ZoneAlarm Blog: Information and news about internet security, virus protection, spyware removal, and more...

Real Questions About Encryption

2010-03-04T08:56:20-08:00

By John Gable, Director of Consumer Product Management

Often companies have FAQs (Frequently Asked Questions) that have more marketing speak than useful information. Well, here are some real questions we got from press and reviews last week when we were giving them a preview of our new ZoneAlarm DataLock. Enjoy.

Q: Does re-formatting a hard drive really delete everything or can data still be dug out of it?

A: Reformatting does not necessarily erase everything. Unless it overwrites the data a couple of times, someone could still find some of your data using common disk reading programs.

Q: What are the password requirements for your log-in password (how many letters, variation, etc)?

A: Minimum of 8 characters, any characters you want. We recommend mixing your characters (upper and lower case, numbers, punctuation), but that is not necessary.

Q: I use a Windows log-in. Does that protect me, and if I have it with ZoneAlarm DataLock, do I have to sign in twice?

A: The Windows log-in is easily by-passed. For example, you can just boot using a USB stick with an operating system. If you decide to keep using the Windows log-in with ZoneAlarm DataLock, when you restart your computer, you will have to log-in a second time.

Q: When will the log-in screen appear?

A: Every time you restart or boot your laptop, you will need to log-in. You will also log-in after hibernation.

Have any other questions we have not already answered here, on our ZoneAlarm DataLock page or FAQ, please ask.

More Details on Recent Check Point Surveys

2010-03-01T05:46:04-08:00

By Doctor Security

Did you see our latest announcement regarding the results of the Harris Interactive survey that Check Point commissioned?

It found that only 10 percent of the people surveyed use encryption to protect their sensitive digital files. Check out the press release that reveals the top-level findings and also announces the availability of the new, cool ZoneAlarm encryption solution for consumers called DataLock.

I had a chance to go through the survey report and there’s a lot of interesting research in it. Here are some key findings from the 2200+ adults who were surveyed:

Types of Personal PC and Usage:

36% of them were mobile PC (laptops and netbooks) users

84% use their computers mostly for personal use
90% have private data stored on their personal computers

10% use file data encryption

Comment: Only 10%!!! That’s a lot of unprotected private data.

In the Event of Laptop Loss or Theft, People are Most Concerned About:

56% about private data loss (total)

35% about hardware replacement cost
Comment: There’s a lot of concern about losing private data.

The concern for private data theft found in the Harris Interactive survey is supported by an earlier study about ZoneAlarm users done by Check Point’s research team. It had some interesting findings as well. For instance:

What Data Do ZoneAlarm Customers Want Encrypted on their PCs:

85% passwords
81% banking
70% personal videos and photos
67% email messages
52% tax records and business documents

Comment: Surprising that banking, tax records, and business documents aren’t in the 90% level.

Desktop Usage vs. Laptop Usage:

10% of laptop users don’t use any data protection

4% of desktop users don’t use any data protection

Comment: This is surprising too. You would think that more laptop users would have data protection, since laptops are more likely to be lost or stolen than a non-portable desktop computer.

Types of Data Stored - Desktops vs. Laptops:

Tax Records - 42% of desktops vs. 60% of laptops

Business Documents - 33% of desktops vs. 67% of laptops

Personal Photos and Videos - 83% of desktops vs. 60% of laptops

You can see more survey results here.

There is clearly a gap between people who are concerned with data theft and the number who have taken steps to secure their sensitive files. I think this is because there hasn’t been a consumer-friendly solution to address the problem until now. ZoneAlarm DataLock is an easy way to protect confidential information on your computer. It was designed specifically for consumers and small businesses with laptops and netbooks. It takes only a few minutes to set-up and works with any brand of security software you are using.

You can begin safeguarding your personal computer files today through an easy download available at: www.zonealarm.com.

St. Valentine’s Day Mass Email Attacks Again?

2010-02-14T08:47:44-08:00

By Dr. Security

Last Valentine’s Day, John Gable, Check Point’s Director of Product Management and Product Marketing wrote on this blog about the Waledac botnet attacks.

