EdTheFed“Ed the Fed” has written to me again. For those who are new to the blog, Ed’s a legend around here as the Microsoft UK Chief Cyber-Security Advisor. We call him “Ed the Fed”, because of his career history at the FBI and other places – which obviously makes him an ideal person to ask about Information Security. (This cutout of Ed sits in our atrium!)

Ed writes in a ‘unique’ style, and given that we’re approaching Christmas, I thought this might make an ideal email to pass on to colleagues in school. And Ed really does mean it when he signs off with his email address – he’s always keen to respond to questions and offer advice.

For more good advice from Ed, take a look at “Ed the Fed says Stay Safe out There” from earlier this year.

Anyway, over to Ed:


 


 

. .. .Yes, pigs can fly and the “X-Files” programs are true, but When Will the Fat Lady Sing?

A few days ago we read about the £38billion ponzi or advance fee scheme run by the former Chairman of NASDAQ – Bernard Madoff. Investment Securities International Limited, in London, was one of his operations. We didn’t need to read any tea leaves to know that the age old questions will again be asked, “How could this happen?”, “Where were the regulators?”, “How could reputable companies and institutions have been suckered?” We do know he was not a William Shakespeare’s ‘shylock’; in fact, he was “a most beloved human being”. The character references we hear about this guy remind me of the interviews of neighbours living next to Jeffrey Dahmer following his arrest, “He was such a nice person. We would have dinners at his home.

Let’s get real! We all know how this happened. White Collar Criminals are the best in the league. Having investigated scores of massive complex fraud schemes during my career as an FBI Agent, there was always one common thread. They gave what their victims wanted. Hope. A couple of them even wrote to me from their prison cells because I gave them what they craved. Attention. So, this begs the very question: “Has the fat lady sung?” And that’s why I am once again going to print my list of online things for you to stay away from no matter how good they might look.

1) Banks will NEVER ask you to verify your account details – they already have your details.

2) MySpace, Bebo, Facebook, and ALL other social network sites are OPEN by default. Unless you want everyone (including that bully at school, the nosey neighbour, your boss, your mother, or the paedophile in Thailand) looking at your site, NEVER use it until you make it PRIVATE. Go into settings and follow the instructions. See www.safesocialnetworking.com. Same goes with Instant Messenger – if you don’t know the person, don’t add them as a contact.

3) Microsoft has not and NEVER will hold a Lottery.

4) You know if you have relatives in Nigeria or West Africa. NEVER ‘help’ someone you don’t know move money from a foreign country – that makes you a criminal too!

5) NEVER click a hyperlink in an email from someone you don’t know. And be wise, unless you know who is sending you the online Birthday or Christmas card NEVER click on it – it’s loaded with malware or will redirect you to someplace you don’t want to be. Miscreants and criminals frequently abuse the ‘Hallmark’ name because it is so recognizable. If your name is not in the body of the email, do not click on it.

6) Wireless Internet: Make sure your wireless internet is secure (WEP is okay, WPA is better – and if you don’t know what these terms mean, read the instructions that came with your wireless device. If that fails, do NOT use your wireless internet until you find a trusted advisor to fix it (generally your neighbour’s 8 or 9 year old kid).

7) There is no free lunch. NEVER reply to email requests for charitable contributions. You call the charity yourself and know who you are talking to.

8) If there is a free lunch it’s because you are going to pay for it. NEVER reply to pop up ads telling you to run free anti-spyware or anti-malware to get rid of spyware or viruses. You can be certain they will ‘find’ bad stuff on your computer requiring you to buy what they want to sell. OR they will load stealth software onto your computer to steal what’s important to you.

9) NEVER think you are smarter than the criminal. You may be, but if you reply, you lose, you will always lose.

10) Falling in love at first sight does happen – and it’s fabulous when it does – but falling in love online, whether in Second Life or another online virtual world, can be dangerous. Hey, if you are scoring a 4 or 5 in real life, you gotta wonder why a 9 or 10 is chatting you up online.

Happy Holidays everyone!

See you in 2009.

Ed

Edward P Gibson

Chief Security Advisor

Microsoft Ltd UK

PS As always, I look forward to hearing from you at EdGibson@Microsoft.com