If you are wondering how to fight spyware for safe web surfing, this Internet privacy article will answer some of your questions. By now you have probably heard about the dangers of spyware.

Spyware has become so common, it has now moved ahead of viruses as the number one danger facing computer users today. But with these safe web surfing tips you can learn how to fight spyware.

Anything you download from the Internet is a potential threat but a few types of downloads are particularly notorious for infecting your computer with spyware and adware.

Music file-sharing programs used to trade music are a major problem. Other downloads like free games, screen savers, and even smiley face packages are usually loaded with adware.

Be aware of any product that claims to be free because it’s very possible that the publisher generates revenue from sources like pop up ads while you surf.

Also quickly look at the end-user license agreement that comes with a download. During the installation process you’re asked to check a box to indicate that you agree with the terms. Although very few people ever read these, you may get clues that spyware and adware are part of the download.

If you see third-party software, anything ad-supported or if you are asked to agree to multiple end-user license agreements, cancel the installation process. This is almost a sure sign that ads will pop up and your safe web surfing will become history.

There are a few other ways to learn how to fight spyware. Go into Microsoft’s windowsupdate.com site at least once a month to make sure your system has the latest security patches. It just takes a few minutes and this alone can save your computer.

It’s very important to run and keep your anti-virus programs up to date. But with spyware and adware as the number one danger facing computer users today, you need to arm yourself with spyware protection software and keep it updated.

Our site as well as many other spyware sites offer to kill spyware free to get rid of the spyware and adware that you have on your computer now. But if you don’t install spyware protection software, a spyware program could reinstall automatically within minutes from being cleaned from your computer.

You and your family deserve to be able to surf the Internet without your privacy being at risk. If you really want to fight spyware, invest into quality spyware protection software and keep this threat away from your computer.

Copyright © 2005 Spyware Information.com All Rights Reserved.

This article is provided by http://www.spyware-information.com where you will find free spyware cleaners, downloads, removal software, valuable tips and updated articles about adware and spyware removal programs to protect your identity. For other informative spyware and adware articles go to http://spyware-information.com

Ok, you’ve got a computer, and you get online. You surf your favorite sites, Sports, Shopping, Cowchip Tossing Blogs, and so on. Your kids download songs and IM their friends. But are you being tracked? Is your personal information stored safe on your computer or is it being mined to a geeky looking guy sitting in the dark half a continent away? Do you know for sure you are secure? Many people don’t.

They take it for granted that their service provider is watching over them. If there is one thing I can’t stress enough, it’s always read the fine print before You hit the download button. A survey I read about a year ago stated that Less than 7 % read the info posted on the Download windows. Some Spyware will Download itself without even you knowing it.

And then how about the Link Hijackings? You go to your Bank URL, but you don’t Notice that it’s been changed slightly. The Login and Password you enter now is in The hands of a person who likes to shop!

There are the less dangerous Pop-ups. They are annoying sure, but sometimes it Can get so bad you can’t click them closed fast enough to even close out your browser.

Spyware can slow your computer to a crawl, taking minutes to open a site. It can Log your keystrokes, mine your data, reboot your computer, even cause it to not boot up.

You’ve got to be safe people!

The Internet is a wonderful place. It’s come a long way and it’s got a long way to go still, enjoy it.

About the Author:
Doug Woodall
SpywareBiz

Doug Woodall has a website at http://www.spywarebiz.com. There he provides free information and recommended products to combat Spyware.

He also runs the SpywareBiz Blog at http://learningfolder.com/Blogs/297/

He is a member of the IWA (International Webmasters Association)

Doug can be reached at spywarebiz@comcast.net

Article edited for proper content by Wendy McCallum

Spyware Solution

Probably Today’s Biggest Computer Problem. You Suffer Without Knowing Your PC is Infected! "The effects can be devastating…and very costly." "Probably the biggest problem PC User’s are experiencing right now."

Symptoms

PC runs very slowly for no apparent reason. It is difficult to access the Internet. Bandwidth seems to be reduced. Unwanted popup ads and often when you are not even surfing the web. Changed Internet Explorer home page, (known as Hijacking). Your PC is slowing down to a crawl.

