Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Security Spam

Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware? 340

First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware?

Comments Filter:
  • by notgm ( 1069012 ) on Saturday December 15, 2012 @11:15PM (#42305227)

    you've been compromised, and now you're spamming /.

    • by mattkrea ( 2795977 ) on Saturday December 15, 2012 @11:23PM (#42305261)
      Yeah.. pretty sure this is the more likely scenario..
    • by Billly Gates ( 198444 ) on Sunday December 16, 2012 @12:03AM (#42305435) Journal

      He couldn't be.

      He is middle aged and knows better. He doesn't click on shit or go to weird sites. He also doesn't use IE. THerefore a AV scanner is not needed especially if you have a firewall. AV software is for wusses according to these folks and I am sure his 3 year old version of flash and 5 year old unpatched Java on his machine are no match to the mighty security of running firefox!

      Don't believe me? Just ask any slashdotter who has not used Windows in 12 years. They know what they are talking about when it comes to Windows security as they post this all the time.

  • Fake one yourself. (Score:5, Insightful)

    by jx100 ( 453615 ) on Saturday December 15, 2012 @11:16PM (#42305235)

    Log into AOL's SMTP server with telnet and make an email that looks like it's coming from your uncle. Show him how easy it is to fake, and that the "to" field is actually incredibly untrustworthy.

    • by Megahard ( 1053072 ) on Saturday December 15, 2012 @11:35PM (#42305303)
      Send a fake email from your uncle to your aunt. The more chaos you can cause, the better the lesson will sink in.
    • by toygeek ( 473120 ) on Sunday December 16, 2012 @12:16AM (#42305483) Homepage Journal

      I did this once to prove the point to my wife. I made up some ridiculous email and then called her and asked her if she got it. She had. When I told her it was from ME, she finally got the point. The email was telling her she was a winner of free tickets to a concert for an artist that hasn't performed in a VERY long time. And I didn't have to telnet into a server to do it. I just set up my mail program.

  • by The MAZZTer ( 911996 ) <megazzt@Nospam.gmail.com> on Saturday December 15, 2012 @11:17PM (#42305239) Homepage

    In this case, let's say your uncle mails his letters by leaving them in his mailbox (I think some places let you do this) for the mailman to pick up. Now let's say a shady guy comes along and copies the names of people your uncle is mailing letters to, including yours, then sends him a letter purportedly from you asking him to loan you money by wiring it to a specific bank account or whatever.

    Your NAME was involved but you had nothing to do with it, and the scammer found out your name from him.

    • by aitikin ( 909209 )
      That's actually probably one of the best analogies for this purpose I've ever heard/read. Consider it stolen.
    • by houghi ( 78078 ) on Sunday December 16, 2012 @04:30AM (#42306123)

      With email, I also always use the snail-mail analogy.
      Everybody can send your name on an envelope.
      Everybody can write my name on the back.
      There is no way of telling where it was then send from, except the country where the person put it in the mailbox.

      That will help most of the time (some people just don't WANT to understand), yet I can go further:
      Email is like a postcard, everybody can read it. If you encrypt it, it is like an envelope.

      An email has two parts. The part before the @ and the part after it.
      The last part is the address. Street, and city/country. The part before it is your mailbox. It can have your name, but can also be a mailbox or anything that you put on the mailbox.

      Your email program puts it in the mailbox. That is emptied by the post people. Then it si put in trucks to the postal dispatch. That will sort it and send it with a lot of others to another dispatch, where it will be sorted again and given to the postman. He will put it then in your mailbox.
      So it is not like a fax where the machine speaks directly to another machine. It takes a lot of steps and on all those steps there can be a delay. That is the reason your email might not arrive in the 7 seconds you have been waiting for.

  • by Anonymous Coward on Saturday December 15, 2012 @11:18PM (#42305241)

    I don't see why you think his account has been hacked.

    Someone simply sent him email with your address as the "From" address. Doing that is trivial, and spammers do it all the time.

    Post your uncle's email address and your email address, and thousands of us here will send you email with your uncle's email address as the origin.

    Go ahead, post both addresses. You can trust me. I'm "Anonymous Coward", and you've seen millions of articles from me which show my wide variety of expertise.

