1 00:00:00,320 --> 00:00:02,960 Speaker 1: Brought to you by the reinvented two thousand twelve Camray. 2 00:00:03,240 --> 00:00:08,840 Speaker 1: It's ready. Are you get in touch with technology? With 3 00:00:08,920 --> 00:00:14,440 Speaker 1: tech stuff from how stuff works dot com. Hi, everybody, 4 00:00:14,480 --> 00:00:17,000 Speaker 1: welcome to the podcast. My name is Chris Pollette. I'm 5 00:00:17,040 --> 00:00:19,079 Speaker 1: an editor here at How Stuff Works, and sitting next 6 00:00:19,120 --> 00:00:22,320 Speaker 1: to me, as always, is senior writer Jonathan Strickland. Hey there, 7 00:00:22,960 --> 00:00:25,680 Speaker 1: that was just for you, Chris. Thanks welcome. I appreciate 8 00:00:25,760 --> 00:00:29,120 Speaker 1: that you sure. Are you sure that's you and not 9 00:00:29,240 --> 00:00:32,159 Speaker 1: somebody else? I'm pretty sure it's me this time. Uh, 10 00:00:32,600 --> 00:00:35,400 Speaker 1: they look like you, but I can't. Yeah. We wanted 11 00:00:35,440 --> 00:00:38,400 Speaker 1: to talk today about kind of an insidious problem that's 12 00:00:38,440 --> 00:00:41,560 Speaker 1: on the internet, although it didn't officially you know, start 13 00:00:41,560 --> 00:00:43,600 Speaker 1: on the internet. It's actually older than the Internet is. 14 00:00:43,960 --> 00:00:47,320 Speaker 1: But we're talking about phishing scams, and that's fishing with 15 00:00:47,360 --> 00:00:52,120 Speaker 1: a pH Yeah, that's true. Um, the these these are 16 00:00:52,240 --> 00:00:56,840 Speaker 1: social engineering scams. There. They're little ploys designed to trick 17 00:00:56,920 --> 00:01:00,320 Speaker 1: you into giving away your personal information. Yeah. And the 18 00:01:00,400 --> 00:01:02,480 Speaker 1: bait that they use, which is part of why it's 19 00:01:02,480 --> 00:01:07,319 Speaker 1: called phishing, is uh, it usually plays usually plays upon 20 00:01:08,000 --> 00:01:13,880 Speaker 1: your baser personality traits. Let's say like greed. That's a 21 00:01:13,920 --> 00:01:16,319 Speaker 1: big one. In fact, that's probably the main one, but 22 00:01:16,400 --> 00:01:19,640 Speaker 1: other ones like Vanity also play a part in certain 23 00:01:19,760 --> 00:01:23,600 Speaker 1: uh phishing scams. So let's let's talk about a couple 24 00:01:23,640 --> 00:01:26,959 Speaker 1: I wanted to talk about probably the best known scam, 25 00:01:27,400 --> 00:01:30,039 Speaker 1: especially when it comes to email scams, which is the 26 00:01:30,160 --> 00:01:34,520 Speaker 1: Nigerian email scam or the four one nine scam. Well, 27 00:01:34,560 --> 00:01:39,080 Speaker 1: you know, I was actually contacted by somebody in Nigeria. Yeah, 28 00:01:39,200 --> 00:01:41,560 Speaker 1: and they said if I just gave them some personal information, 29 00:01:41,600 --> 00:01:46,080 Speaker 1: they would uh millions of dollars. Yeah, that's that's the 30 00:01:46,120 --> 00:01:49,280 Speaker 1: basis for this scam. Now, the original scam was not 31 00:01:49,560 --> 00:01:52,320 Speaker 1: a phishing scam originally it was it was just so 32 00:01:52,360 --> 00:01:55,000 Speaker 1: that you would send them money, so you would wire 33 00:01:55,040 --> 00:01:58,600 Speaker 1: this person money directly, um. But they would not have 34 00:01:58,600 --> 00:02:02,080 Speaker 1: access to your personal information, just your money. So hey, 35 00:02:02,120 --> 00:02:05,880 Speaker 1: there's a bright side, right. But they they have kind 36 00:02:05,920 --> 00:02:09,240 Speaker 1: of evolved since then, and often you will find these 37 00:02:09,280 --> 00:02:13,880 Speaker 1: these um emails. Uh. They're called Nigerian scams because a 38 00:02:13,960 --> 00:02:18,120 Speaker 1: lot of them do seem to originate from Nigeria. UM, 39 00:02:18,200 --> 00:02:20,359 Speaker 1: not all of them. They could be from anywhere. It's 40 00:02:20,400 --> 00:02:23,920 Speaker 1: just that's the name they've been given. And the claim 41 00:02:24,040 --> 00:02:26,840 Speaker 1: is that there is an enormous sum of money that 42 00:02:26,880 --> 00:02:28,959 Speaker 1: they're trying to get. This person is trying to get 43 00:02:28,960 --> 00:02:32,240 Speaker 1: out of whatever country they're in, and they want to 44 00:02:32,320 --> 00:02:35,200 Speaker 1: use you as an accomplice to hold onto this money. 45 00:02:35,240 --> 00:02:37,400 Speaker 1: And you get to keep a portion of that money 46 00:02:37,960 --> 00:02:40,640 Speaker 1: as as part of the deal. And as the deal 47 00:02:40,720 --> 00:02:44,800 Speaker 1: goes on, things start to mess up and the person says, oh, 48 00:02:44,880 --> 00:02:47,359 Speaker 1: you know, um, I've got to bribe this this official. 