in the subject lines, e-mail addresses and names of 419 scammers.

Questions you need to ask yourself before analysing a 419 scam any further:

In order to answer these questions you need to open the e-mail and read its contents. At this point, you don't need to pay attention to specific details in the e-mail, you only need to determine what the e-mail is all about.

Is the e-mail an unsolicited and unexpected job, loan or business offer from an unknown individual?
Is it about a lottery or competition you never entered? (Remember: Having your e-mail address randomly drawn from a list does not count as a valid entry for a competition).
Have you received a huge donation from a non-profit organisation?
Are you appointed as the next of kin of a total stranger?
Do need to help a foreigner to clear a consignment box, containing millions of dollars, declared as something else to a diplomatic courier service?
Is the e-mail supposedly from an American Soldier, doing service in Iraq, who discovered millions of dollars and needs to get the money out of the country?
Is the e-mail an unsolicited request to take care of orphans, send Bibles to a church or offer financial assistance to sick and hungry people in Africa?
Are you appointed, as the beneficiary of a fund, where the owner of the fund is currently dying of cancer?
Is the e-mail about the recovery of money or assets that were never stolen from you in the first place?
Have you been awarded an unsolicited bank draft for your philanthropic efforts?
Is the e-mail about an outstanding/delayed payment for a contract with some government, but you never entered into such an agreement or you never even conducted business with them at all?

If you answered YES to ANY of these questions, you are most definitely dealing with a scam.

Now ask yourself the following questions:

Did you expect the e-mail?
Do you know the sender in person?
Did the sender mention your name in his/her initial e-mail?
Does the sender have any other personal information about you (besides your name)? If so, did the sender supply a valid, trustworthy source of where he/she obtained the information?

If you answered NO to at least 50% of these questions, you are most likely dealing with a 419 scam.

Always remember the golden rule, if it sounds to good to be true, it probably is!

Analysing the contents of the e-mail:

If the name and e-mail address of the sender, the subject line of the e-mail or the story of the sender leaves you clueless about the legitimacy of the e-mail, you will have to analyse the contents of the e-mail in greater detail.

The following characteristics are telltale signs of a 419 scam e-mail:

The Reply-To e-mail address is different from the originating e-mail address. Scammers do this to ensure they receive your reply, in case their service provider shuts down their e-mail account. Some scammers will spoof the "From" e-mail address with an official e-mail address, like the Nokia.co.uk e-mail address showcased in example (q) and provide a free e-mail address in the Reply-To field.
If the sender does not provide a Reply-To e-mail address, he/she will specify an alternative e-mail address, in the body of the e-mail. In example (q) above, the scammer provided the e-mail address "thomas_claims2008@live.com" along with a telephone and fax number (+44 701 115 0131 and +44 704 576 7986 respectively). These numbers will obviously not belong to Nokia, but since they are in the U.K., the scammers cleverly chose to spoof the "From" address with a co.uk domain.
Sometimes the sender does not only provide a different Reply-To address, but also a completely different alias. The scammer wants to create the impression that you are sending your replies to a completely different person, but it is actually the same scammer operating both e-mail accounts, each one under a different alias.
The whole e-mail, or large portions of it, is typed in capital letters.
The e-mail starts with a generic greeting (as already discussed). Most scammers simply shoot in the dark when they distribute their scam e-mails, so they don't know your name and will therefore not mention it in the e-mail. (Never assume an e-mail is legitimate just because the sender knew your name. I have seen several 419 scam e-mails where the scammer already knew the name, last name and even the physical address of the recipient).
The sender pretend to care about the well-being of your family with greetings like: "Good Day, How are you today? I presume all is well with you and your family." Believe me, 419 scammers don't give a damn about your family, they are only trying to earn your trust by pretending to care. Other 419 scammers have an apologetic attitude right from the start, for example: "Dear, Please accept my sincere apologizes if my email does not meet your business or personal ethics."
The recipient of the e-mail needs to reply with personal details like his/her full name, telephone and fax number(s), residential address, birth date, gender, name and address of Next of Kin, banking details, occupation, marital status and nationality. Some scammers request a scanned copy of your photo ID, international passport or your driver's licence, so they are not only after a photo of yourself, they also want your identity number or social security number.
Scammers often request some ridiculous information from their victims. For example your e-mail address (they already made contact with you, why would they need your e-mail address again?), the country that you live in (even if they already asked for your residential address and/or nationality) or the amount of money that you won (in the case of a lottery scam).
The most common telephone numbers provided by 419 scammers are from South Africa (country code +27), Republic of Benin (country code +229), Nigeria (country code +234) and Netherlands (country code +31), but I've also seen telephone numbers from Sweden (country code +46), China (country code +86), Turkey (country code +90) and Malaysia (country code +60).
Scammers always put a lot of emphasis on keeping the knowledge of the prize money or inheritance fund strictly confidential. There is a good reason for this, they don't want you to talk to other people about this because someone might realise that you are being conned and inform you that the e-mail is a scam.
419 scammers insist on using Western Union or MoneyGram to transfer funds to them.
Scam e-mails contain loads of spelling errors and horrible grammar. However this is not a rule of thumb. Many 419 scammers have upped the standards and compose highly professional e-mails these days.
419 scams involve huge sums of money, but the victim normally shares in only a small part of this fund. However, the alleged fund is so huge that even a small percentage of the fund can mean millions of dollars for the victim. This makes the scam very attractive to the victims, even if they only get a small cut out of the deal.
Many 419 scammers create the impression that they have been in contact with you in the past and that they failed to transfer some huge fund to you on a previous occasion. It is really hard to believe that people will fall for such a lame story, because if you can't recall doing business with these idiots, why would you reply in the first place. This only proves that 419 scammers are capitalising on the weakness of greedy people.
419 scammers can sometimes be quite philosophical, for example they will say something like this in the introductory line of their scam e-mail: "This letter must come to you as a surprise, but I believe it is only a day that people meet and become great friends and business partners." Yeah, whatever! It is only a day that people meet and become scammer and victim.

Characteristics of specific types of 419 scams:

Lottery Scams nearly almost have a line that reads something like this: "...winners were selected through a special internet ballot system from 40,000 individuals and companies E-mail addresses." Some Lottery scammers put it like this: "...draws was [sic] carried out through random sampling in our computerized E-mail selection machine TOTAL from a database of over 1,000,000 Email addresses drawn from all the continents of the world,and the Globe divided into Zones."
Most Lottery Scams have a silly disclaimer like this: "NOTE:You are to keep all lottery information away from the general public especially your Winning numbers. This is important as a case of double claims will not be entertained and will amount to disqualification of your already won prize."
In many Next of Kin Scams you miraculously have the same last name as the deceased, however the scammer quite conveniently forgets to mention the last name of the deceased in the initial e-mail. The trick here is to get the victim to reply with his/her personal information and then use the last name of the victim on the forged death certificate and relevant documentation.
Although it is not a rule of thumb, most Company Representative scammers offer 10% of their "income" to their victims. For some reason they like to use 10%, but I have seen scams where they only offer 5% and other, "more generous" scammers who offer up to 30%.
An Inheritance Fund Scam normally involves a corrupt banking official who allegedly stumbled across an abandoned account of a deceased billionaire, or it is someone who can't access the inheritance of a family member due to various reasons. The scammer often needs your help to get the money out of his/her country.
Inheritance Fund Scammers often provide links to news articles to back their facts (or should I say lies). For instance a scammer will use a plane crash as a basis for his/her story and provide links on a news site like CNN.com.
In a Bank Draft Scam, the scammer refers to a previous deal that failed and now you have to contact his/her secretary because he/she left you a bank draft and hasn't been able to send it to you, because he/she is busy with other "investment" projects.
Some Inheritance Fund Scammers pretend to send you the money via a pre-paid Visa or Maestro ATM card.
The Job Offer Scam normally involves a job in a foreign country, so the victim has to apply for a visa. This is how the scammers make their money. Victims have to pay a small fee to a certain company who will arrange the visa for them. I refer to a small fee because the fee is normally a little dust particle compared to the remuneration being offered to the victim.
The Compensation Scam often involves scammers who pretend to work for the United Nations or the FBI. These scammers pretend to compensate victims of 419 scams. How lame can you get?
ATM Card Scammers pretend to be very kind by paying certain processing fees and a drug law clearance fee on your behalf. The drug law clearance fee is to certify that the money issued on your name, do not stem from any money laundering activities. This is only for the bluff and the scammers only try to give their victims peace of mind. They can cook up any bloody certificate, you will still be an accomplice in money laundering if you assist them in moving funds through your bank account.
419 scammers, using the story of the soldier in Iraq, who discovered a huge sum of money, always have some obscure plan to get the money out of the country. The most common one is transport via a diplomatic courier who has diplomatic immunity.
Several 419 scams about some kind of pending payment will state something like this: "...we were notified that you have waited for so long to receive this payment without success, we also confirmed that you have met all statutory requirements in respect of your pending payment."
Diplomatic Immunity Payment scammers often use the lame excuse that electronic fund transfers have resulted in payments being made to incorrect bank accounts, so they are shipping you the money in cold hard cash. These scams often contain a notice like this: "Note: The money is coming on 2 security proof boxes. The boxes are sealed with synthetic nylon seal and padded with machine." The scammers often claim that they declared the contents of these boxes as "Sensitive Photographic Film Material".
Some Inheritance Fund scammers allocate the funds in the ratio of 60% for the scammer, 30% for the victim and 10% for processing fees.

