Fox T-Bird/Cougar Forums

Ok, I've been getting tons of those "phishing" emails lately, trying to trick me into giving out my financial information (as if it would do anyone any good), and I'm getting several viruses daily in my email. I recently read an article in the newspaper that said that around Christmas these things get really common as newbies open up their shiny new box and head out onto that there Internet. Following are some of my suggestions on how to protect yourself from viruses, "Phishing" scams, and other people who would like nothing more than to separate you from your money. If you have anything to add, do it. If you know somebody who is computer illiterate or is considering buying thair first computer, print this thread off and give it to them.
 
1) Before even plugging your ethernet cable or phone line into your PC, GET AN ANTIVIRUS PROGRAM! Surfing the 'net without an antivirus program is like screwing a prostitute without a rubber. STUPID! Immediately after connecting to the internet, update your virus program and AND Windows. You may have to restart your computer a few times, but don't consider your computer up to date until you go to the update site and are told that. you are up to date.
 
2) Because viruses are changing faster than antivirus programs are, never trust an email attachment. No matter who it's from. For some reason, Windows defaults to "hide file extensions of known file types". This is a spectacularly stupid move on Microsoft's part, making it very easy to trick people into thinking that PIF, EXE or BAT file that they're opening is really a picture of Jessica Simpson's s. All the virus purveyor has to do is call the file something like "jessica'ss.jpg.pif". With the default setting you won't see the "PIF" part, so you'll think it's a harmless JPG image. This is an easy setting to change. Open up Windows Explorer (not Internet explorer, the other explorer found under START>ALL PROGRAMS>ACCESSORIES. In Windows Explorer, click on "tools", then "folder options", then "view" and un-click the "hide extensions of known file types" button. Click on "apply to all folders" and click "apply".
Close Windows Explorer. Now, whenever you look at a file it will show you the extension, which inducates file type. If you ever see two extensions (such as "filename.jpg.pif" or "filename.gif.exe", the last three letters are the file type.
 
If you get viruses in your email, don't even bother hitting "reply" and telling the sender off. The "from" address in your virus is fake. Guaranteed. Even if it is a real email address it is not where the email came from. It's spoofed. Just delete the email as you would spam.
 
3) "NO PHISHING". "Phishing" is when somebody sets up a fake web site designed to look like a real financial institution's website, then sends out a bunch of fake emails hoping to trick people into logging into their site and entering personal information. They then take that info and rob you dry. Some ways to identify a "phishing" scam email:

• The email is vague in identifying you. If, for instance, you ever get an email that starts out "Dear PayPal customer" or "Dear Ebay Member" the email is fake. Also, if you ever get an email that starts off "Dear yourname@youremail.com" it is also fake. Ebay, PayPal, (I mention these two because they are the most common theme for "phishing" emails) and most other legitimate business that you deal with know your name and they will identify you by it. They will not identify you by your email address.
  
• The email is from an institution you do not deal with. Obviously, if you don't have a Bank of America account, Bank of America will not write you threatening to cancel your account. This leads us to:
• The email is threatening to cancel your account if you do not "log in" and provide personal information. Ebay, PayPal, or your bank company will never, ever send you an email threatening to close your account unless you log in. They will NEVER tell you that they think that your account has been compromised and you must log in to verify yourself. These are tricks the criminal uses to try to get your info.
• The email has a link to log into your account. Legit businesses will never ask you to "click here to log in" in an email. This is a spoofed website, and regardless of where the emil link says it's taking you, you're going to a scammer's site. DO NOT EVEN CLICK ON THE LINK, as the website could contain malicious scripts.
• If you do click on the link, it asks you for VERY personal info (not only credit card and debit card numbers, but also PIN numbers, passwords, etc). Never, EVER, enter your PIN number(s) into anything other than a bank machine or debit PIN pad. Do not give it to anyone over the phone, throught the internet, or in person. Even if you are 100% certain that the person you are giving it to is legit, they do not need your PIN numbers.

