Skip to Content

The dish on parenting ... check out the new ParentDish!
AOL Tech

Posts with tag phishing

PayPal Blocking Old, Insecure Browsers

by Tim Stevens, posted Apr 19th 2008 at 3:48PMBreaking News

PayPal Blocking Ancient BrowsersStill rolling online using Internet Explorer 3.0, released almost 12 years ago? If so, you're doing the digital equivalent of walking around with your fly down, and it's well and truly time to upgrade. Don't take our word for it; take PayPal's. The online banking and payment service site is going to actively start blocking older, insecure browsers, including the once mighty IE 4.0, released way back in 1997, but still disturbingly popular.

PayPal is a very popular target for phishers, who send phony e-mails directing users to phony PayPal-lookalike sites, stealing their login info and, later, stealing their money. Newer browsers are able to highlight the address bar at the top in green when visiting a legitimate site and highlight it in red when the destination is a bit more shady, giving users a visual clue that they're about to get ripped off.

Here's hoping this move is enough incentive to ditch those aging, archaic browsers and get with the times. Might we suggest Firefox, or a nice 2006 vintage IE7? [Source: BBC]

'Phishing' Becomes 'Whaling' As E-Mail Scams Go After Corporate Execs

by Tim Stevens, posted Apr 16th 2008 at 9:34AMBreaking News

Phishers Aim Bigger, Start Whaling

What do you call it when phishers, people who trick people with official looking e-mails, start aiming for bigger targets? Whaling, apparently, as that's the new term being applied to a particular breed of phisher that is going after corporate executives, adding a new angle to the traditional fake e-mail scam.

The new phishing e-mail appears to be from the United States District Court in San Diego. It indicates that if you click on a link, you'll get the full subpoena, but, of course, what you'll actually get is some malware, software that runs in the background capturing passwords and other information you'd rather were kept private.

So, regardless of your pay grade, make sure you watch what you click on when reading e-mails. Oh, and you might want to tell your secretary to do the same.

From the New York Times

PayPal to Customers - Don't Use Safari

by Terrence O'Brien, posted Mar 4th 2008 at 6:23PM

PayPal to Customers - Don't Use Safari
As more people switch to Mac and pick up iPhones, the Apple-built web browser Safari is becoming more and more popular. Though it still only makes up 4.5 percent of the web browser market, that is still a significant number of people who should take heed of PayPal's warning: Use another browser.

The online payment company is strongly suggesting that users visit the site with a different browser, be it IE7, IE8, Firefox, or Opera, since Safari (and its Firefox-based Mac cousin Camino) lack anti-phishing features. PayPal is a popular target for phishers who want to steal your login information, and then of course your money and possibly identity.

Modern versions of Internet Explorer, Firefox, and Opera all warn you when you visit a suspicious web site, and IE7 and 8 as well as the upcoming Firefox 3 all support Extended Validation for extra protection from fraudulent sites.

The best way to protect yourself from phishers is to pay attention to small details yourself. Double check that E-mail address. Does the URL look suspicious? are there any cosmetic differences between the page you meant to visit and the one you're on now? While only you can make sure you never fall victim to these scams, a little help can't hurt.

From Slashdot

Related links:

17-Year-Old Jailed for Stealing Virtual "Furniture"

by Tim Stevens, posted Nov 15th 2007 at 10:18AM

Habbo Hotel Room

http://images.habbohotel.com/habboweb/17/16/web-gallery/images/logos/habbo_logo_nourl.gifIf you've never heard of Habbo Hotel, consider yourself non-European. 'Habbo' is a simplistic, 2-D Second Life that is incredibly popular over across the pond. The teen-focused social-networking site has about 7.5 million unique visitors worldwide, but hasn't quite caught on in the Americas to the same extent.

In 'Habbo,' users create their own customized Habbo avatars that wander around a cartoonish virtual world. Members can buy virtual items and use them to decorate and personalize their Habbo pads and Habbo personas. Some users, though, have turned to stealing, such as the 17-year-old Dutch Habbo user who was recently arrested for the theft of $5,800 worth of furniture and other miscellany.

The teen didn't digitally sneak into other users' pads dressed in black pixels and walk off with their stuff. Instead, he stole usernames and passwords, logged into accounts, then moved the furniture to his real account. Those passwords were often stolen through phishing and imposter Web sites, which were used to trick those unsuspecting Habboites into logging in.

As virtual communities such as Habbo become more popular, and thus more valuable, the virtual property created and bought on these commmunities also becomes more valuable -- and more frequently stolen. In August, for example, we wrote about a lawsuit against people accused of duplicating copyrighted genitalia in Second Life. This case, though, is just another reminder to watch where you enter your password, and, of course, to make sure that password is secure in the first place.

If you're confused by what we mean when we say "virtual furniture," check out the gallery to see the cool digs you can pick up in Habbo Hotel.

