« domain names and e-mail addressesReader discount »

Don't trust links in e-mails - a true story

08/08/12

Don't trust links in e-mails - a true story

Permalink 01:24:20 pm by Eugene Gardner, Categories: Security, Articles

I took a call last evening from a client with a distressing tale: every e-mail and the entire contents of his contacts list had been deleted. This came about because he received an e-mail purporting to come from BT Yahoo (his e-mail provider) asking him to confirm his details on their website as they had noticed suspicious behavior or over quota patterns coming from his address. He clicked through the link and was taken to a website that looked exactly like the real BT Yahoo one. He entered his normal login details and was told that his account would now be reactivated and the browser page was then directed to the genuine BT Yahoo web site.

The initial website was an exact replica of the real BT one which captured his e-mail details. Shortly after that a message purporting to come from my client was sent to most people in his stolen address book asking them to send money as he had had an accident overseas.

Any reply sent to the fake e-mail did not reach him as not only had all his e-mails he had ever sent or received been deleted, but automatic forwarding was set up so he was not receiving any new messages. Offers of help from his friends were going direct to the scoundrel who perpetrated this scam. I was able to draft a message to BT for him asking whether any backup copy of messages or contacts list could be used for recovery, and attaching the header of the fake message so that the IP address of the sender could be used should they want to take any action. They should reply within 72 hours.

So the obvious lesson is to never click a link an an e-mail message whoever it appears to come from, but to type the address in a browser or select a favourite bookmark. But there is another lesson: by using just the web interface to access his mail all eggs were in one basket. If an e-mail client (e.g. Outlook, Windows Live Mail, Thunderbird etc.) was used to store messages on his own computer, then his own backups (because we all take backups) would have captured the messages and practically nothing would have been lost. Finally, make sure spam & phishing filters are effective and tuned to match your own requirements.

Given all the private information in his e-mails all passwords have had to be changed and we wait to see if enough information has been gleaned to enable a loan to be requested in his name or other bad things that come from having ones identity used for bad acts.

How to stay safe.

Trackback address for this post

Trackback URL (right click and copy shortcut/link location)

No feedback yet

Click here to return to the 1ComputerCare home page.

This is designed to supersede the newsletters that I just don't have time to produce to the standard I would want any more. Please register so that you may read and leave comments and subscribe to have posts automatically e-mailed to you.

Comments and suggestions are always welcome.

Search

October 2014
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Contents

XML Feeds

powered by b2evolution