HOEI

The word phishing may not be understood by the average person on the street, but if you use email you might want to understand it.  The following is a good definition found on Wikepedia:

“In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.”

It goes like this.  You recieve an email that LOOKS very legitimate from a well known company that you might normally do business with like Ebay.  The email has very professional wording that sounds very conviencing.  It might say that your account will be closed if you do not take immediate action by clicking the link provided in the email.  The link may look conviencing like this: Google.  I’ll bet you thought you were going to Google, and if you didn’t think you where goign to Google you probably had no idea that 69.454153 would take you to the HOEI.COM main page.  I will explain that numberic thing another day, but the point is that things are not always what they appear to be in an email or on a web site for that matter.

I have recently recieved phishing emails that apeared to be from Ebay, PayPal, Wells Fargo, and others using similar tactics as described above.  Most of the others were from people pretending to be respresentatives of some deceased forigner, usually from Africa with a ton of cash that needs to be claimed by someone in the USA.  I was randomly chosen as the luck person to help this representative free up the cash and in return I will get a healthy percentage of the millions of dollars.

There are many people on the Internet that think you can hide from receiving these emails by obfuscating or masking their email addresses. For instance they say you should display your email as hank DOT osborne AT hoei DOT com instead of hank.osborne@hoei.com when posting comments or building web pages.  Hog wash!  I have a hug problem with this approach.  Not everyone that surfs the Internet knows what you are trying to say when you use the ATs and DOTs.  Furthermore, even though I do understand, I don’t want to have to convert a persons obfuscated email address into a real one just so I can send them a message.  Yes, you might avoid having your email picked up by a bot or crawler, but you may also turn away some potentially valuable contacts.

Here are a few recommendations for how to deal with phishing and spam:

• Do not visit web sites using links provided in emails that are from businesses.  Hand type the address into you browser or use a bookmark from a previous visit.
• Do not vistit web sites using links provided in emails from persons that you do know know and trust.
• Don’t be afraid to verify the sender of an email.  Send a response email to the person or company using an email address in your address book and ask them if they recently sent you a link in an email.
• Use filters and rules on your email application. If you only want to receive email from people you know, then set up a filter to do this.  I recommend reviwing the list of filtered emails before deleting them.

You can use a separate email address for all online transactions, posts, advertisements, etc.  This will not guarentee that your fiends, family, or other contacts are going to protect your address even if you ask them.  For instance your Mom may forget your privacy request and sign you up for some cool offer that she found on the Internet not realizing that your email addresses are going to be sold on the open market as a result of her thoughtful gesture.

The bottom line is that if you use the Internet you are going to incure some level of risk.  A little risk is okay, but you have to use a little bit of common sense.  It is like driving a car.  You could bar your doors like a race car and wear a helment and a fire resistant clothing, but who would want to ride with you?  Instead, use your seatbelts, door locks, and keep your care in good repair.  Oh yeah, don’t pick up strangers.  This same level of caution should keep you pretty good shape while using the Internet.

This message is also posted on The Land of Ozz.

There has been a lot of buzz lately about personal information being acquired from online resources without the knowledge or permission of the target.  The stealing of credit card information is one thing.  Many people are surprised to find out how easy it is to acquire specific information online like home address, phone number, social security number, and more.  For years there have been free or very cheap resources available online that assist in gathering information on just about anyone.  These resources are just online versions of the same resources that have been around for decades via other avenues like the local court house or the local library.

I will to demonstrate to you a few exercises in acquiring some basic information about a person or business without spending a dime.  These resources are legitimate, free, and pretty accurate.  I spent a short time working as a licensed private investigator (PI) back in the early 90s.  Oh, and if you are cheating or thinking about it, don’t do it!  It is not that hard to catch someone even when they are trying very hard to hide it.  While I did do some of this dirty work, most of my work consisted of serving summons and subpoenas for the courts in my area.  Most of the resources I used to track people for serving court papers are now available online.  I can not imagine how much easier that job would be today.  I was serving an average of 200 court papers per month back then.

