Spoofing, Clicking, Hacking and You

Recently a friend of mine posted something on my Facebook wall that gave me pause. She said “I think you’ve been hacked. I just got a weird email from you. If it was from you, forget the ‘weird’ part.” While funny, it was also really concerning. Mostly because I try hard to have good passwords in place in most of my email accounts. And, since I work in the technology space, and specifically in internet technologies, it would be particularly concerning for me to have emails being sent from my accounts to my contacts potentially infecting them too. Needless to say, because of my profession, my blood pressure sort of increased. I immediately responded to my friend and asked about the email – but she was offline. So I sent messages to other friends asking if they’d received anything weird from me. No one had. I sent my friend who’d received the email an address to forward it to and I’ve yet to see it. But, it’s been a couple of days and no one else has reported anything weird. Which lead me to believe – my friend received a ‘spoofed’ email. 

Spoofing is becoming a pretty common practice and I think it’s a good thing to know about. Especially since spoofed emails are usually trying to accomplish one of two things – they either want to scam you out of information or money or they want you to click on a link in order to infect your computer with something. Spoofing is simple – it is the sending of an email that appears  to be from someone that it isn’t from. You can pretty much use anyone’s name, or any organization/brand name to send an email. Because the authentication protocols involved in sending and receiving mail do not require any authentication of the name associated with the email. To be clear, there are all kinds of spoofing. But it’s becoming more of a problem because it’s easier to just spoof a name and gain access to people, their money and their information. Think about it – if you are on Facebook you have a publicly available list of ‘friends’ that is viewable by criminals too. So spoofers can get the names of people you would recognize and trust, associate those names with emails that they send to you to gain access to your computer.

Here’s the thing though – more often than not you have to actually *give* them something for them to get to you. And you do that by ‘clicking’ – on links, on forms and filling them out, on images, on something. Most of the time viruses happen because we click on a link, and people gain access to our computers because we click on something to let them.

Just this week my friend and colleague, Matt Gray, clued me into the news about Miss Teen USA having had her webcam hacked. Turns out she was being watched and photographed through her own computer’s camera and she had absolutely no idea it was happening. I happened to channel surf into a morning talk show that was covering this story and they demonstrated how this ‘hack’ could have happened. The example they used showed a ‘computer expert’ sending an innocent family an email that said ‘your secret admirer has a message for you’ and beneath that was a link to click on. Sure enough the daughters clicked the link and voila – the ‘expert’ had visual access – he was watching them through their own cameras. And they had no idea. When the talk show wrapped up that segment their recommendation was – close your laptop or shut it down at night when you are not using it, or put a piece of electrical tape over your cam. I was disappointed that they didn’t recommend anything preventative.

Yes there are hackers in the world who spend their time trying to access computers and networks without anyone knowing. And yes there are scammers that are getting more and more sophisticated in their ability to fool us. They are trying to get into our homes — to break in. But we have to think about our home networks in the same way we think about the security of our homes. I don’t know about you, but I always tell my little boy, don’t let anyone in, or go anywhere with anyone, even if you think you know them. We need to talk about it first. And I think the  same thinking has to apply to how we review emails and Facebook posts.

So here are some simple ways to decrease the chances of someone accessing your stuff, giving you a virus, or using your own webcam against you.

1) Don’t open emails unless you are SURE the email address matches one with which you are familiar. A name is not enough. If you have to – pick up the phone and call the person you received the email from. But if it looks weird – it probably is. Check the email address carefully.

2) Do not click on links unless you are absolutely sure of what you are going to view. A link hidden behind some enticing words should not sucker you into action. Again – if you need to confirm that your friend sent you some earth shattering video – ask before you click.