This is by far not a comprehensive list of 419 characteristics. Most of the specific details in this article will become outdated as time goes by. Today, many 419 scammers claim in their initial e-mail that they have paid the upfront fee on behalf of the victim. Many victims will bail out when the scammer mentions an upfront payment, so the effectiveness of these scams declined over time and the scammers had to improvise. However these fools will mention some kind of payment at some stage in the scam and vigilant people will bail out once again.

419 scammers never conform to any kind of standard, so it is hard to lay down a rigid set of rules for identifying 419 scams. 419 scams are just like any other kind of spam, there are millions of spammers out there, but a lot of these spammers use the same templates and techniques. After a while the templates and techniques become common knowledge and the spammers need to find new and innovative ways of infiltrating our mailboxes and our minds.

One thing that will keep up with the evolution of 419 scams is common sense. No one will ever be able to teach you all the tricks in the book, because there will always be at least one trick you didn't think of. Reading between the lines, being vigilant and applying a bit of scepticism towards e-mails from an unknown source, can be a very effective weapon against online fraud.

No 419 scammers were harmed during the writing of this article.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

Cyber Top Cops Goes Spammy (or rather SHPAMEE)

2008-08-02T13:00:00.009+02:00

You may have noticed that my last article was published more than 2 months ago. I may have been absent from the blog, but I was not taking a break. I devoted all my time and attention to a new project aimed at educating the Internet community about Internet crime. All my hard work finally paid off and I am proud to announce that the project is finally ready for launch.

Today marks the launch of a new educational initiative called the SHPAMEE project. SHPAMEE is short for Spam, Hoaxes, Phishing and Malware E-mail Examples and replaces the current Hoaxes, Spams & Scams section of our website. The main goals of the new project will remain the same as the old one, but the SHPAMEE project features several new enhancements and improvements over the old project:

Full headers of e-mail examples will now be published.
Names (aliases) and contact details of perpetrators will no longer be removed from the examples, but will be published along with the examples.
More emphasis will be placed on the techniques used by spammers to bypass spam filters and these techniques will be highlighted more prominently.
E-mail examples will be categorised and grouped more effectively, combined with an integrated search feature, something that was missing from the previous project.
An RSS feed will be updated each time when a new example is published. This will help users to stay up to date with the latest examples published on our site. The RSS feed will also be used as an alert service, where possible, to warn subscribers about the latest spam outbreaks (however the main purpose of this project remains education).
E-mail examples will be discussed in greater detail.

Why replace the old project? A lot of work was done behind the scenes to simplify our job of publishing these e-mail examples. Too much time went into the preparation of the e-mail examples, so we had to find a way to publish the examples in a more efficient way. I'm still not completely satisfied with the current publishing model and I'm constantly working on improvements, but the new system saves us a lot of time and the time saved during publishing is used to investigate and discuss the examples in greater detail. The number of examples in the database might be disappointing at first, but we plan to add new examples on a regular basis. We could cut back on the time spent on investigating each spam example, to publish more examples in a shorter time frame, but we do not want to sacrifice the quality of our comments and the background information about each spam example. After all, this is what the project is all about, publishing interesting and valuable information about these examples to educate the Internet community. We still have a huge backlog of examples to publish, quite obviously, because there is never a shortage of spam examples to investigate.

But now a little more about the reasons behind the creation of this project.

There is still a huge problem among Internet users when it comes to the identification of spam. I get loads of requests from people who want me to take a look at some dodgy e-mail to confirm whether it is legitimate or not. Most of these dodgy e-mails are 419 scams and it is shocking to see that there are so many people who are still unaware of these scams, not even to speak of their inability to identify these e-mails as fraudulent. Many people might say: "That's easy for you to say, you work with these scams everyday, so it is easy for you to spot a scam when you see one". Perhaps so, but it is not rocket science to identify a 419 or phishing scam, you just need to use common sense and a little bit of scepticism. There are always certain elements in these e-mails that do not add up and the scammers make these mistakes over and over again.

Identifying a spam e-mail before opening it, is crucial, because spam is the cause of several problems like malware, fraud, distribution of illegal and harmful substances, porn, piracy, identity theft and even more spam (yes, one spam e-mail can be the igniting spark for a forest fire of spam). I mentioned earlier that we will use this project as an alert service where possible, but the main goal remains education. Why so much emphasis on education, isn't it more important to get the word out on new threats and outbreaks? Well, from my point of view I believe education plays a larger role in our defences against cyber crime.

My biggest problem with any alert service is the fact that many threats need to occur before one can take notice of them. There is always a delay between discovering a threat and alerting the public about it and a lot can happen during this time. Another drawback about an alert service is the fact that it can only reach the people who are subscribed to the service (unless you make use of mainstream media off course), so not everyone gets the message. Education on the other hand enables people to think for themselves and helps them to asses the situation on their own terms, based on their knowledge and previous experience. This means the threat is isolated more effectively and buys more time for the alert services to get the word out. So I'm not against an alert service, I simply believe that education will enable the community to adapt to new threats much quicker than a community relying on alert services alone to keep them safe. Your best weapon would therefore be a combination of education and alerts.

I guess a lot of people are wondering why we didn't publish the names and contact details of spammers and scammers along with the examples in the previous project. A spammer never distribute spam under his/her own name, so the spammer will use an alias and the originating e-mail address is often spoofed. So the details are basically useless and our focus was never on the people behind the spam, but more on the mechanics of the spam examples. It is more about the things that spammers do than the persons distributing the spam. However we realised that it would be an additional benefit for the community if we published these phony details along with the examples, especially with 419 scams. This means that you that you are not only educating people about the schemes of a 419 scammer, you are also alerting them about the aliases, e-mail address and telephone numbers used by these swindlers. So as you can see we are back at the ideal of combining education and alerts into a powerful weapon against cyber crime.

Through the SHPAMEE project and a series of educational articles in the weeks to come, I plan to educate the Internet community about the common flaws made by spammers. But what if the spammers start to pull up their socks and correct their mistakes? Spammers will always make mistakes and it is our goal to stay up to date with their latest tricks and gimmicks and communicate these deceptive techniques through the SHPAMEE project.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about internet fraud and malicious software.

The Streetwise Guide To PC Security

2008-05-14T22:54:00.005+02:00

We are halfway through May already and speaking of which, we are almost halfway through the year already. But what progress have we made in terms of cyber security. Spam is on the rise, malware infections are on the rise, botnets are growing bigger and more Internet users are turning into advance fee con artists. Pretty grim picture isn't it? No, I do not want to sound pessimistic, but the reality is that no piece of computer security software can protect you completely against Internet based threats. What am I saying... throw away all your spam filters, firewalls and anti-malware applications? No, not at all, they play an integral part in our protection against cyber threats, but even the best tools in the world can fail dramatically if they are not used by streetwise cyber citizens.

I guess most of you are glaring at your screen right now, asking yourself, "what the hell is he talking about?" Lets take two persons and put them in a dangerous neighbourhood, the one person is a high profile celebrity dependant on his bodyguards to keep him safe and the other person is a normal guy who grew up on the streets and learned to take care of himself. Which one is the most likely to survive, all by himself, in this dangerous neighbourhood? The latter of course. Why? Because he is streetwise, he doesn't need fancy tools and bodyguards to take care of him, he knows how to think for himself and what to look for in order to stay out of the heat. Computer security is a lot like that, you don't need to be an Einstein to stay safe in the online world, it is no rocket science to be streetwise, you just need to how to stay on top of your game, you catch my drift? Right, enough street slang, so lets get to the point.

I stumbled across a very interesting article about PC security, published by BitDefender. A BitDefender employee told me that the article is quite old, but nevertheless, it is a generic set of PC security rules that are still very applicable to computer security these days. I have a lot of positive things to say about this article, but it is not without some criticism, so without any further ado, lets take an objective look at the list of rules called the Ten Commandments for Your Computer Sanity.

