Below is an extract from the scam site:

Breaking News: Google Now Hiring People To Work From Home

If you live in America and you have been wanting to work from home, you might be in luck. Google has now released a new "Work From Home Program" that will allow Americans to work for the titan from the comfort of their own homes.
To thousands of Americans this means that they will soon have a safe and bright future working for one of the fastest growing companies in the world.
…
What you need: A Computer, an Internet Connection and the desire to make a living working from home. No special skills are required other than knowing how to use a computer and navigate the internet.
…
Google will send out your checks weekly. Or you can start to have them wire directly into your checking account. (Your first checks will be about $750 to $1,500 a week. Then it goes up from there. Depends on how many links you posted online.)

Like most scams, you don’t need any experience, you can work from home, and you can make $1500 a week so easily. It’s all too good to be true!

The fake article is hosted on a site called ValuePromotions.

If someone were gullible enough to sign up they’ll be asked to pay US$2 to get started. But instead of paying $2 they’ll be charged US$80 a month directly from their bank account.

There are so many scams similar to this one. They all feature the same principle – a promise of free or easy money. Always do research on articles like this (use Google) and have a sceptic mind – if it’s too good to be true it’s probably a scam.

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,

The Facebook Team

If you see this email just delete it. Don’t click on the attached file.

Just say some malware gets installed on your computer. It wasn’t picked up by your antivirus program for whatever reason (maybe you don’t even have antivirus). It starts watching you type in your passwords and tries to send details to a criminal’s server. This actually happens every day to some people.

A personal firewall would detect that an unknown program is trying to send information to the internet and bring it to your attention. It blocks the program and asks you if you want to allow it to proceed.

It’s different to a normal firewall because it runs on your PC instead of on the network. And it doesn’t just keep people from hacking into your computer, it stops malware connecting out to the internet. So overall it’s a good thing to have, it’s just a bit more defence against online fraud.

Below are some new deals I’ve come across. I haven’t tried these programs and can’t comment on how well they work – I suggest you ask around.

ZoneAlarm Pro – this program has been around for many years. The Pro version, which usually costs USD39.95, will be free for today only (13th of October 2009). Go to their web site here.

Online Armor Premium – I haven’t heard of this product before but it’s legitimate. It usually costs $39.95 but it’s free to PayPal members, until the 19th of October 2009. Click here, then on the button to buy now, then proceed to pay with PayPal, it will be discounted to $0.

Windows also has a firewall built in but in my opinion it isn’t very good and it’s difficult to configure. And most antivirus packages, the kind that cost money, include a personal firewall.

1. You visit a web page that has been hacked. It’s an ordinary web page (such as a news site), nothing looks out of the ordinary.
2. A trojan is installed on your computer without your knowledge. It sits there on your PC waiting and watching.
3. You log onto your internet banking site. Everything still looks normal.
4. The trojan detects that you’ve logged into an internet banking site and it makes a transaction, transferring money from your account to the account of a money mule (more on this later).
5. When you look at your bank statement online, the trojan captures the network data and changes it to hide the transaction it made. The numbers it shows on the screen have been altered.

Step 5 is the sophisticated part of this attack. Normally you’d notice if money was transferred from your bank account without your approval, but the trojan hides this by showing you a fake statement on your screen. If you can’t see the money being taken from your account the criminals have more time to keep making withdrawals.

The amount of money it steals is different each time so that the bank’s anti-fraud detectors don’t see the pattern of theft.

More details here on this attack works.

So what’s a money mule?

Stealing money from people’s bank accounts is a big business. Criminals not only write sophisticated malware to carry out the transactions, they also recruit money mules to launder the money.

They place ads online offering jobs to desperate people. These jobs require no experience and you work from home (sound familiar?). People who sign up to these jobs receive money in their bank accounts, then they have to transfer it to someone else’s account. They do this willingly and are paid for it, but they usually don’t know that it’s part of a criminal organisation.

This is how the criminals receive their stolen money and cover their tracks. It’s a form of money laundering and is illegal. And to avoid a pattern detection they usually only use these money mules twice.

Here’s an example of a money mule job ad.

Lessons Learnt:

• Always use an antivirus program that not only scans your PC for malware, but also checks every web page you go to. Good antivirus programs cost money and it’s a good investment to protect your online security.
• Only use internet banking from a PC you trust.
• Always update your PC with the latest patches. For example, tomorrow there’ll be a large Windows update, you should install this as soon as possible (after you make a backup).
• Don’t trust job ads that promise the world for little to no effort.

