It didn’t take long for cyber criminals to engineer their relief scams to steal money from people who think they’re donating money for the relief efforts from the devastating earthquake and tsunami that hit Japan.

These cyber criminals will send email spam to millions of recipients in hopes that people will click on links to newly launched web sites that provide assistance in collecting money for the people of Japan. If you receive any email about donations or relief efforts, you should delete these emails immediately.

If you want to help by donating money, here’s a list of legitimate agency that are assisting in the relief effort.

• American Red Cross: Donations to the American Red Cross can be allocated for the International Disaster Relief Fund.

• Global Giving Foundation: Global Giving’s mission is to build an efficient, open, thriving marketplace that connects people who have community and world-changing ideas with people who can support them.

• International Medical Corps: Putting together relief teams, as well as supplies, and is in contact with partners in Japan and other affected countries to assess needs and coordinate our activities.

• AmeriCares: AmeriCares is able to maximize the impact of your donation thanks to the in-kind contributions they receive from pharmaceutical and medical supply manufacturers and their partnerships with local health care providers around the world.

• Convoy of Hope: Convoy of Hope feeds millions of people in need in the United States and around the world through children’s nutrition initiatives, citywide outreaches and disaster response.

To see a full list of legitimate agency supporting the efforts in Japan, please visit “Help Survivors of Japan Quake & Tsunami” at http://www1.networkforgood.org/help-survivors-pacific-quake-tsunami.

God bless!

The email comes in the form as a “new message” from PayPal and claims that an error has been detected in the recipient’s PayPal account and he or she must submit an attached form verifying his or her details or risk having the account suspended.

The email is not from PayPal. The claim that there is a problem with the recipient’s account is nothing but a scam to try and fool a person into submitting PayPal account details to Internet criminals. Any information entered on the bogus form can be collected by criminals and used to hijack the user’s PayPal and credit card accounts.

Example Email

Subject: You have a new message from PayPal !

Dear PayPal Customer,

During our regularly scheduled account maintenance and verification procedure we have detected a slight error in your PayPal online account.

This might be due to the following reasons:

1. A recent change in your personal information (ie. change of address, email address)

2. An inability to accurately verify your selected option of payment due to an internal error within our systems.

Please fill in all the details that are required to complete this verification process.

To do this we have attached a form to this email. Please download the form and follow the instructions on your screen. NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the “Help” link in the footer of any page.

The message is a Phishing scam and certainly is not from PayPal.

These scammers are getting smarter by re-engineering tactics that were previously used in other scams. The most popular trick is address spoofing and masked links to make email messages to look more legitimate. They will use PayPal logos and other graphics stolen from the genuine PayPal website to make the email look like genuine.

PayPal will never send you an unsolicited email asking you to submit account log in details, bank or credit card details or other personal information such as your full name and driver’s license numbers.

Criminals commonly target popular websites and especially those who provide business transactional services such as PayPal. If you come across such an email, delete it.

McAfee H*Commerce is a new series airing on WNBC and other networks. The purpose of H*Commerce is to get you involved in the fight to stop it, and to provide solutions on how to protect yourself, your family and business from this ongoing cyber-crime and scam epidemic. You may think this will never happen to you, but think again. It can happen to anyone at anytime. You will be shocked after watching the First Episode below.

Check for upcoming show times or visit the McAfee H*Commerce page to watch all 6 episodes.

http://www.stophcommerce.com/

The internet, e-mail and text messaging are now part of everyday life for most teenagers. They are great ways to find out information and contact your friends and family, but you should make sure that you use it safely.

Social networking sites like Bebo, Facebook and My Space are very popular, but you have to be careful about what information you put onto your profile.

Most networking sites allow you to change the security settings on your profile, so make sure that you only allow your friends to see it. Its best not to upload any pictures or videos that you wouldn’t want your parents or teachers to see. Not all adults can be trusted some can be dangerous and use these sites to target young people.

Cyber bullying is when somebody is nasty or threatening to somebody else by using e-mail, text and picture messaging or other digital technologies. Cyber bullying can’t hurt you physically, but it can have a negative effect on your emotions.

What are the dangers?

Making a fool of yourself.
If people put up pictures of themselves, or write personal diaries then they need to remember that, apart from their friends, there are other people who may use this information in a nasty way.

Child abusers making friends with kids.
If youngsters put a lot of information about themselves on the Internet, this gives “groomers” lots of ways of making friends with them (pretending to be kids themselves) and contacting them. If they put their school name and where they hang out, then it’s easier to do this.

Bullying.
If a bully gets hold of a kid’s private pictures or diary, then they can use this to be cruel and send it around to others with unpleasant messages and so on.

What counts as Personal Stuff?
Personal stuff includes your real name, messenger id, e-mail address, home address, mobile number and any pictures of you, your family or friends.

