[NEohioPAL]protecting your email address and computer from in ternet scoundrels
Schaefer, Robert PS
Robert.Schaefer at pbs.proquest.com
Mon Jan 17 07:30:08 PST 2005
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4FCA9.6CF4C670
Content-Type: text/plain
Fred, and list subscribers:
I thought I'd chime in with some helpful advice on several things having to
do with this topic. As a quick side note, I am a computer
programmer/engineer in real life, and would consider myself to fall under
the "real" definition of a hacker. (Look it up in Webster's for the real
definition versus the media's definition, I don't break into computers)
First up, how do spammers/what not get your e-mail address?
There's several ways this can be done, the most common ways of getting your
e-mail address are either through online e-mail archives (NEohioPAL has its
archives public) scanning websites looking for e-mail addresses, using
random combinations of addresses for each domain, that free site that wanted
some information to let you see their info, or through spyware and viruses.
Now, what to do when you're the victim of being spoofed. First, make sure
you didn't actually send the e-mails. You do this by scanning your machine
for viruses, and by checking for spyware and adware. Once you have verified
that you did not in fact send the e-mails, you've pretty much done all you
can do. You can let people know that you didn't send the e-mail, and that
you have scanned your machine and are not infected, but that's about it.
Chances are you'll never know who really did it, and its not really worth
the amount of effort it would take to track it to the specific anonymous
re-mailer that was used. (Chances are it'll be in China or Russia, or some
other place that won't release any information)
What can you do to reduce your exposure?
* Use some common sense, if the e-mail comes from someone you know, but
doesn't look like something they would send, or is questionable in any form,
contact them and ask them if they sent it. DO NOT FORWARD THE E-MAIL TO
THEM!!! Ask if they sent you an e-mail and describe, if you forward it, you
run the risk of infecting them.
* Use anti-virus software and keep it up to date! If your anti-virus is
set to auto-check, set it to the shortest settings possible. Updates on a
daily basis is not unusual. Download and run spyware programs such as
ad-aware and spybot Search and Destroy on a regular basis. (Websites will
be listed at the end)
* Never click on the remove me link included in the e-mail, 9 times out of
10, you've just validated your e-mail, and you'll be added to other lists.
* Never click on a link in e-mails purporting to needing personal
information. No financial institution should provide you with a link in an
e-mail to enter personal information. They should tell you to go to their
home page and follow the links there. This includes Microsoft, E-bay,
Amazon and other places like this.
* Make sure your Windows is up to date with the latest patches.
* Stop using Internet Explorer as your default browser. (Alternatives, and
places to find out about them, are listed below)
* Stop using Outlook/Outlook Express for your e-mail. (Again, alternatives
below)
* Make sure there's either a software firewall or a hardware firewall
between your computer and the internet. (I believe the current average time
to infection on a un-patched PC is down to below 40 seconds. Yes, I said
seconds.) A hardware firewall can be as simple as a hardware router between
the computer and the internet. However, this is generally only an option to
people with broadband connections. While the built-in firewall in XP is a
good start, a third party firewall should be used instead.
Unfortunately, even following all of these points, you'll still have your
e-mail spoofed, spammed and everything else, but following these rules will
reduce your exposure.
Here are websites for some of the software that I mentioned above, and note,
most of these are free! (Doesn't mean they're crap, as a matter of fact,
most listed below are better than a lot of commercial products)
Ad-Aware: http://www.lavasoft.de/ <http://www.lavasoft.de/>
Spybot Search and Destroy: http://www.spybot.info/en/index.html
<http://www.spybot.info/en/index.html>
AVG AntiVirus: http://www.grisoft.com/us/us_index.php
<http://www.grisoft.com/us/us_index.php>
Alternative E-mail clients:
Eudora: http://www.eudora.com/ <http://www.eudora.com/>
Thunderbird: http://www.mozilla.org/products/thunderbird/
<http://www.mozilla.org/products/thunderbird/>
Alternative web browsers:
Mozilla: http://www.mozilla.org/products/mozilla1.x/
<http://www.mozilla.org/products/mozilla1.x/>
Firefox: http://www.mozilla.org/products/firefox/
<http://www.mozilla.org/products/firefox/>
Netscape: http://www.netscape.com/ <http://www.netscape.com/>
Opera: http://www.opera.com/ <http://www.opera.com/>
I'm sure there are more, and others that may be better, but most of these
products I have used or currently do use on my computers. If you have any
questions specific to your situation that you would like help with, e-mail
me and I will do what I can to help you out!