49 00:02:47,680 --> 00:02:50,160 Speaker 1: I'm gonna need a thousand dollars from you so that 50 00:02:50,200 --> 00:02:52,240 Speaker 1: I can bribe this person and then we'll be able 51 00:02:52,280 --> 00:02:54,840 Speaker 1: to get you the millions and millions of dollars. And 52 00:02:54,919 --> 00:02:57,120 Speaker 1: with that promise the millions of dollars, lots of people 53 00:02:57,600 --> 00:03:01,600 Speaker 1: are willing to part with substantial sums of money thinking 54 00:03:01,600 --> 00:03:05,880 Speaker 1: they're gonna get practically something for nothing. And there are 55 00:03:05,919 --> 00:03:08,480 Speaker 1: people who have lost hundreds of thousands of dollars in 56 00:03:08,520 --> 00:03:13,280 Speaker 1: these scams. That's true, Um, and uh, it's it's kind 57 00:03:13,280 --> 00:03:16,200 Speaker 1: of impressive the list of people who have gotten caught 58 00:03:16,480 --> 00:03:21,959 Speaker 1: by these scams, including Harvard professor a few years ensnared 59 00:03:22,520 --> 00:03:25,320 Speaker 1: by one of these these ploys. Um. They actually found 60 00:03:25,320 --> 00:03:28,600 Speaker 1: out he had been embezzling a little bit himself, and 61 00:03:29,080 --> 00:03:32,400 Speaker 1: well he lost it all when he sent it to Nigeria. Right, Yeah, this' 62 00:03:32,960 --> 00:03:36,280 Speaker 1: it's it's one of those things that just um it's 63 00:03:37,360 --> 00:03:41,400 Speaker 1: it's just evil, evil scheme that that has taken lots 64 00:03:41,400 --> 00:03:43,760 Speaker 1: of money from people who were a little naive and 65 00:03:43,960 --> 00:03:48,720 Speaker 1: a little greedy and way too trusting, so less than one. 66 00:03:49,880 --> 00:03:53,520 Speaker 1: Don't trust everything you see on the internet. Um, that's 67 00:03:53,600 --> 00:03:56,119 Speaker 1: that's probably the best thing to keep in mind while 68 00:03:56,160 --> 00:03:58,320 Speaker 1: we're talking about all these fishing schemes. You know, like 69 00:03:58,360 --> 00:04:00,880 Speaker 1: the old thing goes, if it seems too good to 70 00:04:00,880 --> 00:04:04,280 Speaker 1: be true, it probably is. Yeah, definitely, But um I 71 00:04:04,320 --> 00:04:06,800 Speaker 1: always one of the one of the sort of asides 72 00:04:06,880 --> 00:04:10,480 Speaker 1: for this part of the h our discussion is, um 73 00:04:10,520 --> 00:04:14,080 Speaker 1: the people that have started counter scamming the scammers, which 74 00:04:14,160 --> 00:04:17,880 Speaker 1: just tickles me. No end there there. You can do 75 00:04:17,920 --> 00:04:19,720 Speaker 1: a quick search on the internet and you can find 76 00:04:19,760 --> 00:04:22,919 Speaker 1: people who are uh they respond to these scammers and 77 00:04:22,920 --> 00:04:25,360 Speaker 1: they'll say, well, sure, you know, I'm happy to help 78 00:04:25,400 --> 00:04:27,719 Speaker 1: you out, but first I need this from you, and 79 00:04:27,760 --> 00:04:30,400 Speaker 1: they'll make them do these elaborate things. I saw somebody 80 00:04:30,440 --> 00:04:34,359 Speaker 1: who made them carve a commodore sixty four out of 81 00:04:34,400 --> 00:04:38,000 Speaker 1: wood and send it to them, and they showed pictures 82 00:04:38,040 --> 00:04:41,719 Speaker 1: of it and it was amazing, right, So the people 83 00:04:41,760 --> 00:04:43,640 Speaker 1: on the other end of the scam can sometimes be 84 00:04:43,760 --> 00:04:45,880 Speaker 1: just as naive as the people they're trying to to 85 00:04:46,600 --> 00:04:49,600 Speaker 1: lure into the trap and to get back into the 86 00:04:49,600 --> 00:04:52,359 Speaker 1: fishing thing. The Nigerian scam, the way it's evolved is 87 00:04:52,520 --> 00:04:55,000 Speaker 1: is instead of asking for money, they'll ask for things 88 00:04:55,080 --> 00:04:58,400 Speaker 1: like your social Security number or your bank account number. 89 00:04:58,680 --> 00:05:01,119 Speaker 1: And then once they have that in for nation, that's 90 00:05:01,160 --> 00:05:03,080 Speaker 1: when you're really in trouble because not only will the 91 00:05:03,160 --> 00:05:05,600 Speaker 1: siphon out all the money in your account, but they 92 00:05:05,680 --> 00:05:10,080 Speaker 1: might also make you a a victim of identity theft. Um. 93 00:05:10,120 --> 00:05:12,800 Speaker 1: That's the that's the main goal for probably most of 94 00:05:12,880 --> 00:05:16,320 Speaker 1: the phishing schemes online, I would say is is some 95 00:05:16,440 --> 00:05:19,640 Speaker 1: form of identity theft, usually some sort of credit card 96 00:05:19,800 --> 00:05:22,839 Speaker 1: fraud or um or just outright theft of whatever's in 97 00:05:22,839 --> 00:05:25,719 Speaker 1: your