A visit to the following web site would be advisable to anyone interested in computer security and Internet security:  http://www.stophcommerce.com

And send a link to anyone you know who may be vulnerable to being scammed or hacked.

The site is sponsored by McAfee, and will be posting a series of short videos about Internet security.

The #1 Internet scam is the known as the Nigerian scam, or the 419 scam.  

This scam weaves a very sad tail of woe,  a tail that is able snare many victims.

These scammers spew out millions of emails promising large amounts of money in return for some kind of specified task, such as helping to transfer a large sum of money left by some dead relative.  But these scam  always require some advance payments from the victim.

These advanced payments are the whole point of these scams.  The scammer promises a share of some large sum of money, while extracting many smaller sums of money from the victim.  The victim never gets any money.  But still, this scam is surprisingly successful.

By now, lots of folks have become wary of Phishing.  But what about “Vishing”?

Vishing is the practice of using an email or text message to bait a person to call a certain phone number.

The inducement is usually in the form of some dire warning about a problem with your bank or credit card account, and the email instructs you to call the phone number listed in the email.

At the other end, you will find someone, or an automated system, who impersonates your bank or credit card company.  They will request all your account details, and will those details to rip you off.

If you get one of these, DO NOT CALL THE PHONE NUMBER LISTED IN THE EMAIL.

If you do have any concerns about your bank account, call a listed phone number.   Find it on your statement or in the phone book.  Or, if it is about a credit card, call the number listed on the back of your credit card.

 And report the “vishing” attack.  (Just be prepared to explain what a “vishing” attack is.  They may not be familiar with the term.)

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.

The title of this blog pretty much says it all.

Don’t Fall for the Old IRS Refund Email Scam.

The IRS does NOT contact taxpayers this way.

For more info: PCmag

Many email inboxes are being flooded with announcements that you have won a lottery. They usually that say something to the effect: your email address was picked at random, and has won a ton of money.

Well, that does not happen. Every last one of these emails is a scam. Period.

To be more exact, many of these are what is called an “advanced fee scam”. If you contact them, they will try to get enough personal information to steal you identity several times over, and secondly, you will be required to advance money in order to “process your winnings” or some such phony excuse.

One of the most certain things in life: You will never see that money again, and you will never get any winnings whatsoever. Period.

Unfortunately, thousands of gullible people fall for these scams ever year, and they loose millions of dollars. Don’t be one of them.

And please also ensure that none of your frends and relatives fall for this scam. Talk about it.

An new round of malicious e-greeting card spam is landing in in-boxes. It usually has the subject line “You’ve received a postcard from a family member!”

Whatever you do, do not open these spam emails, and do not click on the links.

If you do, you will be taken to a malicious web site that will attempt to install a variant of the Storm Trojan horse.

“Today’s greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed “the Hail Mary” by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.”

Source: ComputerWorld

This demonstrates the importance of updating all software to the latest versions. In this case, QuickTime WinZip and Windows are the targets. Users who have updated to the latest versions are protected.

And of course, it demonstrates the importance of being suspicious of all email that lands in your inbox.

The Finely Tailored Suit, er Email.

Spammers have learned to tailor their scam emails to specific groups of users. These spammers use clever social engineering to ensnare their victims. These emails can be successful in disarming caution in even the most cautions email recipient.

Our advice:

A new Trojan horse attack has been identified in the wild, named Trojan.Kardphisher by Symantec. This Trojan horse uses *very* clever social engineering to steal the credit card numbers from users.

If infected, you will be presented with a very realistic looking warning that your copy of Windows has been activated by another user, and you will be asked to enter personal data including a credit card number, in order to re-activate your Windows license. It tells you that your credit card is basically for identification purposes only and will not be charged. (Rest assured, it will be charged.)

This Trojan takes full control of your computer and renders it unusable. It blocks the Task Manager, so you cannot end it’s process. If you do not enter your credit card number, your computer will shut down immediately.

For more information:

http://www.symantec.com/security_response/writeup.jsp?docid=2007-042705-0108-99&tabid=1
or
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018645&source=NLT_PM&nlid=8

Here is an example of another phishing email. This one is probably trying to get your Amazon user name and password. (If you have one.)

Warning: Whatever you do, do not ever clink on any link in any email warning of any dire consequences with any account. Period.

If you have any concerns, check your account by manually entering the correct address in your browser and check your account. OR, simply pick up the phone and give them a call.

Click on the following thumbnail to view a screen capture of this phish. (Then use the back button to return to this page)

This phish contains many errors including unusual grammar, that should be big red flags. Check the bottom of the email and note the spelling errors:

Amazon sent this e-mail to you because your Notification Preferences indicate that you want to receive information about Special Events & Promotions. Amazon will request personal data (password, credit card/bank numbers) only on our home site, wich is securely incrypted with SLL.

Also, view the source code of this HTML email and you will find that the link to “amazon.com” has been spoofed. It definitely does not go to Amazon, it goes to an anonymous IP address. (You may also be able to view the actual link in the lower status bar of you email program while “hovering” the mouse pointer over the link.)

If you get a similar email and wish to report to Amazon, go to amazon.com and look under Help > Privacy and Security > Identifying Phishing E-Mails and follow the directions.