Identity Theft – Who is phishing for your information?

There’s a new type of internet piracy called phishing (pronounced fishing). Internet thieves are fishing for your personal information. They’re looking for ways to trick you into giving out your Social Security Number, credit card number and other personal information that they can use to their advantage. You could become a victim of identity theft that could take years to clear your financial history and personal reputation. But understanding how these internet thieves work, will help you to protect yourself from becoming a victim.

How do these thieves get your information?
Typically, you might receive an email from a company that you are familiar with that looks real. It has the company logo, they may call you by name, and the tone of the email is that they are looking out for your best interests. This email will warn you of some imminent danger to your account or credit card and that you need to take action immediately or you will suffer dire consequences. There will be a link (underlined writing usually in blue) for you to click on that will take you to their website. And guess what? The website they take you to will look like the real thing with the company logo and all.

Next, you will be asked to verify your account, password, or credit card information. If you ever find yourself here, STOP! Do nothing. Do not fill in any personal information. Immediately exit from this website and delete the phony email that you received.

How to know that this is a phishing email.
If you did not email this company asking for information about your account or for help with a problem, be suspicious. If you are still not sure because it looks so real, call the company yourself and ask. You can find these phone numbers on your monthly statement. If it is after hours and no one is there to take your call, wait until the next day when you can reach someone. Don’t fall for the imminent danger message and feel that you have to take action immediately. Phishers are hoping that you will take immediate action – don’t panic and let them trick you into clicking on their link.

What can you do?
Never give someone your password over the internet or phone when it is an unsolicited request. Your credit card company knows what your password and credit card number is. They don’t need to ask you for it.
Likewise, your bank knows what your account number and social security number, they won’t ask you to repeat it verbally over the phone.

Review all of your monthly statements every month as soon as they arrive. Check for charges that you never made. If your statement is ever late in arriving in the mail, call and ask why. Protect yourself from these would-be thieves. Don’t let them take your identity! Please remember to Bookmark Internet Security Center now! Thanks for visiting.

Brought to you by http://www.PrePaid-Legal-Help-4U.com where you have complete legal protection 24/7 for less than $1 a day!

Read More

Protecting your self against online credit card fraud

Today more and more people are looking to the internet to do their shopping. With online stores popping up all over the internet the urge to spend money on the World Wide Web has never been stronger. The unfortunate thing is that the urge for scam artists to take your money has never been stronger. So how do you protect your self from these thieves? If you follow these simple steps I promise you’ll enjoy shopping on the internet more having taken these precautions.

The first thing you should consider when buying online is if the website you are shopping on is secure? These days most retail websites have secure pages where you enter your personal information but that doesn’t mean that all sites are secure. The first step in making sure that your information is secure is to check the address bar and look for “https” this means that you are on a secure page. If the address begins with “http” the page is not secure and your information should not be given. The second step in determining if the website is safe is to look for the picture of a closed lock or an unbroken key. These pictures can be found in the bottom right corner of your browser window. When the lock is open or the key is broken the page is not secure. The last thing to look for is mention of secure certificates or “SSL”. These logos usually appear near the bottom of the screen. If you are still not sure if the website is secure you can always ask them through e-mail (make sure to save the reply just in case).

Credit card fraud is still relatively common. Even with all the security that some of the larger websites have, these con artists are still able to scam some people. So what do you do if you suspect that you have been scammed? The first thing you should do is determine if the charges on your credit card are really unauthorized. This is why you should save all of your receipts. Sometimes when a company makes a charge to your card it might show up on your statement as a charge from a name that you don’t recognize so it is important to check your receipts and confirmation e-mails (the company will usually tell you what the purchase will be charged as in the confirmation) to make sure that the mystery charges aren’t legitimate. Once you are sure that you have been scammed either by the store or by someone that has somehow stolen your credit card information your next step is to contact the credit card company. Some companies such as VISA and MasterCard offer zero liability for fraudulent charges. If your credit card issuer does not have a zero liability policy then you are only liable for up to $50 according to federal law.

Shopping on the internet is more popular than ever and with the flood of internet shoppers comes a wave of con artists. Protect your self from these crooks. Follow the information I have laid out for you and remember to save your receipts, look for secure pages and if that isn’t enough then only buy from well established websites that you have had good experiences with.

Read More

Your Next PR Nightmare Could Be Only a Click Away

In the age of Enron and failed intelligence, scandals remain the rage of the front page. Companies want to see positive spin and not scandal related material published. Imagine for a moment the educational software site where employees are identified as regular visitors to pornography websites. The effect to such a company’s image could be devastating.

Leaks, Peeks & Sneaks

There are numerous security risks facing companies with internal networks. Primary among their concerns are stifling leaks and backdoors that allow hackers to penetrate their firewalls. But the threat from within the company may prove to be more devastating to a company’s reputation and subsequently their stock value and much more.

Employees face a four-pronged attack from blended threats across the board. Phishing and pharming are two of the more popular attacks that face Internet users everyday. Typically sent via email, phishing attacks depend on the concern of an employee to take care of matters ranging from personal to financial. The uneducated user will click an embedded link and leave the network vulnerable to an attack.

The sophistication of these attacks can penetrate even the most complex of security systems unless user error can be compensated for. The most popular forms of phishing involve instant messaging and emails. Despite the widely known understanding of spoofing, most users do not expect to receive messages from spoofed accounts.

Increasing a systems security perimeter can block instant messaging ports and prevent such external security breaches. Network security devices can also block web requests to URLs presented in instant messages. Better still, URLs or web requests from internal users can be compared to a database of acceptable websites and disallowed or denied if they do not match.

Living on the Fringe

Installing spyware and malware is another by-product of visiting less than secure websites. Internet users are often besieged by offers for free software, free access and freebies. The lure of the freebie is as potent if not more so on the Internet than it is in real life. Downloading such freebies can come with passenger programs designed to record keystrokes and much more.

The least of the problems that spyware can commit is to tie up bandwidth and computer memory. The worst is that it can actually spawn Internet attacks to other sites, download critical data and send it elsewhere. Employees do not have to be lured just by a freebie either. They can simply make a typo in submitting a URL and find themselves in the wrong Internet neighborhood. Clever programmers can generate pop-up windows and disguise a button with a simple label like ‘close’ and the user will click it, thinking they will only close the nuisance window. Some programs on high-speed network access can be downloaded in the blink of an eye, compromising the computer and potentially the network.

One-Click Scandals

Scandals need very little fuel to fire. A user who chooses to go to a website of questionable integrity and intent and a user who is lured there by a bad link or a typo offer the same type of danger to a company. Scandals do not have to make the front page to generate reputation-damaging issues for a company.

Word of mouth is as fast a delivery service for reputation sabotage as press reporting is. A network security company that cannot protect against hacking of their website does not engender trust or confidence. A financial investment firm that is accused of insider trading when emails and instant messages from employees are subpoenaed and found to be questionable will likely lose clients, capital and more.

The Burden of Responsibility

Scandal can be generated by an innocent act as easily as by one of guilty intent. Corporations are responsible for the actions of their employees. Questionable Internet behavior and activity can and will affect a company’s reputation, financial standing and potentially their legal standing as well.

A corporation bears the burden of responsibility for its employees and their actions. By employing network security devices to monitor and restrict Internet activity, a corporation not only relieves a large measure of their burden, but also protects their interests on numerous fronts. Without such protection, a company is courting disaster and inviting scandal.

Read More

Don’t Be Bugged - Get Bug Detectors

You are walking along, sweeping back and forth, area after area, searching. You are continuing searching when suddenly a sound begins to click, faster and faster. Is it a Geiger counter? No, it is your bug detector. That is right. If you suspect that someone is listening in on your private conversations, strategic development meetings, covert operations, or whatever your reason for secrecy might be, you can stop it instantly and for good with bug detectors.

These handy devices promise you peace of mind and are capable of detecting, locating, and verifying hidden transmitters regardless of where they might be. These work not just in your office or home, or only on your telephone, but even in or on your car.

You may be asking yourself what the difference is between detecting and verifying a hidden transmitter. Obviously, if you detect and locate a bug, you are verifying that you are being bugged, right? Well, verifying in this instance means something else entirely. Let us say that you are sweeping for bugs and the bug detectors you are using begin to squeal or vibrate, telling you that a bug is present. There is a possibility that what it is picking up is not a bug but an ordinary television or radio transmission.

You could drive yourself nuts trying to find a non-existent bug you believe is planted somewhere on your television or radio. But since you are also able to verify with your bug detectors, you will then know that it is not a bug but just a regular, non-threatening transmission.

Read More

Avoiding Identity Theft

What's in a name? Possibly thousands of dollars. That's the word from law enforcement agents who say that Americans lose millions to identity theft each year.

The term "identity theft" refers to a crime in which a person steals your Social Security number or other private information. The criminal then uses that information to charge items or services on your credit or simply steal money from your bank account. The thieves often operate online, making it especially important to take precautions when surfing the Web.

A new book called "Geeks On Call Security and Privacy: 5-Minute Fixes" (Wiley, $14.95) could help you protect your identity. It offers expert advice on securing your computer as well as simple, step-by-step explanations of topics ranging from stopping viruses and spyware to backing up your data. The book explains these tips and others in detail:

Encrypt Your Computer Data

If your computer contains financial statements, credit card numbers, business documents, names and addresses of friends and family or other private information, consider using encryption software.

Social Security Numbers

Never use your Social Security number as a login on a Web site and do not give your Social Security number if an unsolicited e-mail requests it.

Avoid Automatic Logins

Some Web sites offer to save your user name and password so you can avoid the hassle of logging in over and over again. However, saving this information can make it easier for a thief to steal your identity.

Always Log Out

Before exiting an Internet account (online banking, bill pay, etc.), be sure to click the "Log Off" or "Log Out" button. This closes your session on the site and prevents someone from breaking into your account by clicking the back button on your Web browser.

Avoid Credit Card "Auto Save"

Most e-commerce Web sites allow you to store credit card numbers on their databases to make future transactions faster. Unfortunately, these databases are often targeted by hackers.

Read More

Where Spyware Lurks on the Internet

Spyware has to be the most talked about PC security threat of 2005. It has now surpassed the computer virus as the No. 1 menace to computer user both at home and in the enterprise. Despite efforts from Microsoft and independent security software companies, the spyware menace is set to continue through 2006 and beyond. The research firm Radicati Group expect worldwide anti-spyware revenue to surpass $1 billion by 2010.

There are numerous types of spyware with some more dangerous than others. At one end of the spectrum spyware pushes annoying ads to your computer as is usually referred as “Adware.” It is still spyware as the ads are generally pushed to you based on your surfing habits. A bad infection can also dramatically impact your computer’s performance as your desktop slowly gets overwhelmed with pop up adverts.

At the other end of the spectrum spyware programs can record what you do on your computer including individual key strokes. This information is then shared with a third party. This data is then sold to marketing companies or used to profit from. For example, the program may have captured your bank log-in details or credit card information.

Profit from these activities drives spyware development and deployment. According to anti-spyware vendor Webroot Inc advertising revenue generated from spyware is much more lucrative than trying to generate profit through Spam Email.

Here are the common ways spyware gets onto your computer:

• Bundled with free software like screensavers or P2P file sharing programs which you download. For example Kazaa, a P2P file-sharing application, installs adware onto a user’s computer even though it claims to contain “no spyware.” Waterfalls 3 from Screensaver.com installs spyware and Trojan horses. Examples are courtesy of a report from StopBadware.org’s website.
• Opening Spam email attachments.
• Being enticed into clicking on links in pop up adverts which then downloads spyware. These pop ups usually display messages to do with winning money or entering a special prize drawer.
• “Drive-by downloading” – this is when spyware is automatically downloaded onto your computer from the website you are surfing.

Earlier this year a report published by the University of Washington revealed categories of websites which are mostly like to host spyware or infect users through “drive-by downloads.” Their research revealed the following categories:

• Gaming sites
• Music download sites (I interpret this to mean “illegal” music sharing sites like dailymp3.com or where you can find P2P applications)
• Adult sites
• Celebrity sites
• Wallpaper / screensaver sites

Here are some tips and strategies to reduce the chance of spyware infection:

• Switch on your browser’s pop blocker.
• Install an anti-spyware tool with active protection which helps prevent infection in the first place.
• Keep Windows and other Microsoft applications like office up to date with the latest patches.
• Use SiteAdvisor (http://www.siteadvisor.com). This is a free plug-in for your browser which tells you whether a site is safe or not based on their testing. This is new software which is highly recommended.
• If you are a frequent visitor of the high risk categories please consider changing your surfing habits or at least making sure your system is fully protected.

Read More

5 Security Considerations When Coding

1. Input Checking

Always check user input to be sure that it is what you expected. Make sure it doesn’t contain characters or other data which may be treated in a special way by your program or any programs called by your program.This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.

2.Range Checking

Always check the ranges when copying data, allocating memory or performing any operation which could potentially overflow. Some programming languages provide range-checked container access (such as the std::vector::at() in C++, but many programmers insist on using the unchecked array index [] notation. In addition, the use of functions such as strcpy() should be avoided in preference to strncpy(), which allows you to specify the maximum number of characters to copy. Similar versions of functions such as snprintf() as opposed to sprintf() and fgets() instead of gets() provide equivalent length-of-buffer specification. The use of such functions throughout your code should prevent buffer overflows. Even if your character string originates within the program, and you think you can get away with strcpy() because you know the length of the string, that doesn’t mean to say that you, or someone else, won’t change things in the future and allow the string to be specified in a configuration file, on the command-line, or from direct user input. Getting into the habit of range-checking everything should prevent a large number of security vulnerabilities in your software.

3.Principle Of Least Privileges

This is especially important if your program runs as root for any part of its runtime. Where possible, a program should drop any privileges it doesn’t need, and use the higher privileges for only those operations which require them. An example of this is the Postfix mailserver, which has a modular design allowing parts which require root privileges to be run distinctly from parts which do not. This form of privilege separation reduces the number of attack paths which lead to root privileges, and increases the security of the entire system because those few paths that remain can be analysed critically for security problems.

4.Don’t Race

A race condition is a situation where a program performs an operation in several steps, and an attacker has the chance to catch it between steps and alter the system state. An example would be a program which checks file permissions, then opens the file. Between the permission check the stat() call and the file open the fopen() call an attacker could change the file being opened by renaming another file to the original files name. In order to prevent this, fopen() the file first, and then use fstat(), which takes a file descriptor instead of a filename. Since a file descriptor always points to the file that was opened with fopen(), even if the filename is subsequently changed, the fstat() call will be guaranteed to be checking the permissions of the same file. Many other race conditions exist, and there are often ways to prevent them by carefully choosing the order of execution of certain functions.

5.Register Error Handlers

Many languages support the concept of a function which can be called when an error is detected, or the more flexible concept of exceptions. Make use of these to catch unexpected conditions and return to a safe point in the code, instead of blindly progressing in the hope that the user input won’t crash the program, or worse!

Read More

Background of Password cracking

Passwords to access computer systems are usually stored, in some form, in a database in order for the system to perform password verification. To enhance the privacy of passwords, the stored password verification data is generally produced by applying a one-way function to the password, possibly in combination with other available data. For simplicity of this discussion, when the one-way function does not incorporate a secret key, other than the password, we refer to the one way function employed as a hash and its output as a hashed password. Even though functions that create hashed passwords may be cryptographically secure, possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can do this repeatedly with different guesses until a valid match is found, meaning the plaintext password has been recovered.

The term password cracking is typically limited to recovery of one or more plaintext passwords from hashed passwords. Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database or intercepting a hashed password sent over an open network, or has some other way to rapidly and without limit test if a guessed password is correct. Without the hashed password, the attacker can still attempt access to the computer system in question with guessed passwords. However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high. There are also many other ways of obtaining passwords illicitly, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, timing attack, etc.. However, cracking usually designates a guessing attack.

Cracking may be combined with other techniques. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to an eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed-passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.

Read More

My Spyware Nightmare, Your Lesson

Have you asked yourself any of these questions lately?

1. Why is my brand new computer slowing down to a crawl?
2. Why is it taking so long to load a basic word processor?
3. Why do I have so many popups? Where are they coming from?
4. Why do I keep being sent to places I did not ask to go?
5. Where are these embarassing popups coming from? I never visit sites like that!

I did. I was ignorant. I was slow and it cost me a brand new computer. Here is my story.

A couple of years ago, we bought a new eMachine for my wife. She had just enrolled in school and needed something better for her school work. Prior to that, we had an older HP machine. I believe it was a pentium II. It worked pretty well, though a little slow. I wanted us to get another HP, but she wanted an eMachine. Her cousin had one and she thought it was good. I did not like eMachines a lot and did not think highly of them. She was bent on having one so we bought one.

With the arrival of the new computer, the HP was quickly abandoned. I was pretty much the only one that used it. Not because of my disdain for eMachine, but becasue the HP was more in a central location. Our three boys loved the new machine and spent quite some time on it. I was eventually won over to the eMachine and I must confess, it turned out to perform excellently well. It was good on speed and the resolution was great.

Several months down the road, I noticed how the new computer was slowing down. I knew in my mind it was the eMachine. They were no good. And then I thought it was the dial up connection. But I soon realized that it was also slow when I was offline. It was taking long to open up applications and even longer to load webpages. I also noticed there were strange windows openning up at the most awkward times. Some of the pages were to sites I would not ordinarily visit. May be the boys are going to places that we don't know about. As a concerned parent, I asked them and they promptly denied. I was still not sure they did'nt. They were teenagers.

As time passed, it became more difficult to do anything on the eMachine. We gradually migrated back to the HP and there was no immediate need to find out what was wrong with it.

Finally, it was time to act. I was ready to find out what the problem was. I started asking questions and doing querries on google. I was encouraged to get a good popup blockers. I did and it did not do much. That computer was far gone and corrupted. I had waited too long. I was not sure what was going on and did not know where to ask. The warrantee on the computer had also expired.

One afternoon, I turned the computer on to take another look and was greeted by a blank screen. The monitor had also quit I said to myself. Now I knew almost for sure it was the eMachine. They were really no good. My wife disagreed. But to be sure, I hooked the monitor up to the HP and it came alive. So it was'nt eMachine after all. I was a little embarrassed.

I reconnected the monitor and rebooted and was again faced by a blank screen. The following week, I took the cpu to a repair and they told me the computer was dameged beyond repair. I retrived it and took it to a sencond repairman and it never came back.

You know, lightening they say does not strike the same spot twice. But spyware is different. It can strike the same spot many times. Early 2005, I bought another computer, having out grown the HP. Months latter, I noticed the same exact symptons that ruined the eMachine. The slow down, the multiple popups, redirects to undesirable websites, they were all there. This time I did not wait. That afternoon I was frantic. I began searching for a quick answer. It was not until late that night that I found a product that worked for me. And once I found the right solution, spyware was no longer an issue to me.

Spyware can make your online experience a nightmare if you are not forward thinking about internet security. The good news is that there are plenty of products out there that can cure that effectively.

Read More

How to Protect Your Files From a Computer Virus

How safe is your computer? Could you be in danger of getting a virus on your system? Just how real is the danger? What steps should you take if any?

While visiting with a one of my students, I became aware that her anti-virus software was over seventeen months old and had never been updated. Upon informing her that she should update her anti-virus software regularly, she was totally surprised. Furthermore she had no concept how essential this was to ensure her system's safety. Therefore I thought it wise to write about some of the precautions you should take to avoid becoming infected with a computer virus.

While there are many 'virus' hoaxes, and please do not pass any of these hoaxes on as these may actually contain viruses, computer viruses do pose a very real danger. Therefore I've listed a few preventative measures that you should take to ensure computer safety.

1. Do install an anti-virus software program and update it often as there are new viruses discovered everyday. I update my anti-virus database daily. At least weekly should be a goal. If you are not updating perpetually, it is like having an insurance policy and never paying the premiums. In no time at all it would be worthless.

2. Be wary of email from strangers. Never open an email with an attachment from a source that is unknown or suspicious. Virus containing emails can be very persuasive in the subject line. Do not let your curiosity be aroused.

I prefer an anti-virus program that has the ability to check all email sent and received. If you update it often, this should keep you safe, although nothing is 100% secure. There are good programs that offer a free version for personal use. These programs generally allow continual updates. Some may require that you register again at the end of year, but the software and updates will still be free.

Two such programs are:

AVG anti-virus, Free edition
http://grisoft.com

Free avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html

Free Firewall & Antivirus
www.personalfirewall.comodo.com
For more options and reviews on programs you can do a search on google for free anti-virus.

3. Do exercise caution when downloading files from the Internet. Be sure to download from well known and reputable sources. Ascertain that your anti-virus software is set to scan files while you are downloading. I have that feature enabled in my anti-virus program and it scans all files when I am in the process of downloading, and it has on occasion prevented me from downloading a file that was infected or posed a potential danger. These programs work so take advantage of the security your anti-virus will provide by using all of the safety features.

4. New viruses creep upon a daily basis. It is important to back up your important files regularly. CD’s and DVD’s hold a large amount of information. Take advantage of this and store your valuable information and computer programs on these removable disks. In the event that a virus should ever invade your system and your files become corrupted you will be able to replace them with your backup copies.

5. Lastly apply the little rule, 'When in doubt do without'. If you are uncertain, whether it is with an unknown source in your email or a web site that offers a download, then best not to take a chance. No email message or free software is worth the damage to your computer files and the time and expense of repairing your PC. Do not be fooled, computer viruses do affect everyone.

The Internet offers us an array of software, services, entertainment and education that is beneficial. There is no reason to fear the web, it can be safe and secure. Yet it would be unrealistic to assume that there is no danger of computer viruses. There are unscrupulous persons who desire to do you harm. By observing these few guidelines you can minimize any threat of a virus attacking your computer.

Read More

Check The Internet Forecast Before You Go Online

According to a recent survey conducted by the Cyber Security Industry Alliance (CSIA), more computer users are becoming increasingly insecure about using the Internet. Forty-eight percent of those surveyed avoid making purchases on the Internet because they are afraid their financial information might be stolen. Fewer than one in five of the 1,150 U.S. adults surveyed believed that existing laws can protect them from fraud, identity theft and other crimes on the Internet. More than two-thirds (70 percent) want Congress to pass stronger data- protection legislation.

Consumers have clearly taken notice of Internet threats and scams, but there have been few resources they can use to understand what the immediate risks are and what they can do to more safely participate in their favorite online activities. Consumers want to be informed of the risk levels associated with common online activities and the precautions they can take to protect themselves. One such tool is The Symantec Internet Threat Meter, which helps computer users become aware of the most recent Internet threats and educates them about the steps they can take to safeguard their computers and personal data while online.

While high-profile computer worms and other online attacks are not as visible as they have been in the past, Internet threats have changed shape and present even more risks to consumers. Today's threats spread in many ways-through Web sites, instant messaging and e-mail-but use more silent, targeted methods than before. Many attacks are launched with criminal intent to steal users' personal data or to take over computers in order to launch targeted attacks that result in financial gain for cybercriminals.

The Symantec Internet Threat Meter helps consumers better understand the Internet landscape by taking an activities-based approach. The index rates the four main online activities-e-mail, Web activities, instant messaging and file sharing--on a low-, medium- or high-risk level based on triggers related to malware, spyware, phishing/online fraud, vulnerabilities, online attacks and spam.

Consumers want to feel more confident about their security when they are online, whether they are communicating via e-mail, conducting financial transactions on the Internet, chatting over instant messaging or sharing files. Just as prepared travelers check the weather forecast for their destination city, consumers who are online now have a tool they can use to help them prepare for a safe and productive experience on the Internet.

Read More

‘Spoofing’, ‘Phishing’ and ‘Link Altering’ - Expensive Financial Traps

"Spoofing" or "phishing" frauds attempt to make internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that’s not the case at all, far from it. Spoofing is generally used as a means to convince individuals to divulge personal or financial information which enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.

In "email spoofing" the header of an e-mail appears to originate from someone or somewhere other than the actual source. Spam distributors often use email spoofing in an attempt to get their recipients to open the message and possibly even respond to their solicitations.

"IP spoofing" is a technique used to gain unauthorized access to computers. In this instance the unscrupulous intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.

"Link alteration" involves the altering of a return internet address of a web page that’s emailed to a consumer in order to redirect the recipient to a hacker's site rather than the legitimate site. This is accomplished by adding the hacker's ip address before the actual address in an e-mail which has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail and proceeds to "click here to update" account information, for example, and is redirected to a site that looks exactly like a commercial site such as EBay or PayPal, there is a good chance that the individual will follow through in submitting personal and/or credit information. And that’s exactly what the hacker is counting on.

