Rich’s Ramblings.

“Cautions and Warnings”

My Father and Grandfather used to drill into me:

“You don’t get nothing for nothing”

“If it is too good to be true, it probably is”

“Beware of someone knocking at your door wearing a mask.”

There is something about these sayings that ring so true in this day and age.

SPAM is unsolicited E-Mail advertisements that you receive in your in-box. Most SPAM today is about offering products or services that are covered by these sayings. Ignore these E-Mails! There are some really unscrupulous people out there. They tease you with offers that are usually so cheap or so guaranteed to work that you just can’t believe your good luck. Don’t believe it. Anyone who has a legitimate offer will not have to hide their real E-Mail address. And No Virginia, you can’t purchase Microsoft Windows XP Professional for $39.95....Legally..

“What you see is what you get” is not a valid statement today with the ability to hide or obfuscate their real web browser address in messages. It is usually done in one of the messages that you received using spoofing or phishing. When you read a message and the sender includes Web address’s that are clickable, commonly called Links or URL’s (Uniform Resource Locations). Which, when clicked with your mouse pointer, will load your browser and take you to a web page. Most E-Mail programs underline these to make them stand out. These have been showing up in messages with some strange characters included in the underlying URL code in the message.

What they do is depend on features in most email programs that allow (HTML) HYPERTEXT Markup Language in E-Mail. Appearing to your eyes as MICROSOFT.COM which would have as the underlying code “HTTP : // WWW. MICROSOFT. COM “ (leave out spaces) . This is a neat feature and will allow you to place your cursor on the underlined text and when clicked, will launch your web browser and take you right to the MICROSOFT.COM site. This feature makes your messages much easier to read and understand but, it is being exploited by people who wish to separate you from your money. These bad guys have figured out how to fool many people into clicking these links. The visible text that looks to you as MICROSOFT.COM is hiding the underlying HTML code that sends you to one of their nefarious web sites.

Most E-Mail programs let you see what the HTML code looks like by displaying it in a status bar on the bottom of your E-Mail program. BUT, the crooks have figured out how to fool your email program to only showing you a portion of the HTML address. They do this by putting Hexadecimal characters in the underlying HTML address. They use what is called NULL or Hexadecimal zero’s which are interpreted by your email program as non-visible characters. Which they really are. Your email program will ignore these when displaying them to you but will pass them on to your Web Browser and therein lies the tale. They include their nefarious website at the far end of the URL address and lo and behold, you could believe that your on Microsoft’s web site when you really are on some website overseas that has been created to look just like the Microsoft site. They can compose their web page by linking to graphics on the real Microsoft web site, so you think that you really are on the Microsoft site. They depend on you believing that you are on the Microsoft site and hope that you will give up personal financial information or allow them to install a program on your PC. Don’t fall for this. The only way to access sites where you can feel almost 100% sure that you are really there is to type their web address into your browser. Of course, you must be careful in typing in Web Page address’s. Remembering that WHITEHOUSE.GOV is not the same site as WHITEHOUSE.NET or .ORG or .COM. Many nefarious people pay for names that are close to the real ones with common misspellings so that you end up not where you intended. Some porn sites have taken to doing this sort of thing.

This short lesson/diatribe on spoofing or phishing* is using Microsoft as the target web site but you can substitute American Express or Bank Of America for Microsoft. It has been getting pretty pervasive lately so evidently it must be fooling some people.

* {"Phishing" refers to spam forgeries that impersonate the identity of a company with which you may have an account, such as PAYPAL, AOL, BANKAMERICA, etc. Typically the message says there's a problem with your account information and provides a link to a web page where you're asked to input your credit card number or other personal financial information. }

NEVER respond in any way to SPAM or unsolicited email. Microsoft has NEVER sent E-Mail to users with attachments to be executed. Never give out personal financial information to anyone that you have not specifically typed in the web address and know that you are on their web site. Check your browser to make sure that the little lock symbol on the lower right of your screen shows that you have a encrypted connection.

Some people forget their normal suspicions when they are on-line. If someone called them on the telephone, they would not give out personal financial information to someone who just happened to call. Banks don’t call you to verify your account information or verify credit card numbers. The same suspicions should prevail when you read messages on the Internet.

Credit cards on the Internet:

I use a feature that my credit card company offers which protects me from multiple uses of my card. I log into my American Express account and request a one time number to be used in an internet transaction. Private Payments numbers have a limited-life because they expire within a minimum of 30 days and a maximum of 67 days, depending on the time of month the number is issued. The number is tied into my credit card number and shows up on my bill as a regular purchase. This is one way to defeat the “auto renewal” options on some of the sites where you only wish to use it one time. Some sites require payment for a years worth of access and they ofttimes they try to use the same card number for an automatic renewal when your year is up. Their attempting to use the same credit card number will be disallowed. You will need to give them another Private Payment number if you wish to renew. This at least is some leverage when it looks like you could end up paying for something that you really don’t wish to.

I have used my Visa and American Express cards on the Internet for many years and have never had a problem. I always go directly to a site where I wish to purchase a product by typing in the Web address, not by clicking on a link in a message. Caution is about the same as someone calling you on the phone to sell you a product, I would never give my credit card information to someone who just happened to call me, Unless I had called them first.

Remember: Many virus/trojan messages are sent from people that have your email address in their address book. Unfortunately, many people trust the email from address as they know the person. Trojans or Virus writers depend on this “family, friends” feature of address books and when someone in the chain receives the virus and “trusts” the sender, Wham! The same virus or Trojan goes out to everyone in the infected computers address book.

As usual, your mileage may vary <G>

Rich Schinnell is retired from the USN, Vitro Corporation and from active involvement in CPCUG. Although he still keeps his fingers (sometimes his feet and sometimes he jumps in with all his clothes on/off ) in the technical pool. He has a few small business consulting clients where he maintains their networks and PC’s. He can be reached via E-Mail at RICH AT CPCUG.ORG and via his web page at www.schinnell.org Last resort is via the old fashioned telephone at (301) 949-9292.