Another day, another Facebook attack

Posted by kent on November 3rd, 2009

Internet security company Symantec is warning Facebook users about a pair of malicious email attacks that claim to come from Facebook. Both use similar messages, informing users they need to change their passwords. Originally Symantec reported that the emails contained trojans that connect to a Russian botnet. Now it seems there's a phishing attack that's coming along with it. The email's call to action, an update link, hits a faux-Facebook site designed to steal your password. There's also a version of the attack gained at MySpace users.

Symantec reports that the emails are using the following subject lines:

Facebook account update
New login system
Facebook Update tool

As always, if you receive an email purporting to come from an online service that you use, it's best not to follow any links in the email. Always go directly to the site by entering the url in your browser. As Symantec points out, "users need to be extra careful of suspicious attachments, especially those including a “password reset” request because legitimate websites will not send an attachment for resetting a password."

Check out our Internet security software ratings and reviews to find out how to better protect yourself from online attacks.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook exposes personal information of up to 80 million members
• Type carefully when looking for a free credit report
• Facebook moves to protect users in partnership with 49 states
• Malicious hack impacts 2.2 million shortened URLs

Don't open that email from the FDIC…

Posted by Caitlin on October 28th, 2009

Because it isn't really from the FDIC. There has been a recent rash of phishing emails that appear to be sent by the FDIC. The emails say, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The emails also ask recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. This download is certainly not an FDIC document, and is most likely some form of malware. The emails also contain links to malicious websites.

If you recieve an email that appears to be from the FDIC and prompts you to visit a website or download a file, delete it. Do not click on any links within the email and do not download any attachments. The FDIC is working to uncover the details of this scam, but in the meantime, recipients are instructed to "consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft."

To protect yourself from this and other phishing scams, be cautious when downloading attachments or clicking on links in any unexpected email from an unknown source. These emails often appear to be from banks or other trusted institutions. You should also be sure to install Internet security software on your computer, and you may wish to consider investing in identity theft protection, since identity theft is often the ultimate goal of phishing scams.

• Identity Guard adds 30 day free trial and free ZoneAlarm software
• Data Breach Alert: HSBC loses hundreds of thousands of customer records
• How to recover from a lost or stolen iPhone
• Identity Theft Shield from Kroll and Pre-Paid Legal Review
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers

Internet security software and Windows 7

Posted by kent on October 22nd, 2009

Windows 7 launched today to generally positive reviews. As you decide whether or not to upgrade, you might be wondering about your favorite Internet security software. The 2010 versions are all made to work with Windows 7. We've added this info to the system requirements section at the bottom of each of the reviews.

We'll continue to add more as they become available to us for testing. The most recent Internet security product to get the 2010 update is CA.

• New Symantec discount coupon code for Norton Internet security
• Mozy and Carbonite receive high marks in security
• What is the most recommended software?
• Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook
• Vonage continues to innovate in 2008 with launch of MyVonage

AVG Internet Security: 27% off, or two years for the price of one?

Posted by kent on October 21st, 2009

AVG Internet Security has two competing discounts right now. They are mutually exclusive, so here's how they compare:

Offer #1: AVG is offering two years of Internet Security 9.0 for $54.99. This seems to be their standard offer, and it's the one reflected in our comparison chart. That's a cheap two-year plan, breaking down to $27.50 per year.

Offer #2: Until October 28th, you can get a single year of AVG Internet Security 9.0 for $39.99. It's a discount of 27%. Unfortunately there's no way to combine these two offers.

In our recent review of AVG Internet Security, we were impressed with the url blocker and the process viewer. To get the full scoop, and to see how it compares to other services, check out our Internet security software reviews and comparisons.

• New Symantec discount coupon code for Norton Internet security
• Mozy 10% discount promotion code for July 2008
• Why haven't you reviewed Skype?
• What is the most recommended software?
• Debunking the case against LifeLock

Twitter makes it easier to report spammers

Posted by Caitlin on October 19th, 2009

As Twitter grows in popularity, it suffers from a corresponding increase in spammers. These days, your newest follower is more likely to be a spambot than a real person. And as spammers become increasingly sophisticated, it gets harder to tell the difference. Even the savviest Internet users can have difficulty discerning, at a glance, whether a particular tweet comes from a friend recommending an interesting article, or a spammer luring you to click on a malicious link. Those shortened URLs certainly don't make it any easier.