Microsoft tries to release these updates on Tuesdays, tomorrow’s batch will be larger than usual. So as always, make a backup of your PC’s data today in case the patches cause any problems.

Free download of Microsoft Security Essentials: http://www.microsoft.com/Security_essentials/

Now I’ve always said that paid anti-virus programs are generally better. I still believe this because you get more security features such as web page scanning, a personal firewall and fraud detection. And with all the online fraud and scams that happen every day you need all the security you can get and that costs money.

But sometimes you really can’t justify paying for anti-virus, like a computer you’re only going to use for a month. So this fits in nicely. Also keep in mind that there are several other good free anti-virus programs out there.

I’d also like to point out that sometimes internet security companies can be biased. Take Symantec as an example. On the same day that Microsoft launches a free anti-virus program Symantec started a campaign telling people that free anti-virus programs are bad. I see it as a clearly biased argument to protect their business. Marketing is always biased, it’s always best to get an independent opinion (Fraudo is not sponsored by any companies, the ads on the right are dynamic and I don’t get to choose them).

• Their anti-virus programs blocks 1 billion malware a month. That’s 1,000,000,000 attempts to install viruses, trojans, password stealers, etc on to people’s PCs. A month. And that’s just by one small company.
• 1 in 15 people encounter a malware every day.
• They find about 3,000 new malware each day (that’s new and unique viruses, trojans, etc). They have 2.1 million in their database.

These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.

And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.

And Macs and Linux computers aren’t safe either.

It’s quite detailed and at 17 pages it won’t take too long to read – it’s not very technical.

Password stealing is when a program gets installed on your PC that catches every stroke of your keyboard and sends it back to a criminal. The idea is that it’ll record all your passwords as you type them, no matter how strong they are. It’s a sophisticated piece of technology and a very large problem worldwide. If you’re not constantly upgrading your anti-virus software, web browser and OS then you’re at high risk.

These passwords are then sold off and used to steal money from your bank account or to commit other crimes. Even if you don’t use online banking you still have something to lose – someone can apply for a credit card under your name and use it to make expensive purchases, then you’re left to deal with the credit card company and convince them it wasn’t you (this happens every day).

So click on this link and have a read of the report.

… Has Invited You To Play Monopoly

Monopoly Invite

Monopoly2009.com

If you see this email delete it, it’s a trick to get you to download malware. The website asks you to download a file called monopoly.exe – this is the malware, don’t download it.

• G Data
• Symantec
• Avast
• F-Secure
• BitDefender
• eScan
• ESET

Some people have been posting messages on Facebook saying:

to all those using FAN CHECK APPLICATION, please delete it & all its pictures, it contains a virus & takes 24-48 hours 2 infect everyone on your friends list please copy and paste 2 your status to let everyone know

Firstly, malicious Facebook apps do exist. The ones I know of are called Posts and Stream applications. They’re not viruses but they try to trick you into providing personal data (called phishing).

Secondly, Fan Check Virus doesn’t exist, but nevertheless there is a danger. What’s happening is that the virus writers have created web pages infected with real malware and fake antivirus programs.

So if you search for Fan Check Application on Google, you’re likely to end up on the infected web page looking for information, and that’s how your PC gets infected. Clever, right? So all the people writing about Fan Check haven’t done any research and are actually helping to spread the real malware.

There’s a video explaining more about it here.

And it seems this isn’t the first time this strategy was used. Another fake Facebook virus called Error Check System works in the same way, if you Google for information on it you’ll likely end up on a web site with a fake anti-virus product.

• Cookies are codes that web sites save to your computer
• They’re used to help web sites remember who you are. E.g. when you log onto eBay and come back the next day, it remembers who you are.
• Marketing companies use them to keep track of how many of their ads you saw and where you might have seen them

So they’re not really a bad thing but marketing companies use them to track things about you. Then there are programs that try to delete them off your PC. Usually these programs are branded with words like “anti-spyware”, this isn’t completely accurate but that’s where you’ll see them. This is all fine so far.

And you can always delete cookies yourself. In Internet Explorer there’s an option in the Tools menu. All other browsers have similar options, usually in a tools or settings menu.

But there’s another kind of cookie that often gets overlooked – they’re called Flash cookies.