"1. Don't assume anything. Take some time to learn about securing your system."

Perhaps the single and most important rule of them all. If you are not sure, ask for advice and try to understand why it is important to take certain precautions, don't just assume that's the way things are done.

"2. Acquire and use a reliable anti virus program. Select an anti virus that has a consistent track record. Checkmark, AV-Test.org and TuV are among the most respected independent testers of anti virus software."

So many people go out and download the first anti-virus program that pops up on their screen. Malware infested products are marketed very aggressively, so these less known, but dangerous applications often occupy top spots in search engine results and online contextual advertising, so never trust a download just because it appeared in the search results of your favourite search engine. Visit Spyware Warrior for a comprehensive list of rogue anti-spyware products.

"3. Acquire and use a reliable firewall solution. Again, independent reviewers are your best bet for reasonable choices. Some operating systems come with a firewall, which only filters incoming traffic. Use a firewall that can control both incoming and outgoing Internet traffic."

Firewalls were once a thing for computer experts and large corporations only, it was uncommon to find a firewall installed on a normal end user's computer. Like mentioned in the rule, we even have firewalls built into our operating systems these days (not that it really helped the online community in any way when I come to think of one specific operating system). But the necessity of a firewall increased in the last couple of years and it is irresponsible and suicidal these days to browse the Internet without a proper firewall that provides bi-directional protection. You need to know what is transmitted to and from your PC. You don't want malicious code to infiltrate your system and you don't want confidential and sensitive information to leave your PC without your consent.

"4. Do not open e-mails coming from unknown or distrusted sources. Many viruses spread via e-mail messages so please ask for a confirmation from the sender if you are in any doubt."

If more people can adhere to the first part of this rule we will have a lot less virus breakouts and spam. Each time you open a 'harmless' spam e-mail you give the spammer reason to send more spam because you respond to his e-mails. I have discussed this topic a hundred times before so I'm not going into it once again. With regard to the latter part of this rule, it won't be wise to ask for a confirmation from the sender in my humble opinion, you are just looking for more spam by replying to an unknown source. With so much e-mail forgery happening these days, it is anyway a complete waste of time to respond, because the sender's e-mail address is most likely invalid or spoofed.

"5. Do not open the attachments of messages with a suspicious or unexpected subject. If you want to open them, first save them to your hard disk and scan them with an updated anti virus program."

Once again, the first part of this rule is a piece of gold and can save you a lot of headaches if you stick to it, but I do not agree with the latter. It is almost like saying: "Don't shoot yourself with a 9mm, but if you want to, go ahead and take a peek down the barrel to make sure you are using blanks". If you get an e-mail with a suspicious or unexpected subject and on top of that some executable file, Word document, PDF, ZIP or any suspicious file attached to it, don't mess around with the bloody thing, delete it.

E-mail scanners have been with us for quite some time. The e-mail scanner of an anti-virus package uses the same database as the file scanner, so if an e-mail gets past your e-mail scanner, using the latest virus definition database available, what makes you think that the file scanner will do any better? Should you trust an attachment just because your anti-virus program told you the file is clean? A suspicious attachment from an unknown source has a 99.9% chance of being malicious, so why even bother scanning it? Many inexperienced users don't even know how to save an attachment and run it through an anti-virus scanner, so they walk a big risk of infecting themselves. My advice, if you don't know how to handle suspicious files properly, stick to the first part of this rule and ignore the latter.

"6. Delete any chain e-mails or unwanted messages. Do not forward them or reply to their senders. This kind of messages is considered spam, because it is undesired and unsolicited and it overloads the Internet traffic."

Pure words of wisdom. Many people simply assume that friends and family enjoy receiving junk chain letters and unbelievable, ridiculous stories that you need to forward to everyone in your address book. Who needs spammers if you have friends like this? Apart from spamming all your friends and breaking anti-spam laws, it also comes down to bad e-mail etiquette. The fact that your friends are on your mailing list does not give you the right to send them anything you want. Take your recipients into consideration and think before forwarding jokes, petition lists, chain letters and other kinds of junk mail to them.

"7. Avoid installing services and applications which are not needed in day-by-day operations in a desktop role, such as file transfer and file sharing servers, remote desktop servers and the like. Such programs are potential hazards, and should not be installed if not absolutely necessary."

There is a lot of truth in this, but unfortunately this is easier said than done. The blame lies on the side of software developers and not the end user installing the software. Ordinary users simply install the software and use it whenever it is needed. Little do they know that the software is running 24/7 in the background eating up valuable system resources. These programs put themselves in the Windows Start-up without informing the user about it, or the option to load the software at Windows Start-up is often pre-checked during the installation, so the user has to opt-out to prevent this from happening. These pre-checked options are often missed, because the user simply rushes through the 'easy' installation process. There is a reason why certain developers make the installation procedures so easy.

When I analyse HijackThis logs of malware victims, I often see loads of auto-update managers, system tray utilities, P2P clients and all kinds of 'junkware' loaded in the Windows Start-up. These users are always stunned by the sheer performance of their computers after I removed all these useless applications from the Windows Start-up. Ask someone to check the Start-up section of your PC and remove all the redundant entries. You will be amazed to see what difference this can make in your PC's performance. Don't leave file-sharing software like LimeWire, Shareaza or KaZaa running in the background all the time, they create a weakness in your security setup and make it easier for hackers to gain access to your system. As the rule says, these programs should rather be avoided if possible.

"8. Update your system and applications as often as possible. Some operating systems and applications can be set to update automatically. Make full use of this facility. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist."

Most people are guilty of not updating their system on a regular basis. But there is a reason why people are afraid of updating. Remember what happened when Service Pack 2 of Windows XP was released for the first time and if I am not mistaking, history repeated itself with Service Pack 1 of Windows Vista this year.

I know one should lead by example, but I am perhaps the worst of them all. I haven't updated several of my applications in years, because I am happy with the versions I am using at the moment and don't want some update to screw everything up. If you stick closely to rule number one you automatically take your computer security to the next level. If you pay attention, to which sites you visit, which files you download and which programs you install, you can easily skip this rule for years without any malware incidents at all. Still it is wise to update your software when you have the chance. It is better to fix a broken wall even if you are never bothered by the outside world. The problem is however, you never know when the outside world might start to bother you, so rather be prepared than sorry.

"9. Do not copy any file if you don't know or don't trust its source. Check the source (provenance) of files you download and make sure that an anti virus program has already verified the files at their source."

Will you use a box of aspirins, from an unknown source, left on your doorstep? Off course not, even if you are familiar with the specific brand of aspirins, you have no idea where they came from. How can you be absolutely sure that they are really aspirins? Well, the same goes for computer files. If you can't verify the reliability of the source of a specific file, how can you trust the contents of that file? You have no idea where the file has been and you have no idea whether the contents of the file is really what it should be.

"10. Make backups of important personal files (correspondence, documents, pictures and such) on a regular basis. Store these copies on removable media such as CD or DVD. Keep your archive in a different location than the one your computer is in."

Backups, ah the one thing that no one ever does. Have you ever thought about what you can loose if you suddenly got infected with malware? What if a cracker gains access to your PC and delete your favourite music collection? Backups play a very important role in PC security, especially when it comes to system recovery after a malware infection or system failure. Any proper security setup should have solid backup policy. Without backups you will never fully recover from a severe system crash. Backups are your insurance against data loss. So if you are not in a habit of backing up your most important documents and data on a regular basis, rather start doing it before it is too late. BitDefender's Total Security can be set to perform automatic backups for you.

We live in an age where we can't rely on software alone to protect us from online threats. You are responsible for your own safety online, software applications like firewalls and anti-virus programs are only tools to help us in situations where things are out of our hands. Your personal computer security depends on your willingness to stick to these rules, being vigilant and using common sense. Treat everything as a threat until you can prove otherwise, this is the safest approach in the digital Wild Wild West.

If you have anything to add to this list of rules, feel free to leave your comments.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

I Need a Proxy, Everybody Wants a Proxy!

2008-04-15T23:12:00.003+02:00

Do a search for the phrase "I need a proxy" and you'll see what I'm talking about. Requests for the latest proxies are normally encountered on Q&A communities like Yahoo! Answers, WikiAnswers and Answerbag, but you will also find people on forums, constantly asking for the latest proxy to bypass Internet filters at school or at work. Unfortunately, these people fail to realise that firewalls and Internet filters are there for a reason.