If you do recieve a "phishing" email, immediately forward it to the appropriate business. Ebay would be spoof@ebay.com ("spoof@ebay.com"), paypal is spoof@paypal.com ("spoof@paypal.com"), and just about all other businesses will have a link on their real website for you to report fraud.
 
If you have ever (or think you may have) entered any personally identifiable information into one of these websites, immediately contact your bank, credit card providers, ebay, paypal, the credit bureau and the FBI. If you have ever entered any PIN numbers into a website this means you. You may be the victim of idenity theft without even knowing it.

A safe rule of thumb is to never, ever log into a website by clicking on a link in an email. If, for example, you want to go to ebay, open a browser window and type in www.ebay.com (http://"http://www.ebay.com"). Always assume an email link is fake.
 
4) Never give out your real email address. To anybody. If you do, prepare for an inbox full of spam. If you wish to visit a site that requires an email, give 'em a fake one. If it has to be a real email (in other words, if they require you to verify it by entering a code they email you), use a hotmail email or hotmail address.
 
5) Never trust "free" software. Those people offering you smilies, atomic clocks, file sharing and other "freeware" are usually just trying to trick you into installing spyware. Spyware is very easy to install and almost impossible to uninstall, and it is a huge hit on your computer's performance.  Here is a list of known spyware installers that should be avoided like the plague (this will be updated as people make me aware of them):
 

• Smilycentral. That huge banner with all of those smilies you see on several sites (including the old messageboard) is a spyware installer.
  
• Gator or Gain. This notorious spyware is bundled with several freeware programs
  
• CoolWebSearch. If your software includes this demon, burn it.
  
• BargainBuddy. Ditto. All three of the above programs are usually "bundled" with other software and they are nothing short of viruses IMHO. Just install it and try to uninstall it. You'll see what I mean...
  
• KazAA. If you can't find the "lite" version, don't install KazAA. You will regret it.
  
• BearShare. Same as KazAa. Both will install Gator/Gain, CollWebSearch, BargainBuddy and other malware.
  
• Search bars or tool bars. Any "search" or "tool" bar that a website offers to "improve your internet experience" will almost certainly destroy it instead.
  
• Accelerators. Your computer is sucking info throught that CAT-5 or phone line as fast as it can. An "Accelerator" will only accelerate your need to format your hard drive and reinstall Windows.
  
• Most free/share ware While some of the things you cann download for free really are free, most are merely a vehicle for installing a bunch of  you don't want. A fairly decent way to tell if your download is clean is to search for the program on download.com. Read the review of the program - If it is spyware-infested they will usually tell you.
  
• Atomic clocks or Web clocks If you ever see a warning that your clock is wrong, it isn't. This is spyware trying to trick you into downloading and installing it. If your computer clock is wrong, look at your watch. Don't install ware.
  
• Any "warning" message that pops up when you visit a website telling you that something is wrong with your computer. This "warning" is really just an image made to look like a warning message, pointing to spyware. If this "warning" is floating, moving, bouncing or flashing in any way you can be certain it's not legit. True Windows warning dialogue boxes do not move or flash.
  

If you are running XP SP2 the latest version of IE has activeX controls turned off by default. When you visit a website that tries to install  on your computer you usually get a warning from IE stating that the activeX control was blocked. That's a good thing. This prevents things such as CoolWebSearch (probably the worst of spyware/malware proigrams there is) from hijacking your browser.
 
Of course, if you go surfing on the fringes of the internet, you're bound to come back dirty. Surfing WAREZ sites, porn sites, etc will greatly increase your chances of getting spyware.The people that run those sites are not interested in your computer's welfare, they want your money. They'll trick you into installing spyware because the spyware authors pay them to. Keep on your toes.
 
And that about sums it up. Keep on your toes. If it looks suspicious it is. It it's too good to be true, it isn't good, and it isn't true. Be smart and you should be safe. If anyone has anything to add, feel free.

Some additional programs and refrences for spyware removal.
 