John stated: “This botnet is running a Valentine’s Day ‘campaign’ soliciting people with phony Valentine’s themed e-mails and greeting cards. When users click through to a Web site to receive their messages, malicious software is silently and automatically downloaded to their computer.”

You might want to read this blog, in case you didn’t read it last year: http://blog.zonealarm.com/blog/2009/02/waledac-valentines-day-attack-stopped-by-zonealarm-forcefield.html.

I have already received a suspicious email, supposedly from Hallmark. The first thing that made me think this was a phony was the subject line, the headline, and the first sentence of the email all said the same thing: “You have received a Hallmark E-card.” (see below)

Seems pretty redundant and doesn’t seem very creative to say the exact same thing three times, does it? Hallmark is a company that is based upon a large amount of creativity. They hire creative people with the ability to compose just the right thing or to write something better than we could come up with on our own. That’s why we buy cards or e-cards from them. So it stands to reason a Hallmark copywriter didn’t compose this email.

Now, if you weren’t suspicious by the lack of creativity in the text. Check out the graphics. Look at the menu bar where you see the “Hallmark” logo first, then “Shop Online”, etc. Anything stand out? If you said the fourth item “E-Cards” looks weird, I’d totally agree with you. Now, would Hallmark send out an email with such amateurish graphics? I don’t think so.

Here’s a tip. Legitimate e-card companies know that cybercriminals are trying to fake people out by pretending to be legit, so they make their emails more secure. Here is an example of how Blue Mountain ensures customers that their site is legitimate:

“For your security, if you'd prefer not to click on links within this email:

1. Type http://www.bluemountain.com/?source=bma999&rr=y

2. Locate the eCard pickup button in the upper left-hand area of the page
3. Enter the following code --> 21672454488

Please do not reply to this email. To help resolve your issue or question, go to:
http://www.bluemountain.com/help/index.pd

We have an extensive help center that may answer your questions, or you can choose to email us from there.

To read about email protection, type: http://www.bluemountain.com/emailprotection into your web browser.

So if you get an e-card notification email without extra security features that Blue Mountain offered, you can be certain that you don’t want to click on any links embedded in the email.

The ABC of a Phishing Attempt

2010-02-09T10:34:46-08:00

By Doctor Security

Recently, I received a phishing email (Exhibit A, below) from criminals trying to dupe me into thinking my Chase bank account was being hacked by someone using a “foreign IP address.” I’m not ashamed to admit, this email hit a nerve. Though it can be a bit risky to do, I clicked on the link to see how good the fake web page was. I did this knowing I have strong security software.

If I hadn’t been savvy, I might have quickly clicked on the link to verify my account. I paused and thought about how I could confirm my suspicion. So before I clicked on the link to the fraudulent site, I opened another browser and typed in www.chase.com to get a view of the real Chase home page. Comparing the fake Chase site and the real one was enlightening. They were nearly exactly the same.

To confirm my suspicion, I did login into the fake site using a fake user name “Bozotheclown” and a fake password “phisherssuck.” Guess what? The fake Chase web site accepted these credentials like they were real and opened an “Account Information” page (Exhibit B).

If I had fallen for this scam, I would fill in all the fields on this page. Of course, no legitimate bank is going to ask you for your card number, ATM PIN number and Social Security number to verify your account, especially online.

Now, since I wanted to see what happened next, I entered more bogus information into the fields on this page. I really hope that the cybercriminals behind this scam wasted a lot of time trying to use the unreal account numbers I entered.

After clicking on the “Submit” button a “Thank You” page appeared. (Exhibit C) If I had any doubts at all about this being a fraud, the content on this page erased them. The text has grammatical errors (“Thank you for your patient…” instead of “patience”) and an incomplete sentence (“Chase Manhattan Bank security manager Becky Draftel.”) oddly placed in the middle of the page.

