Handy Advice for the Inevitable Olympic Email Scam

Posted on August 7, 2008
Filed Under Beijing Olympics, China Hackers, Malware, Security |

Mark Hofman, the handler on duty over at the Internet Storm Center (ISC), has some good advice to protect users from the expected tsunami of Olympic-related phishing attacks:

Don’t click any links when:

* the email was sent by someone you do not know.
* the email was sent by someone you might know, but whose name and email address do not match. e.g sender: John Smith or Albert Einstein
* if the email asks you to click a link to “verify” personal details. e.g. “please click the link below to verify your account details”.
* the link looks funny. e.g. http://123.123.123.123/dhjeuaUhskw/special_surprise or www.notquite-the-banks-name.com
* the web page says you have
o “won a laptop, click here to claim”,
o “a /spyware, click here to download a program to fix it”,
o “been selected as our lucky winner for …..”

If you have passed all of the above tests and you succumb to the urge to click, then before you click ask yourself some additional questions:

* How certain am I that the email was sent by the sender?
* Does the link match what I would expect it to be? e.g. www.xyzstore.com rather than www.xyzzstore.com
* When you hover the cursor over the link, where does the browser say it will take you? e.g. Hover your mouse over the following link http://www.xyzstore.com would this link take you somewhere “special”.

So these are some of the examples I could think off to help educate my users. If you have some that I can add, please send them in.

As for system admins and security folks, in the next three weeks you might want to make sure that your AV is up to date. Your SPAM engines are working properly, web traffic is filtered and you watch your logs for connections to weird places. Keeping in mind that until August 24 some parts of China are not going to be weird places. You might even consider doing what I have done at a few sites, which is to whitelist the official Olympic sites and block the rest.

This advice holds true all the time and should also be applied to things like internet messaging and Skype (I’ve had a slew of Skype phishing in Chinese lately).

Comments

One Response to “Handy Advice for the Inevitable Olympic Email Scam”

  1. Bill on August 8th, 2008 1:45 am

    I do a “view source” before I open up any suspicious mail. I have never found one that I need to open normally yet.

Leave a Reply