|
|
|
What is Grayware? By definition, Grayware is a general term sometimes used to classify applications that behave in a manner that is annoying. These applications aren’t designed to be evil or harmful, just bothersome. According to Wikipedia, The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. I was reading an article about social media and there was a warning about social media applications (widgets, toolbars and other types of downloadable software) passing information about you and your habits to “data collectors”. This information if gleaned from social networks such as Facebook, UTube and other sites that are membership sites where you publish information in a profile can be used to steal your identity. Tracking user habits is one of the main reasons for Grayware, but it can also be used to capture specific information about the user, such things as name, address, age, sex, location and other interests. Categories of Grayware:
Adware – usually embedded in freeware applications – load popups and deliver advertisements
Dialers – generally used to make long distance calls or premium 900 numbers to create revenue for a thief
Gaming – provide jokes or nuisance games
Joke – change system settings such as changing the system cursor or background image
Peer-to-Peer – perform file exchanges (illegally swap music, movies or other files)
Spyware – designed to track and analyze users activity and send that information back to the originator’s web site
Key Logger – capture keystrokes made on a keyboard (user id and password information)
Hijackers – reroute URL or destination addresses to malicious web sites or server
Plugins – activity tracker and reporter
Network management – change tools network settings, disrupt network security, firewall settings
BHO – Browser helper object – not all BHOs are or do contain Grayware but are often installed as a part of a software application
Toolbar – can be used to monitor web habits and send information back to the developer or sponsoring company
Download – down loaders allow other software to be downloaded and installed without the user’s knowledge
I have promoted anti-spyware in the past and will recommend once again. There are two popular applications that are available for home and personal use; Ad Aware 2007 and Windows Defender.
Darrell Mishler
M & D Creative Concepts LLC
Web Design Services
M & D Online Shopping
|
|
|
 |
|
|
This is becoming more popular amoung scammers
Police warn of e-mail scams
By Bruce Mehew
Published on March 24, 2008 at 11:24AM
(SALINA) – Salina City Police are investigating violent e-mails. On Wednesday night at about 6:30, police received a report of a death threat via e-mail to a residence in Salina. According to a police report, the e-mail simply stated that whoever sent the e-mail had already been paid $50,000 to kill whoever had received the e-mail. It continued to explain that the sender had done an investigation and asked that he be contacted through return e-mail in an effort to make arrangements to be paid in order NOT to kill them. Police said the e-mail is a death threat but upon further investigation, discovered it was a fraud scheme from a foreign country, with the promise of sharing several million dollars in inheritance if you provide banking account numbers and other personal information. Citizens are reminded to constantly be aware of e-mail scams to defraud you out of money. To determine if an e-mail offer is legitimate or not, go to http://www.truthorfiction.com/.
|
|
|
|
|
|
From M&D Creative Concepts Security Communications
We received an email from a “scammer” the other day and I decided to pursue finding out if it was real or not. The scam email was supposedly sent from Hallmark, you know the greeting card company. What caught my attention first was the “Click on this link” to view your card. I looked at the email message and noticed that the email was cleverly crafted to have the look and feel of getting an actual notification from Hallmark. Alarms went off as I looked at the “click here” link.
The one thing I know from past Hallmark cards is that the return email address is always from the person that sent the card and not Hallmark – first clue – I have no idea who the sender is. Second clue – the way the link was created didn’t all the necessary combinations of letters and numbers that normally come with a Hallmark email.
After communicating my concerns with Hallmark their response is as follows:
“If you received a legitimate E-Card from Hallmark, the first line of the e-mail will tell you who has sent you the E-Card and the URL (Uniform Resource Locator) in the message of your e-card notification will begin with:
http://www.hallmark.com/ECardWeb/ECV.jsp?a+
That will be followed by characters that describe your individual E-Card.
If the clickable URL is an EXE file, then do not download it.”
The bottom line is; if you don’t know the sender and don’t recognize the format, delete the email. If you recognize the sender and still have concerns, contact sender and ask if they actually sent the email. Start with a new email message to that person.
|
|
|
|
|
|
For Immediate Release
April 3, 2008 Washington, D.C. —
According to the 2007 Internet Crime Report, the Internet Crime Complaint Center (IC3) received 206,884 complaints of crimes perpetrated over the Internet during 2007. Of the complaints received, more than 90,000 were referred to law enforcement around the nation, amounting to nearly $240 million in reported losses. This represents a $40 million increase in reported losses from complaints referred to law enforcement in 2006. All complaints received by IC3 are accessible to federal, state, and local law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts.
