Ironically, he wrote an article just this month about a LOT of the things that I wanted to touch on. Here is a sample . . .
Some of you reading this article may have seen news reports of people getting alarming email messages from their friends.
Tales such as "Help, I'm stranded in Nigeria and need money" have come to many people as a surprise in recent months, and the trend seems to getting more widespread. The messages are coming directly from the email accounts of someone you know, and at first glance it may seem real. The truth, once discovered, is that the email account has been taken over (hacked [link]) by a fraudster, and the solicitations for money being sent out are a simple fraud. One question that seems lost in all of these news reports is "how did this happen?" -- Let's investigate this a little further and shed some light into this dark corner.
From Hack To Phish
Hacking covers a wide range of techniques, such as Security exploit; Vulnerability scanner; Packet Sniffer; Spoofing attack; Rootkit; Social engineering; Trojan horse; Virus; Worm and Key loggers; but for the purpose of this article we will concentrate on only one of these, social engineering.
"Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim." (Source Wikipedia: [link])
Phishing [link] of course, comes under the general umbrella of social engineering and is a technique of fraudulently obtaining private information. People may associate Phishing with financial institutions (banks, credit cards and credit unions), eBay, PayPal and others due to a great many reports in press. However, one form of this phishing hides in relative obscurity, and asks not for banking details, but for your email account login credentials. If you get one of these emails, it may actually look very real indeed.To read the rest of this article, go to CyberCrimeOps.com