PSA: CIA Warning

(spoofing to transmit a virus)

Several staff have received emails that appear to be from the CIA. An example of the message is below:

-----Original Message-----
From: Post@cia.gov
Sent: Wednesday, November 23, 2005 3:37 AM
To: 0ILQ002W5BMMBI@plcmc.org
Subject: You visit illegal websites

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal websites.

Important: Please answer our questions!
The list of questions are attached.

Yours faithfully,
Steven Allison
++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505
++++ phone: (703) 482-0623
++++7:00 a.m. to 5:00 p.m., US Eastern time

While this email looks like it is from post@cia.gov, rest assured that the CIA is not monitoring your Internet use. In fact, Internet use doesn’t even technically fall under the CIA’s jurisdiction…unless you are a terrorist.

This is an example of spoofing. Spoofing is commonly used by spammers and phishers to forge the From line of an email address.

In this case, the email had a virus attached. One of the clues that the email is a fraud is the email address that the email was sent to is not a valid email address. Another clue is the inconsistent capitalization — the "w" in we should have been capitalized. Phony emails also frequently have misspelled words in an attempt to sneak past junk mail filters.

In this case the "sphisher" (have I invented a new word) was sending a virus. If I would have opened the attached file then I would have gotten the virus on my computer. Luckily, PLCMC has sophisticated anti-virus and email filtering software installed, so the attachment never even made it to my Inbox.

When is doubt always close the email (or better yet don't even bother to open it), and go to the home page where the email appears to have come from. A quick trip to www.cia.gov brought up this message on their home page:

Some members of the public have in the past few days received a bogus e-mail falsely attributed to CIA's Office of Public Affairs. CIA did not send that message. In fact, it does not send unsolicited e-mail to the general public, period. If you have gotten such a message, we strongly encourage you not to open the attachment, which contains a destructive virus.

For more information about phishing make sure to read Helene’s post on 11/18/05 about Bank of America and a phishing fraud, and if you have time take a look at this article: http://techupdate.zdnet.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html

Imaging

I remember the first job where I had my own computer. I was so excited! It had Windows 3.1. No more DOS commands! I had Microsoft Office version 4.3. I could easily create files and folders and see them again! I had everything so organized. But then I found all these other files and folders I had never heard of or seen—like the System folder and a lot of files that had strange file extensions. Well, I knew these were not Word, Excel, PowerPoint, or Access files so I deleted them all. Yes, I deleted everything that did not have a doc, xls, ppt, or mdb file extension.

Can anyone guess what happened next?

My computer was hosed, as the techies say. None of the programs would run. I, being the brilliant computer expert that I was, thought I would reboot the computer. Surely that would fix everything.

INVALID SYSTEM DISK
REPLACE AND STRIKE ANY KEY WHEN READY

Horrified I rebooted again. Same message. I read the message trying to make sense of it. Invalid system disk. How could it be invalid? I had just cleaned it up! It should thank me!

I walked slowly to the system-admin’s office, carefully avoiding eye contact with anyone. I explained what happened and she sighed, raised an eyebrow, and "told" me that I had just deleted the operating system. (Back in the days of Windows 3.1 you could do this.) It would take her hours to reinstall everything on my computer. She would have to reinstall Windows, reinstall Office, reinstall GroupWise, set up my email again, not to mention the time to try and recover all my files. As my punishment it took weeks to get my computer fixed and I had to use a typewriter to get my work done.

Needless to say, this was a learning experience and it is one that every person new to computers is afraid of happening. After all, no one wants to call IT and tell them "I have killed the computer."

But luckily ten years have passed and technology has come a long way. And luckily no one at the library has to worry about killing the computer.

Why?

IMAGING
If you’ve been with PLCMC for long enough you have surely heard some variation of the word imaging. "Hi, I am here to image your computer." "No problem, we will just re-image your computer."

So what is imaging?
Imaging is a process where your computer is configured just the way it needs to be, all the programs are installed, everything is working as it should, and then a virtual snapshot is taken of the contents of your computer by IT.