How to Protect Yourself
• If you need to update your information online, use the same procedure you've used before, or open a new browser window and type in the website address of the legitimate company's page.
• If a website’s address is unfamiliar, it's probably not authentic. Only use the address that you’ve used before, or better yet, start at the normal homepage.
• Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
• If you encounter an unsolicited e-mail that requests, either directly or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
• Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
• If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is authentic.
• Always report fraudulent or suspicious e-mail to your ISP.
• Lastly, if you've been victimized, you should file a complaint with the FBI's Internet Crime Complaint Center at http://www.ic3.gov.

Read More

14 Household Ways To Protect Your Computer From Viruses

Computer viruses are deadly. They often spread without any apparent contact and can be a nuisance, or even worse, fatal to your computer. Individuals who create these viruses, estimated at 10-15 new ones a day, are the electronic version of terrorists. Their goal is to inflict havoc and destruction on as many people as possible by disabling, stealing, damaging, or destroying computer and information resources. Often, they have no specific target in mind, so no one is safe. If you access the internet, share files or your computer with others, or load anything from diskettes, CDs, or DVDs onto your computer, you are vulnerable to viruses.

Fortunately, there are good guys working just as hard as the hackers to develop cures for viruses as quickly as they send them off into cyberspace. And there are many things you can do to keep your computer from catching viruses in the first place.

Defining Viruses:

A virus is a small computer program that can copy and spread itself from one computer to another, with or without the help of the user. However, viruses typically do more than just be fruitful and multiply, which is bad enough in itself because it hogs system resources. Anything else viruses are programmed to do, from displaying annoying messages to destroying files, is called their payload. Often, they cannot deliver their payload until an unsuspecting user does something to make the virus execute its programmed function. This could be as simple as clicking on an innocent looking file attachment with the .exe (executable) extension.

Catching a Virus:

Most viruses are spread through e-mail attachments because it's the easiest way to do it. Although Macintosh, Unix, and Linux systems can catch viruses, hackers are particularly keen on exploiting the security weaknesses in anything Microsoft, particularly Microsoft Outlook and Outlook Express. Because of the popularity of this software, hackers get maximum bang for their buck, and they probably get some satisfaction from continually reminding Microsoft that being big doesn't mean you're perfect.

Solution 1: Anti-virus Software

Your first line of defense is to install anti-virus software. To be extra safe, also install firewall software, which is now included in some anti-virus packages. This software can scan all of your drives for viruses and neutralize them. Here are some features to consider when evaluating anti-virus software.

- Compatibility with your operating system - Make sure the software works with your system, particularly if you are using an older operating system like Windows 98.

- Firewall software - If it's not included, find out if it's available. If you must, buy it from another vendor.

- Automatic background protection - This means your software will constantly scan behind the scenes for infections and neutralize them as they appear. This provides some peace of mind.

- Automatic, frequent updates - Because new viruses appear every day, you'll want regular updates. It's even better if they occur automatically when you connect to the internet. If automatic updating isn't included, you'll have to check the vendor's website and download updates yourself. This is vitally important, because you will not be protected from new viruses if your software is out of date.

- Disaster recovery - Software with a recovery utility to help you get your system back to normal after a virus attack is always good to have.

- ICSA certification - The International Computer Security Associatioin has standards for the detection rates of anti-virus software. Make sure your software has the ICSA certification.

- Technical support - It's a good idea to select a package that offers free technical support, either online or through a toll-free number. If you're ever felled by a virus, you may need it. Some anti-virus software vendors are Symantec Corporation (Norton AntiVirus), McAfee Corporation (McAfee VirusScan), Trend Micro Inc. (PC-cillin), and Zone Labs Inc. (Zone Alarm Suite).

Solution 2: The Virus Scan

If you receive a particularly juicy attachment that you're dying to open, save it on your Windows desktop and run your anti-virus software on it first. To do this, click once gently on the file on your desktop ... don't actually open it ... then right click and choose Scan with (Name of Anti-Virus Software) to activate a virus scan.

If it's infected, your anti-virus software may neutralize it, or at least tell you the attachment is too dangerous to open. On the other hand, don't feel guilty if the very thought of saving a potentially damaging file anywhere on your system is enough to quell your eagerness to open it and make you delete it immediately.

Solution 3: Delete first, ask questions later.

When in doubt about the origin of an e-mail, the best thing to do is delete it without previewing or opening it. However, some viruses, such as Klez, propagate by fishing in people's address books and sending themselves from any contact they find to another random contact. You can spread a virus just by having people in your address book, even if you don't actually e-mail them anything. They'll receive it from someone else in your address book, which really makes life confusing. Because of the proliferation of porn on the internet, e-mail viruses often tempt victims by using sexual filenames, such as nudes.exe. Don't fall for it.

Solution 4: Beware of virus hoaxes

E-mails warning you about viruses are almost always hoaxes. You may be tempted to believe them because you typically receive them from well-meaning friends, who received them from friends, etc. These e-mails themselves usually aren't viruses, but some have actually fallen into the hands of hackers who loaded them with viruses and forwarded them merrily on their way as a sick joke.

The proliferation of e-mails about virus hoaxes can become nearly as bad as a real virus. Think about it, if you obey an e-mail that tells you to forward it to everyone in your address book, and they THEY do it, and this goes on long enough, you could bring the internet to its knees. If you ever want to verify a virus warning, your anti-virus vendor may have a list of hoaxes on it website. It's in the business of providing the fixes, so it will know which viruses are real.

Solution 5: Beware of filename extensions

The extension of a filename is the three characters that come after the dot. Windows now defaults to hiding filename extensions, but it isn't a good idea. Just being able to see a suspicious extension and deleting the file before opening it can save you from a virus infection.

To see filename extensions in all your directory listings, on the Windows XP desktop, click Start button | Control Panels | Folder Options | View Tab. Clear the check box for Hide extensions of known file types. Click Apply | OK. System files will still be hidden, but you'll be able to see extensions for all the files you need to be concerned with. Viruses often live on files with these extensions - .vbs, .shs, .pif, .Ink - and they are almost never legitimately used for attachments.

Solution 6: Disable the .shs extension

One dangerous extension you can easily disable is .shs. Windows won't recognize it and will alert you before attempting to open an .shs file. The extension is usually just used for "scrap object" files created in Word and Excell when you highlight text and drag it to the desktop for pasting into other documents. If this isn't something you ever do, or you have Word and Excell 2000 or later, which allow you to have 12 items on the Clipboard, click the Start button | Control Panel | Folder Options | File Types tab. Under Registered file types, scroll down and highlight the SHS extension. Click Delete | Yes | Apply | OK.

Solution 7: Dealing with double extensions

When you turn on your extensions in Windows, you'll be able to detect viruses that piggy-back themselves onto innocent looking files with a double extension, such as happybirthday.doc.exe. NEVER trust a file with a double extension - it goes against Nature.

Solution 8: Beware of unknown .exe files

A virus is a program that must be executed to do its dirty work, so it may have an .exe extension. Unfortunately, this is the same extension used by legitimate program files. So, don't panic if you find files named Word.exe or Excel.exe on your system - they're your Microsoft software. Just don't EVER open any file with an .exe extension if you don't know what the file's purpose is.

Solution 9: Watch out for icons

Viruses in attachment files have been known to assume the shape of familiar looking icons of text or picture files, like the wolf in the hen house. If you recieve an unexpected attachment, don't open it without first running it through your anti-virus software.

Solution 10: Don't download from public newgroups

What better place for a hacker to lurk and stick his virus than in the middle of a crowd? Sooner or later, someone's bound to download it and get the virus going. Don't download files and programs from newsgroups or bulletin boards, or open attachments sent from strangers in chatrooms ("Let's exchange pictures!") without first scanning with your anti-virus software.

Solution 11: Avoid bootleg software

This may seem like a no brainer, but sometimes that tiny price tag on a popular but expensive package can be too good to resist. Resist it! Likewise, be careful about accepting application software from others. You don't know where it's been, and what may have started out as a perfectly clean package could have become infected during installation on someone else's infected computer.