Gallery: Habbo Hotel Furniture



From Read/WriteWeb

Related Links:

MySpace Scam Offers Free Macy's Gift Card

by Terrence O'Brien, posted Nov 12th 2007 at 4:16PM

MySpace Scam Offers Free Macy's Gift Card
If you spend any time on the social-networking-site-cum-Internet portal MySpace, then you've definitely seen the scam. It's an offer for a $500 gift card to Macy's. Sometimes it takes the form of a private message, and other times it's a comment on your page. The link can be text or an image, often a picture of a half-naked woman.

Clicking on the link takes the user to a phony MySpace page, where he or she is asked to enter personal information to claim the gift. The information is forwarded to a fraudster, who uses it in credit card fraud and identity theft schemes.

In addition to destroying a person's credit, the scam also grants access to the victim's MySpace account. From here the cycle continues as a new pool of friends is available to send the misleading message to.

It's a classic 'phishing' scam and many MySpace members have already been victims, according the the Daily Mail.

Macy's and news outlets are just now taking note of the scam, despite it having circulated for almost a year. Macy's has posted a message on its Web site warning users to be wary of offers for free gift cards, and that it would never ask for personal information.

From Daily Mail

Related Links:

Fake FTC E-Mail Contains Computer Virus

by Tim Stevens, posted Oct 30th 2007 at 10:07AM



We've said it before and we'll say it again: Never trust an e-mail, especially one carrying attachments, regardless of where it says it comes from. Still don't believe us? Check out this latest example, an e-mail purporting to be from the Federal Trade Commission (FTC) that supposedly is notice of a complaint posted against you, the recipient. The attached complaint is, of course, not really a complaint, but rather a virus that is, ironically, resulting in thousands of complaints made being to the FTC.

Early reports suggest that the virus doesn't delete or corrupt your files, but instead runs itself in the background on your computer and logs your keystrokes. This type of virus is called a keylogger, and can be harmful because it can record and save private information like passwords and bank account numbers. This confidential information is often used by cyber-criminals to clear out your bank accounts or steal your identity.

If you should receive such an e-mail -- it'll be from the 'frauddep@ftc.gov' e-mail address and will be full of spelling and grammatical errors and typos -- don't open it. Instead, just forward it on to the FTC's spam database address, spam@uce.gov, and then delete the thing. Whatever you do, do not open the file attachment, as that most likely contains the virus. That said, sometimes even opening the e-mail may be enough to infect your machine depending on your settings, so you'd better run a virus scan just to be safe.

You do have a virus scanner ... right?

From Government Technology and InformationWeek


Related Links:

eBay Accounts Hijacked and Used to Scam Buyers

by Tim Stevens, posted Oct 22nd 2007 at 10:32AM

Large-Scale eBay Fraud in BritainThe 'Times Online' is reporting on what seems to be a rash of eBay-account hijackings with a boatload of fraud to match. There are apparently 20 million British eBay registrants, roughly a third of the population, and crooks are taking advantage of many of them by stealing their accounts and posting bogus items for sale. Once a sale is complete, the crooks take off with the proceeds.

By stealing another user's account, a fraudster can get around the ratings system that many eBayers use to determine whether a given auction is real or a fake. Auctions may appear to be hosted by a user who has completed many successful transactions, while in reality that user has probably been locked out of their account and has no idea about the auction. The article mentions one account stealer who had snagged over 30 accounts from others and was using them to sell cars, typically the most expensive items brokered on eBay.

The article isn't too specific on how exactly these eBay users' accounts are stolen, but presumably it's accomplished by password-snagging e-mail scams, also known as "phishing." Or if people use really obvious passwords (that include their name, for example, or, the word password), then it's easy for scammers to just guess their way into people's accounts.

Since eBay itself doesn't offer much in the way of protection for buyers or sellers, the "winners" of the auctions may actually find themselves financially duped even worse than the supposed sellers, who only have to get their accounts back and clear their names.

So far, the problem seems to be a bigger deal in the U.K., but there is no reason this same scam can't make its way Stateside, so what can you do? Well, as a seller, you can choose a strong password to keep others from just being able to easily turn your account on you. And, as always, watch out for phishing scams, where official looking e-mails trick you into typing in your username and password on an unauthorized site. If everyone followed these simple guidelines, eBay and other account infiltration scams would be minimized. .

If you're buying anything expensive on eBay, make sure to get in touch with the seller, and, if anything smells shady -- like, they don't really know all that much about the 18-century armoire you're about to buy -- then don't click that "Bid Now!" button.


From Times Online

Related Links:

Online Scam Targets Xbox Users

by Tim Stevens, posted Sep 13th 2007 at 9:21AM

Online Scam Targets Xbox Users

Is there no place safe from hackers? According to Microsoft, scammers have taken their game to the Xbox Live online service. Users on Xbox forums have reported receiving questionable e-mails that were made to look as if they were sent from Microsoft Support. The e-mails attempt to trick people into updating their Xbox Live subscriptions with a credit card through a fake site that's an exact copy of Microsoft's Passport secure login page. This practice of tricking people into providing sensitive personal info is known as phishing, and is becoming increasingly common on the Internet -- though this is the first case we've seen of an online gaming service being used as the trap.