Why You Should Fear Spyware

Personal information is collected from you without your knowledge or permission. Scary! Spyware collects information from you on a range of areas, from all the Web sites you visit, to more sensitive information like user names and passwords and even banking details. Personal Information you would never give out if someone asked you for it! Spyware collects it covertly. The primary objective of Spyware is to steal information. Your ‘personal’ information!

Be aware, some Spyware may run unnoticed without any outward signs of infection. Do not be fooled. It could still mean you have a major problem! Spyware removal is required.

How does Spyware get onto your PC if you don’t knowingly download it? Many PC user’s ask this question. The answer is that if you or your teenage children download music from file-sharing programs, free games from certain sites, ring tones or other software programs from unknown sources -you can easily become infected with Spyware!

Spyware uses security holes in the Windows Operating System, and many people are very surprised to hear that infection can occur without any actual conscious actions of your own.

Do not confuse Spyware with virus’s. Even if you have a virus checker this will not stop Spyware. It is a totally different threat.

It is annoying. All you probably want to do is surf the internet as simply as possible. The proliferation of threatening attacks to your system make this more and more difficult, unless you have the right set of tools in place to protect yourself.

How Do You Protect Yourself?

The best way to check for infection is to scan your machine with an effective program capable of protecting you. One thing you should be very aware of, are the ‘free’ programs offering to solve such a problem. Unless they are recommended by a professional source, you should steer clear of such programs. It has been found that many ‘free’ programs simply add to your problems, by adding more Spyware or other malicious programs to your computer. Even if you have not experienced it, you probably know or have heard of someone that has had their home page hijacked or their web search pages involuntarily redirected.

Recommended solutions?

There are a few legitimate programs which actually do what they say they will do. ‘Counterspy’ is such a program. ‘CounterSpy’ uses extensive Spyware signature databases, real- time security agents, and ThreatNet to protect your machine from many types of Spyware, adware, browser hijackers, malware, search hijackers, keyloggers, ghost spammers, and spy software. If you do not want to be targeted with offers of goods you don’t want and you want to feel secure, knowing your personal information is safe - then CounterSpy is the program you are looking for.

One great benefit of CounterSpy is the real-time agents that monitor your computer 24/7, securing certain key areas. Malicious Spyware authors are dubious and crafty. With CounterSpy you stack the odds in your favour and dramatically reduce the odds of Spyware installing on your machine. There are no know issues with CounterSpy running with other programs, so you should find it blends in nicely with any existing programs you are running. I work in the PC maintenance and repair field and have found the program works as it says. A good number of other satisfied users that I have referred also rate this program.

The program has a 15 day free trial and a 30 Day Guarantee to ensure you are satisfied with the program. Its excellent value for money at $19 (or approximately £10 ) for one full year, including updates. The price in year 2 is roughly half the original price -so it really is a good deal.

I believe that £10 spent on prevention, is far better than paying out £100 later, if you have a real bad problem this program could have prevented.

Referring back to the guarantee, if you are not satisfied, your money is refunded in full. (Guarantee is provided by the makers of the software). A very good guarantee from an established company, with a quality product. I use the product myself daily. My opinion is that it will help in your fight to keep your computer running in top condition and more importantly, keeping your personal information more secure. You can try out the program for yourself just go here: http://www.gotopchelp.com/web/spyware

Stephen Wilk
PC Help

Copyright © all rights reserved.

About the Author: Stephen Wilk (MCSE) is the author of various technology articles and runs a commercial PC maintenance, repair and sales business. Stephen has already helped many people solve their frustrating computer problems.

Web Site http://www.gotopchelp.com
Article URL: http://www.gotopchelp.com/web/spyware
Send email to: itman6666-m2@yahoo.co.uk

First of all we need to get some terms stated. I have been in the business for just over two years and there is still some confusion over the topic.

Mail forwarding: is a service that allows you to have your mail sent to a “mailbox” and then they will forward it off to your location. This mail is generally sent in bulk to the recipient and is very useful if you travel, or don’t have a permanent address.

Mail Redirection: is when you have mail sent direct to a mailbox and then it is “remailed” to another location. This is mainly used by organisations or individuals who wish to keep their physical address a secret.