bank account. I use a m I use a 98 00:05:25,760 --> 00:05:30,160 Speaker 1: web mail uh, pretty standard, well known web mail service 99 00:05:30,200 --> 00:05:32,599 Speaker 1: for my main email account. If you look at the 100 00:05:32,600 --> 00:05:36,000 Speaker 1: spam folder, it's pretty obvious that these things are scams 101 00:05:36,040 --> 00:05:39,000 Speaker 1: because I honestly, every time I look at the spam 102 00:05:39,000 --> 00:05:41,640 Speaker 1: folder and then it'll be a full folder. You'll see 103 00:05:41,800 --> 00:05:45,200 Speaker 1: probably about a third of those have similar or the 104 00:05:45,240 --> 00:05:50,040 Speaker 1: same exact uh subject headings. Um, and they'll all be 105 00:05:50,200 --> 00:05:53,000 Speaker 1: you know, please or help me with my problem or 106 00:05:53,040 --> 00:05:56,159 Speaker 1: you know, bless you you have uh, you have the 107 00:05:56,160 --> 00:05:58,960 Speaker 1: way to help my you know, situation out and you're 108 00:05:58,960 --> 00:06:02,480 Speaker 1: don't looking at your going okay, obviously there's something going 109 00:06:02,560 --> 00:06:05,599 Speaker 1: on here. And you know, bank accounts, they'll say, you know, 110 00:06:06,320 --> 00:06:08,640 Speaker 1: I'll get letters from banks that I never have had 111 00:06:08,680 --> 00:06:12,000 Speaker 1: an account with saying you must update your account information 112 00:06:12,520 --> 00:06:15,800 Speaker 1: as soon as possible otherwise, you know, or PayPal, you know, 113 00:06:15,880 --> 00:06:19,280 Speaker 1: And I'm going, yeah, no, I know, you're not real 114 00:06:19,480 --> 00:06:21,760 Speaker 1: That thing is they've gotten really sophisticated. They're getting a 115 00:06:21,800 --> 00:06:25,400 Speaker 1: lot better but fewer spelling mistakes and things and including 116 00:06:25,400 --> 00:06:29,919 Speaker 1: your name and things that might have clued you in before. 117 00:06:29,920 --> 00:06:32,159 Speaker 1: Are they're yeah, they're fine. They're starting to starting to 118 00:06:32,200 --> 00:06:34,480 Speaker 1: close those holes that that were that were in the 119 00:06:34,800 --> 00:06:39,480 Speaker 1: their approaches before. Um. You mentioned the bank thing. That's 120 00:06:39,480 --> 00:06:43,240 Speaker 1: actually a very good point. Uh. That's another one that 121 00:06:43,279 --> 00:06:46,440 Speaker 1: plays on not so much a negative personality trade, but 122 00:06:46,480 --> 00:06:49,119 Speaker 1: it plays on a person's fear. Yeah, you know, because 123 00:06:49,160 --> 00:06:51,479 Speaker 1: if you get a message that's from your bank account 124 00:06:51,680 --> 00:06:54,680 Speaker 1: or your your bank and it says, uh that there's 125 00:06:54,720 --> 00:06:57,360 Speaker 1: a problem with your account. Obviously you're going to immediately 126 00:06:57,360 --> 00:07:02,240 Speaker 1: want to try and address this problem. And um, the 127 00:07:02,240 --> 00:07:06,000 Speaker 1: there's a kind of a sister technique to fishing called 128 00:07:06,120 --> 00:07:11,400 Speaker 1: farming also with a pH which uh spoof's a website. 129 00:07:11,840 --> 00:07:14,400 Speaker 1: The goal here is to create a website that looks 130 00:07:14,440 --> 00:07:21,600 Speaker 1: identical to a real, um, respectable, legitimate website, so a 131 00:07:21,680 --> 00:07:25,080 Speaker 1: bank will say that's a good example. Um, but the 132 00:07:25,120 --> 00:07:27,600 Speaker 1: goal is not to let you access your account, but 133 00:07:27,680 --> 00:07:32,480 Speaker 1: rather to collect user names and passwords. And uh, it's 134 00:07:32,520 --> 00:07:34,680 Speaker 1: the same sort of end goal as phishing. It's it's 135 00:07:34,680 --> 00:07:37,360 Speaker 1: collecting all this information and then just stealing everything you 136 00:07:37,360 --> 00:07:42,760 Speaker 1: can possibly steal. Um, these are these are kind of 137 00:07:42,800 --> 00:07:46,360 Speaker 1: scary things. I mean, that's really and anyone can fall 138 00:07:46,440 --> 00:07:49,080 Speaker 1: victim to it. Uh. It's very easy to read one 139 00:07:49,120 --> 00:07:52,960 Speaker 1: of these emails and get emotionally involved and act before 140 00:07:53,040 --> 00:07:56,640 Speaker 1: you can really think things through. Yeah, and there's them. 141 00:07:56,680 --> 00:07:59,040 Speaker 1: There's some ways that you can kind of tell that 142 00:07:59,120 --> 00:08:02,080 Speaker 1: these these fights are real or not. You should always 143 00:08:02,120 --> 00:08:04,320 Speaker 1: look when somebody tries to get you to go to 144 00:08:04,360 --> 00:08:05,840 Speaker 1: one of these sites, take a look at the u 145 00:08:06,000 --> 