Top tips for kids

1. Tell your parents what you are doing. If they understand it, they’ll be happier with you using the internet. Don’t give anyone your password, except maybe your parents.
2. Be careful with your mobile. Don’t send pictures that might embarrass you, even to your best friend. Someone can get hold of your pictures and be nasty to you.
3. Don’t give anyone your school name. Don’t give your school name, address or phone number to people you communicate with on the internet.
4. Don’t meet up with internet friends. If you must, then take an adult with you. People are not always who they pretend to be.
5. Tell someone. Tell someone if people are saying things you don’t like or bullying you. If you don’t get help, ask advice from another adult.
6. Report it. Report bad behavior to the website you are using.
7. Don’t let bullies win. Print out and save any messages and show someone like a parent or teacher and ask them to help. If the first person doesn’t help, then ask someone else.
8. Don’t respond to nasty emails. Don’t respond to nasty emails or messages. Block or ignore the sender.
9. Could it embarrass you? Don’t put photos or things that might embarrass you on the internet.
10. Be nice even if they’re angry. Be as nice online as you are offline. If someone makes you angry don’t be angry back. Tell someone else or report it, but don’t get into a fight online.

Top Tips For Parents:

1. Get involved. Open the lines of communication between you and your kids about what they are doing.
2. Don’t go overboard. Know the risks but don’t ban the internet outright, it’s a great tool. If you are over-anxious your kids won’t tell you what they are doing.
3. Agree on the ground rules. These will depend on the age of your children and the type of websites you are happy for them to view.
4. Put the computer in a main room. With your PC in a main room such as the living room, you will be able to keep an eye on what’s going on.
5. The internet is part of school. Schoolwork these days often includes internet research and used safely the web represents an important learning resource.
6. Parental control software. Install software which is designed to block websites that are not suitable for kids.
7. Chat and instant messaging. If you are in the dark as to what these things are, then ask your kids to teach you.
8. Be careful about plagiarism and homework. The internet makes it very easy for kids to search the net and copy other people’s work. They need educating about the difference between research and plain copying.
9. Bullying on the internet. Be aware that this is a growing problem for kids particularly when using email, chat rooms or message boards. Make sure you are there to listen if they need to talk.
10. Report abuse when you see it. Forums aimed at children are generally well-moderated and should respond to complaints.

Things to remember:

• Don’t give out any personal information to ‘online friends’.
• If you upload a picture or video online, anyone can change it or share it.
• Do NOT open files or emails from people that you don’t know.
• Some people lie online in chat rooms and through instant messengers.
• Keep ‘online’ friends online, do not give them too much personal information.
• If something is making you feel uncomfortable, tell someone.

The Child Safety and Online Protection Centre handle all child related reports. If you are in the UK then this is the best place to make reports. If it’s international (for example on a US website) then you should go to the Virtual Global Taskforce (VGT). The Virtual Global Taskforce is a partnership of international law enforcement agencies, working together to make the Internet a safer place.

The Internet Watch Foundation (IWF) works with Internet Service Providers, Police and Government to try to reduce the availability of illegal Internet content, particularly child abuse images. If you wish report the content of a particular site to the IWF, you can do so on their website at iwf.org.uk

You can visit Colin’s Security blog at Free PC Security

In 2008, cyber-crime was at an all time high with hundreds of millions of dollars stolen. According to security experts, a string of data breaches orchestrated principally by a handful of organized cyber-crime gangs translated into the loss of hundreds of millions of consumer records last year, security experts say.

The size and scope of the breaches, some of which have previously not been disclosed, illustrate the extent that organized cyber thieves are methodically targeting computer systems connected to the global financial network.

Forensics investigators at Verizon Business, a firm hired by major companies to investigate breaches, responded to roughly 100 confirmed data breaches last year involving roughly 285 million consumer records. That staggering number — nearly one breached record for every American — exceeds the combined total breached from break-ins the company investigated from 2004 to 2007.

In all, breaches at financial institutions were responsible for 93 percent of all such records compromised last year, Verizon reported. Unlike attacks studied between 2004 and 2007 — which were characterized by hackers seeking out companies that used computer software and hardware that harbored known security flaws — more than 90 percent of the records compromised in the breaches Verizon investigated in 2008 came from targeted attacks where the hackers carefully picked their targets first and then figured out a way to exploit them later.

One hacking group, which security experts say is based in Russia, attacked and infiltrated more than 300 companies — mainly financial institutions — in the United States and elsewhere, using a sophisticated Web-based exploitation service that the hackers accessed remotely. In an 18-page alert published to retail and banking partners in November, VISA described this hacker service in intricate detail, listing the names of the Web sites and malicious software used in the attack, as well as the Internet addresses of dozens of sites that were used to offload stolen data.

Source: Washington Post

A Nigerian undergraduate has been sentenced to 19 years in prison for obtaining $47,000 (33,382 pounds) from an Australian woman by convincing her over the Internet that he was 57 years old, white, and madly in love with her.

Lawal Adekunle Nurudeen met his victim on the Internet in 2007 and convinced her that he was a British widower called Benson Lawson. He said he was an engineer working in Lagos whose wife and only child had been killed in a car accident.