Remailing: is as simple as receiving a letter, re-stamping and addressing the letter then posting it again. This is pretty much what happens when mail is forwarded or redirected.

First of all when you think about tampering with mail such as remailing, forwarding etc. you think “dodgy” or is that legal? Quite simply yes, it is legal but it all depends on what the intent of the service is. I will explain why people need to have a fake mail address.

Mail Drop: is defined as “an address or place at which a nonresident person receives mail, often of a secret nature” (2005) Dictionary.com

So why are there so many names for the same services?

It is pretty simple to understand why there are so many names and that is because the vendors that offer these services are trying to obtain as many hits through search engines as possible, they use phrases such as “forwarding” “redirection” etc.

In doing this they can confuse the customer and they will not have a clear understanding of the services that are available.

What service should I use then?

Mail drops are generally the most defined term and are understandably the most common. I define Mail Drops as a mailbox that has been purchased on your behalf and all mail within the mailbox is sent to your predefined recipient address. Most Vendors provide shared mail boxes, where you share a box with many users for a cheap price, or dedicated services where you actually rent the whole mailbox. You should look at how manageable your account is, can you have multiple predefined recipient addresses, and can you see what mail you have and how much mail you have in the box at any time.

Why would people even use such a service?

Anonymity is the simple answer, or people who choose to keep their identity secret from others. There are many reasons for doing this, the most legitimate reason for using such services is for people who move around and do not have one stagnant address. Although the services are set up by legitimate vendors, there are the customers who wish to evade the law and have private documents sent without detection. These customers can harm or damage the vendor’s reputation and if any prohibited material is detected they can often face heavy charges.

There are many vendors out there who provide this service, I am not going to recommend any particular vendor but I do advise that you shop around and take a look at their history and talk to other customers who have used their services. All the vendors are located in multiple countries; you should take a look at their country of origin, what privacy laws are enforced there, what is their law enforcement like? Then take a look at the site. Read their privacy statement, try to understand it. Make sure you fully understand their terms of service. You do not want to be stuck with a huge fine, or if you’re trying to keep yourself anonymous, you don’t want to have your private information public. Or worst of all have them read your private mail!

Good luck

Steve
©Private Mail Services
http://www.private-services.com 2005 - Keeping You Anonymous

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business – but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You’d Better Not Visit

Phishing websites

Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one — of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users’ passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Keyloggers and Trojans

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for — to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware — cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs — a well-known authority in information security — noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

A Hybrid Scam

In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website.

Panda Software identified several websites offering cheap airline tickets which in fact weren’t selling anything; the aim was to cheat users out of credit card details.

This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors’ computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers–software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes –but that’s not all. They capture everything the user is doing — keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) – so the information is captured even if the user doesn’t type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency–the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help — even if it is a bit more expensive.

As for malicious websites… "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense’s report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company. The company’s R&D department created an innovative technology, which disables the very processes of information capturing — keylogging, screenshoting, etc. It makes the company’s anti-keylogging software truly unique: it doesn’t detect keyloggers or information-stealing Trojans one by one — they all simply can’t work.

Learn more — visit the company’s website http://www.anti-keyloggers.com

First, let’s do a little recap’. As I stated in the first part of the article, "Make Money Online - The Latest Scam Disclosed", "refund policy scammers" affect the websites that make money online by selling digital products by buying the product and asking for refunds, while keeping the product.

Now I will give you some solutions you can choose from. But, unfortunately, all of them have some bad consequences, aside the good ones. The best piece of advice anyone that makes money online can give you is testing.

First, the obvious solution: get rid of the refund policy. This way you won’t have problems with these scammers anymore and you can continue to make money online without them bothering you. The bad thing is that this solution might reduce your conversion rate, but like I said before, test. You might be surprised of the results and see that the conversion rate stays almost, if not the same as you had before. This has happened to others.

Next, I will give you some tips to increase your conversion rate if you decide to go with the no-refund policy and thus help your make money online business.

