‘Here You Have’ my opinion, enticing users to click.
by Daniel Snyder on Sep 11, 2010 • 8:28 am 14 CommentsI like to compare the internet to real life, as a way of helping people understand information security. I am often amazed at how people who are so quick to be sure their homes and cars are protected do not even give a second thought to their online security. For some reason there is still a mass misconception that the internet is a safe place. The net is like any city, it’s got beautiful parks and nice malls to shop in, but it’s also got a red light district and dangerous back alleys. Navigating the net requires perhaps a little more knowledge than staying secure at home does. When you go to bed at night it’s common sense and part of your routine to make sure your house is secure, you lock your doors and windows, and perhaps set an alarm, or turn on some motion lights in the yard. The same is true of the web, you have to be proactive, but online it’s always a dark night so you better make sure you’re protected. Sometimes it requires more than just a security system as the recent ‘Here You Have‘ worm has demonstrated (yet again!), internet users are still prey to the most basic of social engineering tricks and still think ‘buying speakers out of a car trunk in a busy parking lot’ is a good idea.. or perhaps that every nice person that knocks on your front door with a deal is legit. If you are the kind of person that would buy a vacuum off a guy at your front door for a thousand dollars, than you may need to upgrade your security common sense. (By the way, that vacuum is probably worth no more than two hundred bucks)
The Most Basic Trick in CyberCrime
The ‘Here You Have’ worm utilized one of the most basic tactics in cybercrime, users receive an email which enticed them to click a link to a web site that offered them something that sounded interesting for free (likely porn), clicking on the link executes the virus. First rule of email security: Never click directly on links, rather type known links into your browser. This gets a little confusing however since you often need to click long links full of numbers and other characters in order to get an email address verified, or gain access to a website. It’s true, the ‘rule of thumb’ always has exceptions and that is what makes net security so complex. No matter how secure your system is, how well you’ve made sure that you’re antivirus is up to date, that your firewall is in place, and that your software is updated – you can still be enticed to go down a back alley that you shouldn’t. The virus was ultimately responsible for taking down email servers at NASA and numerous other companies including cable giant Comcast Corp.
If the long history of cybercrime has taught criminals anything, it is that users will always be susceptible to clicking on things they shouldn’t… if you just feed them the right line. Kaspersky Anti-Virus is one of my highly recommended products that does a fantastic job of monitoring all virus entry points leaving you with a virus-free PC! Click Here. Is it possible to educate people on the dangers of being socially engineered and the risk of clicking unknown links, particularly links received in email? You can read more about Social Engineering in this article “How long can I browse the web without antivirus protection“.
14 comments
Tweets that mention 'Here You Have' my opinion, enticing users to click. | Info Carnivore -- Topsy.com says:
Sep 11, 2010
[…] This post was mentioned on Twitter by Daniel Snyder, Daniel Snyder. Daniel Snyder said: 'Here You Have' my opinion: enticing users to click… http://bit.ly/byTHqc (and taking down NASA in the process) […]
A.Tatum says:
Sep 13, 2010
You definitely have to be careful of what you click on. I would definably recommend Gmail for a new user because it tends to pick up scam emails pretty good.
Daniel Snyder says:
Sep 14, 2010
Yeah man, I agree. Gmail does a good job at screening links (but not perfect!)
Lee says:
Sep 15, 2010
People will always get tricked by this sort of thing but, really, come on, just use some common sense.
If you receive an email asking you to click a link then think carefully ahead of time – are you expecting that email? do you know the sender? does a mouseover of the link suggest anything suspicious?
If the link appears to come from a friend or family member, but you’re not sure what it is, then why not give them a call to verify what it is?
I get these sort of emails all the time from my ex-sister-in-law because her laptop is riddled with malware. Even if I didn’t know that I still wouldn’t click on links just because.
Daniel Snyder says:
Sep 16, 2010
Thanks Lee, as usual – really appreciate your comments and feedback! I have same issues with friends who have tons of malware, and are obsessed with forwarding junk emails… (not going to mention any names… haha)
Michele @ NewBizBlogger says:
Sep 16, 2010
I agree, you can never have too much security. As a victim of a virus attack in the past, I’m particularly focused on it. Funny I just recently wrote an article on taking security measures to protect your site.
Anyway, I use a variety of software now…AVG, Malwarebytes and Spy Doctor. Better safe than sorry. =) Will check out Kaspersky Anti-Virus though… thanks for the tip!
Daniel Snyder says:
Sep 17, 2010
Thanks Michele – those three programs you are using in combo are fantastic. Malwarebytes is one of my favs and is rock solid as an on-demand scanner. AVG Free works excellent in the background and has won a lot of awards it is par with any other PAY antivirus software.
Anonymous says:
Sep 16, 2010
Phishing emails still work because people are gullible. Wisen up!
Daniel Snyder says:
Sep 17, 2010
That’s right! Some people are so gullible they shouldn’t own computers… by the way, if you want to throw money away like that people – i’m a good cause – … 😉
Gera @ SweetsFoods says:
Sep 16, 2010
I receive a lot of them constantly some are basic but others are very sophisticated; once I almost click, was a notification from facebook, just when I saw the real url was fake. Thanks for the tips, always welcome!
Cheers,
Gera
Daniel Snyder says:
Sep 17, 2010
Yeah, they range from overly simple to exceptionally extravagant… smart rule of thumb, just don’t click on email links… thanks Gera for your comment!
DO FOLLOW LUV says:
Sep 23, 2010
'Here You Have' my opinion, enticing users to click….
How cybercriminals continue to con gullible people into clicking on malicious links. It’s always happened, and it always will happen. Don’t be gullible!…
Brentparlee says:
Oct 24, 2010
I agree that you have to be careful on what you click these days. How does the new avg link scanner work?
Daniel Snyder says:
Oct 25, 2010
AVG uses their servers to scan the destination URL before you get to it. There is also a blacklist of ‘bad’ URLs that they can compare against.