Wednesday, November 18, 2009

Ecommerce Scams: Hundreds Of Well-Known Sites Scam Customers, Report Shows

Senator Rockefeller released the results of an investigative report into "Aggressive Sales Tactics on the Internet and Their Impact on American Consumers" in advance of a hearing on the subject by the US Senate Committee on Commerce, Science, and Transportation.

The research examines "controversial e-commerce business practices that have generated high volumes of consumer complaints" and focused on sales tactics that "charge millions of American consumers for services the consumers do not want and do not understand they have purchased," according to the Staff Report.

A controversial practice known as "post-transaction marketing" was at the center of the research into the e-commerce business practices.

TechCrunch offers context on how "post-transaction marketing" works:

Background: hundreds of well known ecommerce companies add post transaction marketing offers to consumers immediately after something is purchased on the site. Consumers are usually offered cash back if they just hit a confirmation button. But when they do, their credit card information is automatically passed through to a marketing company that signs them up for a credit card subscription to a package of useless services. The "rebate" is rarely paid.

Huffington Post

Tuesday, October 6, 2009

Hackers expose slew of Hotmail acount passwords

SAN FRANCISCO — Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.

Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant.

"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said in response to an AFP inquiry.

"We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."

Microsoft said it learned of the problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.

Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.

Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.

"This was not a breach of internal Microsoft data," the Redmond, Washington-based technology firm said.

"Phishing is an industry-wide problem ... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software."

Microsoft is also advising Hotmail users to change their account passwords every 90 days.


Sunday, October 4, 2009

Cybersecurity Starts at Home and in the Office

WASHINGTON — When swine flu broke out, the government revved up a massive information campaign centered on three words: Wash your hands. The Obama administration now wants to convey similarly clear and concise guidance about one of the biggest national security threats in your home and office — the computer.

Think before you click. Know who's on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet, said former national intelligence director Michael McConnell, "is the soft underbelly" of the U.S. today. Speaking at a new cybersecurity exhibit at the International Spy Museum in Washington, McConnell said the Internet has "introduced a level of vulnerability that is unprecedented."

The Pentagon's computer systems are probed 360 million times a day, and one prominent power company has acknowledged that its networks see up to 70,000 scans a day, according to cybersecurity expert James Lewis.

For the most part, those probes of government and critical infrastructure networks are benign. Many, said McConnell, are a nuisance and some are crimes. But the most dangerous are probes aimed at espionage or tampering with or destroying data.

The attackers could be terrorists aiming at the U.S. culture and economy, or nation-states looking to insert malicious computer code into the electrical grid that could be activated weeks or years from now.

"We are the fat kid in the race," said Lewis. "We are the biggest target, we have the most to steal, and everybody wants to get us."

And if, for example, the U.S. gets into a conflict with China over Taiwan, "expect the lights to go out," he said.

The exhibit at the Spy Museum — "Weapons of Mass Disruption" — tries to bring that threat to life.

A network of neon lights zigzags across the ceiling. Along the walls computer screens light up with harrowing headlines outlining the country's digital dependence. Drinking water, sewer systems, phone lines, banks, air traffic, government systems, all depend on the electric grid, and losing them for weeks would plunge the country into the 1800s.

Suddenly, the lights go out and the room is plunged into silent darkness.

Seconds later as the sound system crackles, a video ticks off a pretend crisis: no food, no water, system shutdown.

That faux threat has become a prime concern for the government, but fully protecting the grid and other critical computer systems are problems still waiting a solution.

Federal agencies, including the Pentagon and the Department of Homeland Security, are pouring more money into hiring computer experts and protecting their networks.

But there are persistent questions about how to ensure that Internet traffic is safe without violating personal privacy.

One answer, experts said last week, is to begin a broader public dialogue about cybersecurity, making people more aware of the risks and how individuals can do their part at home and at work.

Some will find it easier than others.

Much of the younger generation has grown up online and are more likely to know about secure passwords, antivirus software and dangerous spam e-mails that look to steal identities, bank accounts and government secrets.

Older people moved into the digital universe as it began to evolve and most have not grown up thinking about how to protect themselves online.

"Detection and prevention are fast, but crime is still faster," said Phil Reitinger, director of the National Cybersecurity Center. The key, he said, "is to make sure that we're all getting the word out about not only the seriousness of the threat, but the fairly simple steps that people can take to help secure their systems and their lives and families from the threats that are out there."

In the computer world, "wash your hands" is less about tossing your keyboard into the dishwasher — although some have tried — and more about exercising caution.

Those steps include:

  • using antivirus software, spam filters, parental controls and firewalls.
  • regularly backing up important files to external computer drives.
  • thinking twice before sending information over the Internet, particularly when using wireless or unsecured public networks.