 My favorite 2 programs:
 
 Spybot Search & Destroy (http://"http://www.safer-networking.org/en/index.html")
 
 This program does a great job at removing the most common types of spyware. After this everything can be cleaned out manually. Just remember if using this to make a backup first, to update the program, and to use the immunize feature.
 
 Adaware (http://"http://www.lavasoftusa.com/software/adaware/")
 
 This program is also another very easy to use program which will remove most of the spyware on a computer. Again make sure you update it or it will won't help much. Spyware changes frequently and new stuff is being developed all the time.
 
 HiJackThis (http://"http://www.spychecker.com/program/hijackthis.html")
 
 If you have even gone throught the torture of having your home page changed without your consent automatically. Or having internet exporer windows opening to pages that you would rather not goto this is the program to fix it. These things are called Hijackers because of how they do what they want when they want. Here is a HijackThis tutorial (http://"http://www.bleepingcomputer.com/forums/index.php?showtutorial=42").
 
 
 Registry
 
 Most of the spyware will open itself from the registry. The regsitry is the backbone of the windows operating system in that it is a database where all settings are stored. Working in the registry can be harmful to your computer in that it could cause Windows to no longer function. Therefore anything you do is done AT YOUR OWN RISK.
 
 Spyware will open itself from two main places in the Regsitry:
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 
 From here the spyware can set itself to open everytime the computer is started or everytime you log on. You can simply go through each key listed and check it through a Windows Startup Library like this one. Startup DB (http://"http://startup.iamnotageek.com/"). Google can also be used to do this. Anything that is listed as being spywayre, adaware, or some type of worm can be deleted. Usually a spyware free computer will have fairly few keys listed. If you have a lot then either you have a lot of spyware or you have a lot of junk.
 
 Here is how mine looks (100% spyware free):
 (http://www.tccowny.com/www/Registry.jpg)
 
 Another helpful hint is to check the processes that are running. This can also show if you have spyware running. By pressing CTRL+ALT+DELETE and then going to Task Manager you can see what processes are running.
 
 The first number is the CPU Usage. With newer computers no one process should be using a great amount of CPU time. There are excpetions like processing things in photoshop and games can also use a large amount. The only thing that will almost always have a large number because it is telling you how much percent is not being used.
 
 The second number is the memory usage. Again this number should not be extremely high or the computer will be going very slow. Spyware is known for using large amounts of memory and slowing down the computer while doing so.
 
 Here is what mine looks like:
 (http://www.tccowny.com/www/Task-Manager.jpg)
 
 
 Finally, I would recommend using Mozilla Firefox for a browser. It is far superior to Internet Explorer in both protection and ease of use. It will block most popups and doens't allow things to be automatically downloaded. Also a good firewall program is a must Windows Firewall does not.
 
 I just want to help anyone out that I can. I fix and upgrade computers and 99% of all problems that I see are caused by spware.

I definatly concure with using Spybot and Ad-aware. Definately the best 2 programs to rid yourself of spyware/adware/mal-ware. As a personal suggestion to others I also use a freeware program called SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html). This program works as a first line of defense by preventing spyware from installing to begin with. It also can lock out certain items like changing of active-x controls and changing of your start page. But the number one thing to remember with any of these program is Keep Them Up To Date.

I run spywareblaster, adaware, spybot, AVG antivirus, and firefox. DEATH TO SPYWARE!!! :2gunsfiri

Also a few times when logging onto online banking a window has popped up asking me to verify my account by giving them my visa number and expiry date :rolleyes: wonder how many people have been fooled by that.

Watch out for something called "Virtual Bouncer" as well.
I got nailed by this and it installed a bunch of "Web Rebate" and Casino stuff on my desktop. It was a HUGE pain to get rid of it.

heh, I miss the days when instead of tweaking your 33.6k line manually, a program would use the well known (at the time to tweakers) settings to get the most from your dialup connection. Accelerators USED to actually help back in the 9x days and some (legit ones) will still help the 9x users today. Be it in network performance or memory management.