00:08:08,840 Speaker 1: R l UM and that's that's gonna be one of 146 00:08:08,880 --> 00:08:11,360 Speaker 1: the first clues because a lot of the fishing UH 147 00:08:11,600 --> 00:08:15,080 Speaker 1: emails that you'll see, we'll ask you to click on 148 00:08:15,120 --> 00:08:16,760 Speaker 1: this link and if you mouse over it, you know, 149 00:08:16,840 --> 00:08:20,440 Speaker 1: just hold your mouse cursor there and look at the 150 00:08:20,440 --> 00:08:23,360 Speaker 1: the location for the site. A lot of times you'll 151 00:08:23,400 --> 00:08:26,000 Speaker 1: see that it doesn't even have the name of the 152 00:08:26,040 --> 00:08:29,520 Speaker 1: site that you're supposed to go to in it, So, um, 153 00:08:29,560 --> 00:08:32,079 Speaker 1: that's a pretty good clue right there. Or they'll it'll 154 00:08:32,080 --> 00:08:36,120 Speaker 1: be the name hyphen something else and you'll go, Okay, 155 00:08:36,160 --> 00:08:38,640 Speaker 1: this seems a little odd. You want to see if 156 00:08:38,640 --> 00:08:41,120 Speaker 1: the website has security that usually you can tell that 157 00:08:41,200 --> 00:08:44,040 Speaker 1: by either looking for the little lock icon or the 158 00:08:44,200 --> 00:08:46,640 Speaker 1: h T t P s in the u r L. 159 00:08:47,600 --> 00:08:50,920 Speaker 1: Keep in mind that both of those can be faked. Um. 160 00:08:51,000 --> 00:08:54,000 Speaker 1: You can even create a fake website that has a 161 00:08:54,080 --> 00:08:57,200 Speaker 1: fake u r L that looks just like the real one. Um. 162 00:08:57,240 --> 00:09:02,200 Speaker 1: There's a nasty, nasty attack called it donain domain name 163 00:09:02,400 --> 00:09:07,040 Speaker 1: server poisoning where you can um spoof the whole thing, 164 00:09:07,120 --> 00:09:09,920 Speaker 1: and that that's probably the scariest of all of them, 165 00:09:09,920 --> 00:09:12,920 Speaker 1: because in most of these cases, a good point of 166 00:09:12,960 --> 00:09:15,839 Speaker 1: advice is instead of clicking on a link to take 167 00:09:15,920 --> 00:09:18,800 Speaker 1: you to whichever site you need to go to, like 168 00:09:18,920 --> 00:09:22,680 Speaker 1: let's say Amazon or PayPal. UM, you type the address 169 00:09:22,760 --> 00:09:25,240 Speaker 1: in instead and that way you don't have to worry 170 00:09:25,240 --> 00:09:29,600 Speaker 1: about a link redirecting you to another site. However, with 171 00:09:29,720 --> 00:09:34,079 Speaker 1: the d NS poisoning, it is possible to full computers 172 00:09:34,080 --> 00:09:36,000 Speaker 1: so that even if you were to type the address 173 00:09:36,040 --> 00:09:38,320 Speaker 1: and you will go to the farming site instead of 174 00:09:38,360 --> 00:09:42,560 Speaker 1: the real site. UM. Not very widespread, but it is possible. 175 00:09:42,640 --> 00:09:46,400 Speaker 1: This is one of those major major uh uh security 176 00:09:46,480 --> 00:09:49,719 Speaker 1: leaks that came out over the to the year two 177 00:09:49,720 --> 00:09:54,040 Speaker 1: thousand eight UM. Unfortunately, right now it hasn't become a 178 00:09:54,080 --> 00:09:59,480 Speaker 1: major problem. It's just the potential for disaster. So um. Yeah, 179 00:09:59,720 --> 00:10:03,240 Speaker 1: the fishing and farming, these are these are things that 180 00:10:03,320 --> 00:10:05,360 Speaker 1: you definitely need to look out for. And there's some 181 00:10:05,520 --> 00:10:09,200 Speaker 1: other general rules. If you ever get a message from 182 00:10:09,240 --> 00:10:12,840 Speaker 1: your browser saying that the certificate it's asking for does 183 00:10:12,880 --> 00:10:15,760 Speaker 1: not match the u r L, that is a huge 184 00:10:15,880 --> 00:10:20,439 Speaker 1: warning that you should never agree to accept a certificate. 185 00:10:20,480 --> 00:10:23,400 Speaker 1: If it's gives you that message, that's pretty good indication 186 00:10:23,440 --> 00:10:27,439 Speaker 1: that you are you're in a farm farmed site, that's true, 187 00:10:27,440 --> 00:10:30,559 Speaker 1: and you can It will usually tell you specifically what 188 00:10:30,600 --> 00:10:32,160 Speaker 1: that u r L is. And if you look at 189 00:10:32,200 --> 00:10:34,400 Speaker 1: that and that pop up window that you'll get, you're 190 00:10:34,400 --> 00:10:37,800 Speaker 1: gonna see that the u r L doesn't necessarily match. 