Twitter is doing its best to stay on top of the issue. Most recently, they've added a tool to the Actions menu, which makes it as quick and easy as it possibly could be to flag a spam account. So next time a spambot follows you on Twitter, be sure to report it for spam instead of just blocking the account. The account will be blocked automatically in a single step, and you'll help weed out the spammers that clutter the website with sales pitches and sketchy links.

And if you're concerned about the spam in your email inbox, check out our Internet security software comparison chart, which includes a comparison of the spam and phishing protection offered by the top software providers.

• How to report a fake profile page on Facebook
• Make money as a NextAdvisor.com affiliate
• How do I cancel FreeCreditReport.com?
• Fake Facebook profile page victim awarded $43,000 in damages
• NextAdvisor.com credit report monitoring comparison featured in the Wall Street Journal Online

Second PayChoice breach in one month

Posted by Caitlin on October 19th, 2009

Earlier this month, PayChoice, a payroll processing firm, was breached by hackers. Last week, PayChoice was hacked yet again. The last hack was unusually complex, involving a data breach, phishing emails, malicious websites, and a Trojan horse. The latest attack hinged on a security vulnerability in PayChoice's online portal, OnlineEmployer.com. It appears as though hackers have exploited this vulnerability in order to steal customers' usernames and passwords. The stolen credentials were then used to add fictitious employees to customers' payrolls, in an attempt to have recurring payments made to fraudulent bank accounts.

PayChoice is a leader in the payroll services and software industry, with over 125,000 business customers. It shouldn't come as a surprise that hackers have targeted a company that facilitates so many financial transactions. But what is surprising is the hackers' persistance and creativity.

To defend yourself from cybercriminals, be sure to install Internet security software, and set it to update automatically. Since the end goal of the most nefarious attacks is usually the theft of personal information that can be used to open fraudulent accounts, you might also consider investing in identity theft protection, which is designed to prevent fraudulent accounts from being opened in your name.

• Data Breach Alert: 100 million possible victims in what may be the largest data breach ever
• Data Breach Alert: Eye center patients may see identity theft in their future
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers
• America's largest retail pharmacy to offer LifeLock's identity theft protection services
• LifeLock selected as exclusive id theft prevention service for a variety financial firms

Symantec gives students a break: 50% off Norton AntiVirus

Posted by kent on October 15th, 2009

Back when I was in school, I had Norton Antivirus installed on my laptop. It was pretty much the only choice. Now there are a dozen or so major Internet security solutions offering to protect you from online baddies. We may laugh a little at the idea of anti-virus software as a back-to-school necessity, but in truth students are at a particularly high risk for malware and spyware.

Norton is currently offering students 50% off of its basic Norton Antivirus 2010 with Antispyware, bringing the price down to $19.99. While it's not as comprehensive as the souped-up Norton Internet Security 2010 that we reviewed, it does contain powerful essentials to protect your computer from common threats. We really liked the AntiVirus component of Internet Security 2010, and would recommend it even at the full price. And for $19.99, it's a real bargain.

To get this special price, you must be a student in the United States with an email address that has a corresponding .edu suffix. And you must follow this link.

• New Symantec discount coupon code for Norton Internet security
• If I install Identity Guard, will it automatically uninstall Norton?
• Connecticut teens earn diplomas on the Internet
• Data Breach Alert: College students receive social security numbers of classmates over email
• Facebook poll shows college students don't know VoIP

Symantec on shortened URLs

Posted by kent on October 13th, 2009

Internet security experts Symantec have release a video showing how shortened URLs (such as those used on Twitter) can lead to malware. We've long talked about the danger posed by shortened URLs. Here's what it looks like:

Does this mean shortened URLs are off limits? The accompanying blog post points the way to two plugins, one for Firefox and one for Internet Explorer that will show you the actual destination of the URL. Still, that's no guarantee of the safety of the URL, but it's more information that will help you decide whether or not the link is worth following.

