Friend or Foe?

In past posts about online security I've mentioned that if you receive an email that you weren't expecting, even if it appears to be from someone you know, you should be cautious in opening it. Most people aren't aware that the protocol used for sending email, SMTP, is not secure, and that it's relatively easy to "spoof" an email address and make an email look like it's coming from someone else. A lot of spammers and viruses/worms take advantage of this flaw in SMTP and use it to try to trick people into opening emails they probably wouldn't otherwise view.

Sometimes it's not enough to secure your own computer and practice safe computing. You may have friends and family who aren't as careful as you are, and if their computer or information gets compromised it can lead to a higher risk that you might be compromised as well.

The Financial Times recently reported on the series of hacks at Google, and one of the things that the attackers did to gain access was to compromise the computers of friends of people who work at Google and use their messaging accounts to trick Google employees into clicking on links that compromised their own machines.

Earlier this month I posted about protecting your online identity. One thing to keep in mind is that even if you lock down your social networking profile so that only your "friends" can see it, you have no way of knowing if one of the people who can see your information is as careful with their account as you are with yours. A friend who forgets to log out of Facebook at a public kiosk will expose any information you have shared with them to a curious stranger who logs onto the kiosk after them.

In this day and age the old adage "trust but verify" has never been more appropriate. Next time a friend sends you a link, make sure that you think twice before clicking, you really have no way to know exactly who is on the other end of that email or IM!