-----Original Message-----
From: FSternfeld at aol.com [mailto:FSternfeld at aol.com]
Sent: Saturday, January 15, 2005 1:12 PM
To: neohiopal at lists.fredsternfeld.com
Subject: [NEohioPAL]protecting your email address and computer from internet
scoundrels
Some people who have posted to the list have informed me that their e-mail
address has been the victim of "spoofing" and/or "phishing."
The neohiopal posting address or anyone's individual address can be used as
a fake address by internet scoundrels. Almost everyone I have talked to
about this issue has been a victim of this at one point or another.
THE BEST WAY TO PROTECT YOURSELF AND YOUR COMPUTER IS TO NEVER OPEN AN
ATTACHMENT FROM AN UNFAMILIAR E-MAIL ADDRESS OR FROM THE NEOHIOPAL LIST.
As you probably know, I have a "no graphics or attachments" policy for this
very reason. Occasionally, I accidentally approve a message with a graphic
or attachment because I only see the first part of the posting in the queue
and simply can't tell that there is one.
Your will always be able to open your neohiopal mail and assume it is safe
as long as there is no attachment on it.
There is more information about "spoofing" and "phishing" at this link:
http://www.mailsbroadcast.com/email.broadcast.faq/46.email.spoofing.htm
<http://www.mailsbroadcast.com/email.broadcast.faq/46.email.spoofing.htm>
You can also google these words to learn more about the problem: spoofing,
phishing, spam, counterfeit email, hijacked email.
If any of you know more about this issue that you want to share with the
list, please chime in - however I will limit the discussion to the next day
or so.
Fred Sternfeld
http://www.fredsternfeld.com <http://www.fredsternfeld.com/>
216-360-0708- home
216-496-6087- cell
------_=_NextPart_001_01C4FCA9.6CF4C670
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1479" name=GENERATOR></HEAD>
<BODY id=role_body style="FONT-SIZE: 12pt; COLOR: #000000; FONT-FAMILY: Arial"
bottomMargin=7 leftMargin=7 topMargin=7 rightMargin=7>
<DIV><SPAN class=644055314-17012005>Fred, and list subscribers:</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>I thought I'd chime in with some helpful
advice on several things having to do with this topic. As a quick side
note, I am a computer programmer/engineer in real life, and would consider
myself to fall under the "real" definition of a hacker. (Look it up in
Webster's for the real definition versus the media's definition, I don't break
into computers)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>First up, how do spammers/what not get your
e-mail address?</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>There's several ways this can be done, the
most common ways of getting your e-mail address are either through online e-mail
archives (NEohioPAL has its archives public) scanning websites looking for
e-mail addresses, using random combinations of addresses for each domain, that
free site that wanted some information to let you see their info, or through
spyware and viruses.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Now, what to do when you're the victim of
being spoofed. First, make sure you didn't actually send the
e-mails. You do this by scanning your machine for viruses, and by checking
for spyware and adware. Once you have verified that you did not in fact
send the e-mails, you've pretty much done all you can do. You can let
people know that you didn't send the e-mail, and that you have scanned your
machine and are not infected, but that's about it. Chances are you'll
never know who really did it, and its not really worth the amount of effort it
would take to track it to the specific anonymous re-mailer that was used.
(Chances are it'll be in China or Russia, or some other place that won't release
any information)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>What can you do to reduce your
exposure? </SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Use some common sense, if the e-mail
comes from someone you know, but doesn't look like something they would send, or
is questionable in any form, contact them and ask them if they sent it. DO
NOT FORWARD THE E-MAIL TO THEM!!! Ask if they sent you an e-mail and
describe, if you forward it, you run the risk of infecting them.
</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Use anti-virus software and keep it
up to date! If your anti-virus is set to auto-check, set it to the
shortest settings possible. Updates on a daily basis is not unusual.
Download and run spyware programs such as ad-aware and spybot Search and Destroy
on a regular basis. (Websites will be listed at the end)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Never click on the remove me link
included in the e-mail, 9 times out of 10, you've just validated your e-mail,
and you'll be added to other lists.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Never click on a link in e-mails
purporting to needing personal information. No financial institution
should provide you with a link in an e-mail to enter personal information.
They should tell you to go to their home page and follow the links there.
This includes Microsoft, E-bay, Amazon and other places like this.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Make sure your Windows is up to date
with the latest patches.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Stop using Internet Explorer as your
default browser. (Alternatives, and places to find out about them, are
listed below)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Stop using Outlook/Outlook Express
for your e-mail. (Again, alternatives below)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005> * Make sure there's either a software
firewall or a hardware firewall between your computer and the internet. (I
believe the current average time to infection on a un-patched PC is down to
below 40 seconds. Yes, I said seconds.) A hardware firewall can be
as simple as a hardware router between the computer and the internet.