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      There's no reason whatever to think the uncle's account was hacked. None. A little knowledge is a dangerous thing.
      • There's no reason to think it was not hacked. There's, likewise, just as much reason not to change the password. Standard practice in the security community is to assume that everything has been compromised and act accordingly; this is because a good hack will be all but undetectable.
    • by mark-t ( 151149 ) <markt@nerdflat.cCHICAGOom minus city> on Saturday December 15, 2012 @11:38PM (#42305313) Journal
      Really, I can't think oi a good reason to presume that either account was actually hacked. What's evidently happened, however, is that both parties have had their email addresses harvested, using one (falsely) as a sender and the other as recipient.
      • by FatLittleMonkey ( 1341387 ) on Sunday December 16, 2012 @02:07AM (#42305853)

        This was my first thought.

        Specifically, harvested from a third party who has both the poster and his uncle's email address.

        In other words, the poster, veganboyjosh, should be looking into his other relatives. His aunt, his nan & pop, his mum & dad, etc. First to see if they are receiving spam from each others' addresses, and to try to narrow down who has been compromised. Start with the oldest relative and work your way down.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I'm "Anonymous Coward"

      No you aren't, you liar! You hacked my account! How dare you!

    • by hidden ( 135234 ) on Sunday December 16, 2012 @12:17AM (#42305491)

      When the from and to names are people who genuinely know each other, it generally means that one or the other of them's address book has been stolen. Less frequenty, it may mean that a third party (that they both know) had their address book stolen. Subby doesn't think his address book has been stolen, so that leaves the relative as the most likely victim.

      Who we think the most likely victim is maybe be another story, but his logic seems fairly sound to me, if we accept the initial assumptions...

      • You're been living under a rock maybe? TFA said the uncle uses Facebook, and I presume so does the submitter. The spammers only need to figure out who's a friend of whom on Facebook, and they can send targeted mails purporting to be from from one to the other. Private address books are so 90s, Facebook is the modern, single common address book for the whole world.
    • That doesn't explain how the spambots knew to send an email purpotedly from him to his uncle.

      It's possible one or both of their Facebook privacy settings are overly lax, allowing anyone to see their email addresses and friendship.

  • Are you sure it was your uncle who sent you the instant message?
  • Just make shit up (Score:5, Interesting)

    by Anonymous Coward on Saturday December 15, 2012 @11:20PM (#42305249)

    Seriously. Show him a segment in the e-mail header and say that's proof his shit was hacked. He won't know the difference anyway.

  • Creating a non-administrator/root account for them should prevent the installation of most malware. DON'T give them the password.

    And tell them that the Internet is like Mos Eisley: "It is a wretched hive of scum and villainy. We must be cautious."

    Keep an up-to-date firewall and virus scanner like Norton. Turn on automatic updating for the operating system. And for the security software.

    Hope for the best.

    • Norton? LOL.

      From the fact that he's completely illiterate about computers automatically implies he already has Norton installed. That AND the fact he's on AOL.

      It seems OP is pretty savvy, why not register a domain name for him and set up an SMTP account you can remotely administer. It doesn't mean he'll never have his email hacked, but he'd be less of a target.

      • by maugle ( 1369813 )
        Probably because the OP does not have anywhere near enough time to spare setting up and maintaining a custom domain name and SMTP account for every relative.
  • by metalmaster ( 1005171 ) on Saturday December 15, 2012 @11:39PM (#42305317)
    Explain how to expand the e-mail header to show the senders full address ie. Josh

    Then simply explain the whole "never talk to strangers" bit and make comparisons to tech where possible.
  • by Rob the Bold ( 788862 ) on Saturday December 15, 2012 @11:45PM (#42305359)

    A person can ask for advice. They can act on it as they see fit. If your adult uncle ignores your advice, you are off the hook. Maybe you know what's best for him, but if he's asked you and doesn't believe you, there's nothing you can do. I know you wish you could help, but you can't. We sell computers to people who aren't IT admins with the implication that they don't need to be one in order to operate them. Sadly this isn't true, but it's beyond your duties as a nephew to try to disabuse him of this notion.

    This answer is probably less than satisfactory, but the world is an imperfect place and our ability to change that is very limited.

    Perhaps other Slashdotters have some Jedi mind tricks for you to try, but I'm not optimistic, based on personal experience.

