Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
October 18 2008
Alan: With the economy being as bad as it is now, the very last thing that any one needs is to be bitten by a phishing scam. To tell us how we can completely avoid those is our guest today, Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Thank you, Alan. It’s always great to be back on your show.
Alan: It seems like the worse the economy gets like we have a hurricane or a tornado – it’s like they come out in droves and attack us with all these phishing scams.
Randy: It appears that people like bad news and so if there is some sort of natural disaster, people are curious and want to see what it was. So, that’s one psychological aspect that goes into choosing a subject for a phishing attack.
But, now we have one that is perhaps more insidious. Because of the financial crisis and banks failing and being bought up by other banks or merging with other banks, what we have is a lot of confusion. People know that where they are doing their banking, and that bank that is going under. Their money is still there but somebody is taking over and they are waiting to hear what’s going to happen.
In come the phishing attacks. An email comes and it says that, “Wells Fargo is buying Wachovia and you are Wachovia customer so you need to go to this website to update your records to help us with the merger.” People assume that this is actually true.
Alan: How many people actually get caught up in that scam? I know right now that we are in a state of panic all over the globe, but if I get something in an email that says my bank has just collapsed or someone else is taking over the bank – the first thing I hope I am going to do is pick up the phone and talk to a bank officer. But how many people actually get caught up in this scam?
Randy: I don’t think we have good numbers on how many people get caught up on this scam. I think banks have a vested interest in not disclosing that information and they don’t want people to know how bad it is because people will become afraid of using online banking. I think it is a significant number because otherwise the phishers would give up on that if it were not cost-effective.
Alan: I think one of the things we’re seeing – it’s like muggings. You are not going to report all the muggings that happen. Most people look at it and think, “Oh, well, I should have done better. I should not have gone down this dark street and I’m okay; and they are embarrassed to say anything.
Businesses are not only embarrassed to say anything like they got caught or they lost data; it’s a problem if they say something because they will lose shareholders, aren’t they?
Randy: Yes and they will lose credibility and they could also lose shareholders. This is even a big problem for the home user where they are actually loosing money. If a business goes bankrupt the owner can still start another business. If the home user goes bankrupt, it’s a lot more difficult on them.
Alan: Unfortunately, it just seems that the more down and out someone is that the more somebody is and the more willing to help them; unfortunately they may not have their best interest at heart and are only taking advantage of someone.
Randy: You know the best advice I can give right now is that especially in this economy is that any email that you get that is about financial matters – and that includes PayPal, eBay, and other things like that don’t follow the links in that email. If you think there is a problem, pick up the phone or type in by hand something that you know is a valid address for that website to get some help double-check. And if you Google some of these scams that come out, take some words out if it and Google it, often times you find reports of phishing.
Alan: What are some of the most vicious scams that you have seen so far, having to do with this economy?
Randy: Probably right now it has to do with the bank mergers. There are several bank mergers so they are trying to trick people into divulging the information that the attacker uses to empty their bank accounts. It can be with bank accounts being links where I can log in and access checking accounts, my savings accounts, my home mortgage, and my credit cards. I don’t mind if they get in and put money towards my home mortgage, but I don’t want them taking the credit cards and my checking and savings.
These attacks can be very devastating. Don’t follow the links in those emails. Also, try to determine where your web browser actually is taking you - the address bar up at the top.
I just came across a phishing scam and if you clink on the link in the email and if you look up in the browser window at the address where you are, it wasn’t just HSBC, which is a bank. It didn’t say, “hsbc.com.” The URL actually said, “sexualbootycall.com.” You know that’s not a bank!
Alan: While some of them are obvious and then some of them are so real looking because what they did is they stole all the graphics and stole all the images right off the bank; right off the website; right off PayPal. They actually clone the site, which is really easy to do, isn’t it?
Randy: Yeah, in fact this one actually did clone the site. I mean that it was only the URL that looked bogus. The rest of the page looked completely legitimate. If you put the mouse over some of the links it would actually take you to the real bank’s website. So, if I clicked on “business login,” it took me to the business login that is legitimate. However, for consumer logins it first asked a few questions; it captured the data – And I put in bogus data because I’m in made a training video out of this. Then, as soon as it has all the information it wanted and they finished clicking “log-in,” it took me to the HSBC website.
Alan: I hear this all the time, “If I go a website and as long as I see this little lock down in the corner, I know I’m safe.” Well, that lock really doesn’t mean you’re safe, does it?
Randy: No, not at all. The lock can be used as a tool to help insure safety, but you have to know how to use that tool. You have to double-click on the lock and then you have to follow-up with the certificates and look at them and who issued them and know whether or not it’s a trusted certificate authority, which is a little complex – or if somebody just did what we call “Self-Signing” – because anyone can get a certificate that will make a lock in the browser.
Alan: Also, I hear this, “If the site says ‘https’ then it is a secure site, which means it’s being encrypted from my computer to their computer and that makes us safe.”