One thing you can do to help increase the conversion rate, sometimes even more than it was before you got rid of the refund policy, is to place a text just before the order form telling people that you don’t have a refund policy because of these scammers and you don’t want your product to end up on their hands. This actually worked out great for others and they made had more sales than before.

Another thing, probably the best, is to use trials for both software and e-books. For e-books, just give them few chapters for free and, if they like it, they have to buy it. Some gave away one quarter of the e-book itself, others even one third. This is a great way to build up credibility. You can even state on your sales page, if you use clickbank for eg., that clickbank reads your e-book to make sure it’s all in order before it’s put up on their website. This way you kind of reassure people that they will get what they pay for and not just those chapters you give for free and the rest…crappy content.

There is yet another thing, but this, in my opinion, can only be used by people who already have a rather high credibility on the Internet (and probably know this already ). The thing you can do is use testimonials instead of refund policy. It works out great for the majority of make money online business owners.

Another solution people thought was a software to disable the product in case of a refund. But this might work with software, but definitely not with e-books, because they can easily be copied to another text document and, in the end, the scammer still ends up with it. This solution is still debated, because, from what I understood, at the moment, there isn’t any software that can’t be easily cracked.

Well, that’s it. I really hope this will help you make money online and defend yourself against these scammers in the same time.

Online Internet Marketing & Home Business Resource Center http://www.partnersinsuccess.net - Make money at home with our unique money making opportunities.

Before we start, I want to make it clear that this article is about scammers that affect people who make money online by selling digital products, like e-books, software, etc. and have a refund policy, because we have a rather long way until the end and, if you are selling physical product or you money online through affiliate programs that don’t involve a refund policy it’s probably just a waste of time.

In this article, I’ll talk about the "refund policy scammers". Lately, more and more people started to talk about them on forums and came out with different solutions, which we will discuss in the second part of the article, "Make Money Online - Defend Against The Latest Scam".

"Refund policy" scammers, as I stated in the beginning, affect the people that make money online by selling digital products (software, e-books for eg.). Now, you’re probably wondering what’s their "modus operandi". Well, it’s very simple. They just find websites that sell digital products and have a 100% money back guarantee, buy the product and then they tell you they want a refund because of crappy reasons, sometimes even impossible ones (they ask for a refund only minutes after they bought the product), but in the same time they keep the products.

More and more people who make money online with this kind of websites are complaining about these incredibly immoral scammers. You will find posts like: "I received this e-mail just one minute after they bought my e-book: "I am really disappointed about your e-book, I read it and it doesn’t say anything new for me. Please give me a refund." And my e-book contains 80+ pages", "I am sorry but your script doesn’t show me any results. Please give me a refund." I received this e-mail just one day after he bought and my script usually show results after about 30 days "

Now, you’re wondering: "Does this affect my make money online business?". You bet it does. Some time ago, it wasn’t such a big problem, because only few people did it. But, nowadays, more and more people are complaining about these scammers, indicating that this refund policy "virus" is spreading quite rapidly. Today, we can even talk about professional refund policy scammers, who put up lists of products worth thousands of dollars and do "their thing". And this is nothing. Some of these scammers have an incredible nerve. not only that they scam you, but then, they start selling your products claiming it’s heir own (this happened with simple products like e-books and scripts) which is a major problem for your make money online business.

Now, you’re probably asking yourself: "Can I make money online by selling products and, in the same time, keep this scammers away?". Well, there are several solutions, but not without consequences. The obvious solution is to get rid of the refund policy, but this will probably decrease your conversion rate. We will discuss this and some other solutions in the next part of this article. Stay tuned, we’re half way there.

Online Internet Marketing & Home Business Resource Center http://www.partnersinsuccess.net - Make money at home with our unique money making opportunities.

Phishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster.

To view examples of phishing emails go to:

* Citibank: www.ciphertrust.com/images/example_citibank.gif
* US Bank: www.ciphertrust.com/images/example_usbank.gif

Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing attacks increased by 4000%. Compounding the issue of increasing volume, response rates for phishing attacks are disturbingly high, sometimes as high as 5%, and are most effective against new internet users who are less sophisticated about spotting potential fraud in their inbox.