Symantec is the creator of Norton Internet Security, our favorite of the 2010 crop of security solutions. To read our review, and see how Norton stacks up against the competition, check out our comparisons and reviews.

• New Symantec discount coupon code for Norton Internet security
• Malicious hack impacts 2.2 million shortened URLs
• If I check my credit score does it affect my FICO?
• What is the most recommended software?
• What is my credit score?

FBI chief falls for phishing email

Posted by Caitlin on October 12th, 2009

Last week, FBI chief Robert Mueller spoke about the dangers of cybercrime, and admitted that he had once been fooled by a phishing email. At first, Mueller believed the email to be a "perfectly legitimate" message from his bank, requesting that he verify some personal information. He followed a link to a spoofed website, where he answered the first few questions before being prompted to enter his password. At that point, it occurred to Mueller that "this might not be such a good idea." He then changed all his passwords and described the incident as a "teachable moment" to his wife, who responded by declaring, "It is not my teachable moment. However, it is our money. No more Internet banking for you!"

If the chief of the FBI can be so easily fooled by a common phishing scam, it's probably a good idea for us all to have a few extra lines of defense when navigating the Internet. So install Internet security software and set it to update automatically. And consider investing in identity theft protection, in case you or someone else slips up and compromises your personal information.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Data Breach Alert: Harvard hack exposed more data than initially thought
• H&R Block offers tax refund loan to the military
• Identity Theft Restitution Act adds harsher federal penalties for identity thieves and hackers
• Your new Facebook friend just stole your identity

Phishers expose email account information

Posted by Caitlin on October 7th, 2009

A massive phishing scam resulted in the exposure of tens of thousands of email addresses and passwords. One list, containing 10,000 Hotmail, MSN, and Live.com addresses and passwords, was posted online at PasteBin, a website commonly used by developers to share code. A second list soon emerged, containing 20,000 email addresses and passwords from a number of different service providers, including Hotmail, Yahoo, AOL, Gmail, Comcast, and Earthlink. Google later discovered a third list, but has not disclosed the number of exposed accounts. Google has forced password resets on the affected Gmail accounts, and several other email providers have released statements encouraging users to be cautious when opening links and attachments from unknown sources, to regularly update their Internet security software, and to change their passwords often.

An analysis of the first list of 10,000 email addresses and passwords revealed that the most commonly used password was "123456," which was used 64 times. 42% of the passwords on the list consist entirely of lowercase letters, and 19% contained only numbers. The average password length was eight characters, and nearly 20% were only six characters long. Only 6% of the passwords used a combination of upper and lowercase letters and numbers.

Clearly, Internet users need to be more educated about phishing scams and secure passwords. A phishing scam involves an email may appear to be from a trusted institution, such as a bank or popular social networking site. The email prompts the recipient to follow a link to a fake version of a familiar website, where, if all goes to plan, the victim will be conned into revealing data such as bank account information or a username and password. Often, there are inconsistencies in the email or website that reveal the scam, but as phishing scams become increasingly sophisticated, it is more difficult to recognize the tricks. One way to avoid these scams is to pay close attention to the sender's email address and to the URL of the link. If even one character is off, it is likely that you are dealing with a phisher. It's safest to type the correct URL into your web browser's address bar yourself, or to use a link saved in your bookmarks menu, rather than clicking on a link in an email. In addition, you should be alert for any other inconsistencies.

Users should also recognize the importance of secure passwords. Your password should consist of both upper and lowercase letters as well as numbers, and it should not be a single word that can be found in a dictionary. You should change your passwords occasionally, and you should not reuse the same password for multiple websites. If a hacker obtains your Facebook password, which is the same as your email password, and your email account contains an email with banking information, you have made it quite easy for the hacker to steal your identity.

In addition to using common sense and creating secure passwords, you should be sure to install and update Internet security software and consider investing in identity theft protection, which helps prevent and detect the end result of the most nefarious Internet scams.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Malicious hack impacts 2.2 million shortened URLs
• How do I login to my Identity Guard account?
• How to recover from a lost or stolen iPhone
• 25 million identities left unprotected in the UK