The lesson here is:

Always take time to think before you act
Be suspicious regarding any online activity
Confirm the legitimacy of any request for action that comes to you via email

Exhibit A:

Exhibit B:

Exhibit C:

In the U.S., Tax Season = Phishing Season

2010-02-01T10:22:11-08:00

By Doctor Security

Email scams are always with us no matter what time of year, but when “tax season” comes around in the U.S., phishing attempts using the IRS or some other government entity increase.

Phishers know that many are anxious to get a tax refund. They play upon this emotion by sending out email blasts that offer some kind of quick access to money. The intent, of course, is to steal identities by trying to entice people to click on links and visit fake Web sites.

These sites are designed to look like real IRS or government Web sites and ask potential victims to enter personal financial information in order to get an “immediate refund.” Of course, the IRS never sends out emails asking for Social Security or PIN numbers to bank.

So what should you do if you get a phishing email?

Do not reply or click on links inside the email
Never give out financial information or passwords in response to an email request
Forward suspicious emails and bogus IRS Web sites addresses (URLs) to phishing@irs.gov.

For more information about phishing and how you can help stop it, check out this great page on the IRS Web site:

How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites

35% of Facebook Users Could be Victims of Phishing Scams

2010-01-25T11:25:42-08:00

A high number of Facebook users are still putting themselves at risk by opening their individual profiles to total strangers by clicking on unknown links that they receive. This is the conclusion of a recent blind study conducted by our Security Research & Response team.

By Check Point’s Security Research & Response Team

In order to evaluate the real danger posed by social networking sites, Check Point Software’s Security Research & Response team has simulated a Phishing scam on a random sample of Facebook users. Using a fake and anonymous Facebook profile we have disseminated a private email message that asked users to “check out my latest pictures” as well as a link to a URL. We then tracked down how many users would actually open the message and click on the link.

We found that out of 200 users that received that email, 71 clicked on the link and tried to access the webpage attached, e.g. 35% of all individuals targeted. If that link had been redirected to an infected page or a phishing site, more than 71 machines would have been compromised and 71 users could have been subject to a Phishing fraud.

Going further, the experiment also showed that many users unveil their profiles and personal information to total strangers. By doing so they expose valuable personal details such as email, private addresses, date of birth, pet’s name, maiden name and more to potential hackers.

“This test clearly illustrates the power of social networking sites to launch wide spread individual Phishing attacks,” comments Guy Guzner, director of security products at Check Point. “For a hacker it is fairly easy to take advantage of this kind of site to circulate malicious links, worms, Trojans or viruses to a wide panel of trusting users.”

“It is very important for social networkers to acknowledge that social sites are not any safer than any other place on the Internet,” Guzner concludes.

Anyone who enjoys social networking should follow a few simple tips:

* Don’t click on suspicious links

* Use advanced anti-phishing within your browser. While basic anti-phishing will block known dangerous sites using “signature” lists, advanced anti-phishing will also block new phishing sites that have not yet publicly been identified as dangerous. With millions of phishing sites reported and growing, this extra protection is essential.

* Use advanced browser security that can also protect you from downloading something dangerous. It will also safeguard your computer against invisible “drive-by-downloads” that infect your PC just by looking at a compromised site.

Attacks Come via Friends and Other Strangers

2010-01-21T09:40:59-08:00

By Doctor Security

To continue with my 2010 social networking theme, I want to share a couple of recent attempts to scam me or infect my PC.

The first attempt came in the form of an email from a young friend with an AOL account. The subject line was innocuous enough: “Hi.” The email slipped through my spam filter because it was a message from someone in my address book and the subject line didn’t raise any red flags.

Upon opening the email, there was no message except for a link that made me suspicious immediately. I did not feel compelled to click on it because nothing about this address (URL) looked inviting:

http://sites.google.com/site/bighkoi/jjjie8k.

However, I noticed that there were a number of other recipients (presuming my friend’s email account had been hacked, everyone in her address book likely received this email). Now, if any of her friends absent-mindedly clicked on the link, they could have instantly opened the door to all sorts of malware attacks, including the kind that take over the PC and use it as a launching pad for spamming and spreading viruses.

If you don’t want your computer to become a “Zombie” added to a cybercriminal’s network, you need to be always on guard and invest in a security software.

