Fraudulent email scams have upped the ante in their realism and ploy for urgency. The hard-hitting scams present themselves as the delivery services UPS, FedEx, and DHL, claiming that you’ve received a package.
Next, they want you to click on a link, or open an innocent-looking attachment of what appears to be a Microsoft Word document, or enter a legitimate-looking tracking number to check on your mystery package.
Hard to resist, right?
Once you’ve clicked the link or opened the attachment, it is impossible to resist. By doing so, you’ve enabled the Trojan program to install itself so it can read your files, extract your confidential information, and then transmit all the goods to a server somewhere in the email-phishing hinterlands.
A Trojan differs from a virus in that a virus replicates itself – yep, just like in World War Z – and sends itself to other computers, whereas a Trojan is sent out by someone, often in a spammed email, and then installed by the unsuspecting victim.
Like the Trojan Horse in Greek mythology, a Trojan hacking program is hiding something that’s designed to attack you once it’s inside your system.
It hides within the phishing (as in phishing for information) email, which looks absolutely authentic, and because your curiosity is piqued – what can it hurt? – you go ahead and click. You thereby install the Trojan and begin the spiral into doom.
Your DNS records can now be modified and redirected so that incoming Internet traffic goes through the attacker’s servers, where it’s hijacked and injected with malicious websites and pornographic ads.
When a client of ours inadvertently installed a Trojan after receiving a UPS email, he called Super Savvy Carolyn to warn her about his doomsday fall. He continues to work with an IT professional who was able to retrieve some of his data.
The UPS email looks something this. As with both the UPS and DHL phishing email scams, when you hover your cursor over the link, the fake link is revealed, not a valid UPS or DHL link.
When I received a DHL phishing email, I remembered the all-important rule of thumb for attachments and links. When in doubt, go to the website directly.
I went to the DHL website, entered the tracking number, and discovered that it was an invalid number – duh! I also found their fraudulent email alert on the homepage. A happy ending to my story.
If you’re unsure of your own story’s ending and are concerned about a Trojan infection, this US government-certified publication outlines the steps to take. Go to the US-CERT site (Computer Emergency Readiness Team) for more security tips and how to know if your computer is infected by a Trojan Horse or virus.
How to Avoid Infection from the Get-Go:
1. Know what you’re downloading and clicking!
Only download from trusted and well-known sites. Go directly to the website of the entity in question rather than the attached link. Don’t trust a pop-up or other unknown source for downloading anything.
2. Don’t go to untrusted or suspect websites!
Remember the rule for expiration dates and food items? It’s the same here.
When in doubt, throw it out!
3. Install a security software system!
If you own a Mac, use the Mac OS X’s built-in Firewalls and other security features. If you download a lot of media and other stuff, try ClamXav for Macs. For PCs, be sure to run up-to-date antivirus software like Norton Antivirus, and check out Mashable’s 5 Best Free Antivirus Software Options.
If you are unsure whether or not the program you downloaded or clicked on is infected, do a quick Internet search to see if other users reported issues after installing a particular program.
4. Avoid peer-to-peer file sharing applications!
By that I mean not only the obvious Napster-type of music file sharing, where you download often pirated small bits of files from many sources at the same time, but other sites as well.
Facebook, Twitter, Pinterest and YouTube are also vulnerable to malicious hacking. Links posted on these social networking sites are increasingly connected to malicious software.
The Facebook video masquerade and the Facebook bank account draining malware are two examples of cyber crime targeting social media’s most popular site. According to Symantec’s 2013 Internet Security Threat Report, “the number of phishing sites spoofing social networking sites increased 125%.”
Follow these tips to stay one step ahead of malware and Trojan Horse email and be safe from its hidden assault.
Flickr Creative Commons horse photo by Robin.