As Seen in the Newburyport Daily News, October 27, 2009
Hackers target Salisbury
woman's
Internet accounts in hoax
By Liz King
Staff Writer
Last week, hundreds of contacts were saddened to find out that
Wendy Tinkham's cousin needed emergency hysterectomy surgery.
They got the information through a mass e-mail sent from
Tinkham's address.
But when they read further in the e-mail, which stated that
Tinkham had flown to the United Kingdom to visit her cousin and
needed a "soft loan" of 1,500 British pounds for the life-saving
surgery, her friends thought something was a little fishy.
A few recipients wrote Tinkham back to tell her they believed
her account was hacked into, but they got an e-mail back
stating, "No, this is Wendy. You know I wouldn't do anything
fraudulent and my computer was not hacked into."
That's when Tinkham started getting calls and found out that her
Facebook and e-mail accounts had been hacked into by cyber
criminals, who changed her passwords and sent the e-mail to all
of her contacts, including advertising clients, the 600 members
of the Newburyport Mothers' Club and co-workers.
Whether you regularly update your photo albums on Facebook or
"tweet" with your friends on Twitter, social networking sites
pose a significant security risk to privacy and any information
stored on your computer. And, according to local police, anyone
can fall victim to such viruses.
"Scams don't discriminate," said Newburyport police Inspector
Brian Brunault, who targets computer crime. "Most scams just
pump them out hoping someone will succumb to it."
For Tinkham, who lives in Salisbury, the scam was a lesson
learned the hard way. Though most of her contacts realized the
e-mail was a hoax, some of her business contacts believed the
story. At her job in Portsmouth, N.H., they canceled all of
Tinkham's events in the coming week because they believed she
was in London.
"It was completely embarrassing," Tinkham said. "Some people
said they were going to report me to the police, that I was
going to rot in hell."
The Rev. Paul Berube of the Immaculate Conception Parish was
involved in a similar scam last year, when an e-mail was sent to
the 450 names in his Hotmail address book saying he was in
London and needed funds to get back home. It provided a London
address where money could be wired via Western Union.
"This stuff is really common ? it happens a lot right now, and I
don't see any end in sight," said Harold Belbin, principal
security engineer for Visiting Geeks in Merrimac.
The culprit is called "malware," which is short for malicious
software designed to infiltrate a computer without consent ? and
most social media sites, such as Twitter and Facebook, are often
carriers of the infection, Belbin said. Tinkham said her virus
came from a video sent to her on Facebook. Immediately after
clicking the video, friends starting messaging her saying that
they had received the video from her.
"It's not the same as a virus ? it's much more sophisticated,"
Belbin said. "The minute you click on it, you're toast."
The basic intent of malware is to steal information and sell it.
Either the cyber criminals are looking for cash, as in Tinkham's
case, or personal information, which, is the currency of the
Internet, Belbin said. Hackers can sell user name and password
or profit by affiliate advertising and referrals through Google,
Bing, Yahoo and other search engines, where they can be paid
from one penny to $100 for each link "hit."
"This is why they take the time to write these viruses," Belbin
said. "It's death by a million paper cuts."
Virus and anti-spyware programs, such as Norton or McAfee,
aren't capable of protecting against this kind of attack, Belbin
said, and neither can upping privacy settings on social
networking sites. The best thing to do to protect information is
limit Internet usage and be discretionary when online.
"Don't click things that aren't familiar," Belbin said. "A lot
of times people get annoyed with pop-ups and click them to make
them go away ? that's what these guys are counting on. Anything
you see on the Internet is subject to suspicion."
Tinkham said a dead giveaway that the e-mail was phony was its
wording, and the fact that pounds, not dollars, were requested.
On social networking sites like Facebook, which are often
cluttered with applications, advertisements, games and quizzes,
it's often hard to figure out what's legitimate and what isn't,
Belbin said. He advises not clicking on chat windows or friend
requests if it's from someone you don't know.
Though it may be illegal, Belbin said there isn't anything the
police or government can do about the scams, because there are
no rules or regulations on the Internet.
"Your privacy has been violated in a way that no one would put
up with in any other context," Belbin said. "It's the equivalent
of going to your house, opening every file in your desk, reading
everything and making copies that I can either sell to someone
else or save so I can use it against you later."