Here’s another sneaky way online criminals tried to get me to click on a link: The creeps joined a Yahoogroup I was a member of and then sent everyone in the group this message:

haha! I i found a very crazy video today, so I wanna share it with you. You can watch online here: http://crazy8videos.zoomshare.com/files/ video.htm.

This message was clearly inappropriate for my group, so it was easy to assume it was the work of someone with malicious intent. I deleted the message and reported this group member to Yahoo.

That said, please stay alert any time you open up your email!

Can You Have Too Many Friends?...On Facebook, Yes, You Can

2010-01-15T14:45:52-08:00

By Doctor Security

Security experts worldwide are predicting that 2010 will be the year cybercriminals focus on using social networking sites like Facebook to launch attacks.

Now, one of the best ways to keep yourself secure on Facebook - one that they will never tell you because it’s going to contradict their business model - is to limit the number of friends you connect with.

I know there’s an old adage that you can’t have too many friends. Well, that is not true in your online life. Unfortunately, the more people you interact with in cyberspace, the more exposed you are to cyber threats, which includes malware, spam, phishing attacks, identity theft, online harassment, and cyber stalking.

There’s no need to have hundreds of friends connected to your PERSONAL Facebook profile. In my opinion, the quality of my Facebook experience goes down rapidly when I am connected to more than 60 or 70 friends. I start missing out on postings and become overwhelmed with all the different things going on with so many people – many who are just acquaintances.

For my professional network, I strictly use LinkedIn for connecting with all those people I’ve come in contact with over time as an employee or individual contributor. It’s like a business club, whereas I consider Facebook the place for a gang of old friends. You don’t want to mix these two groups together, that way you can avoid the figurative black-eye or worse if the video of you getting a black-eye happens to be posted by a friend.

Again, in order to protect yourself online this year, you will need a robust, constantly updated security software like the ones found in the ZoneAlarm family of products.

New Anti-Virus Testing Results from AV-Comparatives

2010-01-12T09:59:42-08:00

By John Gable, Director of Product Marketing

AV-Comparatives.org, a highly respected anti-virus testing organization, recently released its 2009 summary report and awards (also see PC Mag article). Congratulations to the winners: Symantec, Kaspersky, and ESET (note that ZoneAlarm integrates Kaspersky technology for its anti-virus).

Anti-virus (which generally also includes anti-spyware) is only one component of security. Firewall, browser security, identity protection, anti-spam, anti-keylogging, data encryption and more are included in a comprehensive security solution. But there is a great deal to learn from AV-Comparatives, not just in the list of winning companies, but in the test results themselves.

Many top vendors do well blocking known viruses.

The On-Demand Comparative Test examines how well the anti-virus system blocks known viruses. Anti-virus products use large “signature” lists that are continuously updated to identify viruses. The best vendors scored 98.6% and 97.4% with several others showing strong results in the high nineties.

No vendor does well blocking new, unknown viruses.

Some vendors do this better than others, but even the best missed over 40% of new viruses (see the Proactive/Retrospective Test). This is critical because there is always some time gap between the release of a new virus and when it is recognized as something dangerous. You are vulnerable during this time. And with millions of viruses out there today with hundreds of thousands of new viruses hitting the internet, signature lists can not possibly keep up.

Anti-virus is not enough – you need to prevent infection in the first place.

Anti-virus can identify and remove viruses, but these tests show that even the best will sooner or later miss something, especially brand new viruses.

Prevention is our core philosophy which makes us unique.

If you can prevent the virus from getting onto your PC in the first place, you essentially have 100% protection. That is why Check Point ZoneAlarm continues to focus its innovation on prevention technologies. It is how we block attacks others miss.

Some key prevention technologies include:

Browser security blocks dangerous web sites, dangerous downloads, invisible and automatic “drive-by downloads”, and jams key-loggers and other attacks from interfering with or spying on your web session.
Advanced Firewall that blocks and makes invisible all ports, managing traffic that goes in and out of your PC. The basic firewall that comes with your operating system leaves lots of holes and vulnerabilities.
Operating System Firewall monitors traffic and behavior within your operating system, preventing malware from being installed or doing harm.
Anti-spam removes dangerous email before it gets into your inbox. Modern email programs also prevent scripts and other email attacks from automatically running.
Data protection like hard drive encryption prevents criminals or curious friends from viewing anything on your laptop.