191 00:10:37,880 --> 00:10:41,480 Speaker 1: And in some cases it will make sense to you, um, 192 00:10:41,559 --> 00:10:44,079 Speaker 1: you know, there are some legitimate cases where it might 193 00:10:44,160 --> 00:10:47,560 Speaker 1: be a little different. Um, but you should be able 194 00:10:47,559 --> 00:10:49,520 Speaker 1: to look at that and puzzle it out for yourself 195 00:10:49,559 --> 00:10:52,240 Speaker 1: and go that you know, does not make sense to 196 00:10:52,320 --> 00:10:54,520 Speaker 1: me that this would go to this u r L. 197 00:10:54,559 --> 00:10:56,520 Speaker 1: I don't think this is safe. And there are some 198 00:10:56,559 --> 00:11:00,360 Speaker 1: browser uh you know, the newer browsers have some phishing 199 00:11:00,360 --> 00:11:03,920 Speaker 1: anti phishing technology built into them. Yes, yeah, that's true. 200 00:11:04,200 --> 00:11:06,199 Speaker 1: And we should also go ahead and move on to 201 00:11:06,400 --> 00:11:08,480 Speaker 1: we were going to talk about some social networking sites 202 00:11:08,559 --> 00:11:13,120 Speaker 1: recently that have had some issues with uh, with phishing attacks. Now, 203 00:11:13,160 --> 00:11:15,839 Speaker 1: these are a little different, uh, and it's a it's 204 00:11:15,840 --> 00:11:18,840 Speaker 1: a step further away from any money. You know, you're 205 00:11:18,840 --> 00:11:21,800 Speaker 1: not you're not logging, you're not giving someone the information 206 00:11:21,880 --> 00:11:26,040 Speaker 1: to your bank. However, if someone fishes your information from 207 00:11:26,040 --> 00:11:28,080 Speaker 1: a social networking site, they may end up getting a 208 00:11:28,120 --> 00:11:31,559 Speaker 1: password that works for other websites. If you're the kind 209 00:11:31,559 --> 00:11:34,679 Speaker 1: of person who creates the one password and uses that 210 00:11:34,720 --> 00:11:37,880 Speaker 1: for everything. If you get tricked once, that means your 211 00:11:37,920 --> 00:11:42,920 Speaker 1: information is is vulnerable everywhere you go. UM. So that's 212 00:11:42,960 --> 00:11:44,760 Speaker 1: one of the good reasons to make sure you use 213 00:11:44,800 --> 00:11:47,880 Speaker 1: different passwords for different websites, which is a pain. I 214 00:11:47,920 --> 00:11:49,680 Speaker 1: know it's a pain, especially if you have a lot 215 00:11:49,679 --> 00:11:52,480 Speaker 1: of websites you go to. That's really important to do 216 00:11:52,920 --> 00:11:56,199 Speaker 1: if you want to remain safe online. That's true. And 217 00:11:56,240 --> 00:12:00,920 Speaker 1: there are some pretty sophisticated UM password storage sites that 218 00:12:00,960 --> 00:12:04,560 Speaker 1: are available now UM and UH. Some of them will 219 00:12:04,559 --> 00:12:07,600 Speaker 1: help you manage your your logins. They'll plug in, they'll 220 00:12:07,600 --> 00:12:10,560 Speaker 1: offer a plug in for things like Firefox browsers like Firefox, 221 00:12:10,600 --> 00:12:12,360 Speaker 1: you can plug it in and it will when you 222 00:12:12,360 --> 00:12:13,880 Speaker 1: go to a site. It will allow you to store 223 00:12:14,480 --> 00:12:17,040 Speaker 1: UM passwords. And some of them will even allow you 224 00:12:17,080 --> 00:12:20,880 Speaker 1: to generate uh new passwords, so it'll be you know, 225 00:12:21,040 --> 00:12:24,200 Speaker 1: you you can generate something with lots of different upper 226 00:12:24,240 --> 00:12:27,720 Speaker 1: and lower case characters and numeric things and and basically 227 00:12:27,760 --> 00:12:31,840 Speaker 1: help you to come up with something really tricky UM 228 00:12:31,920 --> 00:12:34,160 Speaker 1: and you won't necessarily have to remember it because the 229 00:12:34,640 --> 00:12:37,720 Speaker 1: plug in has it stored for you. Right and UH. 230 00:12:37,920 --> 00:12:42,280 Speaker 1: Going back to social the social media stuff, UM, Facebook 231 00:12:42,320 --> 00:12:46,559 Speaker 1: and Twitter both have had some problems with phishing attacks recently, 232 00:12:46,600 --> 00:12:48,280 Speaker 1: and recently I mean the end of two thousand and 233 00:12:48,320 --> 00:12:52,679 Speaker 1: eight and beginning of two thousand nine. Um. Facebook, Actually 234 00:12:52,679 --> 00:12:55,080 Speaker 1: one of my friends on Facebook was victim to this. Uh. 235 00:12:55,160 --> 00:12:58,160 Speaker 1: He he was suddenly sending out all these messages to 236 00:12:58,240 --> 00:13:01,240 Speaker 1: people saying, Hey, you know, you look really funny in 237 00:13:01,240 --> 00:13:03,800 Speaker 1: this video. I can't believe you did this, blah blah blah. 238 00:13:03,920 --> 00:13:06,840 Speaker 1: And then there's a link, and the link takes you 239 00:13:06,920 --> 00:13:09,000 Speaker 1: to a site that looks like a video site, and 240 00:13:09,040 --> 00:13:10,679 Speaker 1: it tells you, Hey, you know what, you need this 241 00:13:10,679 --> 00:13:12,720 Speaker 1: plug in in order to play the video. Click here. 242 00:13:13,200 --> 00:13:15,080 Speaker 1: And if you were to click there, you would immediately 243 00:13:15,080 --> 00:13:19,800 Speaker 1: download some malware onto your computer. And so uh, in 244 00:13:19,840 --> 00:13:22,480 Speaker 1: this case, it's not necessarily to steal your information, but 245 00:13:23,160 --> 00:13:27,839 Speaker 1: it was a malware delivery system which could theoretically also 246 00:13:27,920 --> 00:13:30,120 Speaker 1: helps steal your information. It could be a key logger, 247 00:13:30,160 --> 00:13:32,840 Speaker 1: it could be a trojan, ums, all sorts of things, 248 00:13:33,040 --> 00:13:35,840 Speaker 1: nasty things that could happen to you by following these links. 