Tuesday, October 20, 2009

Defending Against a Keylogger Phishing Scam...

Still reeling off my email account getting hacked last month, another cyberattack has been brought to my attention. An IT manager and friend of mine describes how his office was attacked last week by a keylogger phishing scam.

Keyloggers are programs that record every keystroke you make and send that information back to malicious users over the internet. A keylogger phishing scam is when a keylogger program is installed on one's machine after clicking through a link in an email or visiting a website that falsely claims to be an established enterprise, but who's real purpose is just to acquire your passwords, account numbers, and other personal info.

My IT manager friend had the necessary precautions in place. Anti-virus software was installed, his users knew not to download and install things off the internet, and Web of Trust was installed on all of their PCs. In the end, none of it mattered. All it took was one person receiving a seemingly innocent email which, when clicked on, installed the keylogger program and, shortly thereafter, his office passwords had become compromised.

What's to be done in this situation? It's the same thing I had to grapple with myself a few weeks ago. First, immediately change all of your passwords, but make sure to do so on a separate computer. Otherwise, the keylogger will still record your new info. Second, re-format the hard drive by re-installing the operating system (which is a major pain in the rear-end, but necessary). Finally, make sure to keep your users regularly informed of best practices and what to look out for - whether that's your wife and kids at home, or members of your department at work.

A strong example can be found in the email following the attack on my friend's department...

Fishing scams and targeted attacks like the one this morning are almost impossible to avoid without knowing what to look for. As a general rule, never follow a email link without double and triple checking the URL in the browser (It will be disguised in the email). Also never download and install software via a email link, no matter how convincing. Your virus software will not always protect you!

Keep in mind Virus software is marginally effective and will not always find a virus, especially new ones. So keep vigilant and install Web of trust.

My guess is that the scammers of this morning were looking for email account passwords or bank passwords via key logging software (which you would have to download and install yourself). Once installed they can see anything you type.

I've said it before. Ultimately, we're all vulnerable and relatively helpless against such attacks, even when all of the usual precautions are taken. The best we can do is educate ourselves and remain vigilant so that when bad things inevitably occur, we can react swiftly and effectively, and minimize the damage wrought.


At 7:12 AM, Anonymous Anonymous said...

Choice at you uneasy


Post a Comment

<< Home