The first thing that alarms people is how easy it is to find an address from a phone number.  Here is an example.  I will use a pizza restaurant phone number in my home town of Clinton, SC.  First I will enter the phone number into Google and click search.  I entered 864-833-4373 and clicked search.  The first result gave me the name of the restaurant and three choices for mapping the location of that address using Google Maps, Yahoo! Maps, or MapQuest.  The results were accurate and two of the three map options displayed an accurate map of the location of the restaurant.  This feature can be used for any listed phone number.  There are ways to get your address and phone number removed from this list, but your effort will be futile.  Why? Because there are a few dozen other ways to accomplish the same thing on the Internet without using Google.  Just type the words “reverse lookup” into your favorite search engine.  One of the first few things to pop up is AnyWho.com.  I have been using AnyWho for at least five years to do what Google is offering in their search engine.  Services like AnyWho that offer reverse lookup of phone numbers have become much more accurate in recent years.  Back in the mid 90s you would get information that was at least a year old.  Today the information is much more current.

The feature of finding an address using a phone number is not new and is not limited to only Google.  The feature of locating a person has been available on the Internet for almost as long as the World Wide Web has been around and may go back into the old Gopher days for all I know.  Keep in mind that the Internet as you know it has been around just over a decade.  The features that you get from the Internet today were unheard of in the even as recent as the early 90s.  Google through multiple acquisitions has just tied up the loose ends so you don’t have to use multiple sites to find the address for a person anymore.  The old school way was to use a reverse lookup tool like AnyWho.com to find the address associated with a phone number.  You could then open up you favorite map web site or software to locate the address.  This still works quite well.  The new features of Google Maps like the satellite images of the local area of an address make Google my new first stop when doing a reverse lookup these days.  Keep in mind that many of the satellite images of rural areas will give a picture much like you see from a commercial jet at 30,000 feet.  The Satellite image of my local area is more like flying at 10,000 feet.

There are a number of services that allow you to do things like gathering credit history, criminal background, and other information for a fee.  Most of this stuff if not all of it can be gathered for a single person for under $100.  This is a small price to pay considering the amount of information you get.  So ladies, when your dad or you brother says that they are going to check out this new boyfriend, they are probably not kidding if they are willing to spend a little time on the Internet or part with a few bucks.

My wife was absolutely shocked at the amount of information that could be gathered about a person on the Internet without that person ever knowing.  Most of the detailed financial things like credit card and bank account numbers are harder to come by legally but not impossible as you have seen in recent headlines.  Things like a phone number, address, and family history are a difference story.  The more you want to know the more likely you are to end up spending money.  If you want to get down in the weeds of a persons past without hiring a PI then you will need to spend a little money and have a lot of patience.  I have been able to gather a ton of information on my own family history by using Ancestry.com.  They have a paid service that will allow you to gather more information over a longer period of time, but I just used their 14-day trial.  I got full names, addresses, social security numbers, birth dates, and more for everyone from my dad plus everyone in the family for several generations before him.

Here is another big surprise for most people.  Many counties now list property cards on the Internet.  For instance, the county that I live in will allow for anyone with Internet access to see what I paid for my house, how much I paid in property taxes each year, and the names on the deed.  All of this can be seen by just knowing the street address and the county that I live in.  Similar options are available on the web sites for surrounding counties.  This is all information that could be gathered with a trip to the local courthouse, but the Internet has brought this information to your finger tips in your living room.

The unfortunate thing is that most people have no idea of the amount of information that is available to the general public about just about anyone.  You really don’t have to hire a PI to gather detailed information these days.  You can actually be a PI from the comfort of your couch.