Solution 12: Protect macros in MS Word, Excel, and Powerpoint

A common type of virus uses macros. Macros are sets of stored commands that users can save as shortcuts to perform long functions in just a few keystrokes. A macro virus may perform such mischief as changing file types from text files or spreadsheets into templates, locking up keyboards, and deleting files. Word, Excel, and PowerPoint come with macro virus protection. To make sure yours is activated, open each application, then click Tools menu | Macro | Security. On the Security Level tab, make sure Medium or High is selected. Clcik OK. If you are already infected with a macro virus, you may find that the steps of this procedure are unavailable becasue the virus has disabled them. In that event, run a virus scan on your system to see if your anti-virus software can kill the virus.

Solution 13: Use passwords

If you share your computer, it's a good idea to assign everyone a password. Passwords should be a combination of letters and numbers no less than eight characters long, and preferably nonsensical. Never write passwords and stick them anywhere near the computer. To assign passwords in Windows XP, click the Start button | Control Panel | User Accounts. Follow the prompts to assign/change passwords.

Solution 14: Update application software

Microsoft constantly issues patches for the security holes in its operating system and applications software. however, don't be lulled into complacency if you have Windows Update automatically checking things for you. Update checks for patches to repair bugs in the operating system, not for security problems.

To get the latest security hotfixes (as Microsoft calls them), visit www.microsoft.com and look for hotfixes for all your Microsoft software, particularly Outlook and Outlook Express.

Microsoft also has a free downloadable package called Microsoft Baseline Security Analyzer (MBSA) that scans your system for missing hotfixes. It works with Windows 2000 and XP Home and Professional only. It doesn't support Windows 95, 98, or ME.

To download the MBSA, go to the TechNet section of the Microsoft Website. Be warned that the information is written in techie language, so you may find it daunting.

Last Words:

Now that you know some ways for avoiding and dealing with viruses, let's wrap things up with some solution you've probably heard before but have ignored.

- Back up your files regularly - If a virus crashes your sytem, you'll feel much better if you've got backup copies of all your important files. Make the backup copies on a media that's separate from the computer, such as on diskettes, CDs, or zip disks. Scan them for viruses before you put them away to make sure they aren't infected. If they are, they'll do you no good if you ever have to use them because they will just transmit the virus right back onto your computer.

- Make a boot disk - Create an emergency boot diskette before you have a problem so you can start your computer after a serious security problem To make a boot diskette with Windows XP, put a blank floppy disk in the drive. Open My Computer, then right click the floppy drive. Click Format. Under Format options, click Create an MS-DOS startup disk. Click Start. Keep the disk in a safe place. With luck, you'll never need to use it.

- Turn off you computer - DSL and cable connections that are "always on" may be convenient, but you should always turn off your computer when its not in use. Hackers can't get to a machine that's powered off.



You are free to reprint this article in its entirety as long as the clickable URLs remain in the "Resource Box" section.

Read More

5 Mistakes You Might Be Making When Choosing A Password

Are you making yourself a target for fraud? More and more often I am hearing stories of people who have had their accounts hacked. They have had money stolen, lost sleep, spent hours setting up new accounts, or had their credit ruined. Don't let this happen to you.

Are you making these dangerous mistakes?

Mistake #1: Using the same password for all your accounts.

Please don't do this. Use different passwords for every email account, and definitely use unique passwords for shopping websites where you'd enter your credit card.

Mistake #2: Short passwords

The risk of someone guessing your password is increasingly difficult the more characters are in it. So, go for the gusto and make your passwords long.

Mistake #3: BradPitt, Charlie, Sarah, Princess, Barbie, Gandolf -- Did I guess it yet?

Do not use kids' names, pet's name, nicknames, names from characters in books or movies or celebrity names. Even if I didn't guess it in my list, someone who knows you could.

Mistake #4: Easy to remember English words

Easy to remember is also easy to guess. Passwords should not contain English words found in a dictionary. Non-English words or any words in any dictionary are a high risk as well. And, for goodness sakes, if your password is "password" or "test" then it's a wonder you haven't been hacked yet!

Mistake #5: Numbers are no-no's.

Seriously, stay away from birthdays, anniversaries, addresses, social security numbers or telephone numbers. They are all too easy to guess.

Choose random passwords for banking sites like PayPal. Combine letters (both uppercase and lowercase) and numbers.

If all of this sounds too hard to remember, then consider using a Password program. Most of the good password programs will not only store your passwords on your computer, but they'll generate completely random passwords when you need one.

Here are a few to try.

http://www.fgroupsoft.com/Traysafe/

http://passwordsafe.sourceforge.net/

http://www.treepad.com/treepadsafe/

It's never a good time to find out that someone has stolen money from you -- or locked you out of your own email account. It's a waste of your time and money. Please protect yourself.

Read More

Preventing Identity Theft

What is Identity Theft? It is the theft of your personal information, such as social security number, driver's license number, credit card and bank account numbers, mother's maiden name, and more, with the intent to obtain credit and credit cards from banks and retailers, steal money from the victim's existing accounts, apply for loans, establish accounts with utility companies, rent an apartment, file bankruptcy or obtain a job using the victim's name.

Did you know that in some states Identity Theft is not even against the law? The victim has to prove their innocence. This shocks most Identity Theft Victims, as it should. It shocks me. Law Enforcement and Credit Card Services should be there to help, but in many cases they don't.

Being prepared, just in case someone steals your identity is a must. It may be inconvenient, but unless you want to go out and try to use your credit card one day, just to find that someone else has been using your identity to make purchases and your card is no longer accepted, then you need to take steps to prevent your identity from being stolen. It can take years to clear this up if it happens to you, so a little prevention now is the answer.

Facts about Identity Theft;

 It is considered by law enforcement to be an absolute epidemic, the fastest growing crime in the United States at this time.
 For the criminal, identity theft is a relatively low-risk, high-reward endeavor. Credit card issuers often don't prosecute thieves who are apprehended. Why? The firms figure it's not cost efficient. They can afford to write off a certain amount of fraud as a cost of doing business.
 Recently criminals have been using the victim's identity to commit crimes ranging form traffic infractions to felonies. How would you like to find out you are wanted for a crime you know nothing about? It has happened.
 All that is needed is your social security number, your birth date and other identifying information such as your address and phone number and whatever else they can find out about you. With this information, and a false driver's license with their own picture, they can begin the crime.
 If you wait until it happens to you, it's a nightmare. You won't know until you are denied credit or a creditor contacts you about a charge you know nothing about.

How do I prevent Identity Theft?

At Home;

 If you have roommates, employ outside help, or are having work done in your home, make sure your personal information is not readily available to them.
 Deposit your outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you're planning to be away from home and can't pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.
 Tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail. To opt out of receiving offers of credit in the mail, call: 1-888-5-OPTOUT (1-888-567-8688).
 Give your Social Security number only when absolutely necessary, and ask to use other types of identifiers. If your state uses your Social Security number as your driver's license number, ask to substitute another number. Do the same if your health insurance company uses your Social Security number as your policy number.

At Work;

 Ask about information security procedures in your workplace or at businesses, doctor's offices or other institutions that collect your personally identifying information. Find out who has access to your personal information and verify that it is handled securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask how your information can be kept confidential. Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.

Online;

 If you do financial transactions over the Internet, read their privacy and or security statements. You want to know who they share your personal information with. You want to know they use a "secure server" for transactions. You want to know how they store your personal information. If you don't like what you hear, don't do your business at that website. There are always alternatives.
 Use PayPal. You can transfer a limited number of funds into your paypal account and use it to buy merchandise online instead of your credit card.
 Don't give out personal information on the phone, through the mail, or on the Internet unless you've initiated the contact or are sure you know who you're dealing with.
 Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization's website by typing its URL in the address line, rather than cutting and pasting it. Be cautious when responding to promotions. Identity thieves may create phony promotional offers to get you to give them your personal information.

Going Out;

 Carry only the identification information and the credit and debit cards that you'll actually need when you go out. Don't carry your social security card with you unless you expect to need it.

Should I buy identity theft insurance?

Some companies offer insurance or similar products that claim to give you protection against the costs associated with resolving an identity theft case. Be aware that most creditors will only deal with you to resolve problems, so the insurance company in most cases will not be able to reduce that burden. As with any product or service, make sure you understand what you're getting before you buy. If you decide to buy an identity theft insurance product, check out the company with your local Better Business Bureau, consumer protection agency and state Attorney General to see if they have any complaints on file.

Conclusion: Be smart. If someone is asking for your personal information, anyone, including friends, acquaintances, companies, stores, websites, or anyone else, ask questions. Find out why they need this information, what they are going to do with it, how long do they keep it stored, who they share it with, and how can you be sure it is going to be kept secure.

