Phishing | Getting Rid of Spam

MillerSmiles announces launch of new PhishCheck technology

Jul 04

Phishing cards, copyright, denied-the-fact, firefox, game, internet, media, miller, millersmiles, over-the-coming, Phishing, phishing-scams, press, public, scams-to-the, sim-cards-shop, website, websites-on-the, welcome-for-the No Comments

MillerSmiles announces that automatic phishing reports with its PhishCheck technology are now active

View original here:
MillerSmiles announces launch of new PhishCheck technology

Top Tips To Keep You Safe From Phishing

Apr 13

adminPhishing Comments Off

The use of the Internet to steal people’s personal details such as credit card numbers, social security numbers, user IDs and passwords is called “phishing” (pronounced fishing). This is accomplished by the fraudulent impersonation of a trusted institution or corporation such as a bank or credit card company.

Phishing is growing all the time and the techniques and technology used is becoming ever more sophisticated. However by following these simple rules you can greatly reduce the chance of falling victim to phishing.

Never reveal your passwords. Not even to a family member or close friend. Of course you trust your family and friends but once you have revealed a password to them you can never be sure that they will not unwittingly reveal your password to someone else. There may be occasions, due to sickness or accident for example, when you have no other choice than to allow family or close friends to access some on-line accounts. Following such occasions you should change your passwords as soon as you possibly can.

Use secure passwords. Never use a password such as your middle name, your pet’s name, your date of birth and so on. These may be easy to guess. Nor should you use any word that exists in the dictionary. A strong password uses a combination of letters and numbers and symbols. It is possible to create such passwords in an easy to remember format. For example, the password A$4A10c looks quite random but may be remembered as “A dollar for a dime”. Using a technique such as this You can have lots of fun creating your own secure password.

Use good security software (an anti-virus, anti-spyware, anti-spam and firewall are a minimum requirement). Once installed don’t forget to keep all your security software updated. Many require an annual license fee in order to keep working at their best. You should never allow your security software to become outdated or allow the license to run out.

Use the most current versions of Internet browsers. Most of the current versions contain their own anti-phishing filters and blacklists to help keep you safe. A recent trial by a popular consumer magazine in the UK (you know WHICH one) recommended Firefox as their browser of choice.

Never click a link in an email. Phishing emails can look exactly like a regular email from your bank or credit card company and you may be tricked in to clicking their link which will take you to their website where any username and password entered will be recorded. To prevent this never, ever click on a link in an email instead open your Internet browser and type in the website address of the institution concerned.

Regularly check your on-line accounts. Log on to your account and investigate any action that you don’t recognise. It may just be that the details of a retailer transaction are not easily recognisable so investigate before you take action.

Phishing, Fraudulent and Malicious Websites

Apr 12

adminPhishing Comments Off

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business – but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You’d Better Not Visit

phishing websites

Thanks to authors of numerous articles on this topic, “classic” phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one — of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users’ passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Keyloggers and Trojans

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for — to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware — cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs — a well-known authority in information security — noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

A Hybrid Scam

In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren’t selling anything; the aim was to cheat users out of credit card details.

This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors’ computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these “toxic” blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers–software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes –but that’s not all. They capture everything the user is doing — keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) – so the information is captured even if the user doesn’t type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency–the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help — even if it is a bit more expensive.

As for malicious websites… “Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction.”(a quote from Websense’s report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or Spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

About the Author
Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company that provides various solutions for information security.

“Hacking PayPal, StormPay or E-gold Accounts?”

Apr 12

adminPhishing Comments Off

Close your door!
Off hook your telephone!
Cancel all your assignments!
You are going to read the most sensitive information about your StormPay, Paypal or e-gold accounts. If you miss today, you can lose every penny from your accounts or even may not have access to them tomorrow. Monsters of cyberspace darkness are after you. They shall catch you one day if you dont know all the tips given in this article.