Unlike regular cookies, Flash cookies are not stored in your web browser’s settings. Deleting all privacy data leaves Flash cookies alone. Even deleting all cookie files off your drive skips Flash cookies.

Flash has a feature that lets web sites store a bit of information on your computer, just like a regular “cookie”. By itself this is harmless, but some developers have taken advantage of its features and use them to track you just like regular cookies. This by itself could be seen as a minor annoyance, it’s not dangerous.

But it’s also possible for a web site to restore a cookie that you deleted. Now this is a misuse of privacy. You see, when you tell your computer to delete all privacy data, and it later reappears, things are happening against your will – this is morally bad. The way they do it is developers create some code that uses Flash to store a copy of a cookie and if the cookie is gone it rewrites it.

What can you do about it?

On Windows you can install “Better Privacy” or “Ccleaner”.

On Mac OS X you can install “Flush.app” or delete the Flash cookie files the hard way.

There’s also a great deal more information in this article.

It’s now up to Adobe (the company that makes Flash) and web browsers to treat this as a privacy bug and to improve their browsers.

Firstly they send out the email shown, it offers to list your business on a register. Their email mentions the word “free” several times and they never mention a price – but it’s misleading, they’re actually offering a paid service. It’s called deceptive marketing and it’s illegal in most countries.

Then if you sign up to list your business they send an invoice for approx €995 (quite a bit of money).

Now this is when the stress begins for most victims. If you ignore their invoice they start sending a stream of nasty letters threatening legal action. Based on what I’ve read in forums it seems that they’re empty threats (see for yourself here).

So please do a bit of research on any unsolicited marketing offers you might receive. Search on Google, even if you think it’s a free offer.

The email that they sent is:

Ladies and Gentlemen.

In order to have your company inserted in the registry of World Businesses for 2009/2010 edition, please print, complete and submit the enclosed
form (PDF file) to the following address:

WORLD BUSINESS GUIDE
P.O. Box 2021
3500 GA Utrecht
The Netherlands

email: register@wbgtoday.net
FAX: +31 20 524 8107

Updating is free of charge!

If you are not the intended recipient, please submit an email to
unsubscribe@wbgtoday.net
Your request shall be dealt with accordingly.

And the attachment that they sent looks like this:

If you see this email just delete it.

Further evidence of the need for antivirus software on Macs is given by Apple themselves. They’ve made their own antivirus software for the latest version of OS X (called Snow Leopard). This built-in antivirus software is very limited at the moment:

• It can only scan files downloaded from a small number of programs (so it doesn’t scan “everything”), and
• At the moment it can only detect 2 trojans

If you’re a Mac user you can read more here. My point is that you should do everything possible to protect your computer from malware, scams, etc. Assuming that your computer is somehow superior and invulnerable just doesn’t cut it.

PDF Reader 2009 – New Version for Windows and Mac
The latest PDF Reader: Open, Edit & Create PDF Files
http://www.adobe-pdf-update.info
Included in this package:
Open Office Suite – Get things done more quickly and improve your work efficiency.
-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.
http://www.adobe-pdf-update.info

Download the complete Office solution today and also receive free updates
and 24/7 customer support.
"Since the 90’s, PDF has become the standard file format for document exchange." – Adobe
http://www.adobe-pdf-update.info

Thank you for choosing us, the worldwide leader in PDF Reader Solutions.
Best Regards,
Mary Norman
PDF Reader 2009

Adv Media Ltd  | 890 Avenue| Sydney | 1002 | Australia

Click here :
http://www.listmanagerservices.com/unsubscribe.php?M=
to Unsubscribe out of mailling list.

It’s called PC Antispyware 2010, a name that sounds a bit serious (and misleading). The screen looks pretty fancy, maybe people trust things that look nice or shiny – don’t be fooled by it.

If you see the screen above then don’t click on the download link, don’t install it. You can see a larger screenshot by clicking here. Only use antivirus products from known and trusted vendors.

• 130 million is a large number. How many people like in your city? Or country? He operated in the USA, and I don’t have any stats on how many credit cards there are in USA but it’d be somewhere around half of all credit cards. The more you think about this the less secure you’ll feel about your own credit card number.
• All this data was sold to hackers in various cities countries (California, Illinois, Latvia, the Netherlands and Ukraine). So even though he was arrested the data’s been compromised already.
• There’s nothing you or I could have done to protect ourselves from people like this. He stole the numbers from businesses (such as restaurants) that store the numbers on their databases, not from people’s home computers.
• He wasn’t a sophisticated hacker, he just looked for businesses with wireless networks and weak security (read here on how to secure a wireless network the right way) and installed malware to do the work.