    • by Nemyst ( 1383049 )

      The problem is that usually, in such a scenario, the relative/friend then screws up and asks you to fix it. Not wanting to fix it, after you've shown that you are well capable of it, will end up causing issues for you with said person.

      If you could wash your hands of the whole matter, it wouldn't be an issue, but I've just about never seen a situation where this is the case.

  • by theedgeofoblivious ( 2474916 ) on Saturday December 15, 2012 @11:46PM (#42305363)

    Tell him that the "from" that shows up in emails is like the upper left corner of an envelope.

    I could write a letter, address it, and in the upper left corner write

    WASHINGTON, DC 20500-0003

    And you could mail the letter. And the letter might even be delivered. But that doesn't mean that the President really sent that letter. It just means that whoever sent it claimed to be someone else when they were sending it.

  • Keep it simple. (Score:5, Insightful)

    by jonadab ( 583620 ) on Saturday December 15, 2012 @11:51PM (#42305391) Homepage Journal
    Just tell him email is very easy to forge. That's it.

    You don't have to explain the technical details of exactly how it is forged, what headers are, how SMTP works, how malware mines personal data, or any of that. If he cared about the technical details, he'd read up on them, and then he wouldn't need you.

    Keep it simple: "email is very easy to forge."
    • This.

      You don't want to give any technical details or use any terms like "smtp" or "headers". You don't want to try to fet them to understand the technical reasons, just the concept of how the sender address is just whatever is configured in the email client and no more a guarantee then what's written as sender on a traditional email.

      I found the fastest way to get somebody to understand was by walking through configuring their email to send from a bogus address, it opens up their eyes faster then an expl

  • You're done. (Score:4, Insightful)

    by Blinkin1200 ( 917437 ) on Saturday December 15, 2012 @11:58PM (#42305421)
    You did what you needed to do, you let them know they had a problem.

    You are done.

    It is not just non-tech savvy people that have this problem. My brother is, or so I thought, knowledgeable in the area of malware. One day I get a spam message sent from him, actually from his previous email address. I recognized that the message was also sent to quite a few people in his address book. After receiving a few more, I did a reply all to one of the messages, copied to his current email address and included a message that I hope you are not doing any banking or on-line shopping with that computer. His response was to send out a message to his entire address book asking people to set up their spam filters to ignore any messages from his old address.

    I tried, I'm done.

    The good news is that I now know of some juicy stocks that are going to really run up in price and three or four places where I can order some V1agra. Also, I was able to do all of my holiday shopping an a really great Russian sex toy shop. They even gift wrap! Everyone is going to be so surprised this year!

    Again, you are done, move on.
  • Forget it (Score:4, Insightful)

    by Opportunist ( 166417 ) on Sunday December 16, 2012 @12:03AM (#42305433)

    You can tell a kid a hundred times that the stove is hot, he won't believe you until he burned his hand.

    Tell him, if he chooses to ignore you, don't press on. You offered help, he declined, everything's fine. Sorry, but if ignorant people choose to reject the information they get from people who know more than them about the matter, you have to let the kid burn his hand.

    • by c0lo ( 1497653 )

      Tell him, if he chooses to ignore you, don't press on. You offered help, he declined, everything's fine.

      On the same line, you can tell him stories on the bees and flowers and crane birds and whatnot. There'll be a time when he'll learn the truth.

  • by epp_b ( 944299 )

    Really, you could have just said, "my uncle uses AOL," and that would have explained everything.

    Joking aside, why did you use the telephone analogy? It's email, a postal mail analogy would have been perfect: it's as if someone sent him a nasty letter and printed your address in the top-left corner of the envelope.

    As for what to do with his PC ... well, if he's just the typical "Facebook and email" user, install Debian or something and rename the desktop icons ("Internet", "Email", etc.). I put Ubuntu on m

  • "What's malware?"

    "You know how government officials tell you sweet things they'll do for you, so you vote for them, and suddenly you see your walled draining rapidly and all kinds of shit clogging up everything you do, and even after installing their 'fix', things keep running slower and slower and slower? Same thing but just on your computer."

  • This isn't "Malware". This isn't "Hacking". It's just Phishing.

