Pages

Saturday, June 4, 2011

Spam, Phishing and Genealogy

Google's security team recently commented on a Phishing campaign aimed at U..S. Government officials. Here is a quote from the Official Google Blog:
Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.

The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)
The article describes the process as follows:
Bad actors take advantage of the fact that most people aren’t that tech savvy—hijacking accounts by using malware and phishing scams that trick users into sharing their passwords, or by using passwords obtained by hacking other websites. Most account hijackings are not very targeted; they are designed to steal identities, acquire financial data or send spam. But some attacks are targeted at specific individuals.
 In case you do not know, phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. See Wikipedia.

I have been the target of several phishing attacks through a huge amount of spam, but usually you can look at the URL and see that it is not from the site being represented. Another simple remedy is to delete any e-mail you receive from even a slightly questionable source before opening the message. This is especially true for e-mails from banks or other financial institutions. If you have the slightest doubt that an e-mail is valid, call the sender and ask if an e-mail was sent. Never provide personal information in response to an e-mail without verification of the sender.

I have had to change my e-mail address on occasion for simple reason that I was getting a huge amount of spam which includes a fair amount of phishing. 

Now, as online genealogists we probably send and receive more than the average amount of e-mail. I get messages all the time from banks telling me that there is a problem with my account and to click on the link to get information about the problem. These inquiries always interest me because I usually do not have an account at that particular bank.

Being online is almost a necessity for today's genealogist, but that does not mean that we have to leave our common sense and good judgement behind and pick up on every fake phishing inquiry.

1 comment:

  1. No surprise the attack came from China. The Chinese have recently admitted that they have a dedicated cadre of hackers, called the Blue Army. (see for example: http://www.techi.com/2011/05/blue-army-chinas-30-strong-commando-unit-of-cyberwarriors/).

    I have received phishing attempts and other scams from time to time, and have blogged about some of them. It's just a matter of remaining vigilant.

    ReplyDelete