Randy: It doesn’t make you safe; it is very useful if you are going to your bank’s website, but if you’re going to a bad guy’s website, it only means that the data between your computer and the bad guy’s website is encrypted. It doesn’t mean that it’s safe to put information into that website.
Alan: You are almost saying that it’s not safe to stick our foot into the water. I know that ESET has done a lot of research and development into their software, but what can you do for us in order to keep us safe?
Randy: There are a variety of defenses that users need to use. One of them is to use a current web browser. If you use Firefox (the current version) or the current version of Internet Explorer – often times these websites will be blocked by your browser.
ESET’s Nod32 Anti-virus and ESET’s Smart Security will capture, detect and block some of these phishing attacks, as well. Paying attention is also very, very important to take a look at what the URL is and do not believe the emails – especially when some of these scams say that you have to email me at my private address.
You know what, if that private address is @gmail.com or @yahoo.com or anything other than “your bank’s. com,” it’s not legitimate. So, it’s always best if it is asking you to input data to assume it’s bogus and call your bank if you have any questions.
Alan: You mean you’re not going to answer emails that go to hotmail.com and all these other free sites that anybody can just sign up for without any kind of identification?
Randy: I do answer them. I answered to hotmail or gmail abuse@hotmail abuse@gmail and I forward the whole email and say, “This is a scammer.” And they closed the account.
Alan: That’s the best way to do it but a lot of times people can’t realize that it is a scam. It looks real; they click on something and then instead of getting caught, you actually stop us from getting caught. That’s the best protection I know is that little pop-up box that says, “No, you don’t want to do this. This is not safe.” That’s piece of mind.
You always talk about “protection in-depth”. We’re not just going to have one fence around the house; we’re going to have “multiple layers of defense”. How does that work?
Randy: You start with education then you minimize the number of attacks. By learning how to tell the difference between the good and the bad decreases the shots on goal, if you will. And then you use security software such as NOD32 and then you also make sure that you keep your operating system and all your applications patched and up to date. And you use the most current web browser because they are constantly improving security in them.
Alan: You have to have all these layers of defense because if you just have one layer and something gets through it’s like leaving the back door open and an animal comes in. That’s why they make a screen door, also – to keep the main door open and keep the screen door shut and then you can a nice breeze.
Randy: And that’s why your car has brakes and a seat belt and an air bag. It’s “defense in-depth”.
Alan: Well, one of the best ways I know of protection ours elf is to install is to install your award-winning NOD32 or your ESET Smart Security. When would you decide to install either the NOD32 or Smart Security?
Randy: If you are using a firewall product that you want to continue using and you have anti-spam that you are happy with, then NOD32 is the perfect anti-virus compliment to it.
If you want to simplify keeping all of these components of security up to date and have them synchronized because ESET Smart Security was designed from the ground-up. It’s a completely integrated system. We didn’t go out and buy a firewall. That was developed in-house and all of our components talk to each other, which improves the effectiveness.
So, if you want to have the anti-spams, the firewalls and the anti-malware. Holistically and for convenience of use and effectiveness, that’s when you decide on ESET Smart Security.
Alan: ESET Smart Security has probably the lowest footprint of any combination firewall, anti-virus, anti-threat software on the market. That’s what you really need because the last thing you want to do is have your computer, “be owned by software”.
Randy: It’s important to have a product that performs well. You want to look at the combination of how much does it slow down your computer as well as “how effective is
It?” because you need all of these things. You need performance across-the-board.
Alan: I know you have a full-featured trial version of both NOD32 and ESET Smart Security that we can download and see how it works. And it is full featured.
Randy: It’s completely full-featured. The only thing that’s different about the trial version and the purchased version is that at the end of your one-month free trial, you no longer get updates.
Alan: One thing I like about NOD32 and ESET Smart Security is that there is no difference between the quote Corporate Edition and the Home Edition. It is the same level of protection. You don’t have to feel like they skimped on you some how with the Home protection; the protection is the same, isn’t it?
Randy: The protection is the same. The only difference really with the Corporate Edition is the ability for an administrator to remotely manage it and to have the client computers update from an internal server instead of the ESET Website. That’s the only difference.
Alan: Randy, what are we looking at as far as the cost of NOD32 and ESET Smart Security?
Randy: For one year with NOD32 is $39.99 and for ESET Smart Security it’s
$59.99; however there are discounts for multiple year-subscriptions, as well as for multiple PCs.
Alan: Randy, where can we download the trialware and also find more information about NOD32 and ESET Smart Security?
Randy: Come to http://www.eset.com .
Alan: Randy, as always, it’s been our pleasure to have you as our guest here on Let’s Talk Computers keeping us educated and keeping us safe from all the phishing attacks and malware and threats that are coming our way. We look forward to talking to your again real soon.
Randy: I look forward to being back. Thank you, Alan.
Visit ESET on Facebook
Follow ESET on Twitter