As Seen in the Newburyport Daily News, October 27, 2009
Hackers target Salisbury
Internet accounts in hoax
By Liz King
Last week, hundreds of contacts were saddened to find out that Wendy Tinkham's cousin needed emergency hysterectomy surgery. They got the information through a mass e-mail sent from Tinkham's address.
But when they read further in the e-mail, which stated that Tinkham had flown to the United Kingdom to visit her cousin and needed a "soft loan" of 1,500 British pounds for the life-saving surgery, her friends thought something was a little fishy.
A few recipients wrote Tinkham back to tell her they believed her account was hacked into, but they got an e-mail back stating, "No, this is Wendy. You know I wouldn't do anything fraudulent and my computer was not hacked into."
That's when Tinkham started getting calls and found out that her Facebook and e-mail accounts had been hacked into by cyber criminals, who changed her passwords and sent the e-mail to all of her contacts, including advertising clients, the 600 members of the Newburyport Mothers' Club and co-workers.
Whether you regularly update your photo albums on Facebook or "tweet" with your friends on Twitter, social networking sites pose a significant security risk to privacy and any information stored on your computer. And, according to local police, anyone can fall victim to such viruses.
"Scams don't discriminate," said Newburyport police Inspector Brian Brunault, who targets computer crime. "Most scams just pump them out hoping someone will succumb to it."
For Tinkham, who lives in Salisbury, the scam was a lesson learned the hard way. Though most of her contacts realized the e-mail was a hoax, some of her business contacts believed the story. At her job in Portsmouth, N.H., they canceled all of Tinkham's events in the coming week because they believed she was in London.
"It was completely embarrassing," Tinkham said. "Some people said they were going to report me to the police, that I was going to rot in hell."
The Rev. Paul Berube of the Immaculate Conception Parish was involved in a similar scam last year, when an e-mail was sent to the 450 names in his Hotmail address book saying he was in London and needed funds to get back home. It provided a London address where money could be wired via Western Union.
"This stuff is really common ? it happens a lot right now, and I don't see any end in sight," said Harold Belbin, principal security engineer for Visiting Geeks in Merrimac.
The culprit is called "malware," which is short for malicious software designed to infiltrate a computer without consent ? and most social media sites, such as Twitter and Facebook, are often carriers of the infection, Belbin said. Tinkham said her virus came from a video sent to her on Facebook. Immediately after clicking the video, friends starting messaging her saying that they had received the video from her.
"It's not the same as a virus ? it's much more sophisticated," Belbin said. "The minute you click on it, you're toast."
The basic intent of malware is to steal information and sell it. Either the cyber criminals are looking for cash, as in Tinkham's case, or personal information, which, is the currency of the Internet, Belbin said. Hackers can sell user name and password or profit by affiliate advertising and referrals through Google, Bing, Yahoo and other search engines, where they can be paid from one penny to $100 for each link "hit."
"This is why they take the time to write these viruses," Belbin said. "It's death by a million paper cuts."
Virus and anti-spyware programs, such as Norton or McAfee, aren't capable of protecting against this kind of attack, Belbin said, and neither can upping privacy settings on social networking sites. The best thing to do to protect information is limit Internet usage and be discretionary when online.
"Don't click things that aren't familiar," Belbin said. "A lot of times people get annoyed with pop-ups and click them to make them go away ? that's what these guys are counting on. Anything you see on the Internet is subject to suspicion."
Tinkham said a dead giveaway that the e-mail was phony was its wording, and the fact that pounds, not dollars, were requested.
On social networking sites like Facebook, which are often cluttered with applications, advertisements, games and quizzes, it's often hard to figure out what's legitimate and what isn't, Belbin said. He advises not clicking on chat windows or friend requests if it's from someone you don't know.
Though it may be illegal, Belbin said there isn't anything the police or government can do about the scams, because there are no rules or regulations on the Internet.
"Your privacy has been violated in a way that no one would put up with in any other context," Belbin said. "It's the equivalent of going to your house, opening every file in your desk, reading everything and making copies that I can either sell to someone else or save so I can use it against you later."