"Phishing" and other email scams

Here's how it works in a nutshell:

1. Some twerp writes a virus that can infect outdated versions of the Outlook email program on Windows PCs. Person A, a hapless Windows/Outlook user, downloads "cutepuppies.exe" from some random entertainment site, and it infects his or her PC with the virus.

2. The virus grabs a copy of all the names and email addresses from Person A's Outlook address book and silently sends them back to the twerp.

3. The twerp figures that if Person A's address book contains the email addresses of persons B thru Z, odds are that some of persons B thru Z probably know Person A, and also may know each other. So, twerp uses a program to generate mass quantities of enticing emails that appear to be from Person A, and sends them to Persons B thru Z. For good measure, his script iterates through the rest of the address book, making everyone appear to be emailing everyone else. These emails are all relayed anonymously through some mail server in the Balkans and are completely untraceable. This is known as "spoofing" someone's email address -- generating an email that actually originated who-knows-where, but which appears to be from someone real. 

The metaphor is, I send a letter to my mom, but for the return address in the corner, I put my brother's address instead of mine. Now she thinks it came from him. Neither my brother nor my mom has been "hacked." 

4. Person M, say, recognizes the name and email address of Person A, and is thus more likely to believe the content of the email, which might look something like this (really received today, by a staff member of our school, appearing to be from a parent that he knows):


Well, we all use Google Docs here, so this looks (kind of) legit. When I click the link, it takes me to a website that looks like this:



Looks somewhat believable -- has various email providers' logos, on a nice background, although the wording ("to View shared document") sounds maybe a little off for native English speakers. And if you click the Gmail logo, you get the prompt to put in your address and password on the right. 

BUT! Take a closer look at the browser's address bar:


Notice that:

- It does not have "google.com" or "hanovernorwichschools.org" anywhere in the domain
- It does not have the padlock icon indicating that the site is secure
- It is, in fact, not even in the United States (.hr = Croatia!)

Contrast this with the real Google account login site:


The real login site, even if its main graphics/colors may have changed five times this week, has the real google.com domain in the address, and has the padlock indicating that the traffic is encrypted by a trusted Internet security company. (Click the padlock to see details.) The Croatian imitation site is a "phishing scam" which is trying to trick you into divulging your email address and password to a twerp, who would then likely try to use those credentials to get into other things, like online banking, Amazon, etc. because twerps know that people use the same password for different services. We all do it, no one could possibly remember 49,000 unique passwords for all the stuff we use that requires them.

What can you do?

- Get into the habit of glancing at the address bar in your browser, and looking for the key indicators that you're on a legit site; if in doubt, DON'T log in until you've asked someone! If you already DID log in, don't panic -- change your password immediately, and go tell the help desk, right NOW.

- Use a program/service like LastPass or OnePassword to generate unique, secure passwords for all your things, AND remember them for you!

- Do you carry a cell phone? Enable two-factor authentication for services that support it -- Google does. 

Tech staff can help you understand and enable these things. Ask us!
 


So: When you get an email like this, does this mean that the sender has had his email "hacked"?

NO.

There is no implication that the sender has anything to worry about in terms of his email password or his computer. The MOST likely reality is that his or her email address happened to be in the REAL virus victim's address book. The sender can do literally nothing about this, other than warn his email acquaintances not to open emails like the one shown above; he/she can't stop them from being sent, and he/she can't stop them from looking like they came from him or her. It's just the nature of the Internet.