However, this is generally only an option to people with broadband
connections. While the built-in firewall in XP is a good start, a third
party firewall should be used instead.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Unfortunately, even following all of these
points, you'll still have your e-mail spoofed, spammed and everything else, but
following these rules will reduce your exposure.</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Here are websites for some of the software
that I mentioned above, and note, most of these are free! (Doesn't mean
they're crap, as a matter of fact, most listed below are better than a lot of
commercial products)</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Ad-Aware: <A
href="http://www.lavasoft.de/">http://www.lavasoft.de/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Spybot Search and Destroy: <A
href="http://www.spybot.info/en/index.html">http://www.spybot.info/en/index.html</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>AVG AntiVirus: <A
href="http://www.grisoft.com/us/us_index.php">http://www.grisoft.com/us/us_index.php</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Alternative E-mail clients:</SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Eudora: <A
href="http://www.eudora.com/">http://www.eudora.com/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Thunderbird: <A
href="http://www.mozilla.org/products/thunderbird/">http://www.mozilla.org/products/thunderbird/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>Alternative web browsers:</SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Mozilla: <A
href="http://www.mozilla.org/products/mozilla1.x/">http://www.mozilla.org/products/mozilla1.x/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Firefox: <A
href="http://www.mozilla.org/products/firefox/">http://www.mozilla.org/products/firefox/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Netscape: <A
href="http://www.netscape.com/">http://www.netscape.com/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005>Opera: <A
href="http://www.opera.com/">http://www.opera.com/</A></SPAN></DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005></SPAN> </DIV>
<DIV><SPAN class=644055314-17012005>I'm sure there are more, and others that may
be better, but most of these products I have used or currently do use on my
computers. If you have any questions specific to your situation that you
would like help with, e-mail me and I will do what I can to help you
out!</SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
FSternfeld at aol.com [mailto:FSternfeld at aol.com] <BR><B>Sent:</B> Saturday,
January 15, 2005 1:12 PM<BR><B>To:</B>
neohiopal at lists.fredsternfeld.com<BR><B>Subject:</B> [NEohioPAL]protecting
your email address and computer from internet
scoundrels<BR><BR></FONT></DIV><FONT id=role_document face=Arial color=#000000
size=3>
<DIV><STRONG>Some people who have posted to the list have informed me that
their e-mail address has been the victim of "spoofing" and/or
"phishing."</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>The neohiopal posting address or anyone's individual address can
be used as a fake address by internet scoundrels. Almost everyone I have
talked to about this issue has been a victim of this at one point or
another.</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>THE BEST WAY TO PROTECT YOURSELF AND YOUR COMPUTER IS TO NEVER
OPEN AN ATTACHMENT FROM AN UNFAMILIAR E-MAIL ADDRESS OR FROM THE NEOHIOPAL
LIST.</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>As you probably know, I have a "no graphics or attachments"
policy for this very reason. Occasionally, I accidentally approve a
message with a graphic or attachment because I only see the first part of the
posting in the queue and simply can't tell that there is one.</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>Your will always be able to open your neohiopal mail and assume
it is safe as long as there is no attachment on it.</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>There is more information about "spoofing" and "phishing" at this
link: <A
href="http://www.mailsbroadcast.com/email.broadcast.faq/46.email.spoofing.htm">http://www.mailsbroadcast.com/email.broadcast.faq/46.email.spoofing.htm</A></STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>You can also google these words to learn more about the problem:
spoofing, phishing, spam, counterfeit email, hijacked email.</STRONG></DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>If any of you know more about this issue that you want to share
with the list, please chime in - however I will limit the discussion to the
next day or so.</STRONG></DIV>
<DIV> </DIV>
<DIV><FONT lang=0 face="Script MT Bold" size=4 PTSIZE="14"
FAMILY="SCRIPT">Fred Sternfeld</FONT><FONT lang=0 face=Arial color=#000000
size=4 PTSIZE="14" FAMILY="SANSSERIF"><BR></FONT><FONT lang=0 face=Arial
color=#0000ff size=3 PTSIZE="12" FAMILY="SANSSERIF"><A
href="http://www.fredsternfeld.com/">http://www.fredsternfeld.com</A><U><BR></U>216-360-0708-
home<BR>216-496-6087-
cell<B><BR></B></FONT></DIV></BLOCKQUOTE></FONT></BODY></HTML>
------_=_NextPart_001_01C4FCA9.6CF4C670--
More information about the NEohioPAL
mailing list