Are you *feeling* Insecure?
You are not secure on internet at all. Whatever safeguards you develop, the hackers shall maneuver new techniques. However, you can feel much secure if you know:
What is the SSL?
How hackers intrude into your secure account?
How to avoid financial loss?

What is SSL Server?
Secure Socket Layer (SSL) means a standard for establishing a secure communications channel to prevent the interception of your critical information. Primarily it enables secure electronic financial transactions on internet. All money processing companies such as StormPay, Paypal, and e-gold etc use the most secure socket layers at their servers. Hackers with their extreme skills and powerful computers (theoretically) cant intercept your communications with these companies. But you might have experienced or heard that hackers have been accessing secure sites. Millions of dollars are drained every year from processing accounts.

How the Hackers Break Into Your Secure Accounts?
Hackers have been developing horribly sophisticated skills to access your secure accounts. If you are a programmer you may like to develop anti-hacking software. However, if you are a common man like me you can make yourself securer if you dont let them access to your password. In most of the Paypal hacking incidents, people provided their secured information willingly to the hackers without knowing it.

1. You Send Your Secure Information Through Email:
Email is insecure mode of communication. It can easily be intercepted. So it is dangerous to send your secured information through email. However, it is last nail in your financial coffin to send your user id and password directly to the inbox of a hacker.
How is it possible?
You receive an email from Paypal admin that due to some technicalities they have messed with your account. They ask your user id and password to fix the problem. You see that From field contains anything@paypal.com . You have nothing to fear and send your information directly to the inbox of a hacker who is misrepresenting as admin of the Paypal. There are programs which can hide real contact of the sender with some fake email address.

2. You Disclose Your User Id and Password to Hackers at their Websites It is stranger but it easier than the previous one. You receive a security alert from Paypal which requires you to log-in through the link or provided with the email. But in 100% cases that URL or form shall take you to some fake website that shall look like that of Paypal. You supply your user id and password but the log-in page of the Paypal re-opens.
Alert!
You have been hacked. Dont think that you had mistyped your password (which we often do). Log-in to your account and change your password immediately.
3. You Pay hacker to Break in your account:
You may term me crazy but it is the most dangerous strategy that hackers use. They build a business-like website and put some products for sale. You visit their site, select a product and click the payment button of any company. You may land at a fake website having copied web-pages of the concerned company. You try to log-in but that page reopens. Not having Paypal hacking idea, you submit your information now at the real site to pay him $20.00 for the product. Next day or after some time you may find your account empty.

4. Misspelled Domain Name:
Anybody can get a domain name registered for a few bucks. The hacker shall simply get a domain name closer in look to the any of the money processing companies but with different spellings such as stompay, paypla etc. Now it is matter of time. Whenever you make a typo (we do often), you shall land at this fake website. Thinking it genuine one, you put your secured information in the hackers files.

How to Avoid Financial Loss?

You are responsible for security of your password. You can avoid major financial losses if you take following pre-cautions.
Change Your Password Frequently:
You dont know whether your last deal was with a genuine businessman or a hacker. Even if he is a real business, it will take only a few seconds to change your password after each transaction. If that is not possible then change your password at least once a week.

Never Email Your User Id and Password:
Whatever reason the president of your money processing company may quote, never send your user id and password to him via email. In fact the company does not need your user id and password to fix any technical problem.

Never Log-in from links in Your Email:
Never log-in your money processing account from any link or form that you receive through email. In 99% cases you shall be hacked.

Look for a security lock at your browser before Logging in. Whenever you process your money online your browser should display a security lock icon. In the case of Internet Explorer it appears at lower left part of your window. If you dont find such a security lock you are at risk. That is not original website of the company.

Always log-in from Your Favorites Folder:
To avoid typo mistake, you should always log-in to your money processing accounts from your Favorites folder. You MUST Type URL of the company very carefully for the first time. After that whenever you shall visit the site from your Favorites folder, you shall reach to the genuine site. If you are too green, it is very easy to add a site to your Favorites folder. Just follow these steps if you use Internet Explorer:
Click Favorites at top menu bar of your Internet Explorer. Click Add to Favorites from the drop-down menu.
A new window shall open.
Click New Folder and name that Accounts.
Select your Accounts folder and click O.K.
It is done!