Corporations should be concerned with the following four issues:

* Protecting employees from fraud
* Reassuring and educating customers
* Protecting their brand
* Preventing network intrusions and dissemination of trade secrets

A failure to succeed in any of these areas could be catastrophic to a company’s ability to function in the marketplace. If employees are not protected, the company could be held accountable for not putting protections in place to prevent fraud. If a hacker impersonates a company, then the company’s reputation and brand may be tarnished or ruined because customers feel that they can no longer trust the organization with their sensitive information. And finally, the latest trend in phishing has been to socially engineer employees or business partners to divulge sensitive trade secrets to hackers. The implications of employee login information getting into the wrong hands could result in grave consequences once hackers are able to “log in” to an employee’s network account using VPN or PC Anywhere software.

Protecting Employees from Phishing

One of the best ways to protect employees from Phishing is to prevent spam from ever getting to the user’s inbox. Since most phishing attacks proliferate through unsolicited e-mail, spam filtering technologies can be very effective at preventing the majority of phishing attempts.

New technologies are also available to help prevent phishing. One such technology offered as a standard by Microsoft and supported by CipherTrust is the Sender ID Framework (SIDF), which prevents spammers from obfuscating their IP address by verifying the source of each email.

Of course, spam filtering and SIDF cannot solve the problem entirely. Many phishing attacks are actually sent on an individual basis to users not protected by cutting edge spam detection technologies. Other attacks are distributed through online email accounts such as Yahoo! Mail, Gmail, MSN, and others. In short, technology alone cannot solve the phishing problem. Employees must be educated about phishing and how to spot fraudulent emails and websites.

Reassuring and Educating Customers

Once a consumer receives a fraudulent email that appears to come from a trusted company, he or she may never trust that company’s email communications again. That is damage that is not easily undone. It is essential that organizations communicate openly and frequently about how customers can identify legitimate email communications, and the need to report fraudulent ones. For those organizations that frequently process consumer credit card transactions, it is recommended that a special section of the site be devoted to helping customers avoid fraud.

Companies that make efforts to educate their customers about phishing are much less attractive targets than those who make no efforts at all. Some examples of organizations that have developed extensive policies around this issue are:

* USBank
* Wells Fargo Bank
* Ebay and PayPal
* Citibank

Protecting the Company Brand

Each time a phishing attack is launched, a legitimate company’s trademark is tarnished and brand equity is eroded. The more attacks a company suffers, the less consumers feel they can trust the company’s legitimate email communications or websites. The value of this trust is difficult to quantify – at least until a company begins to lose customers. When customers no longer trust the company’s ability to protect their personal information, they often defect to competitors or opt to use more expensive commercial options such as telesales or retail locations.

Clearly, the goal is to convince the fraudsters that your customers will not fall for the scam. This is why having an obvious anti-phishing program that is public for all to see can be very effective. The fraudsters tend to follow the path of least resistance. Seeing that customers are well informed of how to avoid phishing attacks, the perpetrators simply turn their attention to other “softer” targets.

Preventing Network Intrusions and Dissemination of Trade Secrets Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside the organization.

With little knowledge of an organization’s business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization’s employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about the authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In the financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid the bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are the Victim of a Phishing Scam If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

* Immediately educate your customers on how they can correctly identify the phish

* Notify the authorities of your situation. Phishing Fraudsters may have violated all or some of the following Federal Laws:

– 18 U.S.C. 1028(a)(7) – Identity Theft
– 18 U.S.C. 1343 – Wire Fraud
– 18 U.S.C. 1029 – Credit-card Fraud
– 18 U.S.C. 1344 – Bank Fraud
– 18 U.S.C. 1030 (a)(4) – Computer Fraud
– 18 U.S.C. 1037 – CAN-SPAM Act
– 18 U.S.C. 1028(a)(5) – Damage to computer systems and files

* Prosecute the criminals – when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has the right to defend its mark in court.