“The victim, a 56-year-old woman from Australia, told the convict that she wanted a husband and all the men she had met always disappointed her,” said the Economic and Financial Crimes Commission (EFCC), Nigeria’s anti-corruption police.

“The convict, who is married with three children, instantly replied and told the victim she had met her Mr Right … He sent the picture of a white man to foreclose any suspicions.”

The woman sent Nurudeen money for medical treatment and travel costs to visit Australia. He spent the funds on two plots of land and a Honda Prelude car.

Nigerian confidence tricksters have a long history of extorting money via the Internet through “419″ scams, named after the clause that outlaws them in Nigeria’s penal code. Many are never caught.

The EFCC said Nurudeen was ordered to pay around $10,000 immediately and a further $250 a month to his victim until the full amount stolen was returned. She would also receive the proceeds of the sale of his land and car.

Source: Reuters

I would like to see him hack his way out of jail now that would be the ultimate hack! There are so many cyber-crimes that are committed each day. It’s almost impossible to catch everyone. We need to be smarter by protecting our personal data and use passwords that are strong.

A Los Angeles computer security consultant has been sentenced to four years in federal prison for using malicious software that turned thousands of computers into “zombies” so he could steal private information.

Prosecutors say 27-year-old John Schiefer was sentenced Wednesday after pleading guilty last April to computer fraud.

Prosecutors say Schiefer and his associates created “botnets” — armies of infected computers — to steal individuals’ identities by extracting information from their personal computers.

Schiefer also worked as a consultant with a Dutch Internet advertising company to defraud it with his botnets. He was ordered to pay $19,000 in restitution to PayPal and other companies.

Keep your information safe and private. Never share any personal data unless you trust the source.

MySpace provided two state attorneys general the names of 90,000 registered sex offenders it had banned from its site in response to a subpoena.

The figure is 40,000 more than the amount previously acknowledged by MySpace, according to Attorney General Richard Blumenthal of Connecticut, who along with Attorney General Roy Cooper of North Carolina are among officials pressing social networking sites to adopt more stringent safety measures.

“Almost 100,000 convicted sex offenders mixing with children on MySpace — shown by our subpoena — is absolutely appalling and totally unacceptable,” Mr. Blumenthal said in a statement. “For every one of them, there may be hundreds of others using false names and ages.”

Last year, MySpace, owned by News Corporation, and Facebook.com agreed to set security standards after the Web sites were criticized for not doing enough to protect minors from sexual predators lurking on social networking sites.

How many more of these offenders will pop up on the popular teen site? I am sure MySpace is moderating their site to ensure that if anyone violates their terms of use will be banned and reported. This is not going to be an easy task, and some offenders may slip under the radar.

There hasn’t been much news about the Mafia, but that doesn’t mean they no longer exist. In fact, the Mafia is now focused on internet crimes which lead to lucrative payoffs. The FBI has reported that online crime is at an all time high. So why are we hearing so little about it? Cyber crime has been estimated by the US Treasury to be more valuable than the illegal drugs trade – worth more than $100 billion a year.

So what does the Internet Mafia control? You don’t have to think hard to figure this one out. Almost all online pornography is owned by the Mafia, which are usually captive women and children in Russia or Eastern Europe. Many of the fake anti-spyware and antivirus software are controlled by the Mafia.

How did the Mafia get so cyber smart? That’s an easy answer. The Mafia recruits many of its savvy hackers and web programmers from Russia. These cyber criminals are smarter than you think, as most spam and malicous code resonate from these countries.

The Internet Mafia is far different than the one you and I have come to know from watching the news and movies, based on Mafia living and activity. This is the new digital Mafia, and far more dangerous.

There’s one source on the internet that spells this out clearly. Visit http://endmafia.com/ to read more about the Mafia and the internet.

I know one thing that we don’t have to worry about, and that is Vinny “No Thumbs” knocking at your door for protection money.

Your site may have been already targeted by hackers who are using automated tools to find most common vulnerabilities. If they find one, they will inject harmful code that will attack your loyal visitors and guests.

To help keep your site safe, start with some quick, free scans that ferret out the most obvious problems. First, fill out a form at Qualys.com to request a free scan of one IP address. Discover all devices and applications across the network, and identify and eliminate the security threats that make network attacks possible.

Next, download the also-free Scrawlr tool from HP. After a quick install, use Scrawlr to scan your site for SQL injection vulnerabilities (a type of hole targeted in a recent Sony site hack).

A clean bill of health from both scans won’t guarantee that your site is safe. For instance, neither will find problems with custom JavaScript code, another common type of attack. And while requesting or running either scan is easy, fixing a reported hole might involve a fair bit of work. But that job will still take far less work than repairing your site and your reputation after your site has been hijacked.

Take the extra steps to keeping your site and your visitors safe from harmful cyber attacks.

Let’s us know your thoughts and what you have done to check your web site.