“The Internet presents a wealth of opportunity for would be criminals to prey on unsuspecting victims, and this report shows how extensive these types of crime have become,” said FBI Cyber Division Assistant Director James E. Finch. “What this report does not show is how often this type of activity goes unreported. Filing a complaint through IC3 is the best way to alert law enforcement authorities of Internet crime.” Although Internet auction fraud was the most widely reported complaint, others cited in the report include fraudulent activity such as non-delivery of purchases and credit/debit card fraud, and non-fraudulent activity such as computer intrusions, spam/unsolicited e-mail, and child pornography. In an effort to raise public awareness, the report also describes the characteristics of commonly reported scams such as those involving the purchase or sale of pets, check scams, e-mail spam, and online dating fraud.
IC3 is a joint operation between the Federal Bureau of Investigation and the National White Collar Crime Center to serve as a vehicle to receive cyber crime complaints from private citizens and industry, and to develop and refer complaints to law enforcement. The National White Collar Crime Center, a Bureau of Justice Assistance program, provides a nationwide support system for agencies involved in the prevention, investigation, and prosecution of economic and high-tech crimes, and supports and partners with other appropriate entities in addressing homeland security initiatives related to economic and high-tech crimes. More information about the National White Collar Crime Center is available at http://www.nw3c.org/.
The 2007 Internet Crime Complaint Report is available at www.ic3.gov/media/annualreports.aspx. To receive the latest information about the FBI, visit http://www.fbi.gov/ to sign up for e-mail alerts.
|
|
|
|
|
|
Get Rich Schemes and Fake Review Websites Some websites are themselves scams; claiming to offer you a good deal, a warning about scam business plans or reviews of other websites and get-rich schemes. The overwhelming majority of the time, they are shams, actually promoting their own (or others) prices or products, which are terrible and at worst, they're identity thieves! Some use that a variety of convoluted businesses to skirt the laws and regulations, as many, if not most Multi-Level Marketing companies do, some are blatant rip-offs.
What Defines a Get Rich Scheme or a Scam WebSite? We all intuitively know when we are being conned or scammed, but there are some clear warning signs to watch for, that we use to define scam websites:
Hyperbole - The first and most obvious clue to this type of scam is hype. If the website uses exaggerated claims and hype phrases like "earn passive residual income", "for only pennies a day", "now you can get slim in just minutes" or "Get rich now!", "Earn big bucks in minutes per day!" you can bet it is a scam. A simple rule of thumb is if you see multiple dollar signs like "$$$", you can be certain that a scam is at work!
Hidden charges - When they offer something for free, but you have to enter a credit card to pay for "shipping and handling", watch out! Once they have your credit card number, they can bill anything they want to it. Of course, you can dispute it, but they've prepared for that; the fine print usually says that you have also agreed to try their product or service, and if you don't follow their complicate return rules exactly, then you've bought it.. something you don't need, didn't want and doesn't work, often for hundreds of dollars.
No details - They won't give, up-front, you the slightest clue about HOW you'll make all this money in no time and for almost no effort. Guess what? You have to buy their magic book of their secrets or sign up to their program! Ooh!
Bait-and-Switch: If the website's advertising, or domain name are clearly different from the intent of the website once you get there, it's a scam.
Misdirection - if you type in a web address, but it redirects to a different web address, that is usually a sign of a scammer.
|
|
|
|
|
|
Phushing is defined as identity thieves people stealing other people's personal information to use for illegal purposes. ID thieves trick people into providing their SSN, account numbers, PIN numbers and other peronal information.
Watch out for “phishy” emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts. Don’t click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
Beware of “pharming.” In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
Never enter your personal information in a pop-up screen. Sometimes a phisher will direct you to a real company’s, organization’s, or agency’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure.
Only open email attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
Know that phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.
Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD 202-326-2502.
Report phishing, whether you’re a victim or not. Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.
|
|
|
|
|
|