249 00:13:36,160 --> 00:13:39,439 Speaker 1: So we did let him know that his account was compromised, 250 00:13:39,480 --> 00:13:41,880 Speaker 1: and um he ran some software and he changed his 251 00:13:41,920 --> 00:13:45,000 Speaker 1: past words and things seem to be okay with his 252 00:13:45,120 --> 00:13:47,280 Speaker 1: account now, but I've seen that happen two or three 253 00:13:47,320 --> 00:13:50,959 Speaker 1: other times with other people. And the pernicious thing is 254 00:13:51,840 --> 00:13:54,559 Speaker 1: on Facebook if you haven't used Facebook before, if you're 255 00:13:54,600 --> 00:13:58,760 Speaker 1: posting something to somebody else's what they call the wall, right, Um, 256 00:13:58,880 --> 00:14:01,120 Speaker 1: you have to be a friend of that person is 257 00:14:01,160 --> 00:14:03,920 Speaker 1: in order to do that. So there's already that that 258 00:14:04,160 --> 00:14:07,040 Speaker 1: aura of trust going on. You say, well, this must 259 00:14:07,080 --> 00:14:11,040 Speaker 1: be legitimate, you know, And and even though there may 260 00:14:11,040 --> 00:14:13,959 Speaker 1: be spelling errors or the grammar they use may not 261 00:14:14,080 --> 00:14:16,280 Speaker 1: be the same way that this person would normally write 262 00:14:16,280 --> 00:14:19,760 Speaker 1: to you, you might say, well, you know, obviously it's 263 00:14:19,800 --> 00:14:22,960 Speaker 1: not somebody else because they're writing on my wall, so 264 00:14:23,000 --> 00:14:26,240 Speaker 1: it must be legitimate. Well, that's the thing is those 265 00:14:26,280 --> 00:14:30,240 Speaker 1: people are falling prey to the fishing attack, and then 266 00:14:30,760 --> 00:14:34,080 Speaker 1: other people fall prey to it, and that's social engineering, 267 00:14:35,240 --> 00:14:38,280 Speaker 1: right Yeah. Twitter was very much the same way. Um, 268 00:14:38,320 --> 00:14:41,440 Speaker 1: a few Twitter accounts were compromised and in a way 269 00:14:41,480 --> 00:14:44,120 Speaker 1: that as of the recording of this podcast, we're just 270 00:14:44,200 --> 00:14:49,920 Speaker 1: not sure exactly how the the initial uh takeover happened. 271 00:14:50,120 --> 00:14:53,680 Speaker 1: But after that, direct messages started going between Twitter users 272 00:14:53,680 --> 00:14:55,840 Speaker 1: and and and just like in Facebook, to send a 273 00:14:55,840 --> 00:14:58,640 Speaker 1: direct message, and Twitter you have to follow the person 274 00:14:58,680 --> 00:15:00,440 Speaker 1: you're sending the message to and they have to follow 275 00:15:00,480 --> 00:15:03,080 Speaker 1: you back. It can't just be a one way street. 276 00:15:03,160 --> 00:15:05,560 Speaker 1: It has to be you know, mutual following. Then you 277 00:15:05,560 --> 00:15:07,800 Speaker 1: can send a direct message, which is a private message. 278 00:15:07,840 --> 00:15:13,560 Speaker 1: It doesn't go on the public Twitter broadcast. And these 279 00:15:13,600 --> 00:15:15,840 Speaker 1: private messages said things like, oh, you won't believe what 280 00:15:15,880 --> 00:15:18,760 Speaker 1: this person said about you in this blog, and you know, 281 00:15:18,920 --> 00:15:22,040 Speaker 1: being the kind of vain people we are, we Twitter users, 282 00:15:22,560 --> 00:15:27,040 Speaker 1: I include myself in that. Yeah, but in particular people 283 00:15:27,040 --> 00:15:30,280 Speaker 1: who use Facebook and Twitter. There there's a few studies 284 00:15:30,280 --> 00:15:32,840 Speaker 1: that suggests that such users have a little bit of 285 00:15:32,920 --> 00:15:38,960 Speaker 1: a narcissistic tendency. Um well, you feel inclined to click 286 00:15:39,000 --> 00:15:42,000 Speaker 1: on this, and of course that ends up delivering malware 287 00:15:42,040 --> 00:15:46,240 Speaker 1: to your computer. So um yeah, these are We're probably 288 00:15:46,240 --> 00:15:48,240 Speaker 1: gonna see a lot more of these, especially as people, 289 00:15:48,560 --> 00:15:51,600 Speaker 1: you