Stay safe. Use anti-virus but don’t stop there – by itself it’s just not enough.

A New Phishing Trick via Craigslist

2010-01-06T11:04:24-08:00

By Doctor Security

Recently, I came across a type of phishing scam that I hadn’t seen before, but I would guess it has been around for awhile. It appears, based on the writing style, to be devised by the same folks who gave us the Nigerian Advanced Fee Scam.

This scheme comes via a posting on the apartment rentals in SF Bay Area section of Craigslist.org’s website. It is an offer for an apartment that sounds to good to be true. For those in the process of fine tuning their personal B.S. meters, this is your first red flag. There are many more.

Recently, I was made aware of this scam when it was forwarded to me by a relative who asked: “Is this legit?” He really wanted it to be true. That is the psychology behind these types of schemes: get people to ignore their personal B.S. meter warnings. The goal is to get a potential victim to reveal their personal and/or financial accounts and passwords, which, of course, leads to their identity being stolen and/or bank account being emptied.

Below, is the phisher’s email response when asked for more information regarding the great apartment at a low price (I have underlined each suspicious point and explained why in italics)…I did not even bother with all the numerous spelling and grammar errors:

Date: Mon, 21 Dec 2009 19:08:26 -0800
Subject: Re: Apartment in Milpitas
From: XXXXXX@gmail.com
To: XXXXXX@hotmail.com

Thanks for your email and interest in renting my Apartment..I am Reverend Franck Wilson,the owner of the Apartment you are making enquiry of…Actually I resided in the Apartment with my family, my wife and my only daughter before and presently we have moved out due to my transfer from my work now in United Kingdom [Be cautious with someone who isn’t local] Presently my Apartment is still available for rent for $750 Per Month (rent already includes utilities ) [ Be cautious price is below the current market for similar apartments].

More so Now, i’m currently in United Kingdom for an international Christian follower’s crusade [Why is he telling you this? ]...Pls i want you to note that,i am a kind, honest and trustworthy Man [And one heck of a good landlord, too, I bet! ] and also i spent a lot on my property that i want to give to you for rent,so i will solicit for your absolute maintenance of this Apartment and want you to treat it as your own, It is not the money [It’s all about the money – yours, not his.] that is the main problem but i want you to keep it tidy all the time so that i will be glad to see it neat when i come for a check up……….I also want you to let me have trust in you as i always stand on my word.
This is the address of the Apartment: (XXX Selwyn Dr, Milpitas, CA, 95035 ,USA)
..It has a Lovely home in a nice neighbourhood is known for excellent schools. Conveniently located with nearby shopping centers, hospitals, free ways and public transportation. This is a must see. Amenities W/D Hookups Central Heat & A/C Granite Tiled Fireplace Ceiling Fans Vaulted Ceilings Cable Available Broadband Available Custom Drapes in Living Room, Dining Room, & Master Bedroom Blinds.

SO IF YOU ARE REALLY INTERESTED IN RENTING THE APARTMENT I WILL WANT YOU TO FILL THE

RENT APPLICATION FORM.
************RENT APPLICATION FORM*************
1)Your Full Name:
2)Your Full Address:
3)Phone Number:
4) Sex ?
5)How old are you?:
6)Are you married?:
7)How many people will be living in the Apartment?:
8)Do you have a pet?:
9)Do you have a car?:
10)Occupation?:
11)When do you intend moving in : Date ?
12)When do you intend to moving out : Date ?
13)How many months or year contract?:
14)Deposit : One or Two month Deposit are required
15)Picture of the Occupant? [For his “Gullible People I Have Swindled” photo album.]

