There's no such thing as being too careful

Virus, just like its name, is one hell of a parasite. Last week’s session discussed about virus and cyber crime. First of all, I’d like to share something about virus. I usually do not bother much on this issue years ago, when I was in my first and second year. I knew that the “world” out there is as much dangerous as the real world where we live now, but I never had a thought about what hazard a virus might cause. Until few weeks ago. After reformatting my laptop for annual maintenance, I plugged in the LAN cable to connect to the Internet to download Windows update. While waiting for the download to finish, a pop-up window appeared on my screen telling me that my dial up connection was not detected. I was quite puzzled as such thing has never occured to me before, and I was pretty much sure that I had never set the dial-up connection to turn on automatically.

It turned out that this pop-up window came from a virus or spyware (I forgot its name) who can use a dial-up connection to make a long distance phone call. And boy, that only happened after I just visited Windows update website! I’ve heard someone said that even though the connection in NTU is considered secure, it’s not guaranteed that virus attack won’t happen. Well, now I have proven myself. And to quote what community poster says, “Low Crime Doesn’t Mean No Crime”. There are no such thing as being too careful. And just this morning, I received an email from IT Team from my school warning about a possible virus/spyware attack in NTU.

When Prof Gilbert discussed about Cyber Crime, particularly phishing, I remembered that I have encountered such cases before. Even though it’s not as dangerous as credit card phishing, it can still leave you with an unpleasant experience. How unpleasant might it be? Well, if you accidentally keyed in your credit card number just to check whether “someone has deducted $$$ from your card”, then you shouldn’t be surprised if few days after you “check” your card, someone did actually steal from it. In my case, things weren’t that serious. If you wish to know what form of phishing I’ve encountered, then you might be interested in clicking the following address: here and here. (WARNING: Potential spyware attack from 2^nd link. You might want to access it from a computer with powerful anti-virus or anti-spyware)

From first link, you will see that in order to help “your friend” winning a Banana Republic voucher, all you need to do is just entering your email address and the password for your email account. You can just pass if you do not wish to, but what is the harm of letting someone “importing address book” from your account to somewhere else anyway?

Second link is more hilarious to me. You will see that as “the LARGEST dating community on Earth”, Tubely offers me to import my contacts from my email accounts in Gmail, Hotmail, and Yahoo with just keying in my email accounts and their respective passwords. Isn’t that lovely?? (apologize for being indiscreet about my friend’s name, but you see that since this link also provide my name and my email address, discretion is something that is out of context)

Although these kind of promotions could be considered not as a phishing (since you can just “pass” anyway), I still regard this as a cyber crime. Why? Because how will you know that they won’t just break into your account and use it inappropriately? How can you be so sure that they won’t change your password so that you won’t be able to access it anymore? There is no way you can find out about this.