But, seriously, folks, it’s also National Cyber Security Awareness Month, and C&IT is taking the occasion to ‘raise awareness’ of phishing as an internet danger.
Most people now know what phishing is: an attempt by crooks to get you to visit a website or download a file to your computer that will infect your computer (or your smartphone, or tablet) and either steal data from it or use it to send additional spam, or even help launch Denial of Service attacks.
In 2012 most users have no idea what their computer (tablet, smartphone) is doing ‘behind their backs’. For example, tiny files are deposited on your computer all the time when you visit websites (these files are called ‘cookies’, and they make it easier for you to log in to Wayne Connect, or order stuff from Amazon, or buy airline tickets). Unless you’re geeky, like some of my colleagues, you have no idea what cookies your computer might be harboring, and that’s generally not a danger.
But some websites put much more malicious items on your computer. For example, programs that snatch control of your computer and use it to send out spam. Even porn-based spam. Or the program might send out tens of thousands of messages to a particular, targeted website (say Walmart, or the White House). If enough infected computers do this, the net effect is to break the targeted website so it can’t function. These attacks are called Distributed Denial of Service (DDOS) attacks, and programs downloaded without your knowledge are used to do this.
Another way that your computer can be seized (metaphorically) is through opening attachments that are designed to do the same thing–surreptitiously put programs on your computer. And we all get messages saying things like ‘please see the attachment for important information’ or something like that.
Now, you may think you’d never fall for these tricks, but in early September several of your Wayne State colleagues did, and their computers were ‘pwned’ (cute internet slang for ‘taken over by cybercrooks’) and sent out tons of spam. As a result all of Wayne State email was marked as spam by Microsoft (who run Hotmail and its successors), and nobody at Wayne could contact anyone with a Hotmail or .msn address. Many of us were handicapped by this until we could persuade Microsoft that we were good guys after all.
So, C&IT is going to be running a campaign to teach folks how to recognize phishing messages and what to do when you receive one. And this blog entry is one of the opening salvos in that campaign. Anticipate hearing lots more about this, including an exciting contest with clever prizes.
And happy National Bullying Prevention Month.