TAKE NOTE: YOU CAN ONLY DRIVE BY AND SEE MY APARTMENT FROM THE OUTSIDE [What?! You expect me to give you my personal information before I see the inside? I’m the one who should be SHOUTING in all caps.] AND IF YOU ARE REALLY INTERESTED IN RENTING THE APARTMENT GET THE APPLICATION FORM FILLED SO THAT I CAN MAKE OUT ARRANGEMENT TO SHIP OUT THE KEYS [Seriously, you have the keys to the apartment in the U.K. that you have to “ship out” every time someone wants to see the place?] & DOCUMENT TO YOU AS SOON AS YOU ARE READY. I WOULD HAVE REALLY LOVE TO SHIP THE KEYS TO SOMEONE IN THE STATE BUT I DON'T HAVE ANYBODY THERE RIGHT NOW [Why’s that Reverend? Didn’t you make any friends while you lived in the apartment?] AND I DON'T WANT TO MAKE USE OF ANY THIRD PARTY THAT IS WHY AM HANDLING MY PROPERTY MYSELF.

Apartment Address:
XXX Selwyn Dr
Milpitas, CA 95035, USA
Monthly Rent: $750
Pets Allowed: Yes
Available : Available Now for move in.
So pls get back to me today.
I await your reply ASAP.
Regards and God bless you!!!
Reverend Franck Wilson.

Now, if you were to complete the application and send it off, the next response from the Reverend would be a request for a deposit or for your banking information before he sent you the keys. If you cooperated and did as requested, I’m confident you would never receive the keys or hear from him again…Unless he thought he could get more money out of you.

If you still don’t believe this is the work of a scammer and that it may be a legitimate apartment advertisement, read on: I sent “Reverend Franck Wilson” an inquiry about his apartment for rent from a separate email address without referencing the location. He responded with the exact same email only the apartment address listed a street with no number and the city was stated as Cupertino, CA.

It’s a jungle out there, folks. Don’t be a pigeon. Keep your guard up.

Facebook Privacy Tools Defaults Aren’t Restrictive Enough

2009-12-29T14:37:06-08:00

By Doctor Security

A few weeks back, Facebook announced that they have updated and improved their Privacy Settings. If you are like most people that have a Facebook account, you probably didn’t even bother to check them out. I confess neither did I…until today. What I discovered startled me a bit: I’m revealing more than I want to “Everyone.” Facebook defines “everyone” as anybody who accesses the Internet.

Facebook has recommended default settings for certain categories of information. Call me old fashion, but I don’t want anybody with access to Google to be able to learn all about my family and personal relationships, work, my education info or personal postings. This makes identity theft, cyber stalking, and offline harassment way too easy. I don’t think I have enemies but you just can’t be too trusting online.

One thing you can do to really protect your privacy is to limit the number of friends you accept into your Facebook network. Unless you’re a rock star or a politician, there’s no need for having 500, 600, 700 friends linked to you on Facebook. It’s not a popularity contest!

LinkedIn is fine for hundreds and thousands of contacts in your network because that’s all about your professional life, but Facebook was designed to keep in-touch with your personal network (family and close friends). Don’t expose your Facebook activities to colleagues, acquaintances and strangers. There are ample stories based on the negative ramifications from “wrong” people having access to someone’s personal life.

Please check out this video about Facebook privacy, if you want to learn more:

http://www.facebook.com/video/video.php?v=366944610483

See my Facebook settings below, if you want an example of how restrictive you should be of your personal information. It’s a good deal more restrictive than what Facebook is advocating. Over time, I will venture back to these settings to fine tune them but for now, here it is:

Fine Tuning Your B.S. Meter with Real Phishing Examples

2009-12-21T15:17:17-08:00

By Doctor Security

Okay, class, who knows what phishing is? If you think that phishing is an attempt to get people to reveal their personal and financial information usually in response to a fraudulent email…you are right!

Phishing is a nasty form of spam that is sent by cybercriminals to millions of potential victims with the hope of fooling a few. Why you ask - to empty bank accounts or steal identities.

You never have to fall for a phishing email scam if you get security software like ZoneAlarm Extreme Security 2010 that blocks phishing sites and includes anti-spam that stops phishing emails. In addition to software for your PC, you should fine tune your personal “B.S. meter.” You can do this by ALWAYS being skeptical of any email request that asks for information, confirmation or verification of personal information such as your address, social security number, bank account, credit card number, password, birth date or occupation.