Businesses should be doing more to keep their data safe. A lot of the time they just don’t have the skills or budget to spend on network security (especially non-technology businesses such as restaurants). Yet there’s a moral obligation to do so. What can we do about that?

You should also be watching your own credit card accounts regularly.  Internet banking makes it easy to check your account details every couple of nights from home. By doing so you’ll notice compromised accounts early and can get the card cancelled. Just make sure your computer is safe when you log onto internet banking sites (read here and here for some good tips).

The full article on this incident is here. It’s a bit long but an interesting read.

The promise of money is enough for some people to get hooked into the scam, they believe all the stories and keep sending money to the scammer hoping to get their “reward”.

A woman in Oregon, USA, was scammed of US$400,000 over a 2 year period using this scam. If you have friends or family who aren’t aware of these scams, please let them know how it works. Show them this video and help raise their awareness. There are still many people in the world in a vulnerable position.

Watch the video below, or if it doesn’t load click here to access it.

• We are letting you try it for FREE, you just pay the shipping costs!
• FREE Download without limits!
• Get your Free Trial Now!
• Take FREE exotic vacations!
• Get Free trial bottle!

In similar news, Norton has published a list of what they consider the top 100 most dangerous web sites. I won’t copy & paste the names here because my site and newsletter will no doubt be blocked by filters everywhere. You can have a look here to get an idea of what they consider to be highly dangerous web sites.

Monday 17th August, 8:30pm, ABC1. And a repeat on Tuesday 18th August, 11:35pm, ABC1.

ABC will also provide this program online if you have a fast internet connection, on their iView application.

Update: Part of the episode featured federal police raiding a hacker group. The hacker group has attacked a federal police network in retaliation. Interesting.

Scammers have been knocking on people’s doors and claiming to be officials from the Australian Tax Office. They ask the resident to sign up to a program in return for reduced taxes. This is the bait part of the scam, offering you a way to pay less tax.

The scammers just need your credit card or bank details in return for their generous offer of reduced taxes. This is confidential information that you shouldn’t be giving out to strangers.

The Australian Tax Office has said that they’ll never initiate unsolicited house calls, if they do ever visit your home they’ll make an appointment first. And they will always show some ID on arrival. If this happens to you and you’re unsure what to do, the ATO’s phone number is 1300 686 636, they’ll be able to verify the situation.

This scam was also happening earlier this year using phone calls – the scammer calls random people and gives them the same story about reducing their tax and claiming to be from the Australian Tax Office.

If you have any comments on how this works in other countries please post below in the comments.

Apple has responded with a patch (called 3.0.1) that fixes the vulnerability. It can be downloaded and installed using iTunes.

Apple has more info here.

The criminals go to a retail shop dressed as electrical contractors and cut their phone lines. They then go into the shop as customers and buy products using a stolen credit card.

Because the phone lines have been cut the store’s staff can’t verify the card to process the transaction. So they either have to trust that the card is legitimate and process the order on paper, or turn away customers.

If you work for a retail store you should be aware of this fraud tactic. There may also be things you can do to protect access to your store’s phone lines, and it may be possible to organise credit card processing facilities that use a mobile network as a backup.

Phones can also be used to spy on you, as some people in United Arab Emirates discovered. In this case a network carrier (Etisalat) sent their customers an update that installs on their BlackBerry phones. They told their customers that the update was “required for service enhancements.”

What they didn’t tell their customers is that the update contains spyware made by a company called SS8 Networks. This spyware sent information to their company using the phone (which incidentally drained their batteries from uploading so much data).

It’s still unclear what this spyware actually does, or why it was installed on their customers’ phones. You can read more information on this incident here.

In theory phone spyware could activate the phone’s microphone and/or camera and send information to another site. Or it could intercept SMS’s and phone calls. And so many phones these days also GPS receivers in them so spyware could also theoretically keep track of your location. This is all scary stuff.

There isn’t much we can do about this threat at the moment, if your life or work involves privacy then consider using an old phone with limited features instead of today’s smartphones.

I am about to kill you. If you want to live, contact (hbko@pobox.sk) to get information on what you will have to do to live. If you ignore this message, you will die!