I guess I'm not going to be very popular after publishing this article, but this is really a big problem and one that needs to be addressed very quickly before it grows into another digital snowball like spam and malware. IT departments spend a lot of time and money on network security. Restrictions are put into place, not only to protect corporate data, but also for the safety of everyone working on the corporate network. However, network restrictions are not only for the corporate world, these restrictions are also present at schools and even in our homes. But what is the use of protecting your data and privacy if you constantly have to deal with cyber rats eating their way through your defences from the inside?

A proxy is often blocked as soon as the network administrator becomes aware of the fact that it is used to gain unauthorised access to websites and other networks. That's the reason why people are constantly in search of brand new proxies and what scares me the most, is the rate at which these new proxies become available, it is so bad you can even regard it as another form of spam. The sad reality however, is that the people who use these proxies, either do not know a thing about PC security, or they don't give a damn about it. Browsing restricted sites via an illegal proxy exposes your computer to malware and hackers, putting the whole network at risk. Confidential and sensitive corporate information can easily be leaked and the privacy of every employee using the corporate network could be compromised due to the selfish acts of employees who can't walk between the lines. So you are not only putting your colleagues in a tight spot, your compromising your own security as well.

The most popular reason for a proxy is to gain access to social networking sites like MySpace, Facebook, Orkut or Twitter. Social networking sites are time and money wasters in terms of productivity, bandwidth and company resources. Instead of doing their jobs, people waste hours and hours of productivity during the day, by hanging out on social community sites. To add insult to injury, they don't use their own bandwidth to chill on these sites, they use company bandwidth, company computers and company printers to do what they should be doing after work. Kids browse these social communities instead of attending to their schoolwork, wasting their parents's money, or the money of the taxpayer if the government funds the school. Speaking of the government, what about government workers? Instead of delivering the services we pay for, they browse MySpace, Facebook, Orkut or Twitter with our tax money. (Some governments do not even have any network security to speak of, so they can access any site without the use of a proxy).

Don't get me wrong, I'm not against the use of social networking sites, but there is a time and place for everything and social networking sites do not have a place at the office or at school (unless you are the PR manager of the company maintaining the company profile on MySpace). Before everyone starts to call me a party pooper, accusing me of taking the fun out of the office, think about this: If everyone spent more time on their job and less time on social networking sites during working hours, we will get a lot more work done and will therefore have plenty of time to hang out with friends and family on our favourite social networking sites. Don't be mad at your boss for limiting your Internet access, the fact that you are using a proxy to bypass Internet filters and other limitations imposed by your employer, already tells me that you can't use the Internet responsibly. If you really need to use these sites, visit them after work or after school and if you don't have a computer at home, use a friend's computer or visit an Internet café. It has to be mentioned though, that 3rd party proxies are not only used to access social networking sites, but they are also popular for porn surfing and the downloading of pirated software, music and movies. These sites are far worse than social networking sites, because they do not only waste valuable man-hours, they are often loaded with nasty malware, a direct threat to the safety of everyone working on the network.

The bottom line is, companies invest a lot in computer security, computer labs at schools do their best to keep their networks safe and clean and parents invest in parental control software to keep their young ones from accessing harmful content on the Web. Still you get people who want to break down all these barriers, ignoring the damage they cause and the risks they create during this process. Bypassing the parental control software on the family computer can easily lead to a prohibited site where a sneaky rootkit finds its way into your system. It may log a credit card number here and a password there and before your folks know what's going on, they could be staring bankruptcy in the face. The same can happen at work or at school, your infected PC can cause a lot of problems for other people using the same network. Do you want something like this on your conscience? Proxies may have their uses, but they should not be used to cross digital borders illegally. If you are not allowed to visit a specific site at work or at school, then there's most likely a pretty good reason why you shouldn't visit it. If you choose to visit prohibited sites without proper authorisation, you risk loosing your job, getting suspended or even harsher network restrictions may be implemented. Think about it, is it really worth all that?

People are so touchy about this subject that when they ask for new proxies in forums or Q&A communities, they often warn you in advance not to bitch about why they shouldn't be using one. So next time when you run across someone asking for a proxy to bypass firewalls and Internet filters, don't waste your time explaining why they shouldn't be using one, don't expose yourself to insults and swearing, just refer them to this article.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

Anti-Spammers Suffer From "Spam Exceptionalism"

2008-04-05T17:18:00.004+02:00

In response to the conviction of Robert Soloway, the "Spam King", Eric Goldman, assistant professor with Santa Clara University School of Law, who blogs about technology and marketing, stated that many Internet users may be happy to hear about Soloway's criminal prosecution, but law enforcement shouldn't necessarily rush into these criminal cases. Why? Well according to Goldman, spam is principally about speech and we should be very reluctant to criminalize speech-based behaviour. Goldman added that there's such an antipathy towards spam that there's almost a sense that anyone who ever engages in spam is so evil that they should be punished, an attitude that Goldman likes to call "spam exceptionalism". He believes that if people really thought about the issues, they wouldn't necessarily find spam any more invasive than other forms of advertising, like television commercials or junk postal mail.

So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?

So what are the basic characteristics of spam?

It is unsolicited;
It is obtrusive and a hindrance;
It needs to be managed and is therefore counterproductive;
The recipient of the message pays for it, not the sender.

If you evaluate the different forms of advertising against these characteristics, you soon realise that actual advertising is not nearly as invasive as spam. When advertising material bears all the characteristics mentioned above, you can't classify it as advertising anymore, at best you can call it spam (or perhaps a couple of stronger words). So lets take a quick peek at the different forms of advertising to see how spam matches up against them.

TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.

Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.

Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.

Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".

Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.

E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.

Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.

So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.

Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.

Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?

Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.

Flyers
Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.

Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.

Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.

Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.

Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.

Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.

I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.

One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.

The Future of Anti-virus Software?

2008-03-06T22:01:00.005+02:00

Larry Dignan of ZDNet made a very interesting post on the ZDNet Zero Day blog about the future of anti-virus software. One thing that caught my attention was the comments of Websence CEO Gene Hodges, "Modern attackware is much better crafted and stealthy than viruses so developing an antivirus signature out of sample doesn't work".

Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.

I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.

Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?

It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.

Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.

Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way the only thing that's keeping the Internet from collapsing.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and assisting the Internet Community in choosing effective security software solutions.

How Did They Get My E-Mail Address?

2008-02-07T20:50:00.000+02:00

Unsolicited commercial e-mail, more commonly known as spam, can be seen as another form of e-mail fraud. Spammers use clever and misleading techniques to collect and verify e-mail addresses, yes, that 'innocent' spam e-mail, advertising the next technological breakthrough, uses misleading marketing techniques to entice the reader to click on a link, buy a bunch of junk or some dangerous substance or even infect your PC with malware. No matter what the spam e-mail is trying to market, the only goal of the spammer, aside from making money, is to take the recipient for a ride.

The most frequently asked question from spam victims is: "How did they get my e-mail address?" This clearly shows that most victims of spam don't have a clue about preventing it. Knowledge about the techniques used by spammers to collect e-mail addresses is crucial, because this gives the e-mail user an edge in the war against spam. In this article we will look at the e-mail harvesting methods used by spammers and the precautions you can take to prevent your e-mail address from falling into the wrong hands.

Using a Secondary E-mail Address to Limit Exposure to Spam
Before we get to the nitty-gritty details of this article, lets look at a very useful method of preventing spam. Using a secondary e-mail address is a very effective method of keeping your primary e-mail address private. I recommend a free e-mail service like Gmail, Hotmail or Yahoo! Many websites demand an e-mail address in exchange for something else, or you often need to supply your e-mail address to activate an account or membership. This is where a secondary e-mail address comes in very handy. Just remember, the idea behind a secondary e-mail address is not to expose it to spam unnecessarily, but to use it in circumstances where you have concerns about your privacy or possible exposure to spam.

Chain Letters, Petition Lists and Hoaxes
Oh yes, those very popular chain letters and petition-lists being forwarded so vigorously by friends and family. That 'innocent' e-mail about some missing or sick child no one ever heard of, the warning of a syndicate, drugging people and removing their kidneys, yet it is never mentioned in the news media and you can't help to think that you have seen this e-mail before. What about the Osama Bin Laden virus destroying your hard disk, Mars coming to large view every 60,000 years, yet an e-mail about this event is distributed each and every year, or the one from Microsoft or AOL donating money to an non-existent fund of a non-existent cancer patient, each time the e-mail gets forwarded to 3 different people. These e-mails may seem innocent, some may contain a lovely message, some may even be true, but whatever the case, it should NOT be simply forwarded to everyone you know and neither should you encourage the recipients to forward it to all their friends and family as well.