I would NOT recommend anything to do with opening the registry in a thread like this. Even with a disclaimer, people are bound to make mistakes and modify something they shouldn't - possibly causing serious problems such as no boot.

Ditto


A helpful site to see what's what in your processes is:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Another program to add to the list of Spyware killers (I don't generally recommend Microsoft betas, but this seems to work great):
 
Microsoft Spyware Killer beta (http://"http://www.microsoft.com/athome/security/spyware/software/default.mspx")

Only cause they bought out yet another company and are using their product. Wait til the "expiry" date is up, then let's see what they do with (or to) it.  :deal:

http://www.spywareguide.com/ (http://www.spywareguide.com/)

They have a block list that works awsome as well as a comprehensive list of spyware.

The only problem that i see with the microsoft beta is that it acts as a firewall too in some cases.  I guess that is good but it would be nice if the firewall caught the stuff.  Double security is nice though.

I've also noticed AVG Antivirus (http://free.grisoft.com/freeweb.php/doc/2/)  does as good or better job than Symantec corporate 9.0.1 antivirus.  It does a better job with trojans and such.

Firefox is your best bet a around.  I havn't gotten one piece of spyware other than what is already installed in Windows since i switched soley to firefox.  Tabbed browsing is the bomb too.  I install it on every computer i touch.  There are tons of add ons as well so you can personalize the  out of firefox.

Play it safe.  Use your commen sence and you will be ok. 

tc

Not to be an ass but adaware pales in comparsion to Spysweeper

http://www.webroot.com

Check it out i thought that adaware was all the world till i found this

I agree with you but unless spysweeper has changed it also installs spyware on your computer.  Several years ago it was deemed unsafe by some big consortium.  I can't remember the details now since it was about 2 years ago or more.  They may have reinvented themselves since.  I just stay away to be safe.

From my experience there is however no be all cure all program.  It takes a group of programs to fix spyware.  Each does a better job at certain things than the other including spysweeper.

tc

Lately it seems that the scammers are getting more sophisticated. They now know that nobody will fall for their "your account has been suspended" scam, so they have resorted to spoofing other way using ebay/ PayPal. I recently received one saying that ebay cancelled all of my auctions and to "click here" to get them reinstated, but I didn't take a screenshot. I got one today saying that somebody paid for my item but didn't receive it, but of course the "click here to respond" button takes you to some website in Korea that apes Ebay's login page.
Once again, it is EXTREMELY important to recognise these emails as fakes, and the easiest way to do so is by remembering a few simple guidelines:
 
1) Ebay/paypal will never send an email that starts out as "Dear Ebay member" or "Dear PayPal member" or even "Dear xxx@xxx.com" - if you really do have an account they will identify you by your first and last name, not your email address or "Ebay member"
 
2) If there is a problem with an auction or a transaction the email will identify that transaction using both the item number AND the item title. This is a tricky one because the false one I had about my auctions being cancelled gave a fake number. It didn't name the item being sold in the auction though, which was a warning.
 
3) Hover your mouse over any links in the email and down in the lower left corner youll see where that link takes you. The scammers are getting tricky here too, by using subdomains, so you might see "www.ebay.com.875987/ebaylogin/new/login.php or something like that. The real domain name you're going to is the "875987", not ebay.com. Remember, EVERYTHING before the first forward slash (/) in the address is the domain you're going to.
 
A screenshot of today's fraud:

Ouch....sorry to hear about that Carm. At least no damage was done. You can thank the W3C for allowing Unicode to become an acceptable standard. Unicode looks like that gibberish but most all newer browsers will translate said gibberish into what looks like a legitimate site. So "www.2f8ng8vns.com" could be translated easily into "www.paypal.com". Lovely, isn't it? They're keeping us web guys on our toes. :(

I've found that if you turn off HTML e-mail, finding spam is much, much easier. Legitimate eBay or Paypal e-mail will come across easily as plain text that way. Anything spoofing either one (or anything else) will show up as HTML code, which is a dead giveaway that it's spam.

