Where DOES that link really go?

One of the things I always caution my customers about is clicking links in email messages. Just because a link says it's going to http://www.foxnews.com, doesn't really mean that it is. (Yes, it's safe to click on the link - would I send you somewhere bad?)

One of the easy ways to check where a link is actually going, is usually in your browser or mailer window. If you read your email in a browser window, there's usually a link identifier somewhere in the window (in IE and Firefox, it's down at the bottom-left of your browser window) which will tell you where the link is actually going. In your mailer, there's usually a similar function. In Outlook, for example, you need to hover over the link for a second or so, and the actual link address will pop up over it. If it isn't a site that looks right, you probably don't want to click on it.

Why does it matter?

Why? Because the link could redirect you wherever they want to. It could be a malware site (see this link for a demonstration of how that might work), that actually does something to your computer, like install a trojan. Or it could be a phishing site, trying to fool you into revealing something about yourself, or your web accounts. These are typically sites that look like the real site, and convince you to enter your username and password, which they can then use to access your accounts later.

How can you tell?

How do you tell if a site looks right? Well, that can actually be tough, because the bad guys... well, they don't want you to know. So it might look something like this: http://tyza91.sezkmvob.cn/?nuglmukj=yykyeumeop&pjwa=bef2e5ced686&qmobpqoani=roepyh, which just looks like it has so much random junk in it, that you may not be able to tell where it's from. Or it might say something like http://onlinesecurity.wachovia.com.fraud.ur.pl, or http://fraud.prevention.br/bankofamerica.com/security, all of which could look very serious when looked at casually.

But a closer look reveals an important clue, if you know what you're looking for: The most important parts of the website address, most of the time, are the last two dotted sections. Let's look at the URLs. The ends of the dotted sections are:

• sezkmvob.cn
• ur.pl
• prevention.br

Now I don't know what the first one is purporting to be (I pulled it off a spam message I got, and modified it so it doesn't really go anywhere I know of), but I do know that the server location is CN - China. The other two are intentionally fraudulent. They're using the name of a bank somewhere in their URL, in order to make you believe that they're from that bank. But looking at the domains from which they actually come, show us that one is from a domain in PL - Poland, and the other is from a domain in BR - Brazil. It's pretty unlikely that either of these are from the banks!

So a little bit of care in watching what you click, before you click on it, can save you from a world of hurt.

That said, there is an additional wrinkle involved, which I'll save for another post. In the meantime, be safe!

Tagged.com - The Non-Virus Virus

This morning, I received an email message from a service called Tagged.com. In fact, I received about 8 email messages from them, telling me that there were pictures they wanted to share, and that I'd been "tagged".

Now, the email service that I use has some pretty decent spam filtering, so I was a bit intrigued as to how it got through, since it didn't really seem on the up-and-up. So I loaded up Firefox in a Sandboxie sandbox (and if you don't know what that is, let me know - you should!), and checked out the site.

Tagged.com promotes itself as a social networking service, with all the usual blah-blah. It then explained that I needed to sign up in order to see the content it had promised. I clicked on the sign up link, and looked at the form. I was looking for the Terms of Service checkbox that almost everything has, and lo and behold, it was there on the bottom of the page.

I make it my practice to at least skim through the TOS on just about everything I sign up for these days. It's fascinating what you discover, and frankly, it's something more people should be doing. Here's what I found interesting in Tagged.com's TOS:

E) Notice Regarding Commercial Email

MEMBERS CONSENT TO RECEIVE COMMERCIAL E-MAIL MESSAGES FROM TAGGED, AND ACKNOWLEDGE AND AGREE THAT THEIR EMAIL ADDRESSES AND OTHER PERSONAL INFORMATION MAY BE USED BY TAGGED FOR THE PURPOSE OF INITIATING COMMERCIAL E-MAIL MESSAGES.

