Posts Tagged ‘email

14
May
08

IRS Email Scam

By itsecurityadmin Leave a Comment
Categories: Encryption, IT Security, Identity Theft, Scams and Spam
Tags: , , , , , , , , , , , , ,

I recently sent an email about this to my friends. Here’s the post:

If you receive the below email (Get 2008 Economic Stimulus Refund – $1800), delete it! This is a scam!!!! Please be perceptive enough to check into things before you blindly believe these technological lies. Apparently, a half-witted computer tech without morals is trying to capitalize on the stimulus refund from the government. He/she will be phishing for your bank account information & SSN, and will ultimately rob you of your identity.

Email is never the primary way governments, banking institutions and major businesses communicate with you. Remember, email is like a postcard, it’s not secure unless you use encryption (to answer everyone’s question, “Am I using email encryption?” I guarantee you that you would know if you’re using email encryption because you have to install it-or login to a secure webmail server, and it only works if the other person you’re communicating with uses the same type of encryption or has a private or public encryption key).

All it takes is a few tools and in five minutes I can intercept email as it travels across the internet. Again, email is simply a postcard. As it travels anyone with the right tools can intercept and read it. Never send banking information, passwords, or Personal Identifiable Information (PII) via unencrypted email.

Here are a few free email encryption solutions:

1. Hushmail (free secure webmail solution)

2. Google Gmail Encryption with FireFox: FireGPG (You have to login to https://gmail.com when using this encryption with Gmail.) Here’s the instruction on how to setup and use FireGPG encryption with Gmail: http://www.linux.com/articles/62369

3. Greasemonkey Encryption: Firefox Extension

If you have any questions, please visit my IT Security blog at: www.itsecurityadmin.wordpress.com or email me.

Here’s the email:

From: service@irs.gov [mailto:service@irs.gov]
Sent: Tuesday, May 13, 2008 3:58 AM
Subject: Get 2008 Economic Stimulus Refund ( $1800 )
Importance: High



Over 130 million Americans will receive refunds as
part of President Bush program to jumpstart the economy.

Our records indicate that you are qualified to receive the
2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by
direct deposit to your checking/savings account.

Please click on the link and fill out the form and submit
before May 13th, 2008 to ensure that your refund will be
processed as soon as possible.

Submitting your form on May 13th, 2008 or later means that
your refund will be delayed due to the volume of requests we
anticipate for the Economic Stimulus Refund.

To access Economic Stimulus Refund, please click here.

© Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.

20
Nov
07

Phishing Scams – How To Verify A Site Certificate

By itsecurityadmin Leave a Comment
Categories: IT Security and Scams
Tags: , , , , , , , , , , ,
Phishing

Some malicious individuals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such your credit card number.

Fortunately, there are several steps you can take to help protect yourself from these and other types of attacks.

What is a spoofing attack?

Spoofing attacks are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate.

Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

How to verify a site certificate

Always verify the security certificate issued to a site before submitting any personal information. Before you submit any personal information, ensure that you are indeed on the website you intend to be on.

In Internet Explorer, you can do this by checking the yellow lock icon on the status bar.

This symbol signifies that the website uses encryption to help protect any sensitive personal information—credit card number, Social Security number, payment details—that you enter.

Screen shot of yellow lock icon in Internet Explorer

Secure site lock icon. If the lock is closed, then the site uses encryption. Double-click the lock icon to display the security certificate for the site. This certificate is proof of the identity for the site.

When you check the certificate, the name following Issued to should match the site you think you are on. If the name differs, you may be on a spoofed site.

If you are not sure whether a certificate is legitimate, do not enter any personal information. Play it safe and leave the Web site.

Screen shot of an MSN certificate

Legitimate certificate. When new subscribers sign up for MSN services, they can match the Issued to domain name (msn.com) to the Web site domain name (also msn.com).

Also, be cautious about clicking links in e-mail messages or in online ads from retailers you don’t recognize or trust. If you have any doubt about a link, do not click it.

Instead, type the Web site address into the address bar of your Web browser, or try to confirm that the link is legitimate. Remember, if an offer sounds too good to be true, it probably is.

Get the Phishing Filter

Phishing Filter is designed to warn or block you from potentially harmful Web sites. It’s available in Windows Internet Explorer 7 for Windows XP Service Pack 2 (SP2), and Windows Vista. It is also available in the new Windows Live Toolbar for users of Internet Explorer 6 and above.