know, think people who think it's funny. Like the 290 00:15:51,640 --> 00:15:53,760 Speaker 1: Twitter stuff. A lot of the things I saw were 291 00:15:53,800 --> 00:15:56,120 Speaker 1: just people messing with other people's Twitter accounts so that 292 00:15:56,160 --> 00:16:00,800 Speaker 1: they were making them say ridiculous and you know, scandalous 293 00:16:00,840 --> 00:16:04,840 Speaker 1: things and completely untrue things. But they weren't using it 294 00:16:04,880 --> 00:16:08,360 Speaker 1: to necessarily steal information. They were just making a nuisance 295 00:16:08,400 --> 00:16:11,960 Speaker 1: of themselves. We'll probably see more of that too. Yeah. 296 00:16:12,000 --> 00:16:14,440 Speaker 1: As a matter of fact, Um, there were several high 297 00:16:14,440 --> 00:16:16,720 Speaker 1: profile accounts that were hacked right on the heels of 298 00:16:16,760 --> 00:16:22,240 Speaker 1: that fishing scheme, like President elect Barack Obama and Britney 299 00:16:22,280 --> 00:16:27,320 Speaker 1: spring Spears Fox News, Rick Sancho said, Rick Sanchez from CNN, 300 00:16:27,640 --> 00:16:31,680 Speaker 1: I believe Rick Sanchez claimed according to his Twitter account 301 00:16:31,720 --> 00:16:35,320 Speaker 1: that he had taken some crack early in the morning 302 00:16:35,400 --> 00:16:39,000 Speaker 1: and was kind of flying high at the time. Yeah, yeah, 303 00:16:39,080 --> 00:16:41,920 Speaker 1: that was not that was yeah, that was a bad one. Yeah, 304 00:16:42,200 --> 00:16:46,200 Speaker 1: and patently, you know, completely untrue. Yeah, it was not 305 00:16:46,360 --> 00:16:49,600 Speaker 1: Rick Sanchez, it was whomever had taken over his account. 306 00:16:49,800 --> 00:16:54,120 Speaker 1: But apparently in that case, Twitter founder Biz Stone said 307 00:16:54,120 --> 00:16:56,880 Speaker 1: that there were some tools, administrative tools that had gotten 308 00:16:57,520 --> 00:17:01,640 Speaker 1: hacked into right that would allow someone to access passwords, 309 00:17:01,680 --> 00:17:04,040 Speaker 1: and there were thirty three accounts they haven't divulged at 310 00:17:04,040 --> 00:17:06,720 Speaker 1: this time at the time of us recording this who 311 00:17:06,760 --> 00:17:09,520 Speaker 1: all was hacked. But they were all famous people with 312 00:17:09,640 --> 00:17:13,359 Speaker 1: lots of lots of I mean, they were the obvious targets. 313 00:17:14,000 --> 00:17:16,920 Speaker 1: And um, yeah, this is uh, And so don't think 314 00:17:16,960 --> 00:17:20,679 Speaker 1: that President elect Obama saw Hey, see what this crazy 315 00:17:20,680 --> 00:17:22,439 Speaker 1: person said in the blog about you and then clicked 316 00:17:22,440 --> 00:17:24,520 Speaker 1: on it. That's not the case. In this case, he 317 00:17:24,640 --> 00:17:27,800 Speaker 1: was he was targeted specifically by the hackers. This wasn't 318 00:17:27,880 --> 00:17:30,280 Speaker 1: one of those things where Obama is just like I 319 00:17:30,280 --> 00:17:33,440 Speaker 1: wonder what this blogger did say about me. Um. So, 320 00:17:33,840 --> 00:17:36,640 Speaker 1: just to clear that up, I wanted to talk very 321 00:17:36,680 --> 00:17:38,720 Speaker 1: briefly about what you should do if you are the 322 00:17:38,800 --> 00:17:42,840 Speaker 1: victim of a phishing attack. Okay, so, there are a 323 00:17:42,880 --> 00:17:45,560 Speaker 1: few different websites you can report a phishing attack to. 324 00:17:45,960 --> 00:17:49,800 Speaker 1: One of them is the anti phishing dot org website, 325 00:17:49,880 --> 00:17:53,240 Speaker 1: and you can send an email to report phishing at 326 00:17:53,359 --> 00:17:56,280 Speaker 1: anti phishing dot org. Um. You can also send an 327 00:17:56,320 --> 00:17:59,159 Speaker 1: email to the Federal Trade Commission, which is UH that 328 00:17:59,320 --> 00:18:02,359 Speaker 1: the DEMAI address to send that too would be spam 329 00:18:02,480 --> 00:18:06,320 Speaker 1: at u CE dot gov. And you would probably want 330 00:18:06,320 --> 00:18:09,160 Speaker 1: to file a complaint with the FBI UH at their 331 00:18:09,200 --> 00:18:12,600 Speaker 1: Internet Crime Complaints Center which is at www dot i 332 00:18:12,800 --> 00:18:16,600 Speaker 1: C three dot gov. And it's important to let these 333 00:18:16,760 --> 00:18:19,560 Speaker 1: these organizations know so that they can let everyone else 334 00:18:19,600 --> 00:18:25,000 Speaker 1: know and investigate. Meanwhile, you should also immediately contact the 335 00:18:25,160 --> 00:18:31,440 Speaker 1: three big credit bureaus so experience Equifax and TransUnion and 336 00:18:31,920 --> 00:18:33,760 Speaker 1: get ahold of your credit