Also, when you open a piece of mail in HTML and you are online, the graphics embedded in that e-mail will start calling to their host to fill in. That call out will tell the host, "Hey, someone at this address is requesting graphics!" Which then affirms to the host that the address is legitimate, therefore setting you up for more spam in the future. Turning off HTML e-mail will not call for those graphics. You'll lose all the pretty graphics from legitimate e-mails, but that's a small price to pay when it comes to your security and privacy.

Eric - you don't have to be sorry for me - I didn't fall for it. I'm much too paranoid to ever fall for one of those scams. If anything looks even the slightest bit suspicious I immediately forward it to spoof@paypal.com or spoof@ebay.com...

You make good points about images. Outlook Express (yes, i still use it) has a function that blocks all images embedded within the email while still allowing the HTML formatting to come through. In the later versions this is turned on by default, with a header at the top of the email saying "Outlook Express has blocked some of the images embedded within your email in order to prevent the sender from identifying your computer. Click here to download those images". It is a wise decision to leave that feature enabled.

Most of those scammer emails actually use images on payPal and eBay's servers and just link to them. Whether they do thiis to conserve their own bandwidth or to make the emails look more legit I dunno...

I am going to add a few things here, and some are just a refresh. (I know it is a year after the last post)

I have found the following to work very well:

1) AdAware with both messenger plug-ins set to blocked/disabled.

2) Spy Bot (immunization enabled)

3) Spyware Blaster (with all blocks enabled - works w/ Fire Fox too)

4) Spyware Guard - keeps your browser from being hijacked: as in changes in home page, search page, etc.  (BHO - Browser Help Objects)

5) Keeping Windows updated (ofcourse)

6) Plain text e-mail ONLY!

7) Do not hide known file extensions (you would be supprised at what scanning software can miss when the extensions are hidden)

8) Show all files & folders

9) A good AV program (ofcourse)

10) Ditch Windows Defender, it is a resource hogg. Use only in case of emergency then un-install!

12) Go to http://www.grc.com and test your ports! You might be supprised at the results (especially if you are using AOL).

13) Use Fire-Fox! AND use a pop-up blocker too!

14) Ditch Outlook Express. Use the corporate version of Outlook or some other program like Thunderbird.

15) Put your kids on a restricted diet. WinXP and 2K will allow you to set their login account to "Restricted". This means that much of the stuff that trys to install itself will fail, even if your kid clicks "ok".

16) Close those pesky pop-ups that do get through using the "Task Manager". More often than not, cancel = ok, and no = yes. The "x" icon to close the pop-up can even be used to trigger a silent install.

17) TC's excellent advice on e-mails and fishing :D

18) HijackThis for the advanced users. If you have no experience working with the registry, or have experience but are not comfortable in there, find someone who is!

In addition:

1) If you are on DSL/Cable and are not using either a router w/ hardware firewall or a stand alone hardware firewall, get one or get off the net!

2) Get a good software firewall. Zone Alarm is good for noobs. For the more advanced user, grab Agnitum Outpost Firewall Pro (Novell uses the core code as the base for their Enterprise Level "Border Manager" product).

3) Use your Junk Mail Filter!

Seeing as this thread's been revived I'll add a new, sinister one as well: "Vishing (http://"http://www.internetnews.com/security/article.php/3619086")". Vishing is similarto "phishing", except that instead of emails the fraudsters will call you on your telehpone and pose as your bank. They may even leave a message with a phone number to call back (more on that below). DO NOT TALK TO THESE PEOPLE, and DO NOT CALL THESE NUMBERS BACK!!!

If a person calls you claiming to be your bank, say "OK, I'll call you back at the bank". Ask for a case/reference number and call the bank's number (found on the back of your bank or credit card, on their real website, or in the phone book). Do NOT call any number the person that calls you gives you!!!! These people WILL give you a fake phone number, so take the time to look up the number yourself! If the person that has called you protests when you tell them that you want to call them back, explain that  you are doing so to prevent fraud, and then hang up. Your bank will understand why you want to call them back (in fact, banks encourage this to prevent vishing).

