Safe Browsing: 4. Where the Shadows Lie

Reader Toolbox   Log in for more tools

4. Where the Shadows Lie

Email is the #1 way hackers try to get you to click on something malicious, which is why you have to be on your guard against anything that arrives in your mail box.  

The fastest, easiest way to get something malicious onto your computer is through an email with a bogus link or infected attachment. Often referred to as a "phishing" (pronounced "fishing") emails, they do their best to entice readers to click on links or images in the email and then try to run malicious code on your machine.  I hope that most HASA readers are too smart to click on emails for prescription drugs, porn and bogus "Nigerian" financial deal offers. The more sophisticated phishing scams look legitimate, and are the ones you have to look out for:

  • Login scam. These scams look like they are from legitimate sources, usually financial or social networking.  You get an official looking email with a "Login" button or link. You click, you think you're on the web site, you log in, and the system harvests your login credentials. The most sophisticated ones actually have a redirect script that passes you to the legitimate site and logs you in – using the credentials it just stole from you.

    Another nasty aspect of these login scam programs is that they will quickly go to every popular financial, email, and social networking site and will try your username and password on them. If you use the same username/password combination on multiple sites, these login scam programs will find out and will exploit it.

  • Image/File scam. These scams try to get you to click on something attached to the email, which is carrying malware code. Opening the file executes the code. This one is perhaps the toughest one to overcome because sometimes the email appears to be coming from a friend (whose mailbox has been spoofed or (worse) compromised) so you don't think twice about opening the attachment. This is why you need to have malware detection software running on your system, and why you need to keep your Office and PDF readers programs up to date. Opening the infected files may trigger the code, but your defenses keep it from executing.

To fight the Login Scam emails, follow a simple rule – don't ever use an email link to log in to a web site. Be sure you take the time to bookmark the sites where you have to log in, like a banking site, Facebook, payroll, medical, etc. – anything where you have to provide a password. When you see an email asking you to login, go to your bookmark and login that way, then read the email to see what the problem is. Do not click on any links in it.

To fight the Image/File scam emails, don't try to view them in the email window/reading pane, especially if you are using web-based mail like Hotmail or Gmail. Save them and open them directly with the correct programs (A PDF reader, Word, Excel, etc.), making sure that you have applied all security patches for the program and that you are running malware detection software. If you have any doubt about the attachment, delete the email. If a friend or family member sent it, ask them to resend.

If you use Hotmail or Outlook, you can declare all email to be junk unless explicitly allowed. As with locking down your browser, which we'll discuss later, you'll spend the first week cursing at having to manually identify your trusted friends and email sources, but then you'll rest easy because everything else goes to junk. In the Junk folder, all images are turned off, attachments won't open and emails are displayed in plain text so you can see the real URLs behind the links and buttons. I've been doing Junk-by-default filtering for years now and it is very effective. Other email programs will have something comparable to this kind of filtering. Take a good look at your email program and tighten security down.

Infected Sites

There are some sites that are loaded with malware, waiting for the unsuspecting visitor to click on something, or even just to cruise by. The site that bad email sends you to will be riddled with malware.  Sites where you commonly find malicious code include:

  • Phishing sites. A phishing site is anything that pretends to be something else, like a site that pretends it is part of PayPal. The site itself is malware.
  • Porn. These are the sites most likely to put malware on your system.
  • Music/media downloads. These sites are notorious because they are already operating in a grey zone if they allow free download of copyrighted material.
  • Free anything sites. Of course it's "free". They want you to visit so they can infect your machine. There is some OSX malware out there right now that convinces you to install it because it offers a cute screen saver, for example. That free screen saver then raids your computer for information and opens your ports.
  • Facebook. Turning into a major distributor of malware. Use at own risk.
  • Social networking sites besides Facebook. Facebook may be the biggest, but the others have the same kinds of malware and scams running. Use at own risk.
  • Anything that runs a Flash advertisement. This means even otherwise legitimate sites like a news organization. If the ad moves, it could contain malware. This is why you keep Flash player turned off. The browser section will show you how to turn it off but make it available to toggle back on for legitimate Flash viewing.

When we get to browser settings, I'll show you where to go to tighten security and make the web pages ask you for permission to change things. The best habit you can get into is to keep an eye on your address bar and be very aware of what site you are visiting. When in doubt, close your browser!

This is a work of fan fiction, written because the author has an abiding love for the works of J R R Tolkien. The characters, settings, places, and languages used in this work are the property of the Tolkien Estate, Tolkien Enterprises, and possibly New Line Cinema, except for certain original characters who belong to the author of the said work. The author will not receive any money or other remuneration for presenting the work on this archive site. The work is the intellectual property of the author, is available solely for the enjoyment of Henneth Annûn Story Archive readers, and may not be copied or redistributed by any means without the explicit written consent of the author.

Story Information

Author: Anglachel

Status: General

Completion: Complete

Era: Other

Genre: Research Article

Rating: General

Last Updated: 06/19/10

Original Post: 06/14/10

Go to Safe Browsing overview


No one has commented on this story yet. Be the first to comment!

Comments are hidden to prevent spoilers.
Click header to view comments

Talk to Anglachel

If you are a HASA member, you must login to submit a comment.

We're sorry. Only HASA members may post comments. If you would like to speak with the author, please use the "Email Author" button in the Reader Toolbox. If you would like to join HASA, click here. Membership is free.

Reader Toolbox   Log in for more tools