report, take a look at it, 337 00:18:33,760 --> 00:18:37,000 Speaker 1: see if there's anything strange on their report the fraud 338 00:18:37,400 --> 00:18:40,520 Speaker 1: to them. UM, if you have evidence of fraud, you 339 00:18:40,520 --> 00:18:42,760 Speaker 1: should use that so that you can get the fraud 340 00:18:43,280 --> 00:18:46,800 Speaker 1: alert extended over the maximum amount of time, because standard 341 00:18:46,840 --> 00:18:50,159 Speaker 1: time for a fraud alert is ninety days, and the 342 00:18:50,200 --> 00:18:52,600 Speaker 1: problem with that is someone could still be using your 343 00:18:52,600 --> 00:18:54,920 Speaker 1: information after those ninety days and you'd really be stuck. 344 00:18:54,960 --> 00:18:57,760 Speaker 1: So if you have proof of fraud, you can get 345 00:18:57,760 --> 00:19:02,119 Speaker 1: that extended up to I think seven years, UM, which 346 00:19:02,240 --> 00:19:04,040 Speaker 1: you know it sounds kind of crazy, but you know 347 00:19:04,240 --> 00:19:07,960 Speaker 1: we're talking about your information that can affect your credit rating, 348 00:19:07,960 --> 00:19:09,560 Speaker 1: whether or not you can buy a house, whether or 349 00:19:09,600 --> 00:19:12,680 Speaker 1: not you get a job. I mean, this is important stuff. UM. 350 00:19:12,760 --> 00:19:15,960 Speaker 1: And also report the crime to local law enforcement. Uh, 351 00:19:16,000 --> 00:19:18,480 Speaker 1: if it happened, you know, if it happened while you 352 00:19:18,480 --> 00:19:20,240 Speaker 1: were at home, of course, that's you know, you report 353 00:19:20,320 --> 00:19:22,320 Speaker 1: to that local law enforcement. If you're on vacation, whatever, 354 00:19:22,359 --> 00:19:24,520 Speaker 1: you report to them, um, just to let them know 355 00:19:24,560 --> 00:19:27,000 Speaker 1: what had happened. That kind of covers all the bases. 356 00:19:27,000 --> 00:19:29,440 Speaker 1: You may have to sign some AFFI David's to make 357 00:19:29,440 --> 00:19:31,399 Speaker 1: sure that you know you're what you're saying. You're you 358 00:19:31,440 --> 00:19:33,719 Speaker 1: will stand up in court and defend and say this 359 00:19:33,800 --> 00:19:36,920 Speaker 1: is exactly what happened. But that's a small price to 360 00:19:36,960 --> 00:19:41,639 Speaker 1: pay considering. Yeah, I think so. And uh, you know, 361 00:19:41,720 --> 00:19:44,320 Speaker 1: this is as Jonathan said, this is not something that 362 00:19:45,080 --> 00:19:47,960 Speaker 1: you want to take lightly. Just use your common sense. UM, 363 00:19:48,320 --> 00:19:52,240 Speaker 1: avoid clicking on links that that don't appear to be correct. UM, 364 00:19:52,520 --> 00:19:56,640 Speaker 1: go directly to the source if you can to define it. UM. 365 00:19:56,880 --> 00:19:59,960 Speaker 1: Use the latest web browsers to uh that incorporate the 366 00:20:00,000 --> 00:20:04,159 Speaker 1: anti fishing technology. UM. All these things will help you 367 00:20:04,680 --> 00:20:08,480 Speaker 1: help you avoid being sucked in. And uh, it's amazing 368 00:20:08,520 --> 00:20:11,760 Speaker 1: to me how many of these deep sea analogies we have. 369 00:20:11,840 --> 00:20:16,200 Speaker 1: Now we've talked about trolling and fishing. So yeah, it's 370 00:20:16,200 --> 00:20:19,560 Speaker 1: so don't be a prawn. You know what else? Nice? 371 00:20:20,240 --> 00:20:25,720 Speaker 1: Nice piracy? Right, So we've got a whole seafaring thing. Guy. Yeah, 372 00:20:25,800 --> 00:20:28,520 Speaker 1: well I think that about wraps it up for this discussion, 373 00:20:28,560 --> 00:20:31,360 Speaker 1: don't you. Yeah. Excellent. If you want to learn more 374 00:20:31,400 --> 00:20:33,360 Speaker 1: about some of the things we've talked about, we've got 375 00:20:33,920 --> 00:20:37,120 Speaker 1: articles on online crime, we have articles on uh safe 376 00:20:37,200 --> 00:20:41,840 Speaker 1: web browsing. You can fishing fishing, both the PHM and 377 00:20:42,000 --> 00:20:44,800 Speaker 1: f I believe you can find out all about that 378 00:20:44,920 --> 00:20:47,640 Speaker 1: at how stuff works dot com right now, and we'll 379 00:20:47,680 --> 00:20:51,320 Speaker 1: talk to you again really soon. We're more on this 380 00:20:51,480 --> 00:20:54,000 Speaker 1: and thousands of other topics because it how stuff works 381 00:20:54,000 --> 00:20:57,200 Speaker 1: dot com. Let us know what you think. Send an 382 00:20:57,200 --> 00:21:04,160 Speaker 1: email to podcast at how stuff works dot com. Brought 383 00:21:04,200 --> 00:21:07,399 Speaker 1: to you by the reinvented two thousand twelve camera. It's ready, 384 00:21:07,560 --> 00:21:07,960 Speaker 1: are you