The main problem with chain letters is the exposure of e-mail addresses along the line. E-mail clients often place the Subject, Date, From and To entries from the e-mail header in the body of the e-mail when you forward it inline. Forwarding the e-mail as an attachment, forwards the full header and not just the entries mentioned above. This procedure is repeated each time someone forwards the e-mail to someone else, resulting in pile of e-mail addresses building up in the body of the e-mail. Very few people remove this information before forwarding the e-mail, so you will be able to see the e-mail addresses of many other people who received the stupid e-mail as well. A chain letter, forwarded as an attachment each time, delivers more or less the same result as explained above, the only difference is that the recipient has to open attachment after attachment several times before getting to the original e-mail (which can be quite annoying).

A chain letter will be passed along the line and will definitely land in the mailbox of someone you never met and probably never will meet. Even if you send the chain letter to trustworthy people alone, you can never be sure where their friends and family will send the e-mail, so your e-mail address may land in the hands of a spammer or someone who sells e-mail addresses to the spammers.

Online Forums, Discussion Groups and Community Sites
419 scammers love to browse social networking sites in search of possible victims. Making your e-mail address public on the Internet will expose you to all kinds of Internet criminals. Spam bots crawl the web in search of e-mail addresses posted by unwary Internet users on forums and other community sites. Whenever you register on one of these sites, use your secondary e-mail address to sign up. Your e-mail address is normally required to activate your account, to receive notifications when people send you private messages or when someone replies to a post you made. However you won't really need these e-mail notifications if you visit the site regularly, so a secondary e-mail address will do fine when this is the case, because you will basically use it only to activate your account.

Contact Pages and Web Forms
There will always be scenarios where you need to publish your contact details online if you wish to stay in touch with your visitors or customers. Contact pages of websites will often contain an e-mail address. A Webmaster will always try to make the contact page as accessible as possible to his visitors, so a spam bot will not have any difficulty finding this page. This means the e-mail addresses on these pages are always sitting ducks for spam harvesting software. There are a couple of ways to protect your e-mail address if you need to make it available to the public.

One way is to embed the e-mail address in an image. A simple program like Microsoft Paint can be used to create the image. You can even make the image blend into the text of the page by saving it as a GIF or PNG and making the background transparent by using Microsoft Photo Editor. It is advisable to use a font that's easy to read to the human eye but hard to read for OCR (optical character recognition) software. OCR software will have problems reading an image when the characters appear faded, if they contain indistinct edges, if they are aligned at different angles, if the lines of text are wavering up and down across the image or if they appear to be dipping at the side of the image.

Another method of protecting your e-mail address from spam bots is to 'encode' it with a random format that's clear to humans but not to computers. You can 'encode' it by breaking the e-mail address up with spaces and spelling the special characters out with words, for example johndoe at example dot com. You can also use random substitutes for special characters and provide instructions in brackets, for example johndoe$example?com (replace the dollar sign with an at and the question mark with a dot). Another technique is to spell your e-mail address backwards, most people will realise that they will need to reverse the e-mail address before using it, for instance moc.elpmaxe@eodnhoj. You can even swap the special characters, for example johndoe.example@com (swap the at and dot characters). The possibilities are endless, so use your own creative 'encoding' methods, as long as it makes sense to humans. You may argue that there is no need to provide decoding instructions, because people with a bit of technical savvy will be able to decode it anyway. This will automatically exclude those dumb scammers who can't tell the difference between Western Union and Western Onion.

Webmasters can use a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to protect their web forms from being bombarded with spam. Many webmasters avoid CAPTCHA to make their websites more user-friendly, but a small loss in user-friendliness is nothing compared to the burden of filtering through all those spam submissions. However CAPTCHA is a must when the information submitted through a form is published on a site without any moderation.

Online Recruitment Sites
Yet another example of where it is critical to publish proper contact details, because a job seeker will always want a prospective employer to reach him or her without any troubles. The only problem is you need to disclose quite a lot of information in your CV in order to clear up any suspicions an employer might have. If you choose to omit critical information from your CV, you might just miss out on a great job opportunity.

Luckily online recruitment is quite expensive for the employer, something the online scammer often avoids. The online scammer will most of the times be on the lookout for cheap and free services. Some online recruitment agencies have specific criteria for employers before allowing them to browse CV's or post ads. For instance certain agencies demand a landline number from the employer, mobile numbers are not accepted. We all know that it is much easier to obtain a disposable cell phone than a landline and confirming the personal details of a disposable cell phone owner is much harder than tracking down the owner of a registered landline. Still these precautions are very limited and can easily be circumvented by more advanced scammers.

The bottom line is, your e-mail address and most probably other contact details will be exposed to various prospective employers. Spam bots won't be able to crawl the databases because they are password protected. It is very unlikely, but not totally impossible, to find a spammer going manually through each CV, recording the e-mail address of each job seeker in order to build a mailing list for spamming purposes.

Your best defence against online scams, while using an online recruitment agency, is a vigilant eye. You need to spot the scam before it catches you. Your contact details are exposed, so be ready for a dodgy proposition or two.

Replying to 419 Scammers
Many people get so sick of advance fee fraud e-mails that they reply to a scammer out of anger, to insult him, to insult his mother or just to tell him where he can shove his phoney e-mail. This is the last thing you should do when you receive a fraudulent e-mail. If the 419 scammers can't steal your money, they will sell your e-mail address to the spammers to make at least a buck or two out of the deal. So no matter how you look at it, you will always loose something if you reply to a 419 scammer, unless you are a scambaiter off course.

Responding to Commercial Spam
This is perhaps one of the most overlooked ways of loosing your e-mail address. Clicking on that strange link in a spammy e-mail, filling out that mortgage application form or un-subscribing to something you never signed up for, will most certainly get you on a spammer's list. Why am I saying this? Ever saw one of those spam e-mails sent to several recipients, but each e-mail address starts with more or less the same characters and it is only the last couple of characters or digits of each e-mail address that's different? It is a primitive technique similar to the one we used to made prank calls when we were kids. You dial a random number, do the prank and hang up. Then you only increment the last digit of the previous number until you find another number that's working and do the prank again. When the last digit reaches zero, you start incrementing the second last digit and when the second last digit reaches zero, you move on the third last digit, repeating the process until you're tired of making prank calls.

It's really a shot in the dark and your e-mail address is not really on a spammer's list, it is merely on a sample list generated by a computer program. Each e-mail address on the sample list needs to be confirmed before adding it to a priority spam list. Clicking on a link in a spam e-mail will give an indication to the spammer that your e-mail address is active and that you are responding to his or her e-mails. This makes you a much more promising target in the eyes of a spammer. So whatever you do, don't click on any links or follow any instructions given to you in a spam e-mail, unless you enjoy receiving spam.

Conclusion
This is not an exhaustive list, there may be many other causes of spam, but these are the most common reasons why you are getting all those junk e-mails in your inbox. Be my guest, open a new e-mail account and avoid all the pitfalls discussed in this article and you will discover that it is possible to live in a spam free world.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.

Spam - Report it or Prevent it?

2008-01-03T19:24:00.000+02:00

It has been quite a while since my last article and I apologise for the long delay. I devoted most of my time during November and the first couple of weeks in December to research and the blog unfortunately got neglected. I then took a break for a week to spend time with friends and family during the festive season. (I'm not a cyborg and even cyber cops need to take a break so once in a while). The only thing I regret is that I did not download any e-mails during this time, so you can expect I had quite a lot of e-mails in my inbox (the majority was spam anyway). 2007 has come to an end and 2008 lays ahead of us. Looking at all the security related articles since the start of 2008, I get the idea that the cyber security industry is preparing for one rough ride in terms of computer security in 2008. But enough about that, let's get to this week's article and the first one of 2008.

One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.

Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.

Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.

Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.

I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.

Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.

Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.

I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.

Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.

So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.

In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.

Reconciling Parental Control Software with Internet Security Principles

2007-11-14T19:13:00.000+02:00

By Coenraad De Beer

Conventional parental control software is a security risk on its own. Parents often fail to identify the underlying risks of Internet monitoring software, but what do you use if you want to monitor your child's activity on the Internet?

Parental control software remains a useful tool to monitor your child's online activity and at the same time block inappropriate content. The fact that you are an adult does not necessarily mean you like to view offensive content, so the software can also be utilised to block offensive content on sites you often visit. Unfortunately, with the monitoring part of the software comes an inherent security risk of sensitive information that may fall into the wrong hands.

If you want to use parental control software, you need to use it responsibly, especially if you install it on a computer that is shared by several members of your household. The trustworthy members of the family need to be aware of the software and the need to have administrator privileges to disable the software before working on the computer. Parents often forget to disable the software before doing online shopping or banking, effectively allowing the key-logger component of the software to log important information such as social security numbers, credit card numbers and passwords.

