As we've become more and more dependent on email as a means of communicating, we've also had to deal with the ugly side effect of spam clogging up our inboxes. With spam filters and improved security measures, fighting spam has gotten a little easier. But now, there's an even more insidious problem that could be infiltrating your inbox called phishing.

What Is Phishing?
Phishing occurs when a user receives an email falsely claiming to be sent from an established and/or legitimate enterprise in an attempt to trick the user into providing personal information that will be used for identity theft. The message usually claims the receiver needs to “update” or “validate” account information and may even threaten dire consequences if you don't respond. The email typically directs the user to a Web site where they are asked to update personal information, such as passwords, credit card, social security, and bank account numbers, that the legitimate organization already has.

These bogus Web sites, also called "spoofed" Web sites, can be designed to mirror the legitimate company's Web site by using the same logo, colors, etc., so that the visitor doesn't expect any wrongdoing. Once you're at one of these spoofed sites, you might unwittingly send personal information to the thieves. If they have your personal information, they can use it to buy goods, apply for credit cards or otherwise steal your identity.

How To Spot Fraud

If you receive an email from an establishment that you do business with, such as your bank, credit card company, or Internet service provider, there are several ways to test it's authenticity. First off, you should be suspicious of any message that asks you to provide sensitive personal information via email. If there is a legitimate problem with your account, you will typically be contacted via phone.

If you do receive an email asking for your personal information:

• Call the organization to verify that the email was really sent from them.
• Look for misspellings and bad grammar in the message. While an occasional typo can slip by any organization, more than one is a sign that you're not dealing with professionals.
• # If the email refers you to a Web site, look carefully at the URL. It's easy to disguise a link to a site.
• Beware of the @ symbol in a URL. Most browsers will ignore all characters preceding the @ symbol, so this Web address -- http://www.respectedcompany.com@thisisascam.com -- may look to the unsuspecting user like a page of respected company's site. But it actually takes visitors to thisisascam.com
• The longer the URL, the easier it is to conceal the true destination address.
• Other ways to disguise URLs include substituting similar-looking characters, such as a 1 (one) for an “l” or a 0 (zero) for and “o.”

The FTC, the nation's consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

• Don't email personal or financial information. Email is not a secure method of transmitting personal information.
• If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges.
• If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov .

How to Survive a Phishing Attack
Sometimes, even the most cautious people fall prey to Internet scams. You are not alone. In fact, the Federal Trade Commission reported that 9.9 million U.S. residents have been victims of identify theft during the past year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses. If you believe you have responded to a phishing email, follow theses steps:

If you believe you have responded to a phishing email, follow theses steps:

• Contact the organization that you thought sent you the email to confirm or dispel your beliefs.


• Cancel any credit card that you believe could be compromised.


• Close any accounts that you know or believe have been tampered with or opened fraudulently.
  
  
• Report your complaint at www.ftc.gov .

There are many types of attacks that a hacker can initiate against an unsecured system. Some of these attacks can be stopped by a firewall but some are only preventable by monitoring attack attempts on your server and making adjustments to your security as necessary. The following list is a summary of the types of attacks that be waged against your server:

• Remote Log On: This attack occurs when someone logs on to your server and uses its resources or programs (including files and data). Hackers sometimes use this method to attack another network using your server as the offending source.
• Denial of Service: In this attack, the hacker sends a request to connect to a unsuspecting server. When the server attempts to respond and connect, it cannot find the requesting server. By sending repeated requests, the hacker can bog down the server and eventually cause it to crash.
• Viruses: A virus is a small program that spreads from computer to computer, erasing files or crashing entire systems. Some viruses simply manipulate the data on the system while others are more destructive and completely erase all data in the system.
• Application Backdoors: Some programs have a "backdoor" that allows someone to gain access and use their resources. While some programs have a backdoor built into them on purpose, some programs contain bugs that provide a backdoor.
• Operating System Bugs: Similar to the application backdoor attack, this attack uses vulnerabilities in your operating system to gain access to your server and use its resources.
• SMTP Session Hijacking: Simple Mail Transfer Protocol (SMTP) is a method of sending email. Hackers can use your server to send unsolicited email (also know as spam) to thousands of email addresses. This means that your server address will be shown as the sender when in fact it was not you who sent the email.
• Spam: Spam is the electronic version of the junk mail you receive in your mailbox. Most of the time spam is harmless, but occasionally hackers use spam to entice you to click a link that places a cookie on your system that provides a backdoor to your system. This is why many security experts warn against clicking links in unsolicited email.
• Email Bombs: These attacks are often personal in nature as they send the same email (sometimes thousands of copies) to a specific email address until the receiving system can no longer receive any other email.
• Redirect Bombs: Using Internet Control Message Protocol (ICMP) hackers can redirect data and send it using a different router. This is often used when creating a denial of service attack.
• Macros: Many programs allow you to create a macro or "script" of actions to perform complicated or lengthy procedures. Macros are helpful in that they allow you to perform several tasks. Hackers can create their own macros to erase or destroy data, or crash your computer.
• Source Routing: Data packets travel through the Internet using routers along the way to specify its path. Hackers can make data appear as if it comes from within the network (or from your server) when in fact it is coming from a possibly dangerous source.

According to the research firm eMarketer, adware (also known as “spyware”) is among the fastest growing segments of the $6.9-billion-a-year online advertising market. Whether or not you have been a frustrated victim of this intrusive technology, it’s important for you to understand the basics of spyware and how your business can avoid it.

What is “Spyware”?
Spyware is generally defined as any technology that aids in gathering information about a person without his or her knowledge, usually for advertising purposes. Unwittingly downloaded by users, these programs are often covertly bundled with peer-to-peer file-swapping products and free downloads. Virtually unheard of a year ago, the application is rapidly catching up to spam in prevalence. But where spam tends to be mostly an annoyance, spyware is much more insidious. Once installed, the program has the ability to scan files, read cookies, monitor keystrokes, install more spyware programs, and change the default home page of your browser. It can gather names, email addresses, passwords and even credit card numbers.

Spware vs. Adware
The terms “spyware” and “adware” are often used interchangeably, as they both have the ability to track, gather, and report to a third party. One distinction includes that adware tends to be nominally permission-based: After offering paragraphs and paragraphs of a “user agreement” or “licensing agreement” that is filled with legal jargon, the user clicks to accept the download. Of course, few people read—much less understand—these long documents. Whether it’s tracking your actions online or lurking in your computer and going through your information, spyware hides in hard-to-access places on your machine. As it collects data, it sends it back to a central server, or third party business. In the most basic form, spyware programs show you ads—pop-ups or ads on Web pages—but given their potential, the implications for less benign possibilities are clear.

Bad for Your Business
Putting aside ethical arguments and the sinister motivation of applications that can snoop through your computer, spyware also has real effects on your business. Because these programs are going through your information and relaying it back to the sender, spyware applications end up sapping your company’s computer resources, memory and bandwidth. Your network may be more vulnerable to crashing and will be, on the whole, less stable. In some instances, spyware can proliferate to the point where it can slow your system by 10-40 percent! And don’t forget all the time, energy, and annoyance in getting rid of it.

Protecting Yourself: Preventative Measures

1. Pay attention to what you download. The main source of spyware infection is freeware and shareware. When asked to download anything online, always click “no” if you are uncertain of the program. 2. Increase your security settings. Check your browser’s options and make sure your security is high enough to protect you from automatic installations.

3. Delete spam. Something you should do anyway to protect yourself from viruses, getting rid of unsolicited email is now more important. Spyware is increasingly being sent to inboxes.

4. Update anti-virus software regularly.

5. Follow the FTC recommendations outlined in their spyware alert, including:

- Set up file-sharing software carefully. Make sure you aren’t sharing private folders or files.
- Consider using spyware prevention or detection software.
- Close connections after file sharing so you won’t accidentally download spyware.

Spyware technology is growing increasingly sophisticated and its techniques are making it easier for code to get onto individual computers—and harder to find it once it’s there. The good news is that the Federal Trade Commission has started to get involved and may soon issue stricter regulations on hidden downloads. In the meantime, simply be cautious. The majority of shareware and freeware applications are not bundled with spyware, but as usual in business, that ounce of prevention is well worth taking.