Don’t forget to read:  Online Truth Part One: Junk Email

This story is also posted on The Land of Ozz

How many times have your heard a friend or family member say that junk mail is one of their pet peeves? They hate getting so much stuff in the mail that they did not ask for and have no interest in. And then how many of those same people have forwarded an email to you with some outrageous claims to earn cash. Maybe you got an email containing a tear jerker story about some poor child with a terminal illness or a family that was the victim of a horrible tragedy with a weird twist of events that ends up giving you chills. The truth is that a large majority of these emails containing FW: FW: FW: in the subject line are what my wife calls hog wash.

I have successfully converted my wife to a truth wielding respondent to these outrageous emails. Now don’t get me wrong, neither of us mind a good story. What we don’t like is getting a story from a person that we trust where they have blindly forwarded a story that is obviously suspect. At least it usually seems obvious to me when I receive an email that is suspect. All I ask is that people make it clear whether the story is true or not before they forward it again. My posting on “Billy Graham and the Limo” is a prime example. I told where I got it and what I know about the story from doing a few short minutes of research.

Now I am not going to leave you hanging here. There are some good resources on the Internet that help clarify or expose the most popular emails that you might get. I want to give you a few pointers on when to utilize these resources and then I will list some of my favorite places for gathering the latest facts on a story.

Here are a few guidelines to follow before forwarding easy cash, latest computer virus that formats you hard drive, tear jerker, chain letter, or outrageous sounding stories via email.

• If it sounds too good to be true, it probably is too good to be true.
• “True Story” in the subject line should raise a flag.
• More than one instance of the “fw” in the subject line should raise suspicion.
• Do a quick check for validity of the story. (See a few resources below)
• Ask a friend who knows a little more about how to track down a story’s history.
• Add a comment at the beginning or end of your email with your findings about the story.
• Easy Cash: Forward only information based on personal experiences or of those who are close friends or family. Those experiences told about a guy who my friend’s friend knows do not usually hold water.
• If all else fails ask me to help validate a story.
• Respect the requests of your friends when you are asked to stop forwarding emails from other people on suspected subjects.

Now that is not a very hard list of suggestions. I do not plan on leaving you hanging here. I want to point you to a few of my favorite resources.

• About.com’s Current Netlore – My favorite, but have your popup blocker enabled.
• HOAXBUSTERS
• Symantec – Virus Hoax Page from the producers of Norton Anti Virus
• McAfee – Virus Hoax Page

These are just a few that I have used recently with great success. I have also used search engines like Google, but you have to be careful with search engines. They can lead you to some unreliable sources of information. You will be able to find reference to a large percentage of your suspect emails using the sites listed above. For those you can not verify, you can put something like “could not verify this but it is funny” at the beginning of the message. Why not take a few minutes to verify something if you were planning on spending a few minutes sifting through your address book picking victims to receive your junk emails? It only takes a few minutes and you become better educated and prevent yourself a little bit of embarrassment. Yes! Your friends might be saying to each other, “I wish that person would stop sending out all of that junk.”

Those on the receiving end of the junk emails will just have to keep a health stock of replacement delete keys for your computer. I would suggest adding the offender to your spam list, but I for one get many valid emails that I do need to read from a number of the people who are habitual junk email forwarders. In the meantime, be patient with them and send them a courteous reply with your findings on the truth about the suspect email that you receive.

Next: Online Truth Part Two: Personal Information Sharing

This message is cross posted on The Land of Ozz

I am starting a series of postings on the subject of Internet Truths. Most of the information in this multi part series is driven by the amount of email that is sent in a day that is total junk. Much of the junk that I get comes from friends, family, and others that I trust. I will touch on subjects like junk email, personal information sharing, phishing, and more.

Here are a few questions that I hope to answer:

How much of what you read is true?
How can you sift through to find the truth?
How much is out of your control?
The series will be cross posted on The Land of Ozz

Read about Google Sitemaps – Google Blog: Webmaster-friendly

Hot off the press this morning.

CNN.com – Microsoft: MSN site hacked in South Korea – Jun 2, 2005