Read More

Cyberspace Samurai's Art Of Hacking

If you acknowledge the foe and recognize yourself, you need not fear the result of a hundred battles. If you recognise yourself merely not the foeman, for every victory gained you volition also suffer a defeat. If you cognize neither the opposition nor yourself, you testament succumb in every battle." - Sun Tzu, The Art of War. Take the immortal words of Sun Tzu, cognise yourself. Or here, experience your computer code. Do you live however your codification wish react to an tone-beginning. Do you roll in the hay if your diligence or data is guarantee, or if at that place ar huge security measures holes. If your coating were under attempt, would you even love it. And what approximately make out the . Do you make love a hack bequeath approach your covering.

Do you sleep with what early warning signs to looking for, to detect once your applications being hacked. Have you ever looked at your lotion as a drudge would, and thought close to you would plan of attack it. As a professional cyber-terrorist, in this article, I leave guide you through the process hackers take to exploit applications and systems. I'm often asked, "What should I concern just about in my encode that hackers could exploit?" This is easy enough to answer for risks we get laid some nowadays, simply it doesn't address the real problem.

I tin Tell you roughly the most popular onslaught vectors for now's applications, just that only aid you . To truly assist you become more ensure, I need to Teach you what to expression for. I wish to enable you to do the analysis. This follows the old proverb, "Give a man a fish and he be able-bodied to eat ; Edward Teach a man to fish and he never go hungry." This is true for security system and your applications — well, not the whole fishing part, only the teaching part.

You get the idea. Trying to track a on the Internet is like nerve-racking to track the wild Abominable snowman in Nepal (I'm not sure in that location any tamed ...). But in any case, if the left no tracks, was silent, and hid where you weren't looking or in a place you didn't have existed. would you find him. If hackers tin can poke and prod your and potentially get access to sections of your encipher or data that you weren't expecting them to, you do it they thither.

Are you nerve-wracking to William Tell me that I toilet dodge bullets?" Morpheus: "No Neo, I'm stressful to distinguish you that you're ready, you won't have to." I could separate you more or less entirely the latest exploits and exactly what to facial expression for to fix your specific and make sure it's insure. We would talk around buffer-overflows, SQL injection, Cross-Site Script hacking, the list goes on and on. We would be essentially attempting to dodge the bullets; to headache or so each and every little incoming onset. Once you ready, one time you start thinking almost your applications and the environment in a holistic manner, and in one case you controller your applications to react the way you wishing them to or log the activity they don't, then you be to protect against attacks that haven't even been dreamt up yet. I'm not saying your be 100% assure, just that your ever be under your restraint.

You e'er be aware of what's going on and what your threats . That is the true nature of surety. It's totally most command. You need to be in mastery. Logs, coupled with a strong understanding of you may be attacked, is a huge step in the right direction.

Read More

The Importance of Context in Content Filtering

Launching a search for “Breast Cancer Awareness” should not result in a flood of pornographic URLs, but if your filtering solution isn’t capable of analyzing context as well as words, that might be what happens. Filtering pornographic texts may focus only on the word “breast” and not on the context in which it is presented. It is important that your company’s Appropriate Use Policy (AUP) includes the specific definition of what constitutes Web sites that need to be blocked. Visiting the Breast Cancer Society’s home page would probably be allowed by most company AUPs. However, making sure that authorized sites get through and inappropriate sites get blocked, can be a very tricky business, especially if your filtering solution looks only at words and not context.

The Hardware Filtering Option

One way to ensure that your AUP is accurately enforced is to implement a hardware filtering solution that is able to handle both words and context. In addition, an appliance offers other advantages that make it the ideal choice to perform complex filtering processes that are fast, accurate and flexible.

One advantage is that an appliance-based filtering solution fits easily into your network’s topology while at the same time giving the company the flexibility of outstanding features. A hardware appliance is a dedicated and features pass by architecture that allows it to remain stable regardless of the load.

If load increases, the hardware appliance is infinitely scalable by simply adding another machine. Software filters are limited in both their performance, scalability and single points of failure.

Comprehensive Reporting

One of the most important components of successful Web filtering for any organization is the ability to generate relevant reports. You can get an instant snapshot of activity at your organization or produce management or compliance reports required by your organization. There is no better way to ensure that accuracy and reliability goals are being met. If you can find an appliance-based Web filtering solution that offers on-box reporting, you found the best product. With total on-box reporting you won’t have to purchase additional hardware or software that drives up your costs. In addition, you will be able to prove that inappropriate content is not reaching your employees and that appropriate content is allowed to get through. Also, reporting allows you to fulfill the requirements of your organization’s Acceptable Use and Security Policies and document your compliance.

The Importance of Human Review

Automatic URL database updates are essential for providing secure and timely content filtering. It is particularly critical that these database updates are vetted by more than just name identification. By employing 100% human-review coupled with weekly, daily or hourly updates, your company is protected from dangerous sites and objectionable content around the clock.. Using human-review, sites with questionable content are reviewed daily and added to the database. Conversely, if a site such as the Breast Cancer Society or a site handling fertility treatment information comes up for review,a human interface can approve the content for the database.

Medical Mistakes and Business Operations

The accurate and secure filtering of Web content has serious implications for many different organizations. In the case of Medical facilities it is important to know that hospitals and doctors’ offices are now governed by the HIPPA policy. This policy requires that no private medical data be distributed to anyone other than those precisely identified by the patient. If the internal or network security of a medical facility should be compromised, that facility would be in violation of HIPPA and subject to serious fines as well as the loss of patient confidence.

Pornography, phishing, spy ware, violent or racist websites may share similar words with valid websites, but they are negative and dangerous to the internal security of a company’s network and to their public reputation. By using an appliance based Web filtering solutions, companies can implement the necessary tools and resources required to protect their best interests no matter what the nature of their business. There are inherent limitations associated with software solutions especially when a firewall is involved. A software solution combined with a firewall means that eventually the general purpose CPU of the firewall will become bogged down with the double duty it will be forced to perform. In the worst-case scenario, the network is slowed down by the software filter and the firewall device, leading to compromised performance and network security.

Cyberspace can be treacherous, but it shouldn’t be frustrating and arbitrary. Software-based solutions that are inherently more complex and which employ heuristics rather than 100% human -review can only do so much. To ensure success, human interface is needed in order to judge context for content. The best solution for network security is a solution that is dedicated to providing the best service possible so that your organization can fulfill its interests and satisfaction.

While the danger of lost intellectual property and high-profile lawsuits float around in cyberspace, a hardware filtering solution keeps the dangers locked out while protecting access to vital content.

Read More

Phishing And Fraud – What Is It?

Phishing is a very sneaky type of fraud conducted over the Internet. Its name is a throw back to the early days of hacking and identity theft and the practice of phone phreaking. While there can be very complicated schemes devised, they are all based on a very simple concept.

Phishers try to persuade you, or trick you into giving them sensitive information which they can then use to make money out of the system. For example, one very attractive target for phishers would be your paypal account. Paypal is an online payment system that allows you to put money in your account with your credit or debit card, and then basically email the money to other people’s paypal accounts. It is very simple, cheap and fast and very popular for online shoppers as they do not have to give their credit card details away over the internet.

If you wanted to take money out of other people’s paypal accounts, all you would really need is their email address and password. Then you sign in to their account, and send the money to an account you have set up.

What phishers will do is email paypal customers with an email that looks like an official email from paypal. It will have the paypal logo and format and will look exactly like official paypal emails to customers. It may even come from an address that looks like paypal’s official website. It will go on to say it is a random security check or some other technical procedure and that you are required to type in your user name and password. It will then thank you and say the check or whatever other scheme it claims to be is complete. In the meantime, the phisher will have your password and can clear out your account.

While this is a basic example, there are countless variations of increasing complexity that will be used to try and entice customers to give out bank account details, credit card details or other sensitive information. It can often be next to impossible for the average customer to detect that the email or website is not the official one of the company it is supposed to be from and they are therefore very dangerous.

If you do suspect that an email you receive is a phishing attempt then notify the appropriate company immediately. The other thing to remember is that most banks, credit card companies and other institutions now inform their customers that they will never ask their customers for their passwords in an email, nor will any of their employees ever ask for a password and therefore never give it to anyone who asks you for it.