    Read this: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201112_en.pdf [securingthehuman.org]

    Explain that email was invented in the mid-70s and hasn't really changed that much. Security wasn't a factor back then, and its easy to write an email that appears to come from anyone.

  • My analogy is a letter with my name and address written in the return-address space. Does that guarantee that the letter's from me? Of course not, anybody could write that in if they knew my address, and all it takes to find my address is to look me up in the phone book.

  • As plain and obvious it seems to us tech nerds.. some people will just never get some of the tricks the spammers use like forged from addresses and no, you're not infected, don't click that link to install superantispyware 2013. If possible, take the PC/Laptop for an evening to "speed things up" put good anti-malware and antivirus on it, maybe make a clean image and a non-admin account if you can and expect the calls for when he screws it up again if you are his dedicated tech nerd.
  • Advice (Score:5, Insightful)

    by Frankie70 ( 803801 ) on Sunday December 16, 2012 @12:45AM (#42305617)

    I think the first thing to tell your uncle is that he should get his tech advice from a more tech savvy relative who doesn't automatically assume that a forged email is done by hacking someone's account.

  • It's bad, m'kay.

  • by RudyHartmann ( 1032120 ) on Sunday December 16, 2012 @01:14AM (#42305703)

    My dad got infected by some malware a while back. He had WinXP Pro. My brothers tried to help him to no avail. He doesn't do well with keeping his antivrus and malware stuff updated. The old guy also does stuff I've told him not to do too. So he got this malware infection that told him that the FBI had locked his computer and to send $200 to a site to unlock it. He freaked out. So I installed Linux Mint 13 KDE 32-bit on his computer. He hasn't had to worry since. He likes it because its also faster. My family thinks I'm free tech support and I was getting real tired of fixing their installations. Now my brothers and uncle have installed Mint also. Life is much simpler for me now. :-)

  • The company was a security firm for phishing. They said they sent phishing emails to clients to see if the employees fell for it.

    I said,"That's a great way to find business. Spam the world with phishing emails, and people who fall for it, you tell them they need your product.". He laughed and said,"That's like if we did mechanic work and went out and wrecked into people's cars and told them.we could fix it". I think it is different. I think it is more like finding people susceptible to an illness and
  • Mom, pop, don't do malware. It's the opposite of goodware. So just say no.

  • My buddy's dad is in his late 80's. Because the computer gave him tools he wanted to use (communication with a family out west, moving a whole lifetime of photographs, slides, 8mm and Super-8 movies going back over a hundred years into digital format, finding in mere seconds information that would have involved a trip to the library when he was a kid), my friend's dad learned how to operate a computer. And because he's the kind of man who does things properly, he took the trouble to learn how to stay sa

  • by Nyder ( 754090 ) on Sunday December 16, 2012 @02:39AM (#42305933) Journal

    It has nothing to do with being tech savvy, smart, or old. This is the sort of news that people do NOT like hearing. You tell them their computer is infected and they get defensive because they don't want to hear they did something wrong. Even though we know it's very easy to get infected if you aren't paying attention and there are a lot of traps out there to get you, but most people do not know that.

    And when you tell someone something they don't want to hear, what do they usually do? Yes, lash out at you in anger. Not unlike what the article person did, tried to turn it around and blame their friend.

    Back in the early 90's, there was this local person that I did a bit a computer business with, so we knew each other decently. This one time I got a disk from him, and it was infected with the Stoned virus https://en.wikipedia.org/wiki/Stoned_(computer_virus) [wikipedia.org]. Well, it took me a bit to figure out what was going on, and that i infected a few other of my boot disks in the process (it was my first virus, how we never forget out first!). When i figured it all out and told him that I got a virus from him, he wigged out and swore that he never gave me a virus and blah blah blah. I was just warning him so he could check his disks, i wasn't blaming him for anything, yet his first reaction is to deny it happened.

    You find this happens for most everything when there is a chance someone did something wrong.

  • by Orphaze ( 243436 ) on Sunday December 16, 2012 @02:58AM (#42305975) Homepage

    Your logic seems a bit off here.

    The usual scenario for hacked account spamming is as follows: Spammer takes control of account (either via phishing, malware, or more rarely social engineering) then sends spam message out to everyone on the account's contact list. It's a great way to spam since a) the people you are sending to are usually real people and b) they will be more likely to click through since the message is coming from someone they know.