This particular SMS came from the number 856 207 580 237.

If you reply and contact the sender they ask you for money (up to $10,000). They use all the typical scam tactics like asking you to pay a legal fee and a processing fee.

Investigators have tracked the senders to Laos and Slovakia. Hopefully the senders are caught soon.

If you receive an SMS like the one above don’t reply to it. You can either delete it or report it to a local authority if you’re concerned (e.g. your local police). Remember that it’s just a scam.

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

My home video

If you click on the link it takes you to a video page and asks you to download a new codec. I’ve written about the dangers of installing  new codecs, read about it here.

So don’t click on these Twitter messages.

For more backup tips read here.

1. No wireless security
2. WEP
3. WPA
4. WPA2

No wireless security means just that, anyone can connect to it and use your internet. If you’re wondering why this is a problem have a quick read of this article.

WEP is a very old security system. It doesn’t work.

WPA and WPA2 are still good, as long as you use a long (20 character) password. Read here to learn more about WPA.

Below is a tutorial video that has step by step instructions on how to hack into a WEP protected network. The point is: it’s easy to hack into a wireless network protected with WEP. WEP doesn’t work.

In the past this history was private because it exists only on your PC. But recently it’s been proven that it’s possible for web sites to get a peek into your browser history. This could be a privacy concern for some people. Here’s how it works.

Some people have come up with some clever code they can place on their site. It basically asks your browser if you’ve visited a particular site before. For a demonstration click here and click on the Get Started link in the centre. Don’t worry, nothing bad will happen, it’s just a demonstration.

So how does this affect you?

You just need to be aware that privacy on the internet is fairly limited these days. If you have something to hide (for whatever reason) or you’d just like a bit more privacy, there are steps you can take to prevent this. It’s a bit technical for beginners but with a bit of effort it’s achievable.

• Some browsers now have a “privacy” mode. For example, Google Chrome calls it “incognito”. Privacy mode doesn’t keep track of which sites you’ve been to.
• You can use Firefox and install something called the “NoScript addon”. This will block the code I mentioned above.

But things turned ugly when the person on the phone asked for my account password, so that he could verify he’s talking to the right person. I refused.

I explained that I received an unsolicited call, I don’t know who I’m really speaking to, and that I’m not prepared to give a random stranger my account password.

He’s probably heard this several times so he said he understands, and I could give a few other personal details instead. I refused again. Confused, he put me onto his team leader, or at least someone claiming to be his team leader – I have no way of knowing who I’m speaking to. If I had been the one to initiate the call then I know I’m speaking to the right company. If I receive a call then I don’t know. There’s a fundamental difference here.

The team leader tried to explain they need to confirm who they’re speaking to. She claimed to understand my position, but wouldn’t change her argument. I continued refusing to give my password to a random stranger just so I can hear about new phones.

So we agreed to end the conversation. I wrote Vodafone a complaint using their website, explaining the situation. I’m not sure if the complaint went through because their web page took me to an answer’s and questions page after I’d typed everything out.

It’s not completely the cold-calling people’s fault, they’re doing what they’re paid to do. It’s Vodafone’s problem that they came up with this procedure. They’re giving their customers an expectation that it’s normal for strangers to call them and ask for their passwords.

And if you haven’t worked out the problem yet, look at it this way. I now know that Vodafone customers must be used to receiving unsolicited calls and giving out their passwords. So if I call 20 random people in Australia, chances are at least one will be a Vodafone customer. I just have to say I can offer them a new phone plan if they can give me their password. Then I can call up Vodafone, confirm my identity using that password, change my mailing address, and order a new phone and ask for it to be sent to my residence. I wouldn’t actually do it this way but you get the idea. It’s called identity theft.

I’ve written about the same problem before in 2007, it seems nothing’s changed in the past 2 years.

There are people out there who hack into people’s home PCs (the PCs of ordinary people like you and me). They usually write a virus to do this, or pay someone to write the virus. Then when they’ve hacked into a home PC, they add it to a list.

After a few days they can get about 500,000 home computers on their list (yes, they work very fast). So once the hacker has hundreds of thousands of computers on their list, he writes a program that can control them all at once.

Now keep in mind that most home users won’t know their PC has been hacked. Everything still looks normal.

The hacker then sells this list of PCs to a spammer. The technical word for this list of controlled PCs is called a botnet.