That snapshot is compressed into an image file, and the image file is then stored somewhere. At PLCMC it is usually stored on the D partition of your hard drive. Images can also be stored on a CD.

Later, if you have a problem with the computer, the computer can be re-imaged. Meaning everything on the computer will be overwritten with the original snapshot that IT took. That is why it is important not to save files that you want to keep onto the C: drive of library computers. When computers are re-imaged the C: drive is erased and rewritten by the original snapshot.

I wish the company that I worked for ten years ago had used imaging. I would have been back up and running in minutes instead of weeks. When I teach Computer Basics to the public I am often amazed at how afraid people are of using computers. Often it is because they are afraid of breaking something just by using mouse and keyboard. As an ice breaker I like to tell them that unless they pick the computer up and drop it on the floor, there is really nothing to be afraid of. We have virus programs installed and updated nightly, we have security in place to prevent people from downloading and installing files, and after all we can always just re-image the computer!

Visit the following sites for more information on imaging:
http://www.webopedia.com/TERM/G/ghost_imaging.html
http://www.pcnineoneone.com/howto/image1.html

Do you have a "memorable" newbie computer experience to share? Feel free to share by adding a comment!

PSA: Online Banking Alert

(phishing scam)

Phishing schemes have been abundant for a few years now, but until recently they haven't been quite as sophisticated. Take this email notice for example (an actual email received by one of our staff members just today) ...


(Click for larger image)


The notice looks official and even contains references to the BofA website and a URL that looks like it should be legit. However, the URL is actually a redirect from the BofA site to a scammers site. How can this happen? Well according to several phishing alert and fraud organizations, the scammers are using a weakness of the Bankofamerica.com site. To view the explanation, click here.

The Bottom Line: No matter have legitimate an email notice may look, be sure to contact the company or organization personally first to confirms its not a scam --and don't use the contact info from the email -- get the information from a primary source (i.e. telephone book or company website).

Victims of phishing scams, which are designed to capture obtain your personal information (name, SS#, online passwords, accounts, etc) soon become victims ofidentity theft! So be on the lookout and if it looks fishy phishy ( or even not) always do your homework and contact the organization yourself. A mere 5 minutes of detective work could save you 5 years of identity theft headaches.

PS: These type emails are so common, that even the BofA site has its own section for fraud

Tech Talk: What's in your Wiki?

Wikis are becoming so popular these days that even third graders (see recent SLJ article) are using them to collaborate and share ideas. So what's a Wiki you ask? According to Wikipedia (the mother of all wiki's -- its not only a collaborative encylopedia that anyone can add content to, but it's built using a wiki itself) a Wiki is...

"is a group of Web pages that allows users to add content, as on an Internet forum, but also permits others (often completely unrestricted) to edit the content. The term wiki also refers to the collaborative software (wiki engine) used to create such a website (see wiki software)."

Within the past 2 years, the use of these quick and easy collaborative tools has blossomed along with blogging as more wysiwyg editors have been created to replace hard coding. In fact, there are so many websites out there built upon wiki software that you may not even realize that what you're looking at.

Interested in finding out more about wikis or setting one up for yourself? There are several out there that you can try. Some require you to download and install software, but many others simply allow you to setup a user name and login and use thier site.

Here's just two free remote options you could try: pbwiki.com or jotspot.com

If you've dabbled with Wiki's already or have created one of your own, let me know. I'd love to tap you as a staff resource.

PS: Why Wiki? The name's borrowed from the native Hawaiian word "Wiki" which means "quick" or "fast."

PPS: First staff member to post the meaning of "wysiwyg" and define it gets a Net Head magnet from me. :)

From Einstein himself ...

Welcome to the PLCMC Core Competencies Blog - where knowledge becomes power and power becomes ... ?? ... (you fill in the blank here).

This blog is an attempt to help staff keep up with current technology changes and stay informed. So please bookmark the site, feel free to contribute and join Einstein and us for the ride.



Image couresty of Hetemeel.com