Always Log Out after completing Your Operation:
Many people lose their money simply by not logging out from the secured sites specially at public terminals. There is nothing wrong if you develop habit to log-out every secured site even at your home P.C. You dont know when your children may mess with your accounts innocently.

Watch Out For Cookies:
Most of the money processing companies put their cookies at your computer when you visit them for the first time. Whenever you re-visit your account, you shall see your user id field already filled. Just enter your password and you shall have access to your account. However, no false website shall display your User Id upfront. But it doesnt mean that every secured site which does not show your id is false. You may have lost your cookies for one reason or the other. However, it is good to be watchful.

Always Opt for Email Notification for Each transaction:
When you create an account with any of the money processing companies, always set your preferences for email notification per each transaction. If somebody transfers money without your knowledge, you shall get an immediate email notification. You can contact the company admin and they may be helpful in some cases.

9. Always Use Complicated Passwords:
Sometimes hackers use codes to break into your secure accounts. It is much better to use complicated passwords which not only include digits but also a mix of capital and small letters.

Whatever measure you adopt, you cant guarantee that your secure accounts shall not be hacked. The best advice is to keep as little money as possible in your money processing accounts. If your accounts are hacked you shall lose very little.
10- Don’t Give Your Downloadable Return Page
I have seen some newbies providing their download page as their return page for the StormPay button to make the access INSTANT. It is dangerous because StormPay shows your return page in the source code of your web-page. There is particular part of a StormPay payment button at my website:

If your return URL is your download page for ‘INSTANT ACCESS” anyone can download your products without paying you a penny. Some people have reported such type of problem with the PayPal too but I don’t use their services so I can’t comment about them.

Consciousness On Internet Phishing Practices

Apr 12

adminPhishing Comments Off

In the same way that the Internet has totally revolutionalized the age of online transactions, the security breaches caused by phishing practices has become rampant as well, making most people rant for anti-phishing techniques and standards to put a halt to this criminal activity that is making the reliability of online transacting questionable. Phishing has caused a wider concern of building hesitations and apprehensions on trusting online transactions, especially the phishing techniques where bank or financial data is required to consummate various transactions. Phishing has become the main concern by consumer which becomes an issue on refraining from using their credit card information for such offers from sites that would usually assume identities of online organizations such as Paypal or AOL.

It is very important to educate people about these phishing activities. There are various phishing techniques which cover e-mails to online surfing by giving web addresses that are supposedly reliable, but sometimes invisible to the human eye. People are conned through phishing techniques by making them believe that they are dealing with authentic organizations, only to find out that it is the exact opposite. Financial losses and privacy invasion from secure email accounts are the most common forms of phishing conflicts, totally rendering most unaware online consumers helpless.

There have been numerous anti-phishing efforts to take heed of the growth of such unlawful practices. The anti-phishing efforts need to actually start with the consumers who are not able to immediately identify the phishing activities, something that practically any Internet professional can do. First is the email phishing practice. The best way to combat these phishing activities is to think rationally and this includes how a person can be considered for such activities when he or she has not really signed up for anything. Finally, there is also the legal ways of tracking down these phishing experts, the most common way of anti-phishing known to modern day consumers. The Anti-Phishing Act that was introduced in 2005, covering criminals who create fake web sites and spam emails in order to defraud consumers can expect to be fined up to $250,000 and receive a jail term of up to five years. This alone proves that such phishing acts will not be tolerated and deprive people of their security when transacting over the Internet.

