|
DESPITE
warnings by big Internet service companies to be
suspicious of e-mail from unknown users and avoiding
opening web sites requesting for update on personal
financial information, many users are still victimized
by malicious attacks, apparently because hackers are
becoming more sophisticated in using tools which can
create interfaces exactly the same as that of
legitimate sites. Thus, even the most sophisticated
Internet users could end up victimized.
Hackers
abound in sites where the highest traffic is recorded.
Yahoo! is the No. 1 web site with the highest traffic,
with 27 percent of global Internet users accessing its
web-based e-mail. The latest Yahoo! User to fall victim
to hackers is former national treasurer Leonor Magtolis
Briones, who suddenly found herself locked out of her
own Yahoo! Account, even as countless friends contacted
her office to verify a faux e-mail, sent from that
account, appealing for financial help because she had
supposedly been stranded in a foreign land.
The
internet attack on Briones, a professor at the
University of the Philippines and a BusinessMirror
columnist, mirrors the case of Bulacan provincial
administrator Gladys Sta. Rita last year.
Because
of the e-mail hacking, Briones’s web ID
brioneslm@yahoo.com was found inactive on Wednesday,
and the internationally distinguished socioeconomic
expert began receiving calls from worried relatives and
colleagues.
The
people on Briones’s mailing list received a letter
stating:
Please i
am in a hurry writing this mail, I went to Nigeria for
an educational program and i have gotten myself stranded
here please could you help me with $3, 500 and i will
returm it as soon as i return. Please i wait to hear
from you soon as to send you the information on how to
send the money through Western Union or Money Gram,
Please keep this between us until i return. I wait to
hear from you soon.
Regard’s
Prof.
Briones
In an
e-mail sent to BusinessMirror, the Yahoo! Technical Team
offered measures that users can adopt when their
personal account is hacked based on the following
scenarios:
Scenario
A: If the user still has access to the e-mail account,
he can change its password and security question. After
that, he should report the incident through the customer
care form in the Yahoo! site. In the report, indicate
that the account was hacked and the password has been
changed.
Scenario
B: If the account can no longer be accessed, report the
incident directly to customer support as they are
authorized to open the e-mail address and make the
necessary adjustments. The feedback will be given in 48
hours.
In
addition the technical team also advised, “If you have
been contacted by someone about your Yahoo! account
asking for a password, birth date or other personal
information, please forward the email to
mail-spoof@cc.yahoo-inc.com. Please include the full
headers and the HTML source code of the email you
received.”
Yahoo!
said their users’ security is a top concern which is why
they created Sign-in-Seals-an image or secret message
that users select to appear when logging in to a
legitimate site.
“We have
a team of people responsible for taking action when we
receive a phishing report and we proactively scan hosted
sites for potential phishing activity and deactivate
suspicious sites. Users can also find security
information of all kinds at security.yahoo.com,” Yahoo!
emphasized.
Security
manager experts like Symantec on the other hand, advised
an average computer user who hardly distinguishes a
legitimate from a spoof web site to “perform software
update patches regularly, install software protection,
avoid visits to suspicious web sites or opening
attachments, and check the latest circulating threats on
the Internet.” |
