Tip:
Highlight text to annotate it
X
Attorney General Martha Coakley: Hi, I’m Attorney General Martha Coakley.
Thank you for turning in to our first episode of “AGTV: On the Record with Martha Coakley,”
coming to you from the Suffolk University studio in downtown Boston. Our goal on this
show is to provide you with information and resources on a variety of important issues
that affect residents throughout Massachusetts. I also hope that this show will give you a
glimpse into our office and the work that we do every day on behalf of the Commonwealth
to protect consumers and to keep our community safe. Today we’re going to talk about cyber
security and how you can stay safe. This is an issue that’s on everyone’s mind as
we use email and the Internet to communicate, to make purchases, and to do business. While
modern technology makes our lives easier in many ways, there also are risks and dangers
online that everyone who uses a computer should learn how to avoid. My guests today are all
experts in this topic. Joining me are: Assistant Attorney General Tom Ralph, who
serves as the chief of my Cyber Crime Division. Tom is an experienced prosecutor who leads
our office’s work to both prevent and prosecute cyber crime. Dave Papargiris, the Director
of our Computer Forensics Lab. Dave joined our office after a long career as a police
officer and is widely regarded as one of the leading computer forensic investigators in
the state. And we are very lucky to have with us today Special Agent John MacKinnon of ICE,
the federal immigrations and customs service, part of the Department of Homeland Security.
John runs the ICE cyber crime program in New England. Gentlemen, thank you for joining
me today. Let’s start by talking about one common online scam that just about anyone
who uses email has probably been exposed to: the phishing scam. And Tom, I’m going to
ask you if you could first explain to viewers exactly what phishing is. And that’s phishing
with a “P-H” right?
Assistant Attorney General Tom Ralph: That’s right. “P-H.” Phishing is really
a fairly simple idea. What it is it that somebody sends you an email or other communication
pretending to be someone that you trust in an attempt to get personal information from
you. One of the more common phishing schemes that we see are phishing schemes that pretend
to be banks sending out emails to you trying to get you to enter into your password or
account number or other information like that.
Coakley: And Dave, when someone get a phishing email,
such as the kind Tom has just described, what’s the best thing to do? Just delete it? Report
it?
Director Dave Papargiris: You know, they should delete it, and not respond
to it. And the thing that they should remember is that no financial institution will ever
call you on the phone or send you an email asking for personal information. So, if you
do receive one, most likely it is a phishing scheme and they should just delete it and
not respond to it. They may want to call their local branch of the bank and just ask them
if their aware that they’re receiving these emails so that the bank can notify their security
department and start looking into those.
Coakley: And what if the person has actually given
out information over the phone and think they’ve been victimized by a phishing scheme? What
are some of the things they should do?
Papargiris: If they’ve actually noticed it on their
credit card or anything, like they’ve lost some money, they should report it to their
local police immediately. Cancel the credit card and also notify the three reporting agencies
– the credit reporting agencies – that they’re victims of identity fraud and they
should have their records marked so that no credit is given out in their names. But the
best thing is just knowing that no financial institution, no PayPal or anything like that
is ever going to ask for personal information from you.
Coakley: And John, What are some of the ways in which
people get hold of the emails and use the system to do these phishing scams?
Special Agent John MacKinnon: A lot of criminals, especially organized criminals,
will try to obtain lists of email addresses. They may try to do dictionary texts on domains,
dot coms, dot orgs, dot nets. The email address list can be stolen. There’s a lot of organized
crime groups around the country, and especially around the world, that are constantly on a
daily basis trying to obtain identities – online identities – and entrap people online.
Coakley: And one of the reasons to report it, of course,
is that it helps us in law enforcement stay ahead of what the current scam is or what
the most recent scam is, so that people can know and we can warn people. What are some
of the telltale signs? And Tom I’ll ask you this: If someone gets an email what should
they look for to see if it’s fraudulent or not?
Ralph: Again, a lot of this stuff is just common
sense stuff. What you don’t want to do is you don’t want to give out personal identifying
information to anyone. So if you get an email from someone that you don’t know you should
be suspicious of it. And even if you get an email from someone that you do know, you should
never give out personally identifying information. Any email or other type of communication that
requests that type of information, you should be immediately suspicious of. Also you want
to use your common sense in terms of asking yourself whether something is too good to
be true. If you get an email from someone promising you ten percent of a million dollars
if you’ll cash a check, or offering to give you a million dollars if you will help bail
them out of jail in London, or any number of these schemes that just on their face that
sound crazy but sort of good, chances are they’re more crazy than good.
Coakley: And as you said common sense still prevails.
Don’t do anything online that you wouldn’t do through the mail or meeting up with a stranger
in terms of these transactions. And so it’s important for people to use their common sense
on that. It brings us to the next topic though. It’s one thing to be targeted one by one,
but one of the ways these phishing scams work is by targeting hundreds of thousands of people
to see if anybody bites. Is that fair to say? So, John maybe you can tell us a little bit
about your experience in the federal government with the use of what we call malware. Could
you just explain what that is?
MacKinnon: Malware – which is kind of like a take-off
on the word software, but “mal” being bad – is types of software programs that
can surreptitiously end up on your computer. They can get there many kind of ways. The
convenience that is offered by using technology from the home comes with some risk and so
you have to I think take extra steps in using the electronic appliance, the computer. Many
people use file sharing programs like Limewire, Gnutella Clients, and that exposes the computer
enthusiast to a wide array, a large vulnerability, to have, unbeknownst to the user, the software
to get downloaded into the computer and then there’s a number of bad things that can
happen to the computer using experience.
Coakley: And we know again that we have software, we
have hardware, but this particular kind of programming through malware means that it’s
bad so you don’t want it on your computer. And what should individuals do? Because everybody
who has a computer should be aware of this and take some protections. Dave, what’s
the best thing that someone should do to protect their computer from malware?
Papargiris: The best way is to make sure that the operating
systems updates is on so that your system can always be updated. If say, for example,
you’re running a Windows system and there’s a vulnerability and Microsoft finds out about
it they’re going to make a patch for that. And if you have automatic updates turned on
it’s going to update that to stop that vulnerability. So you should have your automatic updates
on. You should also be running an antivirus program that is constantly updating itself,
and you should run some type of a spyware or adware package to stop those pop-ups and
different stuff so just by keeping on top of that and doing maintenance on it you’re
staying ahead of the game of becoming a victim of some malicious software.
Coakley: And people have to understand computers like
other things need updating and regular maintenance and I think you mentioned at one stage Dave
when we were talking that pop-ups are one indication that there may be something really
literally infecting your computer.
Papargiris: Malware or malicious ware kind of covers,
like John was saying, it kind of covers everything, from viruses that we hear about – Trojan
viruses and adware and spyware – and some of the signs: if you’re surfing on the Internet
and you’re seeing a lot of pop-ups, that’s telling you that there’s something there
causing those pop-ups such as a spyware program. And if your computer automatically starts
running slower and seems sluggish it could possibly be a virus, so it’s very important
to keep those three things updated and you should be pretty well set to go.