Many Internet monitoring software packages take screenshots at certain intervals to capture the contents of the screen at a specific point in time. This is also dangerous if you forget to disable the monitoring part of the software, before logging into a secure area of a website. Screenshots can be taken of sensitive information that's normally only accessible behind a secure login area. All this information (keystrokes and screenshots) is stored on your hard drive, exposing it to possible exploits from crackers or spyware.

Well-written parental control software will obviously encrypt the information it logs, but crackers often decipher the encryption code in next to no time. The last thing you need is a spyware infection or an intruder on your system that can bypass the encryption of the parental control software. You don't want a stranger going through your logs if you accidentally forgot to disable the software before entering sensitive information on the Internet. So the most important thing to remember is to disable the monitoring software before you use the computer and remember to enable it again when you're done, otherwise there is no point in having the software on your computer in the first place.

Some parental control software allows you to create different profiles for different members of the family. You can for instance have a "Child" profile that blocks inappropriate content and monitors your child's activity on the web, a "Teen" profile that does not block any content, but only monitors your child's activity and a "Parent" profile that does not monitor your activity or block any content. The "Teen" profile can be activated when your teenager wants to use the computer, or you can activate the "Parent" profile if you are present while your children surfs the Internet. The "Child" profile should be used to limit Internet access while you are not at home to keep an eye on your children's Internet activity.

Kaspersky Lab recently integrated a parental control module into their Internet Security suite. It does not log keystrokes or take screenshots, it only monitors HTTP traffic. To know what your child is doing on his or her computer, you only need to monitor their Internet use. It is easy to see which games they are playing and which software they are using by examining certain areas of your system, like the Program Files folder and the Add and Remove Programs section of the control panel. Clever kids will know how to wipe this information, but most programs make connections to the Internet these days, so just by examining the HTTP traffic generated by these programs, you can easily tell which programs your child is using and which websites they are visiting.

The parental control module of Kaspersky Internet Security logs all the websites visited by your children, all the remote images loaded from e-mails that they read and all the servers they connect to for online gaming and software updates. If the logs contain entries from winamp.com, then your child is probably using Winamp to play music or movies. Entries from ea.com, might indicate that your child is playing some games developed by Electronic Arts. Your children will also download software from certain sites, which will give you another indication of what kind of software they are using. The fact that the software monitors HTTP traffic, means that you are not only limited to the traffic generated by a web browser or e-mail client, it monitors all Internet activity from any application.

The way that Kaspersky Lab approaches parental control and monitoring software, does not compromise your online safety like your conventional child monitoring software, because there is no security holes created by keystroke logging and capturing of screen data. The logs of your HTTP traffic may still contain tracking information that you may not want to reveal to advertising companies (and their spyware programs), but the beauty of this module is that it is integrated into an Internet security suite, so you are automatically protected against unauthorised access and malicious software infections, thanks to the firewall the anti-malware shields of the software. Traffic through secure servers (HTTPS) is normally encrypted, so the monitoring software only sees the encrypted data during a secure online session like Internet banking or online shopping. I still recommend that you turn of the parental control module before transmitting sensitive information over the Internet.

Up to know I basically discussed the monitoring part of parental control software. The control part allows you to block indecent content as well. Blocking inappropriate content minimises the risk of malware infections. Porn sites are often loaded with spyware, so keeping your children away from these sites, does not only protect them from exposure to harmful content, but it also protects your computer from dangerous infections. Your child's porn surfing may be the cause of a dangerous spyware infection, something you may not be aware of (especially if you don't have any spyware protection installed). You could easily log into your online banking account or enter sensitive information on the web, without realising that there are spyware lurking on your computer, watching your every move. Parental control software is not designed to protect your computer against malware infections, but preventing your children from accessing inappropriate websites, helps them to stay away from potentially dangerous websites, which is the number one rule in malware prevention.

Proper parental control software should allow you to set up filters to block specific inappropriate content, giving you complete control over what you allow your child to access on the Internet. Kaspersky Internet Security allows you to do exactly this. Lets say you want to block access to sites containing the word "murder" in the URL. You simply add the filter "*murder*" to the Parental Control Blacklist and it will block all websites containing the word "murder" in the URL. You can also blacklist specific URL's to prevent access to certain online chat rooms, web mail services or social community websites. Websites that carries your approval can be added to a white list to prevent the software from accidentally blocking it, or you may want to allow only specific pages from a site that's currently on the blacklist. The flexibility of the software allows you to fine tune the parental control software to your own specific needs, enhancing the online safety of your children.

So what is the message I'm trying to get across here? As I said at the beginning of this article, parental control and monitoring software remains a useful tool to keep an eye on your children's Internet activity when you are not present. As a parent you need to understand that parental control software poses certain security risks of you do not manage the software in a responsible way. I feel that developers of parental control software should move away from keystroke logging and screen capturing and focus on HTTP monitoring instead. Parental control software developed by a company who specialises in Internet security, gives you peace of mind that the software was designed with security as a top priority. The next step for Kaspersky Lab may be to make the module optional. Not everyone wants parental control software, but if I want to add this functionality to my computer, I'd rather buy it from a developer who has been in the Internet security industry for years, than buying the software from a developer who does not have a clue about Internet security.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security and analysts of Cyber Security Software. Read our review of Kaspersky Internet Security 7.0 for an in depth look into one of the most comprehensive Internet security suites in the security software industry.

Website Owners - The Next Target of 419 Scammers?

2007-10-31T23:41:00.000+02:00

By Coenraad De Beer

A couple of weeks ago I did an article on a 419 scammer who used Google to find possible victims. I analysed a very interesting 419-scam e-mail today that made it quite clear that the swindlers are slowly starting to change their tactics. The old methods are not working as well as they should, so scammers are looking for new and improved methods to claim new victims. Believe me, the dumb, idiotic scammers with their hilarious con stories are becoming smarter by the day.

The typical "Dear sir/madam" e-mails may soon be something of the past if all 419 scammers start to operate like Ferdinand Traore from Togo. Ferdinand sent an e-mail to a website owner after pulling his name, surname and e-mail address from the "Contact us" page of his website. Below is a copy of the e-mail that he wrote (The e-mail has not been edited in any way. I only changed the name of the website owner to John and his surname to Doe, to protect his identity).

"Dear John Doe,

Please forgive my using this means to reach you but I cant think of any other way of letting you know the urgent matter at hand. I acted as personal attorney to the (late) Engr. M.A. Doe, who lived and worked here for more than twenty years as a major contractor and businessman.

On the 18th of Novermber 2004 he and his wife and only daughter were involved in an automobile accident while visiting a neighboring country on vacation. They were buried two weeks after and I have exhausted all means of reaching who may have been related to them. This has been made more difficult because no mention was made of any relative while he was alive.

To the best of my knowledge, before his death, he had an investment deposit totalling more than Eighteen Million Five hundred thousand United States Dollars($US18.500.000.00) with the major bank here and now they have asked me to provide a next of kin if there is, or the estate will then revert to the government and so it would be lost.

My proposal is that you allow to be presented for this role so that documentation can be processed and payment made in your favour. This is a project which will see us partner to realise. I would be willing for us to discuss terms of participation in order to protect our various interests.

I want to assure you right away that I have positioned this deal to not last for more that two weeks. I shall be willing to discuss futher on this if write back or send to me your direct telephone number so we can discuss in the type of confidential atmosphere which this matter requires.

Awaiting your immediate response.

Ferdinand Traore (Esq).

Traore Chambers & Associates,
Rue Du Commerce Avenue B.P.120,
Lome-Togo"

You can easily be drawn into this e-mail because at first glance you may think it is a relative who died. If this happens, the scammer achieved his first goal, to get your attention. If he has your attention he can play with your mind. The plot is simple, a lawyer contacts you in search of a next of kin for a deceased person who has the same last name as yours, very convenient don't you think? The deceased person was loaded with cash, making the proposal very attractive to the unwary victim.

You may argue that there is nothing special to this e-mail, besides the fact that he addressed the victim directly on his name and not via the generic "Dear sir/madam" introduction. Furthermore the spelling and grammar is horrible, so it is easy to spot the scam in this e-mail. It is a classic inheritance scam e-mail, with the promise of a ridiculously large sum of money. Ferdinand sent the e-mail from ferdinandtraore.4to1957@yahoo.co.uk but the victim had to reply to ferdinandtraore.tgo1957@yahoo.co.uk, another common characteristic found in 419-scam e-mails. All the signs are there, so what is so special about this specific e-mail?

It is not the e-mail that's unique, but the methods used by the scammer to collect information about the victim. A closer look at the visitor statistics of this website revealed a visit from Togo, with the same IP address (41.207.162.4) as the one found in the e-mail header. So there was no doubt about the identity of this visitor, it was most definitely our friend Ferdinand Traore (oops did I forget to add the "Esq" suffix after your name? Sorry Ferdinand). The traffic came from a Google search for a specific surname, in this case not the surname of the website owner, but a surname that appeared on one of his web pages.

