Irene – is that you (or a fake)?

[ronjor]

Quote:

So you get a Twitter tweet or Facebook notification from what “seems to be” a friend saying they have the latest information in the development of Hurricane Irene, if you just “click here.” When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake website with malware. And oh, by the way, your computer is now infected.

The practice, a variant of BlackHat Seach Engine Optimization (BHSEO), picking major world events for scams to target unsuspecting victims through fake high-ranking search engine results, is nothing new. When a major world event occurs, people feel like there’s an urgent “need” to know what’s going on, a bit of a frenzy. The new twist is when BHSEO tactics join social engineering to provide malicious links that “seem” to be coming from people you really know and trust.

http://blog.eset.com/2011/08/26/iren...-you-or-a-fake

[dw426]

Why on earth would anyone fall for something like this? Coming from a friend or not, the latest info on it is a TV channel away. And, if you're in the area affected..you probably don't need to be told the latest news, what with all the wind, rain and things being blown about outside your door.

[Hungry Man]

Uhhh, if it's from a friend I can imagine many people falling for it.

[dw426]

Quote:

Originally Posted by Hungry Man

Uhhh, if it's from a friend I can imagine many people falling for it.

Seriously? After everything people have gone through with malicious things on FB and Twitter, you'd still click some out of the blue link from a friend about the weather? (not saying you personally, just a general question) I'd find it extremely strange to receive such a thing even in my email. I might be able to see it if the person was right in the thick of things. But, that goes back to what I said about not really needing a link to know the current situation. If the local news isn't saying it, all the goings on outside your door would certainly.

You don't open links sent to you even by your grandma without asking her first if she sent it. That isn't being computer smart now, that's simply a must.

[The Hammer]

I don't do Facebook or twitter, never felt the need when they came out. Since then, I've read too many bad things from privacy concerns/breaches to malware problems. They sound like good places to test your security/privacy setups though.

[ronjor]

You can't hide an elephant under a rug. Many people use the social networks and they aren't going away.

Facebook offers a security manual. http://www.wilderssecurity.com/showthread.php?t=306176

[Rmus]

Quote:

Originally Posted by dw426

... I'd find it extremely strange to receive such a thing even in my email.

Hi dw246,

Unfortunately, I find it from time to time: a well-meaning friend wants to pass along the latest information on some event that is in the news.

I just don't bother-- not because I'm afraid of a redirect to a malware site, but I just don't have time!

In a discussion about this some years ago, I asked someone if, pre-email, she would mail with a stamp some notice like this to everyone in her address book! You can imagine her answer.

From the article:

Quote:

So you get a Twitter tweet or Facebook notification from what “seems to be” a friend

Well, it's either a friend, or it's not. Surely one knows one's friends!

Quote:

...When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake website with malware. And oh, by the way, your computer is now infected.

That's a bit of a leap to conclusion!

If you work with home users, you set up firm procedures and policies -- the article has good suggestions.

And, have security protection in place to take care of accidents and cases where they let their guard down.

regards,

-rich

[The Hammer]

Quote:

Originally Posted by ronjor

You can't hide an elephant under a rug. Many people use the social networks and they aren't going away.

Facebook offers a security manual. http://www.wilderssecurity.com/showthread.php?t=306176

I never said you could (hide an elephant ) and one of the big problems with privacy on Facebook are the people who run it. As it is there have been a number of articles detailing how usage has been falling off.

[Hungry Man]

Quote:

Originally Posted by dw426

Seriously? After everything people have gone through with malicious things on FB and Twitter, you'd still click some out of the blue link from a friend about the weather? (not saying you personally, just a general question) I'd find it extremely strange to receive such a thing even in my email. I might be able to see it if the person was right in the thick of things. But, that goes back to what I said about not really needing a link to know the current situation. If the local news isn't saying it, all the goings on outside your door would certainly.

You don't open links sent to you even by your grandma without asking her first if she sent it. That isn't being computer smart now, that's simply a must.

I live in Manhattan and have had multiple emails saying "Here's the latest info, here's what zone we're in, blah blah blah" and I haven't hesitated to open a single one.

[dw426]

Quote:

Originally Posted by Hungry Man

I live in Manhattan and have had multiple emails saying "Here's the latest info, here's what zone we're in, blah blah blah" and I haven't hesitated to open a single one.

Tsk tsk You're kind of in the thick of it though, so you at least have a reason to look. A guy like me, in the middle of the country has no such reason, and therefore wouldn't glance twice. I'm also one of the evidently few people who shoot off a message or call to someone who sends me a link, to verify they actually sent it. Anyhow, stay safe, Hungry.

[vasa1]

Quote:

Originally Posted by dw426

Tsk tsk You're kind of in the thick of it though, so you at least have a reason to look. A guy like me, in the middle of the country has no such reason, and therefore wouldn't glance twice. I'm also one of the evidently few people who shoot off a message or call to someone who sends me a link, to verify they actually sent it. Anyhow, stay safe, Hungry.

Quote:

I haven't hesitated to open a single one.

The context to keep in mind is that HM is actively looking for "zero-day" exploits as per a post elsewhere and, presumably, is capable of dealing with them.

A casual reader of this thread may read HM's post and feel that someone with so many posts to their credit can't be wrong in opening each and every e-mail they receive

[dw426]

Quote:

Originally Posted by vasa1

The context to keep in mind is that HM is actively looking for "zero-day" exploits as per a post elsewhere and, presumably, is capable of dealing with them.

A casual reader of this thread may read HM's post and feel that someone with so many posts to their credit can't be wrong in opening each and every e-mail they receive

Since when did post count mean someone knew what they were talking about? I'm just teasing Hungry, I know he's a tester.

[Dark Shadow]

Quote:

Originally Posted by ronjor

You can't hide an elephant under a rug. Many people use the social networks and they aren't going away.

Facebook offers a security manual. http://www.wilderssecurity.com/showthread.php?t=306176

unless its a very very super size rug.

[Hungry Man]

Frankly, even if I were running nothing but MSE I'd be opening all of my emails. If I know who the email is from I don't even question it. If I don't know where the email is from... and the subject is blatantly spam ("Bai v1agruh 4dolla") I don't open it... if it seems to be a legit email I open it.

The fact that I know I'm secure with my setup just means that I get to look at viagra ads too haha