| Recent
Articles |
Is
SMO SPAM?
I was recently reading a post on Marc
Pentermann's blog that suggests social media optimization is pretty much SPAM
for social media. I think the issue of SPAM and any kind of marketing will always
exist regardless of the medium. Email, web pages, blogs and social media are all
susceptible.
Ringtone
Spam In Google News
Jeremy Wagstaff found some really bad examples of spam in Google News. Apparently,
since Google hasn't figured out yet that indexing the message boards of Vibe Magazine
is an awful idea (and completely against the purpose of Google News), spammers
are hitting that board hard with "free ringtone" spam.
Perspectives
on Blog Spam
What do Nicholas Cage, David Carradine, Susan Hayward, Richard Burton and a whole
host of Hollywood stars past and present have in common? Their names have been
hijacked by blog spammers, according to Akismet
which stops spam appearing on my blog.
Blog
Spam at its Finest
Want to know how NOT to blog? Take a look at BuzzKutzz.com (no link for you) and
gasp at the long list of blogs they have listed in the right-hand menu. Then take
a look at each post, looks like they're mostly stealing other's content.
|
|
 |
| Top
Security Articles |
Zotob
Boys Get to Go Away for Awhile
Sophos reports that Farid Essebar and Achraf Bahloul, who took part in creating
the Zotob worm have been sentenced to jail...
Exploit
Prevention Labs Releases August...
Findings of the August 2006 Exploit Prevalence survey as reported by Exploit Prevention
Labs were announced today. The company has added "orphaned lure sites"
to the survey this month. These are described as "trusted web sites that
have been hacked and which contain IFRAME links...
IE
7 Team Details RSS Security Precautions
I remember hearing many of the plans that the IE 7 team was working on to make
sure customers remain safe. Sean Lyndersay of the IE team caught my eye with a
post about the
RSS security work in IE 7.
Microsoft
Attempts To Keep Vista Security Intact In EU
Another development has occurred in Microsoft's ongoing European legal battle.
Erich Andersen, Vice President and Associate General Counsel for Microsoft Europe,
Middle East and Africa, asked that the company be allowed to release Vista intact;
the European Commission may mandate the removal of some security features.
|
|
09.13.06
We
Have To Continue Exposing Phishing Attempts
 By
Samuel Stambler
A lot has been written about all known kinds of scams including "Phishing". But
criminals keep on throwing their nets and having quite a good take.
Therefore we have to continue exposing the phishing attempts. And since "it is
better to see once than hear 10 times" I want to share with you 2 emails that
I have recently received. These are really similar letters (in fact it is almost
the same one with tiny differences). The letter(s) are as follows:
Subjects:
1. We were unable to authorize charges to the Credit Card Number you provided.
2. Your Amazon Account will be Closed!
"Dear AOL Client, (Dear Client) As part of our security measures, we regularly
screen activity in our network.
We recently noticed the following issue on your account: A recent review of your
transaction history determined that we require an update of your account in order
to provide you with secure services.
We apologize for any inconvenience this may cause.
You must click the link below and fill in the form on the following page to complete
the verification process.
URL (that looks like a link to AOL or Amazon:
http://webmail.aol.com/mail/
http://www.amazon.com/gp/help/customer/display.html)
We thank you for your prompt attention to this matter. Please understand that
this is a security measure intended to help protect you and your account.
Sincerely,
AOL (Amazon) Billing Department"
As I was told, I clicked the link and saw a "secure" form asking for my name,
address, credit card details and so on. It is clear that filling out this form
would cause me a substantial financial loss. But how do I know that these letters
are phishing? Simple: I am not and have never been a client of AOL.
And how would l know if it weren't, say, a letter "from my bank"? In reality,
it is very difficult to reveal a scam without special knowledge. But a normal
person cannot be expected to know all the technical details. Besides, even a great
amount of knowledge doesn't always help to prevent deception. As in O'Henry's
story "The Gentle Grafter. Modern Rural Sports", a most technologically educated
person can be duped by cunning swindlers playing on the person's primary instincts
and emotions.
So I will not elaborate on the techie methods. I would only like to note that
the links in the letters are spoofed: in the letter, the "Amazon" link location
is in India!
What I recommend is to be armed with COMMON SENSE and follow a number of IRON
rules:
- Legitimate companies do not send impersonal letters (they know your name/ID,
while the phishers - do not);
- Legitimate companies do not ask for sensitive information via email;
- NEVER give your personal or financial information to an organization that you
don't know;
- NEVER give your sensitive information if you have not initiated the interaction
(since you cannot know who the correspondents really are);
- NEVER send via email your personal or financial information (it is not a secure
method);
- Regularly check your bank account and credit card statements; If you received
a phishing letter forward it to spam@uce.gov.
Be careful !
About the
Author:
Samuel Stambler is the owner of readerspot.com
and webmarketnotes.blogspot.com |
