Bots generate at least 10% of all online traffic, according to data released today by Solve Media, a company that provides security authentication solutions through CAPTCHA-based advertising technology. Solve Media indicates that they have seen a 400% increase in what they term ‘aberrant’ traffic across web-based services such as commenting, voting, registration, contact and commenting.

Death by CAPTCHA is a company that has figured out a way to bypass security CAPTCHAs by offering their technology to solve CAPTCHA phrases. While this may sound like celebratory news for those who are tired of face-palming every time they try to read the twisted words provided by websites looking to make things secure for their users, in reality, it is a gateway to spam.

It seems like every week brings news of a new hacking, which in turn means that usernames, email addresses, and passwords are constantly being posted online by hackers, and this inevitably leads to a simple question: when should you change your password? Or, to frame the question in a slightly different way, how often should you change your password? In general, you should change your password about as frequently as you can tolerate changing your password. As long as you can keep track of your various passwords, there isn’t any disadvantage associated with changing it (besides the fact that changing your password can be a bit of a pain). Now, however, there is at least one definite answer to the question posed above: you should change your password when ShouldIChangeMyPassword.com tells you to.

Google is hard at work on a lot of things, including one of the most important and difficult things of all: improving Internet security. Five years ago, Google introduced Safe Browsing, an effort designed to protect Internet users – people who browse with Chrome, Firefox, or Safari, as well as anyone who searches the Web with Google – from malware and phishing. Through this effort, Google detects, among other things, 9,500 malicious sites every day. Allow us to repeat that: Google detects 9,500 malicious sites every day.

A rash of fake Verizon Wireless account notifications hit the Internet this week, showing outrageous charges that are, supposely, hitting your bill. They have the subject line of either “Thank You for your Verizon Wireless Payment” or “Your Bill Is Now Available”. Of course, the links take you to all sorts of spam and scam sites, so don’t be taken in. Here are some examples of the fake notices, with links to places such as https://www.theinternetpatrol.com/brick-wall/, https://www.theinternetpatrol.com/brick-wall/ and http://www.mayphe.com.br/DyXEBK63/index.html.

“TWITTER: Someone has a crush on you!” the subject of the email says as it announces that someone has a Tweetcrush on you. “You have been sent a Twitter Crush,” it goes on to say. Bologna. It’s a phishing scam, pure and simple. But, it’s a pretty compelling one, given how ‘authentic’ the site, which is hosted at ktwitteri.com, looks, where they steal your Twitter username and password.

WARNING: The following article contains profanity. Using social engineering, this scam spam tries to trick you into thinking that someone is very upset with you for leaving a rude message on their wall, and demanding that you “Delete your comments from my wall.” Of course, the link to “their wall” is really a disguised link to a fake Facebook login page, designed to steal your Facebook password. That fake Facebook page is hosted at la-criniere-napierville.com/ACCEUIL-HOME/facebook.html

Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t – it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “digital-no-reply@amazon.com” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is https://www.theinternetpatrol.com/brick-wall/.

A new phishing scam going around sends you email claiming that you have deactivated your Facebook account. Don’t fall for it. The links in it don’t really go to Facebook at all, although they look as though they do. They actually go to https://www.theinternetpatrol.com/brick-wall/, https://www.theinternetpatrol.com/brick-wall/, and https://www.theinternetpatrol.com/brick-wall/.

The newest phishing scam is a fake order confirmation from Apple, exhorting you “To view the most up-to-date status and make changes to your Apple Online Store order, visit online your Order Status.” The “visit online your order status” link actually goes to https://www.theinternetpatrol.com/brick-wall/. And while it says that it’s from up-to-date @store.apple.com, it’s not really (our version came from dj @accountingsevices.co.nz)

Last week we told you both how to stop SMS spam, and how to report SMS spam. But now we want to talk about a particularly nasty form of SMS spam: smishing, which is the act of phishing by SMS for private information, often to be used for identity theft. These smishing attempts take the form of text messages which come to your phone saying things like “We’re confirming you’ve signed up for our dating service,” “Your account has been suspended,” or “(Random) bank is confirming your purchase.”

If you get an email supposedly from Facebook (top addresses have been change@facebook.com and support@facebook.com) , asking for a “Facebook Password Reset Confirmation”, don’t panic thinking that someone has reset your Facebook password (that’s exactly what the bad guys want you to do), and whatever you do don’t download or open the attachment that is in the email! The attachment, named either facebook_password_139.zip or facebook_password_239.zip, is actually a Windows malware file, facebook_password_139.exe or facebook_password_239.exe.

In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as “possibly compromised”, and proactively disabling the current password for the account, and sending a “Please change your twitter password” email, which asks you to “please create a new password by opening this link”. While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a “Please change your twitter password” email, what should you do? Read on.

Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. “Amazon.com – Your Cancellation (0046-68878-96071)” says the email’s subject (although the “order number” may change) – but of course the link to check “ORDER INFORMATION” really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to https://www.theinternetpatrol.com/brick-wall/, which redirects to https://web.archive.org/web/20211230152715/http://weightbreezy.com/, which is a Canadian pharmacy spam site.

A spate of fake “Amazon.com – Your Confirmation” emails is making the rounds – they are phishing emails, with the supposed ‘Amazon’ links actually being hidden links going to such interesting places as http://drevmash.alfaspace.net/admiral.html, https://www.theinternetpatrol.com/brick-wall/, and meeknew.com. The subject (which so far appears to use the same “confirmation” number for everyone), is “Amazon.com – Your Confirmation (0113-567494-3518071)” and supposedly comes from the email address order-update@amazon.com. In reality, they are coming from IP address 124.217.216.112, and the emails are sent from (almost certainly spoofed) email addresses such as claude.simpson@ameritrade.com and lwjtvbwrqksz@young-world.com.