    What I have not seen before is a spammer gaining control an account, getting its contact list, then sending a *single* message to that very same account from someone on that contact list. What could possibly be the point when you can do the usual trick above? Spam is a numbers game for the most part, and what you're proposing has happened seems to be one of the worst possible ways to reach as many people as possible.

    I'm not saying you're wrong, but just that it doesn't quite add up.

    • What I've seen done is a spammer gets an address book from one compromised account, and then proceeds to spam people in that address list forging the names of other people in the list on the assumption that if they know the holder of the compromised account they likely know each other too. The idea is to minimize the number of malicious e-mails appearing to come from any given source, so as to avoid getting noticed. And if you've received a malicious e-mail and clicked on a link in it, you have to assume yo

  • For email, it's actually really simple. What he sees in email headers (From, Subject, etc.) is the equivalent of the return address written in the top left corner of an envelope. There's absolutely nothing keeping you from putting false information there, and if he doesn't believe you ask him when's the last time he had to present identification to send a letter. What you're showing him instead is kind of like inspecting the cancellation mark on the stamp to determine that while the return address may say t
  • I told them my hourly rate and when they complained I sent them to http://www.geekinpink.com/ [geekinpink.com]

    The women adore them and if it all works out the uncle will go to jail.

  • Facebook Spam (Score:5, Informative)

    by dcollins ( 135727 ) on Sunday December 16, 2012 @04:23AM (#42306101) Homepage

    I'm surprised that no one's brought it up yet, but -- One of the most common spam email profiles that I get these days has the name of a Facebook friend in "From", my name in "Subject", and the body being just a single hyperlink. Pretty clearly, something is scooping up names of friends from Facebook (and recall email address is required there), so there's no need for any personal computer involved to be hacked. And I'm getting these things with the names of some friends I've never had any contact with except through Facebook, so it's easy to deduce that's the source. I would think.

  • Nothing (Score:4, Interesting)

    by DaveGod ( 703167 ) on Sunday December 16, 2012 @08:11AM (#42306543)

    what else should I feel responsible for telling him?


    Tech enthusiasts often get satisfaction from helping others in this way. But you should always understand that you are not responsible for doing so, and they should understand that too. If they are difficult or unappreciative, well it's not your problem. If they don't follow your advice, it's not your problem. Your goal in doing it is because it's a nice and helpful i.e. good thing to do; when it stops feeling like that then you're not achieving the goal, it's not really nice and helpful no matter what your intentions, how right you may be or how much safer they might be for following it.

    If your uncle knew a lot about cars and you were going to buy one, would you consider that he was obliged to find you a good runner and teach you how to drive? Would he even go into lots of detail or just give a handful of key general points? Would you definitely follow his advice to the letter or would you take it on board and do what you want to do?

    The best advice I've given is that if there's any kind of account then you do not use links in emails, go to the site normally. Seeing as he went about asking you what the link was, perhaps that might already have sunk in.

    FYI an email with your address in the "from" and his in the "to" field doesn't offer any clue which has been compromised, or if anyone has. One possibility would be if anyone has sent one of those stupid "forward 1000 times and Bill Gates donates $1b to charity" with both of your email addresses.

  • Give him a new mail account. And tell him not to trust anything, even if you sent it. And tell him that mails are basically electronic postcards that can be easyly searched, scanned and manipulated, even the sender and the reciever. If he's still with you, tell him a bit about mailheaders and look at them with him. ... Although I personally wouldn't bother going to much into the details of email, they are insane anyway, in my opinion. (The Type A email security incident you describe pretty much proves my point).

    Clean his system, give him a fresh thunderbird install with a new account and - if he fell like doing this - set up an encrypted mail communication between you and him. Explain which part of that makes it a sufficiently secure means of communication and which part can still be compromised (his, your's or anybody elses system).

    If he's a person who's usage patterns are covered by Ubuntu, offer to move his system to that. ... I got my daughter an ubuntu netbook for her birthday. The amount of hassle-freeness is refreshing. It does suck that sound and mic are causing trouble on Ubuntu 12LTS, but that's a minor tradeoff for the lack of headaches I've gotten in return.

    Good luck.

Today is the first day of the rest of your lossage.