The first question you should always ask yourself is: why are these people contacting me? Next question: is this a legitimate email? If your common sense tells you that this is probably not a legitimate correspondence, then you can get confirmation by looking at the email carefully.

Most likely the obvious signs will include misspellings, odd formatting, unusual word phrasing, and calls to action that are “scare tactics” or thinly veiled threats. Check out the text from two phishing emails that I received recently. These should give you a better idea of what I am talking about and what you should look out for.

EXAMPLE #1

From Line:

Yahoo Member Service <Mailcentre@yahoo.com>

Subject Line:

Warning!: Yahoo! Verification Alert!!! (KMM69467VL0558KM)

Dear Valued Member,

Account Alert

Dear Valued Member,

Due to the congestion in all Yahoo users and removal of all unused Yahoo Accounts,Yahoo would be shutting down all unused Accounts,You will have to confirm your E-mail by filling out your Login Info below after clicking the reply botton, or your account will be suspended within 24 hours for security reasons.

UserName: .................................

Password: ..................................

Date of Birth: ..............................

Occupation: ...............................

Country Or Territory: ....................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal.. Thanks for your attention to this request. We apologize for any inconvenience.

Yahoo! Customer Care

Case number: 8941624
Property: Account Security
Contact date: 11-2009

Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.

EXAMPLE #2

Subject Line: Special Social Security Administration Grant...

Tue, January 3, 2006 12:47:34 AM

From: Social Security Administration <Info@special-funds.ssdi.gov>

Britney Richards,
Social Security Administration
Office of Public Inquiries
Windsor Park Building
6401 Security Blvd.
Baltimore, MD 21235

The Social Security and Supplemental Security Income disability programs are the largest of several Federal programs that provide assistance to people with disabilities.

While these two programs are different in many ways, both are administered by the Social Security Administration and only individuals who have a disability and meet medical criteria may qualify for benefits under either program.

Social Security Disability Insurance pays benefits to you and certain members of your family if you are "insured," meaning that you worked long enough and paid Social Security taxes.

A Special Social Security Disability Insurance funds has been Approved for a Direct Deposit Transfer to all the Disabled Community withing the United States and Canada. This Program is Sponsored by the United Nations as part of it's Econimic Meltdown Eradication Programme.

You are Advised to Contact the Bearer below to Fill out your Form 1199A ( Direct Deposit Details Form) to Collect your Funds. Kindly contact Social Security Agent,

Name:- Britney Richards
Email:- SSAagent12@aol.com

You are advice to provide him with the following information:

Names:
Telephone/Fax number:
Nationality:
Age:
Country:
State:

(This is important as a case of double claims will not be entertained). Members of the affiliate Agencies are automatically not allowed to participate in this Program. Furthermore, should there be any change of address do inform our aAgent as soon as possible. Congratulations once more from our members of staff and thank you for being part of our promotional program.

Yours Faithfully,
Shawn Morgan.
Social Security Administration

Thank you and congratulations!!!

This email may contain information which is confidential and/or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents is prohibited. If you have received this electronic transmission in error, please notify the sender by telephone or return email and delete the material from your computer.

Britney Richards,
Social Security Administration
Office of Public Inquiries
Windsor Park Building
6401 Security Blvd.
Baltimore, MD 21235

Dr. Security’s List of “Red Flag” Items in Phishing Email:

Example 1:

Use of exclamation marks in the subject line
Odd phrasing “Due to the congestion in all Yahoo users…”
Typo “botton” instead of “button”
Scare tactic: Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.

Example 2:

Wrong date “Tue, January 3, 2006 12:47:34 AM” (This email arrived on December 13, 2009)
Typo “…a Direct Deposit Transfer to all the Disabled Community withing the United States and Canada.”
Government official using an AOL email account? SSAagent12@aol.com I don’t think so.

Two different signatures: “Shawn Morgan” and then “Britney Richards”