Anonymous Valentine

Just to show that I’m not an old stick-in-the-mud and to prove that I can move with the times, I sent an anonymous Valentine Card… by email !

Secure site “Timed Out” ? Beware of “Tab Napping” !

While logging in to my emails today I spotted a news item which highlighted a new, very sneaky form of phishing…. “Tab Napping“.

From the original Yahoo Finance article I read…

How does it work? By replacing an inactive browser tab with a fake page set up specifically to obtain your personal data – without you even realising it has happened.

Believe it or not, fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.

So don’t assume that after you have opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a time while you use other windows and tabs. Malicious code can replace the web page you opened with a fake version which looks virtually identical to the legitimate page you originally visited.

Two other articles, very similar to each other, can be found by following these links….

http://www.pcworld.com/article/197172/Tabnabbing.html?tk=rss_news

http://www.eweek.com/c/a/Security/Tabnapping-Attack-on-Web-Browsers-Makes-Phishing-Easy-673653/

Take care !

But define what you mean by “Security”…

I have many sisters (long story), but haven’t had any contact with the one who lives nearest to me for almost three years now.  Not a problem.

You, dear reader, need no more information than that to understand that I was somewhat surprised to receive an email from her a couple of weeks ago !

However, on closer inspection it became obvious that this email was, in fact, spam. I duly clicked on the appropriate button to inform my email host of the fact and thought no more of it.

Last week I received another, even more obvious, spam-mail which was using her email address and it received the same treatment.

But today I received a different email, again from her address, in what I consider to be a very business-like font, and I present the text below verbatim (with the exception of her email address) for you to read.

Subject: email account hijack
This email account has been subject to hijack, generating spam advertisement emails for iphones and electronic equipment.
To protect your email address from further abuse, the personal contacts list will be deleted shortly.
Personal email account holders:
DO NOT OPEN ANY FURTHER EMAILS RECEIVED FROM THIS ACCOUNT.
The account ‘xxxxxxxxxx@hotmail.com’ will no longer be used for personal communications to individuals. It will remain open for non-personal business communications only.
Please contact the user by telephone to obtain new email account details.
Sincere apologies for any breach of security which this unfortunate incident may have caused.

The first thing to note about this email is that (where I have put xxxxxxxxxx) her email address was actually mis-spelled by the omission of one letter.

The second thing to note is this…. the remainder of the header to the email…

From: My Sister (xxxxxxxxxxx@hotmail.com)
To: ………

… at which point, all NINETY email addresses from her contacts list were there for everyone to see and share !

Quote… “Sincere apologies for any breach of security which this unfortunate incident may have caused.“… Unquote !

DEFINE WHAT YOU MEAN BY “SECURITY” !

I assume that this problem is being sorted out by someone at Hotmail…. someone who has never heard of BCC … BLIND COPY !

What hope in hell does anyone have of beating spam when even Hotmail are plastering people’s email addresses around for all to see ?

Tip: For all of you who like to forward all those “funny” emails you get to lots of your friends, do what I do.

  1. Set up a new contact in your contacts list (address book, or whatever it is called on your system), name it something like “Me Here” (literally !), and put your own email address in it.
  2. When you want to forward something on to more than one person, send it To “Me Here” and BLIND COPY (not just COPY) it to everyone you actually want to send it to. (On some systems, such as Yahoo, you may have to click somewhere hear the header to open up the Blind Copy [BCC] option).

You will get an extra copy of the email yourself, but that is easily deleted and you are doing your bit to cut down on the number of email addresses contained in the email.

If you’re a real trooper and spam-hater you could also do what I do and, rather than just forward the email willly-nilly you could Copy the actual relevant part of it, without everybody’s email addresses and all the footers which are already in it, paste that into a “New” email, and then do what I explained earlier.

It only takes a moment or two.

Or is that asking too much ?

%d bloggers like this: