E-mail is being used for communication by businesses and individuals, and by cybercriminals for online attacks affecting everyone when not used carefully. Proofpoint, a security firm, has enumerated its 2009’s top 10 terrifying e-mail blunders:

• Trojan Horse Steals Bank Accounts – URLZone, a banking Trojan horse, was reported in September. It steals money while users are logged in their accounts displaying a fake balance. Computers get infected when you click a malicious link in an e-mail or visit a website with hidden malware. It also keeps your bank account login credentials, take screenshots, and sneak on your other web accounts like Facebook, Gmail, Paypal and more.

• FBI Forgery- FBI Director Robert Mueller’s wife prohibited him from doing online banking transactions after he had given his personal information to a phishing website. He received an email from what he thought was his bank verifying his information. He even filled out some information but realized in the end that it was not a good idea. So he changed his passwords and told the incident to his wife. That incident did not stop Mr. Mueller’s  from doing his online activities.

• White House Spam – It took place in August when the White House sent thousands of e-mail messages to Americans explaining its stand on the controversial health reform issue. It was spread through an e-mail account to create and dispel rumors. Nevertheless, the White House admitted that it was an unsolicited e-mail and blamed third-party groups for the mass e-mail.

• Hotmail Phishing – In October, thousands of Hotmail accounts were compromised where passwords were posted on some websites where developers normally share programming code. News site Neowin was able to see the list which had been removed and reported to Microsoft about the issue. In this particular phishing scam, the hackers sent out the list of the e-mail accounts with the letterhead of banks, eBay and other institutions, to convince the consumers that they have to reset their online passwords to their websites for security purposes. As soon as Microsoft discovered the scam, they blocked thousands of Hotmail accounts believing the accounts have all been hacked.

• Start-up Suicide – RockYou, a social media advertising and application start-up, sent out a mass e-mail to their customers and associates announcing their new site redesign last September. Instead of using BCC: in sending the e-mails, RockYou displayed the entire mailing list of over 200 e-mail addresses in the CC: field and those e-mail addresses ended up on a spammer’s list. After two months, RockYou sent another mass e-mail using a mailing list asking contractors to provide information for their W9 tax forms. Unfortunately, some people unintentionally send personal information to the entire mailing list.

• Gmail Account Deactivated – Last August, Rocky Mountain Bank in Wyoming sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address by mistake. Realizing what they did, the bank e-mailed the same address asking the recipient to contact them and destroy the sent file without opening it but they didn’t receive a respond. The bank contacted Google asking for the account holder’s information. So, Google received an order from U. S. District Court Judge James Ware of the northern district of California deactivating the e-mail account and disclosing the identity and contact information of the Gmail account holder. The said Gmail user has not done any wrongdoing. From then on, anyone from the bank is advised to be watchful when sending e-mails and typing in the TO: field an e-mail.

• Payroll Panic – PayChoice, a payroll processor, was the victim of a website breach in September. The customers received targeted e-mails claiming to be from the company. The said e-mail is used to trick people into downloading malware or visit a website that will allow them to access the Onlineemployer.com PayChoice portal. The site was shut down and clients were notified within hours. The e-mails were spread through a Yahoo account with the links hosted from servers in Poland.

• UK Tax Error – HM Revenue & Customs, Britain’s tax authority, warned the people about scam e-mails using fake government e-mail address to convince recipients into revealing their personal information to receive a tax refund in return. Those e-mail messages are claiming that recipients were entitled to receive a tax refund, so they have to give their bank or credit card details so that their refund could be paid out. HRMC stated that they would never inform tax rebate through e-mail like most of the legitimate business and government organizations do or invite the people to complete an online form just to receive a tax rebate.

• Death, Taxes and Phish – In September, a fake e-mail notice was widely spread attacking against businesses and individuals and was claimed to come from the Internal Revenue Service. According to US-Cert, the attack was hidden in a fake e-mail with a subject line of “Notice of Underreported Income” which contains a link or attachment infected with a Zbot/Zeus Trojan virus. It is a program which steals credentials for banking login information.

• UCSD Message of Acceptance by Mistake – University of California San Diego mistakenly sent the same message of acceptance to all 46,000 students who took the college entrance where there are only 18,000 students who passed and accepted in the said university.

How Techie Now Can Help?

E-mails are being used to communicate for personal and business purposes. Cybercriminals also use them to steal one’s identity and money. So computers’ users must be careful when opening attachments or links in their e-mails because it might infect their PCs or steal their information especially if the computer is not protected. To protect your computer from any online attacks, contact Techie Now: virus and spyware removal, performance optimization, installation and configuration, and general repair. Techie Now assists your PC needs better than what others do.

www.TechieNow.com