A spammer buys this list of hacked computers and the program that controls them all at once. He uses also buys an email list from someone else (a list with millions of people’s email addresses). He presses a button, and all of the home PCs he’s controlling start sending out spam.

Again, home users don’t know their PC is now being used to send out spam. They might notice their internet go a little slower but most people don’t have the technical skill to work out why. It just gets ignored.

The spammer then sits back, relaxes after doing his 5 minutes of work. If anyone gets caught for sending spam it’ll be the home user, not him. The home user is ignorant of what’s going on. The hacker made his money and will do it again. And the cycle repeats again after a few days.

So how much spam are we talking about?

The largest botnet in operation in June 2009 is sending 74 million spam emails a day, all of this from people’s home computers. That’s a lot of spam.

What can you do?

Don’t let your own computer become part of a botnet. Use a good antivirus product, scan for malware, and fix up any problems.

If you see this email, delete it, it’s just another lottery scam:

Subject: Microsoft Email Promo:Official Prize Notification
To:
Microsoft Email Promo:Official Prize Notification
The MICROSOFT EMAIL PROMO TEAM is glad to announce that
after a successful completion of the PROMO DRAWS held on the
28th June 2009,your e-mail address,attached to winning
numbers:(55) (73) (14)(41) (36) (29) won in the Tenth
lottery category.
You have therefore been approved to claim a total sum of
£150,000,00 GBP(One Hundred and Fifty Thousand Great British Pounds
Sterling) in cash credited to file REF NO:MSW-L/009-28793, BATCH
NO:2009MJL-05, this is from a total prize money of
£3,750,000 (Three Million,Seven hundred and Fifty Thousand
British Pounds Sterling),shared among the Twenty five (25)
international winners in this category.
All participants were selected through our Microsoft computer
ballot system drawn from 167,000 Names,as part of our
International  \"E-MAIL"\ Promotion Program for our prominent
MS-WORD users all over the world and for the continuous use
of the internet. You are advised to contact the claims
processor with the details below via his e-mail address :
NAME:  Michael E Ross
EMAIL: michaele.ross1@yahoo.com.hk
TEL:   +44 703 590 2789
PLEASE NOTE THAT YOU ARE TO SEND THE FOLLOWING INFORMATION TO
CLAIM YOUR WINNINGS:
1.Full Name………………………………
2.Address:………………………………
3.Phone:……………Fax:……………….
4.Country:………………………………
5.Sex/Gender……………………………..
In order to avoid unnecessary delay and complications,please
remember to quote your reference and winning ticket number in
all correspondence with your claims officer.Your secret pin
code is ML0757985.Be warned that cases of double claims and
unwarranted abuse of this program will be legally pursued.
YOURS FAITHFULLY,
JESSICA SCOTT.

The names are no doubt made up, they’re just trying to encourage you to provide your personal details.

It’s bad form, a new computer shouldn’t be popping up ads without your consent. Lenovo generally build good quality machines but this move is ethically wrong.

Click here to see a screenshot of the ad.

So can they spread malware such as viruses? Yes, they certainly can. On many Windows computers, when you plug in a USB drive it does a quick search and it can run programs installed on them. Microsoft calls this a feature.

But malware authors (bad hackers) know all about this and they write malware that runs as soon as the device is plugged into a computer. You won’t know it’s happened, malware can install itself quietly in the background without getting in the way of your work.

So what do you do about it?

• Be cautious about what you plug into your computer
• Have a good anti-virus package installed that can scan these devices for you
• You can disable a feature in Windows that automatically runs programs on these USB drives
• In an office environment a good system administrator can lock down this feature across the entire network

What else can plug into your USB port and carry malware?

• USB Flash drives (also called flash drives, pen drives, thumb drives or USB sticks)
• Digital cameras
• MP3 players (including iPods)
• Mobile phones (cell phones)

And if you’re thinking how can malware get onto a camera, I’ve seen it myself. A friend took their camera to the local shop to print some photos, then lent me the camera so I could help them with something, I detected a virus that installed itself on it from the shop.Yes, it really happens. Take care with USB devices.

Today Facebook have acknowledged the problem and fixed it.

This is a good reminder that when you publish information online, you lose some control over it. If something is so private that you can’t risk others seeing it then don’t publish it.

You can read more about the exploit here.

