Is it just me, or does it seem that we are all suddenly very vulnerable online? Maybe my feelings of dread stem from recent news reports involving privacy and credit card security breaches. I just know that lately, I’m thinking twice before using my credit card or giving up any information about myself online.
But I’m also not willing to become a Luddite, ditch the computer, and switch to living a cash-only life off the grid (What, no Amazon.com??? No Netflix???).
My friend, Doug Greenwood, recently started a Facebook page called North Tahoe Computer Coalition, where he has been posting ideas on how to keep our collective information safe, and other food for thought for yacht computer users. In a February 1, 2014 post about why he started the page, Doug says, “There are too many vulnerabilities out there on the Internet and as I see them trying to attack me personally, or if I hear about security breaches, I will post them for others to watch out!”
Doug may sound a bit paranoid, but he’s actually a very savvy computer programmer who knows what can be done with your information if it gets into the wrong hands. And he wants to share his concerns with the rest of us, possibly saving some of us a lot of trouble in the future.
Doug’s February 2 post talks about email spoofing. That’s when someone sends a fake email with a forged sender address. And I'm passing this information on because it could affect your vessel email addresses and invade your yacht computers.
Here’s how Doug describes email spoofing: “You think an old friend or your mother in law just sent you an email for the first time in 10 years! That is fantastic! So you open the email and click on the link in the email message. Then, bang! You are hacked.”
Most people think if they get an email from an address they know, the email is safe to open and all links within it are legit. But these emails are actually sent by Malware like Klez and Sober from computers that have been infected. They often have a weird, cryptic message written in a style that a real sender would not use, along with a clickable link. DO NOT CLICK ON THE LINK!
“Klez and Sober will search for email addresses within the computer they have infected,” Doug says. “Once the virus grabs hold of the address book, it's over. Those addresses will then be used as targets for email spamming.
Email spoofing is so effective because the “From” field in the email you receive has a familiar address. You open it, thinking it’s from someone you know, not an email-spoofing piece of Malware."
Wikipedia's Email Spoofing page describes a slightly more complicated schenario:
Alice is sent an infected email and then the email is opened, triggering propagation.
The worm finds the addresses of Bob and Charlie within Alice's address book.
From Alice's computer, the worm sends an infected email to Bob, but forged to appear to have been sent by Charlie.
In this case, even if Bob's system detects the incoming mail as containing malware, he sees the source as being Charlie - while Alice remains unaware of the actual infection.
Ultimately, it's up to you, the computer user, to block malware from entering your yacht computer system via email spoofing. As Doug Greenwood advises, "When you see an email sent from your old friend in upstate New York that you haven't spoken with for 25 years, think a bit about the reality of that person *really* sending you an email.”
And instead of opening it, look the person up and message him using Facebook or LinkedIn. You'll be glad you did!