The scammer appended "co.za" to the search string, which tells me he was looking for South African websites (or South African website owners). He also placed "2007" in front of the surname. Why? Websites contain copyright notices, often followed by the name of the website designer. Most copyright notices contains a year and active websites change this number each year, some web designers do this via a script and others do it by hand. The scammer was probably looking for websites containing a 2007 copyright notice. This would certainly keep the search results fresh and minimise the risk of using outdated contact information.

In the previous article I mentioned a 419 scammer who targeted American citizens using specific e-mail services like Yahoo! and AOL. This scammer searched for the latest contact details of certain South African website owners. I'm sure they expand these searches to other countries as well, but one thing is for certain, they are using specific contact information to send targeted and relevant e-mails to possible victims. Later today someone else reported a scam e-mail, with the exact same plot. Once again the scammer knew the name and surname of the victim and addressed him accordingly. The victim of this e-mail was a job seeker who posted his resume on several online recruitment websites. So the scammers are using several online resources to harvest personal information about their victims.

E-mails addressing you personally are no longer a guarantee that it came from a trustworthy source. The fact that the sender knows your name and last name does not necessarily mean that he legitimately obtained this information or that he has legitimate intentions. People should look deeper into the e-mail for other obvious signs exposing the true nature of the e-mail. I mentioned a couple of common characteristics earlier in this article that will help you to identify other e-mails just like this one. But not all these characteristics are present in every e-mail scam, making it hard to define a single set of rules that will apply to all e-mail scams. Common sense is the only true weapon that's dynamic enough to adapt to the different methods used by e-mail scammers today.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops. Visit our 419 Scams page for more information about 419 scams and different 419 scam examples. Stay up to date with the latest in cyber security, by subscribing to our cyber security related RSS Feeds.

419 Scammers Using Google Search to Find New Victims

2007-10-18T23:57:00.000+02:00

By Coenraad De Beer

I've heard of phishing scammers using Google Maps to reveal the location of a victim, but I haven't heard of scammers using Goole Search to find the e-mail addresses of possible prospects for advance fee fraud. However I was surprised to find such a search last week when I browsed through the visitor statistics of cybertopcops.com.

419 Scammers are starting to use technology more often to swindle innocent victims. We see advanced and professionally designed e-mails and websites, clever social engineering skills and scam e-mails targeted at specific people. That was probably the aim of the scammer who used Google Search to find Yahoo! and AOL e-mail addresses of people in the USA, who are desperately in need of funds. Yes the exact search string used by this scammer was "email address of people in the usa that are in need of fund @yahoo or aol mail". The scammer landed on our Lottery Scams page where we refer to the fact that scammers often use Yahoo! and AOL e-mail accounts to distribute fraudulent e-mails. We recently made some changes to this page and as a result it's no longer appearing in the results for this specific search string.

A couple of things immediately caught my attention when I stumbled across this visit. The visitor was from Nigeria, with the IP address 196.1.179.153, one that is often involved in e-mail scams and spamming. His/her Internet service provider was Nitel, the principal telecommunications company in Nigeria. What struck me the most was the search string used by this visitor. Did the scammer really think he/she would find the e-mail address of a US citizen, looking for funds on the Internet, using a Yahoo! or AOL e-mail address and on top of that, leaving it on the web for anyone to use? It's like going to Amazon, hoping to find specials on 419 Scam Victims, or having a victim delivered to you on a silver tray. But is a search like this, really that far-fetched?

If you browse through the results of this search, you will find quite a couple of e-mail addresses, lying around for advance fee fraud scammers to use as they please. A couple of interesting theories came to mind when I analysed the search string.

419 scammers are targeting people living in the United States. Why? Perhaps they have a better success rate with Americans;

They prefer people using the e-mail services of Yahoo! and AOL. Why? The spam filter of Yahoo! and AOL is not as effective as Gmail's and it is probably easier for scammers to get through to people who use these e-mail services. Also note that the scammer did not look for Hotmail e-mail addresses. According to 419eater.com, some scammers do not like to converse with Hotmail users; and

They specifically target people in need of financial assistance. Why? People with severe financial problems are often desperate and will do anything to improve their financial position. 419 scammers exploit this desperation, making it easier to convince these victims.

I understand that it is hard to base solid theories on a single incident, so these are only a couple of possibilities from a personal point of view. 419 scammers send e-mails to many countries, not just America, they send e-mails to Gmail and other e-mail accounts, not just Yahoo! and AOL and they send e-mails in bulk, like a spammer with a shotgun approach, they often have no idea who the recipients would be.

What can we learn through this behaviour? Do not post your personal e-mail address in any public area on the web. Do not reveal your financial status on the web. Scammers will use this to their advantage. If they have your e-mail address in their possession and at the same time know about your financial problems, then they can send you a highly targeted and convincing e-mail, putting them in the right place at the right time. I still think it was wishful thinking by the scammer to do such a narrow search, hoping to find a victim that fits this profile. However, this scammer inadvertently revealed one of their harvesting methods, so lets take the necessary precautions and make it harder for scammers to find new victims.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about online scams and assisting users in the removal of malicious software.

PC Security DIY Part I: Malware - The Most Wanted Cyber Criminal

2007-09-24T16:24:00.000+02:00

By Coenraad De Beer

More or less 3 weeks ago, several anti-scammer websites fell victim to DDoS (Distributed Denial of Service) attacks by the Storm botnet. The comments made on blogs and news sites about these attacks, made it clear once again that cyber security experts are well aware of the dangers of malware infections, which are the backbone of any botnet, as well as the impact these infections have on the online industry. The fact that security experts realise these problems is all good and well, but it does not really help addressing the problem. Normal computer users need to understand the implications of malware infections as well, but more importantly, they have to carry the consequences of their actions if they refuse to take appropriate preventative measures against malware.

Before we start, I would like to explain a couple of terms to users not familiar with DDoS attacks and botnets. A botnet is a network of software robots controlled remotely by crackers. A software robot in this specific case is a compromised computer, infected with specific malware types like Trojan horses and worms. A compromised computer is also called a "zombie computer". A botnet is therefore a collection of compromised or "zombie" computers. I am not going into the details of a DDoS attack, but a Denial of Service attack basically happens when a botnet sends thousands, even millions, of communication requests to a web server. This results in a bottleneck of incoming traffic, causing the server to crash, or making it so slow that it cannot serve the website to normal visitors anymore. An attack from a big botnet will therefore have a much larger impact on a web server than an attack from a smaller botnet. Okay, now that we have the jargon out of the way, lets delve deeper into the impact of malware infections on the Internet as a whole, but also for the individual Internet user.

The Internet is often referred to as the information superhighway. Off course the Internet as we know it today, is much more than just an information superhighway, the Internet has become a digital world where many offline tasks can be done online as well. You can work, play, recruit, date, shop, chat, watch TV, listen radio and do many other things online. But for the sake of this article I will stick to the term information superhighway, because the rules of the road fit perfectly in with what I want to illustrate. According to Wikipedia, it is estimated that up to one quarter of all personal computers connected to the Internet, are part of a botnet. This estimate is not that hard to believe, I will even go so far to say that this figure may even be bigger than a quarter of the Internet's population, especially if you take into account the rate at which malware infections spread through the Internet. Ignorance plays a big role in malware infections, but don't leave negligence out of the equation. If it only stopped at ignorance and negligence, large and influential companies are able to address the problem, but they are unwilling to sacrifice profit for the safety of other Internet users.

Internet Service providers are in pole position to address the increasing threat of malware infections, the one thing that's making botnets grow larger and larger by the day. Unfortunately they are only interested in making money instead of providing a safe and quality service to their loyal and honest customers. No they would rather keep the clients distributing malware, sending out spam or taking part in Denial of Service attacks, because it means loss of revenue for them if they decide to suspend the services or terminate the accounts of these clients. Most ISPs will state in their Terms of Service that they do not tolerate this kind of behaviour, but it is only done to make them look great on paper, they seldom enforce these terms. John Masters, anti-spam activist and a dedicated supporter of Cyber Top Cops, sent me an e-mail the other day, suggesting that we should roll out penalties against people who use unprotected computers connected to the Internet. Although I realise the difficulty of getting something like this into place, I personally think it is a great idea and I wholeheartedly agree, but before we start to punish the user, start with the ISP for not taking action against the user.

It makes a lot of sense to fine people who use unprotected computers on the Internet. This is why I referred to the information superhighway earlier in this article. The Internet can be compared to a real highway, where several road safety rules apply. Driving on a highway with a vehicle that's not roadworthy does not only put your own safety at risk, but also the safety of other road users. If a traffic officer pulls you off the road and find that your vehicle is not roadworthy, you will most probably receive a fine (unless you bribe the traffic officer). If you continue to drive like this you may end up with a suspended driver's licence. The same principle applies to computer security. If you use an unprotected computer on the Internet you're not only putting your own safety at risk, but the safety of other Internet users as well. If your ISP becomes aware of the fact that you're connecting to the Internet without appropriate, up to date anti-malware software installed on your computer, you are supposed to be fined for putting the safety of all other Internet users at risk. They should suspend your services if you continue to connect to the Internet with an unprotected computer.

Your computer may be distributing malware, sending out spam, phishing e-mails and advance fee fraud scams. Your computer may even be used in Denial of Service attacks. So you end up becoming an accomplice in Internet crime. You unknowingly become a spammer, a scammer or a malware distributor. By using an unprotected computer you contribute to cyber crime instead of fighting it. That's not all, the malware may be monitoring your keystrokes, capturing everything you type, stealing passwords, e-mail addresses, account numbers, social security numbers, credit card numbers, names, telephone numbers, physical addresses... can you see where I'm going with this? These programs are able to compile a complete profile about yourself, this information is then transmitted back to the operator of the malware, who may use it to commit fraud in your name, in other words steal your identity. The perpetrator may even clean out your bank account, open credit cards or take out loans in your name and guess who is going to receive the bills at the end of the month, you!

What are the practical implications of implementing a penalty system for reckless Internet users? First of all, the ISP needs to have solid evidence, proving that the guilty party was really using an unprotected computer. Secondly, if the user had anti-malware software installed on his/her computer, the ISP needs to prove that the software was outdated. Finally, if the user had up to date anti-malware software installed, the ISP needs to prove that the software was not appropriate for preventing malware infections. This means that anti-malware software needs to comply with certain safety standards before they can be accepted as approved anti-malware solutions. This will effectively force all anti-malware developers to put their software through specific tests, conducted by a computer security standards authority. This will also cause anti-malware application prices to rise, which may pull the plug on the development of free anti-malware solutions, unless the developers certify these free applications as well. The ISP should use special software to check whether these approved anti-malware applications are installed on the client's computer. The software should send out several warnings to the clients who do not comply with these standards, giving them a reasonable amount of time to attend to the problems and providing detailed instructions on how to resolve them. Access to the Internet should only be terminated if the user fails to respond to these warnings.

Many people might ask, how should I update my anti-malware application if my Internet access is terminated? Your Internet access should only be terminated if you fail to respond to the warning notifications sent to you. If you end up with a terminated Internet access account, it means you ignored the notifications and you should have thought about the implications of your actions before you decided to ignore them. Other may claim that they are computer illiterate and cannot install software or keep them up to date. Most anti-malware applications update themselves and it does not take a rocket scientist to install them. With most of these installations you simply need to click on the "Next" button until you see a "Finish" button. If you can surf the Internet, then I'm sure you know how to click a button. I understand that not every Internet user is a computer expert, so if you find it difficult to install software, join an online forum like BleepingComputer.com, GeeksToGo.com or TechGuy.org and ask for assistance. It is extremely important to secure your computer before it gets infected with malware.

I just painted a pretty grim picture, didn't I? The burden placed on Internet Service Providers to check up on clients, to prove that clients are using unprotected computers, to penalise those who disobey the rules and to close down the accounts of regular offenders. Then there is the problem of high anti-malware prices and no more free anti-malware solutions for the people who cannot afford expensive anti-malware protection. But this is where the Internet is heading if we do not take action now. Online fraud is causing consumers to loose confidence in Internet shopping. Phishing scams are making users afraid of signing up for Internet banking services. People are weary of online payment and trading services like PayPal and eBay, no matter how safe they claim to be. Spammers are stealing bandwidth and the Internet user have to cough up for the costs. Expensive hardware and software is needed to fend off Denial of Service attacks. Malware is at the root of all these problems. It is the biggest contributor to cyber crime and eliminating malware is like removing a species from the food chain. This will be a big blow to spam and bot networks, resulting in less spam and phishing scams, fewer Denial of Service attacks and fewer stolen identities, passwords and credit card numbers. All the money saved through proper prevention of malware, including malware related problems like spam and Denial of Service attacks, can be utilised to build better protection against malware and assist companies to continue the development of free anti-malware solutions for home users.

So what is the bottom line? Internet Service Providers need to take responsibility for their networks. Customers are paying for Internet access, free from spam and malware attacks. It is the responsibility of the ISP to keep spam and malware infections within acceptable limits. Proper legislation needs to be put into place and governments need to take action against ISPs if they allow these threats to rise beyond acceptable limits. How do ISPs keep these threats within acceptable limits? Listen to the complaints sent through to your abuse departments, stop ignoring them, terminate the services of regular offenders and publish these actions for everyone to see. Make examples of those who do not want to listen and soon enough you will have people sticking to the rules. People will continue to do what they want if they know there is no punishment for their wrongdoing.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, providers of free malware removal assistance and helpful Internet security tips for the novice user. In the next instalment of the PC Security DIY article series, we will look at the foundation of Internet Security, using a secure browser and e-mail client and getting into safe browsing and e-mail reading habits.

Choose Your E-mail Address Carefully

2007-09-05T20:13:00.000+02:00

By Coenraad De Beer

Did you know that it is important to choose the right name for your electronic mailbox? Very few people realise it and therefore expose themselves to things like identity theft, phishing and yes you guessed it, annoying spam.

What do you normally use as a login name or nickname when you register for an online service? Many people use a number or a keyword that is easy to remember and the easiest thing to remember is obviously your own name. However, your own name is the last thing you should use for any kind of login details and the same rule applies when you choose an e-mail address.

Why is it important for a spammer or phishing scammer to know your name? The main reason is authenticity. Let me explain with an example. If you have an account with PayPal and you receive an e-mail asking you to update your details, are you going to take the e-mail seriously if the e-mail starts with "Dear PayPal Customer"? Most people will say no, but what if your name is John Doe and the same e-mail starts with "Dear John Doe"? You can easily argue that anyone can send a PayPal look-alike e-mail starting with "Dear PayPal Customer", but not everyone knows my name, so chances are good that the latter version are probably from PayPal. I won't be too sure of that, especially if your e-mail address is john.doe@example.com. People often use a dot (.), a dash(-) or an underscore (_) as a separating character in their e-mail addresses and even a novice computer programmer will be able to extract the name and surname part from an e-mail address similar to the one given above

An e-mail starting with your name draws your attention immediately, so you tend to read more carefully and in most cases, the whole e-mail. Most people will respond immediately if they hear someone calling their name. The same basic principle applies to e-mails starting with your name, or containing your name in the subject line. This is why it is so popular among e-mail marketers to use your name in the subject line, you immediately want to see what the e-mail is about, because the person addressed you personally, like a friend or familiar person would do. Spammers use the same technique so that recipients open their e-mails and read what's inside. They normally use the first part of your e-mail address as your name in the hope that it contains your real name.

What about jdoe@example.com or doej@example.com or jd@example.com? If everyone calls you John, then jdoe, doej or jd will have little effect on drawing your attention. If someone sends you an e-mail with a subject line reading "john.doe check this out" and another one sends you exactly the same e-mail, but changes the subject line to "jdoe check this out", which one will draw your attention the most? The fist one off course and it will attract even more attention if the spamming software replaced the dot between your name and surname with a space, wouldn't it?

Ok, so lets come back to the example of the PayPal phishing e-mail. People are less suspicious when their real names are mentioned in the e-mail, but you will always be able to spot a scam if you choose an e-mail address that is not related to your name, surname or any of the nicknames your friends and family normally use. In other words, when you see someone using the first part of your e-mail address in the subject line, instead of your real name, you can know for sure that the e-mail is the work of a spammer and if the sender used it in the body of the e-mail, then it is obvious that the sender doesn't have a clue what your real name is. PayPal is supposed to know what your real name is, so if your e-mail address is jdoe@example.com, then they will never send you an e-mail starting with "Dear jdoe", only spammers will.

What if my current e-mail address contains my name or surname? I know that it is a lot of work and a huge frustration to change from one e-mail address to another, a lot of people have to be informed and a lot of e-mail subscriptions have to be changed. If your current e-mail address contains your name or surname, consider changing it as soon as possible and rather choose a name that does not reveal any personal information. A telephone number written on a little piece of paper reveals nothing about the name or surname of the owner, your e-mail address should have the same effect on strangers.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.