Features Research & Innovation
Working in the Minefield — or Pulp Friction

Phishing with Spam

Of all email through the Internet, about 70% is spam. A small portion of the spam is phishing (Phish: Attempt to trick a computer user into divulging passwords, financial or other confidential information, usually through the use of false emails luring the user to a fake website). Very few users respond to spam, just enough to make it profitable. Even fewer of those users are fooled by phishing schemes, revealing just enough information for the operators to clean out their accounts or even take out a second mortgage on their house. There was an increase of over 1100% in phishing attacks in a six-month period last year. An estimated 57 million users received phishing emails in 2004. Of those, 19% opened a phishing email and clicked on a link. Roughly 3 to 5% divulged personal or financial information.1

‘Evil Twins’

Wireless access points (Wi-Fi) or hotspots are proliferating, with over 57,000 available throughout the world. A recent trend has been ‘Evil Twin’ hotspots — an Evil Twin is a wireless hotspot set up to mimic a legitimate one. While in an airport, a restaurant or other place that might have a normal hotspot, you could be fooled into signing on to a hotspot with the same name as the expected one. Their purpose is to capture any data you might unwittingly transmit, such as passwords, credit card numbers, emails, etc. They can also be set up to mimic the wireless access at a home or office, though this is less common. Also in the wireless arena, if you leave the wireless capability of your computer activated even when you are not using it, you leave yourself vulnerable to malicious users searching for such computers. This is especially true if you leave the ad-hoc mode enabled — this allows other computers to connect to your computer through the wireless card, gaining access to anything that is not specifically encrypted.

Hijacked!

Suppose you are looking for information on a new industry trend, so you surf to a new website. From that point on, every time you start your browser, it always goes to a certain website, which offers some most surprising products and services. You may also find unfamiliar icons on your desktop and/or a strange toolbar on your browser. Your browser has been hijacked! You also find that your computer runs very slowly, with tasks taking minutes rather than seconds. You have spyware. It may not do anything more than pop up annoying ads…or it could be harvesting keystrokes looking for bank or credit card information.

“Hey! Let’s be careful out there!”

We have access to a wonderful set of tools in email and the Internet. However, as with any tool, they can be used for many purposes — fair or foul. Some trucks on the road carry illegal goods; phones can be used by con men; volumes of advertising flyers flood our mailboxes. The same is true of any new technology — video recorder development was driven by the pornography industry! There are some excellent guides available on how to avoid being scammed, phished, spoofed or spied upon. A few resources are listed below, but many more are available. As Sgt. Esterhaus said in Hill Street Blues, “Hey! Let’s be careful out there!”

RCMP Fraud Guide: http://www. rcmp-grc.ca/scams/phishing_e.htm

Jiwire Complete Guide to Wi-Fi Security: http://www.jiwire.com/ wi-fi-security-introduction-overview.htm

Microsoft Security at Home: http://www.microsoft.com/athome/security/ spyware/default.mspx

1 Sep 1, 2004 issue of CIO Magazine

If you have anything to add or would like to suggest another topic, please contact the author. Dan Davies is the application manager at Degussa Canada in bleaching and water chemicals. He can be reached at dan.davies@degussa.com