I Get Asked the Darnedest Things – Including How to Protect Ill-Gotten Gains

March 5, 2012

I recently spent a week teaching several hundred students, teachers and parents in several schools and school districts across North Carolina. The sessions are always great, but since there is never enough time to answer everyone’s safety, security and privacy questions, I encourage listeners to leverage the “Ask Linda” section on my website.

The questions I typically get asked range from “is_____ a strong password”, to questions about situations that need immediate intervention. However, among the many follow up questions from this trip came my first request for assistance in protecting stolen funds. The audacity and irony in the email are just too good not to share, so with identities hidden, here’s the original email – and my response. Enjoy.

On 12/16/2011 “Michael”:

Today, you spoke my school (xxxxx).  The talk was the best I have ever heard at a school event because during 2009-2010 I recovered other people’s old RuneScape accounts.  I learned many ways to look up people, many of which you mentioned today.  I have since stopped recovering because many people have found out this easy way to make money and so there are far fewer unused accounts to steal. I also did a fair bit of phishing on the system pelican (fish.in.rs) which is a mass mailer of runescape phishers, so all I needed was an email address owned by a scaper.

Since then, I have been sitting on a few thousand dollars worth of RuneScape currency. With college coming up, I am hoping to sell this on the RuneScape black market sythe.org .  The preferred method of communication of most members is MSN which I saw on your website that you used to work for.  One of the questions I had for you is: can another person that is chatting with you on MSN get your ip address?  I have heard many hackers claim they can get ips through skype, MSN, and email communications.

On another note, I plan on majoring in mathematics and becoming an investor.  However, I am wondering what classes are recommended to become an internet security consultant such as yourself.

Enjoy your stay in North Carolina,




The answer to your question is yes, MSN or windows live uses the Microsoft notification protocol that carries the client IP address in some of its headers. While I’m pleased that you found my internet safety, security and privacy presentation to be useful, I’d say that given your phishing and account theft activities the field of security is not the right one for you, and recommend you stick to investing.



Commtouch’s Internet Threats Q2 Trend Report Another Sobering Read

July 22, 2011

Bad news always outweighs the good when talking about online security, and a new report from Commtouch just underscores this point.

The good news is that spam volumes are down nearly 30%, to a measly 113 billion a day, thanks to the takedown of the Rustock botnet.

That includes a downturn in pharmacy spam though this category still represents 24% of all spam.

The bad news on the spam front is that spammers are now using compromised email accounts – so expect more spam coming from friends and family’s accounts.

Additionally, the report found that zombie activity skyrocketed with an average turnover of 377,000 new zombies per day targeted at sending malware and spam. This represents a 68% increase over zombie volumes in the first quarter of the year. India remains the top zombie producing country now hosting 17% of the global population, followed by Brazil and Vietnam.

Whether or not you think of pornography as ‘dirty’ the websites hosting porn really are dirty. Pornography and sexually explicit content sites rank highest in the most-likely-to-contain-malware contest, followed by parked domains and portals.

Education websites interestingly enough come in fourth place for categories infected with malware ahead of entertainment and business. This may be because scammers are smart enough to suspect users will be less cautious on educational sites, or the reason may be that educational sites aren’t very well protected and make easy targets.

The bottom line

Criminals continue to increase the number and creativity of their exploits; letting your guard down for even a moment increases the likelihood that you’ll be their next target.


SCAM: Charles Schwab Alert: Sign-In Online Banking Access Locked

September 9, 2010

This scam has a lot going for it. The scammer has gone to quite a bit of effort to make it look legitimate. They used a plausible color and shape for the formatting, there are only a couple of subtle errors in the text, and there are no sensational warnings or exclamation marks.

This scam would have been obvious I had never had a Charles Schwab account, but at one time I did have a Schwab account. If I wasn’t careful I could have been caught thinking that perhaps that account wasn’t properly shut down. However, I do know I haven’t been trying to access that account, so I could not have exceeded the number of attempts allowed. But what if the email makes me worried? If I am concerned that the account wasn’t properly shut down, I could worry that someone was trying to hack my old account and respond.

Smart scams like this underscore the necessity of knowing how to properly respond to any email you may receive, because sometimes the professional look may be perfect.

Test Your Skills

You should be able to find at least six red flags that tell you this e-mail is fraudulent. Scroll down to see the picture below with the answers, but try to find them yourself, first. If you find five, you’re a pro with little to worry about. If you find fewer than four, consider practicing on some more of our spam scam examples.

Here are the clues that this is a scam:

  1. The email is not addressed to me. If I was truly being notified by Charles Schwab that there was an issue with my account, they would know my name.
  2. Again, they don’t know my name, “Dear Customer” isn’t an identifier.  And the words Online Banking are capitalized throughout the text.
  3. I haven’t attempted to sign into a Schwab account, so could not have exceeded the number of attempts allowed.
  4. It says “Please visit www.schwab.com/activate Reset Account your account.” It doesn’t make sense, and certainly should have bolded text, but since most people scan emails quickly, an error this small usually doesn’t get noticed.
  5. Here is the crux of the issue. A smarter scammer could have corrected all the previous mistakes, including knowing my name and email address, so nothing would have triggered your alarm bells. What you’re being asked to do in this point is what will determine whether you fall for the scam.

See how they try to reassure you? They encourage you to confirm the email is from Schwab….. by using the link they provide. Look at the 6th flag, this shows the true email address displayed when you hover your mouse over any link on this page. See that the website is actually http://almall.us? The scammer added the words /schwab.com/ after their website’s true name in an attempt to look legitimate, but this site is anything but legitimate

You do not have to be a super sleuth to avoid this or similar scams. Applying two actions consistently will protect you from these.

  1. Install or activate a web tool that will identify malicious sites for you. I happen to use McAfee’s FREE SiteAdvisor tool (NOTE: I am not paid to use this product or endorse it), but there are options within your browser you can activate, and other free services you can choose from. To show you how this protection works, I clicked on the link in the email – don’t try this at home – and SiteAdvisor blocked my browser from taking me to the site and provided a warning. (See image below.)
  2. Drive, don’t be pulled. Stay in the drivers seat by getting to Schwab’s site by yourself. If you use Schwab, you may already have a bookmark for the website you can use, if not, use a search engine and type in Charles Schwab, then use the link from your search engine to go to Schwab’s site.

This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ‘bank manager’ on the phone) may be a very convincing copy, and all your information will be stolen and abused.

I had to laugh when I saw that within 5 minutes of receiving the Schwab scam, I received a second one with the same title – just using a different bank.

Opening this one, you can see it is far less sophisticated. There is no fancy formatting with the banks logo, the grammar is poor and there are weird characters interspersed, and it suffers from an overall lack of sophistication.

Far fewer people would fall for this version, but it is the same scam, even directing potential victims to the same http://almall.us site.

Simple precautions will determine how safe your online experience will be.