Twitter is trending with the promoted hashtag #AmexSync. Do you get annoyed with the “deals” that your Facebook friends “like” showing up in your newsfeed? Well prepare for it to get even worse on Twitter, as American Express and Twitter introduce Amex Sync, the service that connects your American Express credit card directly to your Twitter account. And rest assured, as Twitter has proven time and time again, your private information is secure behind their hack-proof system. (Not!)
If you, like many, have been using Amazon.com for some of your Christmas shopping, then your account may be vulnerable to a scam using your order number that is genius in its execution, and uncovers some of Amazon’s failings in inventory control. It all comes down to the individual order numbers assigned to your orders. Those order numbers are for sale, along with the corresponding email address (as in your email address), and scam artists are using that information to get duplicates of your orders sent to them.
Bots generate at least 10% of all online traffic, according to data released today by Solve Media, a company that provides security authentication solutions through CAPTCHA-based advertising technology. Solve Media indicates that they have seen a 400% increase in what they term ‘aberrant’ traffic across web-based services such as commenting, voting, registration, contact and commenting.
Death by CAPTCHA is a company that has figured out a way to bypass security CAPTCHAs by offering their technology to solve CAPTCHA phrases. While this may sound like celebratory news for those who are tired of face-palming every time they try to read the twisted words provided by websites looking to make things secure for their users, in reality, it is a gateway to spam.
It seems like every week brings news of a new hacking, which in turn means that usernames, email addresses, and passwords are constantly being posted online by hackers, and this inevitably leads to a simple question: when should you change your password? Or, to frame the question in a slightly different way, how often should you change your password? In general, you should change your password about as frequently as you can tolerate changing your password. As long as you can keep track of your various passwords, there isn’t any disadvantage associated with changing it (besides the fact that changing your password can be a bit of a pain). Now, however, there is at least one definite answer to the question posed above: you should change your password when ShouldIChangeMyPassword.com tells you to.
Google is hard at work on a lot of things, including one of the most important and difficult things of all: improving Internet security. Five years ago, Google introduced Safe Browsing, an effort designed to protect Internet users – people who browse with Chrome, Firefox, or Safari, as well as anyone who searches the Web with Google – from malware and phishing. Through this effort, Google detects, among other things, 9,500 malicious sites every day. Allow us to repeat that: Google detects 9,500 malicious sites every day.
A rash of fake Verizon Wireless account notifications hit the Internet this week, showing outrageous charges that are, supposely, hitting your bill. They have the subject line of either “Thank You for your Verizon Wireless Payment” or “Your Bill Is Now Available”. Of course, the links take you to all sorts of spam and scam sites, so don’t be taken in. Here are some examples of the fake notices, with links to places such as http://integrallisambiental.com.br/k5CGsJe6/index.html, http://pliki.unigroup.pl/MFQanBuj/index.html and http://www.mayphe.com.br/DyXEBK63/index.html.
“TWITTER: Someone has a crush on you!” the subject of the email says as it announces that someone has a Tweetcrush on you. “You have been sent a Twitter Crush,” it goes on to say. Bologna. It’s a phishing scam, pure and simple. But, it’s a pretty compelling one, given how ‘authentic’ the site, which is hosted at ktwitteri.com, looks, where they steal your Twitter username and password.
WARNING: The following article contains profanity. Using social engineering, this scam spam tries to trick you into thinking that someone is very upset with you for leaving a rude message on their wall, and demanding that you “Delete your comments from my wall.” Of course, the link to “their wall” is really a disguised link to a fake Facebook login page, designed to steal your Facebook password. That fake Facebook page is hosted at la-criniere-napierville.com/ACCEUIL-HOME/facebook.html
Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t – it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “firstname.lastname@example.org” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is http://booksalon.kr/index2.html).
A new phishing scam going around sends you email claiming that you have deactivated your Facebook account. Don’t fall for it. The links in it don’t really go to Facebook at all, although they look as though they do. They actually go to http://kilinclar.nl/discussions.html, http://madmu.50webs.com/subsequent.html, and http://alphabasicz.com.
The newest phishing scam is a fake order confirmation from Apple, exhorting you “To view the most up-to-date status and make changes to your Apple Online Store order, visit online your Order Status.” The “visit online your order status” link actually goes to http://www.parksidepta.com/ounces.html. And while it says that it’s from up-to-date @store.apple.com, it’s not really (our version came from dj @accountingsevices.co.nz)
Last week we told you both how to stop SMS spam, and how to report SMS spam. But now we want to talk about a particularly nasty form of SMS spam: smishing, which is the act of phishing by SMS for private information, often to be used for identity theft. These smishing attempts take the form of text messages which come to your phone saying things like “We’re confirming you’ve signed up for our dating service,” “Your account has been suspended,” or “(Random) bank is confirming your purchase.”
If you get an email supposedly from Facebook (top addresses have been email@example.com and firstname.lastname@example.org) , asking for a “Facebook Password Reset Confirmation”, don’t panic thinking that someone has reset your Facebook password (that’s exactly what the bad guys want you to do), and whatever you do don’t download or open the attachment that is in the email! The attachment, named either facebook_password_139.zip or facebook_password_239.zip, is actually a Windows malware file, facebook_password_139.exe or facebook_password_239.exe.
In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as “possibly compromised”, and proactively disabling the current password for the account, and sending a “Please change your twitter password” email, which asks you to “please create a new password by opening this link”. While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a “Please change your twitter password” email, what should you do? Read on.