Read More

Identity Theft – Who is ‘phishing’ for your information?

There’s a new type of internet piracy called ‘phishing’ (pronounced ‘fishing’). Internet thieves are ‘fishing’ for your personal information. They’re looking for ways to trick you into giving out your Social Security Number, credit card number and other personal information that they can use to their advantage. You could become a victim of identity theft that could take years to clear your financial history and personal reputation. But understanding how these internet thieves work, will help you to protect yourself from becoming a victim.

How do these thieves get your information?
Typically, you might receive an email from a company that you are familiar with that looks ‘real’. It has the company logo, they may call you by name, and the tone of the email is that they are looking out for your best interests. This email will warn you of some imminent danger to your account or credit card and that you need to take action immediately or you will suffer dire consequences. There will be a link (underlined writing usually in blue) for you to click on that will take you to their website. And guess what? The website they take you to will look like the real thing with the company logo and all.

Next, you will be asked to ‘verify’ your account, password, or credit card information. If you ever find yourself here, STOP! Do nothing. Do not fill in any personal information. Immediately exit from this website and delete the phony email that you received.

How to know that this is a ‘phishing’ email.
If you did not email this company asking for information about your account or for help with a problem, be suspicious. If you are still not sure because it looks so ‘real’, call the company yourself and ask. You can find these phone numbers on your monthly statement. If it is after hours and no one is there to take your call, wait until the next day when you can reach someone. Don’t fall for the ‘imminent danger’ message and feel that you have to take action immediately. ‘Phishers’ are hoping that you will take immediate action – don’t panic and let them trick you into clicking on their link.

What can you do?
Never give someone your password over the internet or phone when it is an unsolicited request. Your credit card company knows what your password and credit card number is. They don’t need to ask you for it.
Likewise, your bank knows what your account number and social security number, they won’t ask you to repeat it verbally over the phone.

Review all of your monthly statements every month as soon as they arrive. Check for charges that you never made. If your statement is ever late in arriving in the mail, call and ask why. Protect yourself from these would-be thieves. Don’t let them take your identity! Please remember to Bookmark www.wheatgrass-fountain-of-youth.info now! Thanks for visiting.

Brought to you by http://www.PrePaid-Legal-Help-4U.com where you have complete legal protection 24/7 for less than $1 a day!

Read More

Top 5 Reasons to Choose An Internet Filtering Appliance Over Software

The need for organizations to monitor and control Internet usage in the workplace should be an accepted fact of doing business in a cyber-connected world. Statistics indicating that 30 to 40 percent of Internet use in the workplace is unrelated to work issues should come as no surprise. Neither should the report that 90 percent of employee computers harbor as many as 30 spyware programs. In fact, studies indicate that companies may be incurring average costs of $5,000 per year per employee in lost productivity due to Internet abuse. Other data suggest that as much as 72% of employees are downloading music and video clips, eroding bandwidth and leaving networks open to spyware and other malicious agents.

As these dramatic statistics show, the need for organizations to manage their Internet access should be a baseline requirement. But how do organizations choose from the wide range of filters available to them? Perhaps one of the first decisions they will to make is between a software-based filtering solution and dedicated filtering appliance.

Both appliance and software-based options offer standard functionality -- they monitor Internet activity, block site access, automatically enforce corporate Acceptable Usage Policy guidelines and report inappropriate behavior. However, upon closer examination, there are some important and compelling reasons to choose an appliance-based solution.

An overview of the advantages of an appliance over software when it comes to handling your organization’s Internet access include these basic five categories:

• Security
• Stability
• Accuracy & Reliability
• Maintenance
• TCO (Total Cost of Ownership)


Because software-based filtering solutions must integrate with your OS, you cannot be assured that the complexity will not cause security and stability problems. Filters that are software–based can degrade performance because they share resources with their hosts and performance degradation can increase in conjunction with load. It’s hard to scale a software-based filter because more users create increased loads on the host systems. A dedicated Internet filtering appliance uses pass-by technology to check website and IM requests against a list that is updated automatically. If the request matches a name on the list that is not allowed, a denial is sent back to the requester and no bandwidth is utilized.

The dedicated resource of an appliance and its pass-by technology will prevent network slowdowns as well as single-points of failure on the system. The accuracy and reliability of an appliance-based Internet filter is maintained through fluid updates to the system. Software has to ‘check’ every single request, creating a bottleneck that it is a single point of failure. If the bottleneck becomes overwhelmed or crashes, no Internet traffic will be able to pass into or out of the company.

In terms of time and cost, a dedicated Internet filtering appliance requires less maintenance than a software-based filtering system. The database is maintained on the appliance filtering device, where it can be updated automatically with new sites, protocols and even port activities in order to block port-hopping servers. Software filters require manual updates and again, require all traffic to travel through that one single point of failure.

The cost of maintaining both is measured by what each type of service provides. While investing in an Internet filtering appliance may not be feasible for a very small company with only a handful of employees, software based programs are not scaled for handling large loads. The costs of failing software filters are more likely to impact a company’s revenues than the investment in an Internet filtering appliance.

The ultimate task of a Web filter is to filter both incoming and outgoing Internet traffic. The Web filtering solution you choose must be able to protect employees from visiting sites that do not match the Acceptable Usage Policy while also protecting the company from the financial, legal and security ramifications of employee Internet activity. An appliance-based Internet filter protects a company’s assets, reputation, employees and their bandwidth in one package.

Read More

Cyber Bingo Security

Let's look at why websites place a high priority on maintaining the best cyber bingo security and privacy policies for their players.

Playing cyber bingo is really fun and many players are logging onto bingo websites to gain access to their favorite online game. The reason this game is so popular is because the game is readily available to anyone around the world. To begin playing online bingo all you need to do is deposit money into your bingo account and purchase a few bingo cards.

Becoming a member of an online bingo hall like http:www.bingodrome.com takes less than 2 minutes. You simply need to enter some of your personal details, deposit money into your account and you're ready to play.

Online bingo sites need to safely store the personal information about all their members and therefore every online bingo site places a high priority on developing or maintaining the best cyber bingo security systems.

If someone were to break into a database containing details of every member they would have access to thousands of different credit card details and other important information.

Most online bingo halls employ a number of security levels into their cyber bingo security systems to ensure that no one can gain unauthorized access to their databases.

1) A completely separate server is used to store the personal details of the bingo sites' members.

2) Every online bingo site employs secure socket layer (SSL) encryption software. SSL uses 128-bit encryption to protect all data sent between the casino and the player and to protect the data sent between the bingo site and credit card companies.

3) To further protect your details, most online casinos do not store your full credit card number. Only the first and last four numbers are stored in their database.

4) The casino tracks the IP addresses of all it members and will be able to trace anyone who accesses your account.

In many ways online bingo gaming is a lot safer than playing at a live bingo hall. You can enjoy your online bingo experience safe in the knowledge that your personal details are kept 100% secure.

Read More

What You Have Been Dying To Know About Fraud

Since the inception of the information technology and the technological advancement of the marketing industry, many people are engaging into fraudulent activities. This is because they are able to gain financial gains and advantages to people through easier and faster means.

For this reason, authorities had been trying to suppress the growing trend of various frauds that are currently affecting thousands, if not millions of people.

Basically, fraud is a kind of trickery that is used for the individual’s benefits, mostly on the financial aspect. These kinds of frauds are absolutely punishable by law, though, its implementation and intensity may vary from one place to another.

In Criminal Law

In the context of criminal law, a fraud is absolutely punishable under certain circumstances that will constitute the deception of a certain individual from which personal gain of the fraudulent person is achieved.

Some of the common frauds that are abhorred by the law are:

1. False advertising

This refers to the achievement of some personal gains of the person concerned by give the wrong impression about a particular service, product, or a business. This can be executed by providing deceptive information projected in unreliable forms of advertisements.

2. Identity theft

In the credit card industry, identity theft is the common type of fraud. This is when the identity of the credit card user is stolen for the personal benefit of the person who wants to gain some financial access to the user’s finances.

There are instances that the criminal may use the identity of the credit card user to make some purchases, in which, the victim’s credit card is used. In turn, the victim will receive billing statements containing such purchases that he or she did not personally created.

There are also some cases wherein the identity of the victim is used to create some crimes, in which, after establishing such acts, they contact the person and blackmail him by asking some money in exchange of eliminating any criminal acts that were constituted through his name.