Here's an example of one of the fake e-mails:

Subject: Changes To Your Xbox Live Account

From: Xbox Support [support@passport.xbox.com]

Email body:

Dear Xbox Live User,

We have made many changes to everyone's Xbox Live account, and we would like you to check out the new features! You can check out the new features by click on the link below to login and check them out!

Please check out your new features to your Xbox Live account!

https://www.xbox.com/signin/

However, clicking on that link actually took you to a cloned site not run by Microsoft. Users were directed to enter in their Live usernames, passwords, and and also their credit card info. Once they clicked submit the info was in the hands of the phishers and who knows what they may be doing with it. Whatever it is, it won't be good.

So, add another entry to our list of top 5 e-mail scams, another example that you need to be careful of what you click on.

From Next-Generation

Related Links:

Monster.com Hacked, User Info Compromised

by Terrence O'Brien, posted Aug 23rd 2007 at 12:29PM

Monster.com A Smorgasbord for Hackers and Phishers
Monster.com has recently come under attack from hackers, spammers and phishers (people who send phony e-mails to lure users into providing login info to banking and other personal accounts). The casualties of war: your personal information. After stealing the usernames and passwords of legitimate recruiters on Monster, the hackers were able to craft personalized phishing e-mails to job seekers based upon information gleaned from their resumes. The more specific and believable the e-mails are, the more likely they are to succeed. Success in this case is either getting the target to open an e-mail loaded with spyware or a virus, or better yet, hand over personal information like credit card details.

A server in the Ukraine used by the scammers was discovered to contain the personal details of 1.6 million people. Because of duplicate entries, security firms believe the server may actually only hold the personal information of "several hundred thousand" to 1.2 million people, as if that's any more comforting.

Symantec, makers of Norton AntiVirus, alerted Monster.com to the vulnerabilities, but also warned users to be careful of what they post online. A quick look around a social networking site like Facebook reveals plenty of people willing to post their full names, e-mail addresses, AIM screen names, birthdays, and in some particularly careless cases, home mailing addresses. Security experts suggest that personal information hosted on sites like Monster and Facebook be kept to a minimum, only revealing more after a contact proves legitimate.

From AOL News

Related Links:

Majority of Americans Can't Spot an E-Mail Scam

by Terrence O'Brien, posted Aug 15th 2007 at 2:33PM

Majority of Americans Unaware of Online Threats

If you received an e-mail today from a deposed Nigerian prince offering you millions of dollars in exchange for just a few thousand up front, would you immediately recognize this as one of the oldest e-mail scams in the book? (So old, in fact, that it led 'Dateline' and Chris Hanson to franchise 'To Catch a Predator' into 'To Catch a Con Man.')

If you didn't catch the scam, you're not alone. A recent study of 2,482 American adults found that 58 percent of us are totally unaware of scams such as this one. What's more, a surprising 17 percent of adults admitted to falling victim to an online scam in the last year. Of those victims, 81 percent admitted it was their own fault by opening unsolicited e-mail or sending personal information to companies that they believed were legitimate.

Microsoft seems to think that the lack of actual physical visibility is part of what makes us so susceptible to online threats. A man with a gun is visible, while a guy trying to steal your credit card info via a fake e-mail from eBay is not. Microsoft does offer some good tips for slightly safer computing, like keeping your anti-virus software and firewall up to date.

Fortunately for you, Switched.com has put together this list of the top five e-mail scams to help you flag a scheme as junk mail before you and your bank account fall victim to it.

From Ars Technica

Related Links:

A Simple Solution to Phishing?

by Tim Stevens, posted May 8th 2007 at 9:31AM



Phishing -- the practice of sending phony e-mails that lure users into providing their login info for their personal banking accounts -- is a huge problem. American computer users are swindled out of approximately $1 billion a year from phishing, while businesses lose twice that.

Mikko Hypponen, executive offier for F-Secure, has come up with with a pretty elegant solution. He suggests that a new Internet domain (like .com or .org) be created specifically for banks. The new domain, .bank, would be used exclusively for companies that offer financial services. In practice, if you received an message asking to log into your account and the link ended in anything other a .bank, you would know the e-mail is fake (and should be deleted). It's a simple solution and could be effective -- assuming users actually look at the link.

From Slashdot

Related Links:


    AOL Tech Network



    Latest Reviews from CNET.com

    CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

    Top Product Reviews

    Weblogs, Inc. Network

    AOL News

    Other Weblogs Inc. Network blogs you might be interested in:

    Joystiq
    Download Squad
    The Unofficial Apple Weblog (TUAW)
    BloggingStocks
    Xbox 360 Fanboy
    Autoblog