There are so many ways these days to do a backup. Some common methods are:

• Copy your important files to a flash drive. Flash drives are so cheap these days, they’re reliable and are large enough to hold your most important documents. Backing up is just a matter of dragging your files across using something like Windows Explorer (or the equivalent in your OS)
• Using a built-in backup program. I personally don’t like built-in backup programs, they’re often tricky to use and don’t offer enough features. But systems like Windows come with a built in backup program so you could begin by using it.
• 3rd party backup programs – this is where you get the most value. For a modest fee you can purchase a backup program that will get the job done how you want. I prefer Acronis TrueImage Home because:

• It backs up everything, a complete image of my PC. There won’t be anything left out, and if my hard drive dies I can restore the system exactly how it was
• It’s simple to use
• It has so many features that as my needs change it will be able to provide the backups I need
• It’s not very expensive

Having a good backup is extremely important. There are so many things that can go wrong with computers, from hard drive crashes, theft, to malware that takes your files hostage. Having a backup is common sense, it’s a cheap simple insurance against all the things that can go wrong.

You should also have more than one backup. Using external drives is a good option these days, they’re affordable, and you can keep one at a friend or relative’s house as added insurance.

How not to do backups:

• RAID (disk mirroring, or disk striping) is not a backup. It’s a form of data redundancy, there’s a fundamental difference.
• Overwriting backups – if you only have one backup and you overwrite it every time you do another backup, there’s a brief moment where you have no backups (during the backup itself). I’ve seen it before, the computer dies half way through a backup and you’re left without a working computer and with half a backup. This is no good.
• Relying on Windows System Restore is not good enough. There are still so many things that can go wrong and leave you without your previous files, photos, etc.

So how do you do backups? Post your comments below. We’re also running a poll on backups.

It’s not possible to know but it certainly raises awareness about how safe it is to tell strangers about your travel plans. And this doesn’t just apply to Twitter, but to any social site where you’re giving personal information to strangers.

Read the full article here.

I’ve written about how vulnerable wireless keyboards are. It used to take a lot of skill to hack into a wireless keyboard but now someone’s made it so much simpler. Here are instructions on how to build a wireless keyboard hacking device, complete with the software necessary. This model only works with 27MHz keyboards, which are the older and cheaper kind. It’s quite easy to build this device and to use it.

With a good enough aerial these type of hacks could be done from your neighbouring unit, house, office, or probably from a vehicle parked outside. You won’t know your wireless keyboard’s been hacked.

More modern and expensive keyboards can also be hacked, even those that have stickers on them saying how secure they are. But they take a bit more effort and skill.

I don’t believe in using wireless keyboards, they’re not secure. If you’re using one, it only costs $10 or so to upgrade to a wired one.

Scams are usually designed to excite or shock you, and to make something seem urgent. This has the unfortunate effect in most people of urging them to make rash decisions, to not think things through properly. For example, if you don’t live in Spain and haven’t been there, and haven’t purchased any kind of Spanish lottery ticket, then how could you have possibly won?

And even if you did, how do you suppose they got your email address? If you really did win, they’re most likely to send you a letter, again assuming you really  bought a ticket and registered your name and address.

So why is it that people fall for these scams?

Below is the email I received, it’s fake:

REF NO: HKD/7684/ES/97
BATCH:  YJM879/OLS/09

Winner in the 2nd category of our ONCE LOTERIA  free Net Lottery
Promotional award draws held in May, 2009. I am writing in respect to
your lotto winning prize of ONE MILLION, EUROS(1,000,000.00 Euros) which you won through the email ballot draws in the EUROMILLION Promotional Award in June, 2009 in the second Category prize winnings categories.

We wish to inform you that your total prize money of One Million
(1.000,000.00) Euro has remained unpaid by our treasury and credit office after the initial letter to your address for your payment was not successful.
You are hereby requested to contact your claims agent with your full names,telephone,batch and reference numbers respectively and immediately update your claims process for your payment.
Mr.ADRIANA WOOD,
FOREIGN TRANSFER MANAGER,
QUALITAS DE SEGUROS
MADRID SPAIN
Email:quainfo40@aim.com
TEL: 0034-615-730-594
Accept our felicitations!
Signed:Clara Casadoro
(Events,Draws and Promotion).

If you receive this email, or any similar lottery scam, please be cautious. It’s more likely to be a scam. And if possible try to discuss this with people who are new to the internet (such as the elderly), awareness is a great defence against scams.

If you receive any of the emails shown below, delete them:

Subject: Outlook Setup Notificataion

You have (1) message from Microsoft Outlook

Please re-configure your Microsoft Outlook again.

