enticing users to click 'here you have' wormI like to compare the internet to real life, as a way of helping people understand information security. I am often amazed at how people who are so quick to be sure their homes and cars are protected do not even give a second thought to their online security. For some reason there is still a mass misconception that the internet is a safe place. The net is like any city, it’s got beautiful parks and nice malls to shop in, but it’s also got a red light district and dangerous back alleys. Navigating the net requires perhaps a little more knowledge than staying secure at home does. When you go to bed at night it’s common sense and part of your routine to make sure your house is secure, you lock your doors and windows, and perhaps set an alarm, or turn on some motion lights in the yard. The same is true of the web, you have to be proactive, but online it’s always a dark night so you better make sure you’re protected. Sometimes it requires more than just a security system as the recent ‘Here You Have‘ worm has demonstrated (yet again!), internet users are still prey to the most basic of social engineering tricks and still think ‘buying speakers out of a car trunk in a busy parking lot’ is a good idea.. or perhaps that every nice person that knocks on your front door with a deal is legit. If you are the kind of person that would buy a vacuum off a guy at your front door for a thousand dollars, than you may need to upgrade your security common sense. (By the way, that vacuum is probably worth no more than two hundred bucks)

The Most Basic Trick in CyberCrime

The ‘Here You Have’ worm utilized one of the most basic tactics in cybercrime, users receive an email which enticed them to click a link to a web site that offered them something that sounded interesting for free (likely porn), clicking on the link executes the virus. First rule of email security: Never click directly on links, rather type known links into your browser. This gets a little confusing however since you often need to click long links full of numbers and other characters in order to get an email address verified, or gain access to a website. It’s true, the ‘rule of thumb’ always has exceptions and that is what makes net security so complex. No matter how secure your system is, how well you’ve made sure that you’re antivirus is up to date, that your firewall is in place, and that your software is updated – you can still be enticed to go down a back alley that you shouldn’t. The virus was ultimately responsible for taking down email servers at NASA and numerous other companies including cable giant Comcast Corp.

If the long history of cybercrime has taught criminals anything, it is that users will always be susceptible to clicking on things they shouldn’t… if you just feed them the right line. Kaspersky Anti-Virus is one of my highly recommended products that does a fantastic job of monitoring all virus entry points leaving you with a virus-free PC! Click Here. Is it possible to educate people on the dangers of being socially engineered and the risk of clicking unknown links, particularly links received in email? You can read more about Social Engineering in this article “How long can I browse the web without antivirus protection“.