Now, about those messages they may leave: Fraudsters have gotten sophisticated to the point that they will actually mimic your bank's voice prompt system. If you call the number provided by the scammer you will be connected to a machine that asks for your bank card number and telephone PIN number for verification (just like your real bank does). These phony voice prompt systems can be VERY authentic appearing, so there is only ONE way to avoid the scam: Never, EVER, call a phone number provided in a recorded message, email or even by a live person. ONLY CALL THE PHONE NUMBER ON YOUR BANK CARD OR IN THE PHONE BOOK!!! ONLY deal with the bank through a phone call that YOU placed, not one that they placed to you. The scammers use VoIP phone systems that allow them to set up a phone number with any area code, and even a number similar to your bank's (with a digit or two flipped). This means that they could set up a number in New York but actually be in Malaysia. The red text above explains the only reliable way to prevent getting nailed by this type of fraud.

Oh, and as an aside: This should be common sense, but NEVER enter personal info (bank/credit card numbers, social security numbers, etc) over any kind of wireless phone (including cordless and cell). Those signals can be intercepted, especially cordless phones, and the person intercepting them can then assume your identity. If you're going to call your bank, always do so from a hard wired phone.

Thunder Chicken, there is also a reason Microsoft hides certain files and extension.  To prevent noobs from deleting any file they see..but good tips for people not knowing how to keep themself clean.  I personally use Adaware, Firefox and AVG.  Don't forget..keep your cookies clean!  There are tons of freeware out there to do this.  I prefer Ccleaner or cleanup.exe!!

I use ccleaner myself. As for hiding files - although I set my computer to show OS files, I don't recommend it for noobs that think Windows Explorer and Internet Explorer are the same thing. I do recommend "unhiding" file extensions though, because a noob is the one that needs to know that "jenniferss.jpg.pif" is not a picture.

TC, I agree with you there, but how much do you think noobs pay attention to when opening a file with such a promising title name?!!?!  Most noobs don't even know that .bmp or .jpg are picture files!!!

True, but that's why I made this thread to begin with:D If a noob read my advice he now knows how to tell when a file extension is fake :D

Another few tips I might add:

Don't cache your passwords in your web browser(save your passwords)
Use the keyscrambler add-on in Firefox, to scramble your usernames/passwords when entering them on a site that requires authentication (keeps you from being hacked via a keylogger)
Back-up files as much as possible!  (data is very important to end-users!)

Another note on the Ebay and Paypal fraud...

If you get an e-mail from ebay, dont open it, just go to Ebay.com. In most cases, buyers or sellers trying to contact you, along with issues with your account will be sent to you through Ebay.

Basically saying, if you get an E-mail saying "Question from Seller", go right to ebay.com, and check your messages.

My 2c:

*Not all freeware is intrinsically bad - just make sure it's open source. If you're looking for something in particular, rather than searching "program freeware", try "program open source" or "program GPL"
*Microsoft Security Essentials is an antivirus suite provided absolutely free to Windows customers (hooray for antitrust laws!).  They've a vast signature database that's updated several times daily.  Link: http://windows.microsoft.com/en-us/windows/security-essentials-download
*NoScript and FlashBlock and HTTPS Everywhere browser plugins.  My computer will not parse javascript or execute flash applets without my express permission, and the browser will ensure it's using encryption if it's available.  Sites without encryption send passwords over the wire in plain text. 
*If you notice a forum you visit is NOT HTTPS (like this one), use a unique password dedicated to that forum only.  If your credentials are intercepted (far easier than you'd think) and your passwords are the same across the Internet, you've just been royally pwned.

One hell of a thread revival. I still had a computer 10.years ago. Old, old information.

:o 
Whoops, didn't notice it was an old sticky, sorry 'bout that.  Old info, yes, but still quite valid...