Block that Click!

I couldn’t tell you the first time I got Rickrolled.  By now you’ve heard of it, from Google or the Nightly News to the guy two cubicles down who’s always late to the Internet party. Once, it was a surprise to click on what promised to be an election-year gaffe, a great deal on flash memory, or a review of the best chimichanga in West Los Angeles…only to be treated to that fine young man Rick Astley belting out “Never Gonna Give You Up.” 

At first it’s perplexing.  Then, perhaps for a nanosecond, amusing.  By the time your mother-in-law with the Mac SE and 2400 baud dial-up AOL connection Rickrolls you, you’re eager to move on to something more obscure – say, lolcats.  When Google’s 2008 April Fools prank redirected every featured YouTube video  to Astley, Molly Wood of CNET is not alone when she declares: the Rickroll must die. 

This is one relatively benign example of the near-infinite ways the Internet can lie to you. Some are designed simply for humor; others are far more dangerous, targeting your computer and your finances. 

An early example came close to ten years ago, when I received a frantic email from a friend about “a possible deadly virus on your Windows 98 computer” with removal instructions.  Sure enough, in the specified folder was a file with a teddy bear icon, called jdbgmgr.exe.  Eek! I’m infected! 

By the time I saw the email, it was already well documented that this “threat” was a hoax, designed to play on user fears and get us to hobble our own system.  My friend meant well, as did the person who sent it to him.  That’s the hook: the urge to act on information from someone you trust.  I used to call hoaxes like this “do-it-yourself viruses” – the destructive program is typed in manually by an unsuspecting user, dutifully following instructions. 

In a similar vein, the infinite variety of foreign lottery and Nigerian 419 scams that Symantec, Snopes and others warn against are dependent on human gullibility, greed, or carelessness to bleed your bank accounts dry.  They don’t steal your account information – they seduce you into volunteering it.  Other attacks are more targeted; my wife, a wedding photographer, was offered $1,000 to shoot a wedding, then received a check for $5,000, and an email a few days later explaining that they inadvertently added the deejay’s fee as well.  Could she cash the check, keep her fee, then wire the balance to the deejay, who lived in…Romania?  Fortunately, she wasn’t fooled by the check, and turned it in to the originating bank’s fraud department.  Others aren’t so lucky. 

There are ever-increasing phishing attacks, which come as notifications from your bank, credit card company, PayPal, etc., indicating a problem with your account and urging you to log in to correct the issue. Even the most careful and knowledgeable user can, in a careless moment, just click and sign in…and suffer the consequences. 

Security software is growing more sophisticated, rising to the challenge of dealing with these human-variable threats.  Norton Internet Security 2008 includes phishing protection for both Internet Explorer and Firefox; if you happen to click on a known bad link, we’ll block the page.   

At the same time, user education is indispensable.  Pay attention to what you’re clicking, before you click it.  A little caution could protect you from financial disaster…or yet another Rickroll.

Message Edited by PaulD on 05-02-2008 01:11 PM