Download attached setup file and install.

Subject: TheBat Setup Notification

You have (98) message from Outlook Express.

Please re-configure your Outlook Express again.

Download attached setup file and install.

Not only does it install malware, it also asks you for your user ID and password.

Here are some tips to help you avoid this sort of scam:

• When you use any online banking service, look for the padlock icon in your browser. Then click on it, it needs to say your bank’s name, it’s full web address, and shouldn’t show any errors.
• If you receive an email from your bank, don’t click on any links. Instead, open a new web browser and type in your bank’s web address. This way you can’t be tricked into clicking the wrong link.
• Always be wary when you receive unsolicited emails. More often than not they’re scams.
• Use a good antivirus product

If you click, it runs a trojan on your computer that uses your Facebook account to send the same message to all your contacts.

The message has a few variations, such as the ones below:

Veryy veryy funnny videoo of you..;)

Donn’t cryy! Yoour mom wiill nnever see thhis moviee.HA-HA-HA!!

Check out my video: http…etc…

AA-ha-ha, i saw yourr a__ in the internnet! lol My a__ has not been on the internet. My hubby won a nipp

Yoou’ve bbeen fiilmed! Haven’’t you notiiced?Is this whatIra is talking about?

If you see these in Facebook don’t click on it. And tell the person who sent it that their PC might be infected with malware.

When Malware Doctor first starts up it pretends to scan your PC for viruses and other malware. Then it tells you it found a few things that shouldn’t be there.

It then says that you’re using an unregistered version of Malware Doctor and that you need to pay for the full version to remove the malware.

It’s a scam, if you see Malware Doctor on your PC you need to take action to clean your PC.

How does Malware Doctor appear on your PC?

There are viruses that spend their life downloading malware (viruses, trojans, etc) and installing them on your PC. So if you have Malware Doctor on your PC it means you have more malware that keeps installing it. A big problem.

How do you get rid of it?

There’s a procedure here. If this is too technical for you then you’ll need to get your PC serviced.

Always have a good anti-virus product on your PC that prevents all this malware from installing in the first place. It’s easier to prevent malware than it is to fix.

Whether you live in Australia or anywhere else in the world, changing your password is always a good idea. Below are some do’s and don’ts for passwords:

• Do use numbers in the password
• Do make it difficult to guess
• Do make up words, or misspell words
• Do make it at least 8 characters

• Don’t put a “1” at the end of the password, this is too common
• Don’t use a word that you could find in a dictionary
• Don’t use the same password on every site. Web sites you use every day (e.g. Facebook, email) should always have a unique password, they’re more at risk.

To help you work out if your password is good you could try using a password meter. Click here for more information.

And you can use a password safe to keep track of all your complicated passwords. Click here for more information on password safes.

What are your suggestions for choosing strong passwords? Add your comments below and I’ll put them all together in a new article dedicated to choosing good passwords.

Often these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.

It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:

• Who runs Badoo? Is it some guy sitting at home with no one to answer to?
• Do you trust the company (such as Badoo) and all of their employees?
• What is their privacy policy? Who are they accountable to if they breach their privacy policy?
• Do they store your MSN password? (You have no way of knowing this for sure)
• Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)

You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.

So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.

I’d like to thank our regular reader Nick for bringing this issue up.

St George is an Australian bank and this email’s designed to catch out their customers and to steal their online banking details.

Below is a copy of the email:

Restore your Internet Banking Access

As a result of too many incorrect attempts to access Internet Banking, your access to this service has been locked. We apologize for any inconvenience this may cause.

Please logon to your account and restore your access as soon as possible.

Internet Banking: Restore Access

Like all phishing attempts it’s designed to strike some fear and sense of urgency into account holders. Fear and urgency often cause people to make irrational decisions, and possibly to click on the link and quickly type in their banking details before realising they’re on a fake site.

Because this email’s been around for some time a lot of web browsers, email clients, and anti-virus products will block it. If it hasn’t been blocked on your system then you really need to upgrade your software.

Here’s the email:

For security reasons we have sent you this message as an attachment file. This measure has been adopted to prevent personal information theft and data loss. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. To receive email notifications in plain text instead of HTML,update your preferences. 

PayPal Email ID PP694

If you see this just delete it. Don’t open the attachment and certainly don’t type your PayPal login details onto the web page it sends you to.