The best way to help fight off phishing activities is to approach all activities on the Internet in a very conservative manner. There is no question that hesitations and apprehensions when it comes to disclosing pertinent information should always be thought of twice. Fraudulent acts for people who choose to forego the security of their personal information, especially in the aspect of financial retrospect will be put in danger, considering that people who want to gather up all the information they need through unlawful acts of phishing for expected fraudulent utilization. The cases for such phishing activities are sure to be alarming to date, considering that most people have chosen to go with the times and make full use of what technology has to offer. However, the proper dissertation from such innovative acts of modern day transactions should be done with caution. The conservative and holding back some hesitations will still be a good way to avoid these phishing acts, most of which have created havoc towards the lives of people today.

PC Threats Everyone Is At Risk

Apr 11

adminAdware, Anti Spam Solution, Anti Virus, Email Spam, Phishing, Spam, Spyware, Web Spam Comments Off

Every single computer on the internet is at risk from PC threats which include viruses, Trojans spyware, adware, key loggers, the list goes on. Most people genuinely try by buying an anti-virus program or an anti-spyware package which will help but there are still many other problems that need to be addressed.

More and more people are using PCs these days for internet banking, paying bills, online shopping, using programs to manage financial information, and much more. Its great to be able to do all these things without stepping out the door, but what people are actually doing is storing some of their most valuable information on PCs and if the proper precautions are not taken hackers can have a field day.

Hackers and virus writers are getting increasingly sophisticated every day. At the same time, people are storing more and more confidential information on their computers. A good hacker can enter an unguarded PC through your browser, download your, credit card numbers, social security numbers, your entire identity is there for them take and use at there discretion.

Most people realize that they should be taking some type of security measure, but they don’t know where to begin. Before you ever risk all the data on your computer again, you need to know exactly where to begin locking your PC down or you are taking some serous risks.

I have been working in the IT industry for many years now and it has been a scary experience to see how PC threats have evolved. People need to seek good advice and put a system in place to protect their computers and themselves against the many PC threats.

I recommend people to use the Windows update feature, a trusted anti-virus package, a trusted anti-spyware package, and make sure they are set to auto update. These three things will certainly help guard against many of the nasty PC threats but other precautions still need to be taken to insure your PC protection.

Spam! What’s the Real Problem

Apr 11

adminAdware, Anti Spam Solution, Anti Virus, Blog Spam, Email Spam, Miscellaneous Spam, Phishing, Referrer Spam, Spam, Spyware, Web Spam Spam Comments Off

Most people now know the official definition of spam- Unsolicited Commercial Email (UCE for short).

That definition does several things we should look at. It categorizes spam as commercial It limits it to email Calling anything unsolicited creates vagueness

Even though all the above things may be true, there are several more things about spam that seem far more annoying. First: Spam doesn’t have to be commercial to be a nuisance. Second: Unsolicited commercialism is so widespread that you can’t avoid it by just changing websites. Third: A lot of people give out their email address one day and don’t understand why they get email the next day from that website.

Also what if Bill Gates decided to give $10,000 to the next 20 people who opened an email from him. That would be unsolicited, but who would care. (what if your spam filter tossed it out).

On the other hand there are people who will claim to be giving away money when they only want your bank account #. Don’t give it to them.

Even if all the above were acceptable, what is it about spam that really, really gets your dander up? Isn’t it the untruth. Isn’t it the out and out deception involved? If all email were limited to truthful advertising and genuine value, wouldn’t that be the solution?

Think about it, only offers of genuine value and truthful claims come to your inbox. Then we’d all have to make choices that (whichever choice you made) moved us forward.

Of course, there are a few things we should do to protect ourselves from problems. don’t open unexpected attachments don’t sign up for every get rich quick scheme you see remember that many, many online entrepreneurs will take your money and run. MLM (Muti-Level Marketing) stands for Millions Lost to Management

There probably isn’t an absolute solution to spam. What is spam to one person is a god send to the next. Perhaps a national preference list would be better than a no-send list.

The one thing that will never change is human nature. If there is a real solution to spam it’s probably learning to deal with it defensively. It’s more than a little bit like driving a car. You can’t really control the other drivers you must do what you can and that means operating your vehicle (whether it be a car, website, or business) in a safe, responsible manner.