3. Forgery

This is also one type of frauds where the documents are obtained and processed with the purpose of using them to deceive other people or institution.

In this process, the person who ant to deceive other people will obtain documents that are fake, reproduced, replicas, or explicit reproductions of the original material. There are also some documents that may be originally done but the signatures that should have signified the authenticity of the document is forged.

The very concept of this kind of fraud is to modify an object to suit the personal gains of the offender.

4. False billing

This refers to the fraudulent undertaking of charging or creating billing statements to a particular person or an institution. Here, the criminals will extract money from these people, in which, the concerned person will think that it is part of his or her subscription on a certain company.

In this way, people may be deceived that they have been issued some renewal of their subscriptions, for example, but in reality, the true owner of such establishment that issues subscriptions are not aware of it.

5. Insurance claims

These refers to the act of deceiving the insurance provider under the guise of claiming the due claims and benefits.

For instance, there are some people who create “fake deaths” in order to claim the insurance benefits provided by the individual’s insurance provider.

These are just some of the many examples of frauds. All of which are punishable under the law.

Hence, if you think that you have been victimized based on the examples given, it is best to take some actions properly, otherwise, you will be left hanging on the brink of disaster.

Read More

Paypal Fraud, Paypal Email Scams and Avoiding Paypal Phishing

To access a Paypal account you need to have the username and password of the account. The username of a Paypal account is the main email address (primary email address) used to register the account. The owner of the account would also set up a password to be used along with the username to access the account. The security system is quite secure as long as the username and password of the Paypal account are known only to the actual owner of the account. If these details are available to anyone else it would mean that the security of that Paypal account has been compromised. Anyone acquiring the username and password of any Paypal account can access and perform all functions that the actual owner of the account could do.

In this article we will try to explain in simple terms how confidential login information of an actual Paypal account owner can be robbed and misused. We will then provide important and simple suggestions that would reduce the chances of such a fraud being committed on your Paypal account.


(a) Being careless with your information: This type of Paypal fraud can be committed very easily and does not require too much effort on the part of the fraudster. Users very often write down their login details for various websites with the fear of forgetting them. Anyone having access to these written details can login to the Paypal account and treat the account as if it was his own. Another possibility that could easily open a Paypal account to fraud is when the user selects a very simple or easy password that can be easily guessed. People with bad intentions need to make a few guesses before they arrive at the correct password to enter the Paypal account. These are the simplest ways in which a Paypal fraud can be committed and they do not require any email scam to be done.


(b) Identity theft through a Paypal email scam: Paypal phishing or identity theft as it is commonly known, involves an attempt by a fraudster to extract the login details of a Paypal account from the actual owner of the account. Armed with these detais, the fraudster can be very dangerous as full control of the Paypal account can be excercised. In this case, emails will be randomly sent to many email addresses informing the receiver of a certain activity in their Paypal account. For these Paypal email scams to work, the receiver of the email will need to login to his Paypal account by clicking a link on the email. The exact contents of each Paypal email scam might differ but the objective remains the same. Once the user clicks the link in the email, he is taken to a web page that closely resembles a regular Paypal login page. This page is infact a fake and is hosted by the fraudster (not Paypal) with the sole purpose of collecting confidential login details from the actual owner of the Paypal account. If the owner of the Paypal account falls for this trick, his account will soon be operated by the fraudster and this could lead to heavy losses. Attempts to phish Paypal accounts have become quite common and each time a fraudster unleashes his cruel trick a number of innocent Paypal accounts become victims.

The above two methods account for a major share of Paypal frauds and Paypal email scams being committed in recent times. It is not very difficult to stay clear from these frauds and we provide some useful suggestions to help you. You really do not have to give up using your Paypal account with the fear of it being misused or phished by someone else. The internet provides numerous advantages when it comes to selling and buying online and to surrender these benefits to a pack of fradusters would be sad.


Avoiding Paypal fraud and Paypal email scams.
(1) About your Paypal password: Choose a password that is not very easy to guess. Using your first or last name for your Paypal password is not a very good idea. Paypal frauds can be committed easily if you note your pass word in places that are accessible to others. Change your password periodically and whenever you suspect that you have become a victim of a Paypal email scam or other type of Paypal fraud.

(2) Clicking links to login: Never click links on emails to access your Paypal account. Always use your web browser and type in the complete name of the Paypal website to login. Paypal email scams urge you to click a link on the email and access your website. The login information is then saved to a website that is not a Paypal website. This allows fraudsters to login to your Paypal account and make transactions on your account.

(3) Periodic account check: Login to your account periodically and look for any strange or unexpected transactions. The transactions could relate to a receipt or payment of money. If you notice any abnormal movement in your Paypal account, consider it to be a Paypal fraud and inform Paypal immediately. Also change the password immediately to reduce the chances of further damage.

(4) Logging out of your account: If you are in the habit of logging into your Paypal account and then leaving the active account minimized on your browser, you could be helping someone commit frauds on your Paypal account very easily. Such security lapses do not require email scams or other methods. Always logout of your Paypal account once you have finished working on it or when you will not be using it for a couple of minutes.



Follow the above suggestions and you will be pleased with the results. Your Paypal account will be a lot safer and you will at the same time, reap the benefits of transacting online. The contents of this article have been compiled by the network team at Kaisilver. We request you to forward this link to all your friends and acquaintences, they will be grateful that you let them know about a safe way to work with their Paypal account.

Read More

Phishing, Fraudulent and Malicious Websites

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business – but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You'd Better Not Visit

Phishing websites

Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security experts warn about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) – so the information is captured even if the user doesn't type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive.

As for malicious websites… "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

Read More

Detect Spyware and Adware and Remove It Without Spending a Dime

Adware and spyware have become a world-wide computer problem from using the World Wide Web. They have turned into malware because of their viral and extremely hostile behavior. Along with the hazards of identity theft and deceit at hand on the Internet, adware and spyware can be other than merely irritating. Here are some methods to detect spyware and adware and remove or merely avoid the adware and spyware and not outlay a dime on the most recent "anti-virus" software, such as Spyware Nuker.

1. USE Firefox. If you don't use the Internet very much, then maybe you don't understand a good deal concerning Firefox. All you need to comprehend is that it is a browser that performs VERY nicely and has excellent security protection.

2. DO NOT USE Microsoft Internet Explorer. Internet Explorer is similar to Swiss cheese. It seems to have an endless supply of security holes. Microsoft is ceaselessly sending out patches to fix all the flaws in the Internet Explorer 6.X and prior versions of the browser. Even though it can be "secured" by adding to thesecurity it may give away much of its functionality when set to highest security when specific exploitable features are turned off.

3. Use a software or hardware firewall (not only Windows XP Service Pack 2's firewall). This may be thought to be expensive and difficult to do but it is not. If you use a DSL or broadband cable connection your Internet Service Provider (ISP) may have issued you a DSL/Cable router that has a a firewall included with it. All you need to do is switch it on. This may force you to spend a few minutes to read the instructions.

If your ISP did not deliver you a DSL or Cable broadband router that includes a firewall you can shell out anywhere from $20 -$60 (or occasionally even cheaper when it includes a mail-in rebate) to get a router. If you use DSL you would require a DSL router. If you use Cable broadband ISP you would need a Cable Router. Brands such as Linksys have already built in firewalls and a feature known as NAT, Network Address Translation, which is extremely effective because it hides your actual IP address from the Internet. All routers are sold with directions on how to hook them up. If you desire to maintain you computer security free, merely use a free software firewall.

4. Detect Spyware and Adware using free Anti-spyware, anti-adware software. Lavasoft's Adaware and Spybot Search & Destroy are two superb methods of restoring your system for free. Majorgeeks.com is a favorite and trustworthy freeware website that has these and several additional outstanding spyware/adware cleaning and malware preventing software (including free downloadable firewalls).

The best approach is to use ALL of the options. Remaining proactive by surfing using a suitable browser and obtaining a firewall is critical, but it likewise helps to beware of other good anti-adware/spyware applications. If you get hit with a genuinely foul bit of malware that can not be cleaned using Adaware or Spybot, dig up yourself a geek. There are numerous big forums on the Internet committed to accomplishing nothing but to detect spyware and adware and remove them and other malware. In all likelihood if your computer is contaminated with it, hundreds of others prior to you have been contaminated and have previously figured out how to get rid of the malware.

Read More