I read this as meaning, "You're giving us permission to use your email address to spam other people." And my guess is that's exactly what happened. I don't think that the person who sent me the email actually intended to "invite" me, per se. I think they just sent me out an email, from her personal address. Perhaps she used their handy "upload your contacts" feature, or something like that.

And all this from a site that promotes itself as being for teen use... giving out personal email addresses - sheesh...

In any case, this means that this spam wasn't due so much to infection, as it was part of the service she signed up for. And since I did turn out to know her, she sailed through my spam filters.

I'm not a lawyer. I don't even play one on TV. But the bad guys will continue to use laws against the generally law-abiding. Know what you are agreeing to. You could regret it otherwise.

Keeping Patches Current

Patches? We don't need no steenking patches!

This seems to be the attitude of many business people, regarding their computer systems. But keeping your machines updated is a critical part of their regular maintenance. Kind of like dusting them out, or washing the keyboards in the dishwasher. (Don't actually try that one, although I do know of people who have done it!)

Why don't they keep their computers current? For some, it's the fear that something will suddenly go wrong with their computers, and their business software will just stop working. For others, it's just the bother of having to go around to all those computers, and do the updates, especially since things seem to be working as they are. Many people are convinced that their machines are set to automatically update, and therefore must be current... and by the way, what does that little yellow shield in the tray mean, anyway? And let's face it... some of us are just lazy, especially when it comes to dealing with things we really don't understand anyway.

But small business owners can't afford to be lazy, when it comes to our security. For most of us, our entire businesses are on our computers. When they're down, we're down; we're not making money, or we're severely hampered in our ability to do so.


How important are they?
Remember the Conficker worm that caused everyone to panic, back in March and April? It spreads, mostly, through a security flaw that Microsoft patched in an update made available back in October 2008! Well, according to industry pros, including Symantec, there are still some 50,000 new machines infected every day! Many, if not most, still don't have the patch installed that would have prevented it.


What should we know?
Well, for one thing, that little yellow shield often means that your machine is not up-to-date, no matter what the auto-update settings are. Many people have their machines set to download, but not install updates automatically. And there are many updates and patches that want user-interaction, and just won't do the automatic update without it. Often, these are required in order for other updates to be installed - if you don't install them, you don't even know about the others.


Security vulnerabilities cost money
In fact, they cost a lot of money. A Computer Economics article, from 2007, showed damages of more than $13 billion almost every year since 1999, and that data's already aging. Malware costs companies in equipment, in professional services - like the computer technician who has to come in to fix the problem, or the attorney who has to defend you and your company from claims that you did not make adequate efforts to protect customer data - and in time... lots and lots of time. Time that the computers are out of service; time that the users may be sitting around idly.

Keeping your machines updated can prevent many outbreaks, by locking down the vulnerabilities before malware is commonly available to exploit them. Keeping them updated can save you money!

What about the concern that some of your business software will develop problems, after an update? Well, if you're running old software, this actually could be an issue. In some cases, it's actually necessary to roll back a security update on a particular machine, until another solution becomes available. Perhaps there's a patch provided by the software manufacturer to address the problem. Maybe you need to consider an upgrade or even a replacement to your current software. A consultation with your technology advisors can help you to make the appropriate business decision.


Deployment difficulties
Software update deployment can be a real pain, especially for a small business with a lot of computers. It can take hours to get around to each desktop, downloading and installing updates. Again, your technology advisors can be very helpful here. Updates, and even new software packages, can often be scheduled and deployed to hundreds of machines, automatically.

This can help the lazy among us too. You don't have to remember to install updates and patches, because you've got someone else doing that for you, automatically.


You need to know
Like everything else in your business, information is key. How do you know if your computers are all up-to-date with their security patches? How do you make sure they get deployed without causing you a lot of time, trouble, and headache?

By contacting companies like Working Nets, of course! (Hey - it's our blog. You can't expect us to completely avoid the occasional shameless plug!) Give us a call to learn how our new Managed Services Program can help you make sure that your systems are up-to-date, and much more!