If you find that you are personally the victim of a phishing scam, then you should identify what information was compromised and then:

* If the fraudster obtained your Bank Account, Credit, ATM or Debit Card information:

– Report the theft to your card issuer, and cancel the account

– Check your statements for any unauthorized charges and follow up with your financial institution regarding their procedures for minimizing your liability to the charges

* If the fraudster has obtained your personal identification information — Contact the credit reporting agencies:

* Experian

* Equifax

* Trans Union — Request that a fraud alert be placed on your record

– Request a copy of your credit report and follow up on any unauthorized credit inquiries

– Request that unauthorized credit inquiries be erased from your record

– Notify your bank of potential fraud

– File a police report with your local police department

– File a report with the Social Security Administration

– Notify the Department of Motor Vehicles and determine if an unauthorized driver’s license number has been issued in your name

– Notify the Federal Trade Commission (www.ftc.gov)

– File a complaint with the Internet Fraud Complaint Center (www.ifccfbi.gov/index.asp). Additional Internet Fraud Sites:

* www.cybercrime.gov

* www.consumer.gov/idtheft/

* www.identity-theft-help.us/

* www.identitytheft.org/

* www.usdoj.gov/criminal/fraud/idtheft.html

* www.usdoj.gov/criminal/fraud/idquiz.html

* www.ifccfbi.gov/index.asp

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry’s largest provider of enterprise email security. The company’s flagship product, IronMail provides a best of breed defense against phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com today.

Is your enterprise following the rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately, the corporate CEO and CFO are accountable for SOX compliance, and they will depend on company finance operations and IT to provide critical support when as they report on the effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components allow for information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley

The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act “the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression.” Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders the lion’s share of the responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that corporate-wide information security policies are in place for employees at all levels. Information security policies should govern:

* Network security
* Access controls
* Authentication
* Encryption
* Logging
* Monitoring and alerting
* Pre-planning coordinated incident response
* Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

* They have reviewed quarterly and annual financial reports;
* The information is complete and accurate;
* Effective disclosure controls and procedures are in place and maintained to ensure that material information about the company is made known to them.

Sarbanes-Oxley Section 404

Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.

Effective Email Controls

Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

* A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls;

* Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;

* Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;

* Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

In conclusion, complying with Sarbanes-Oxley puts a heavy burden on an organization’s IT department to implement and enforce policies set up by corporate governance boards. In order to make sure the company’s email system complies with Sarbanes-Oxley, IT managers must be able to document steps they have taken to address Section 404 of the code. CipherTrust manufactures a secure email gateway appliance that can help organizations comply with Sarbanes-Oxley. To learn more about it, please visit www.ciphertrust.com/solutions/compliance_SOX.php and read our articles and white paper on the subject of SOX compliance.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry’s largest provider of enterprise email security and anti spam solutions. Learn what you need to know to comply with Sarbanes-Oxley regulations by visiting http://www.ciphertrust.com/solutions/compliance_SOX.php today.

I Challenge You To Crack The Code
————————————-
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure.

In most cases, this individual would have been right on the mark. On the other hand, I’m not sure he expected to challenge someone who has close associates with discretionary time on some of the most powerful computers in the world.

6 Hours, 2 Servers, 64GB of Memory, and 32 Processors Later and…..
————————————
It took just under six hours to decipher the password. Of course, my ‘associates’ were using a program of my choice on servers with 32 processors and 64GB of RAM a piece. It’s nice to have friends with access like this. Especially in my line of work. Needless to say, my client was shocked when I called him the next day and gave him the password.

Let’s Have Some Fun: A Challenge For You
———————————————-
(In order for you to do this, you need to go to: http://www.defendingthenet.com/NewsLetters/ CrackTheCode-ThatsADirectChallenge.htm)

Shortly after this experience, I started thinking about writing an article about it. Then I thought to myself, why write just an article? Why not come up with a challenge for our readers?

Hidden in this article is information that will ultimately provide you with a phrase that has been encrypted. You will need to know a few pieces of general information such as, where to find the hash in this article, how to extract the hash from the article, what the password is that will reveal the hash, and what type of hash is being used! Still with me on this? You will need to do all this before you can start cracking the encrypted phrase.

First, you need to find the hashed phrase located in this article. I’ll give you a hint; I recently wrote an article about hiding messages in files. This article can be found on the Defending The Net Newsletter Archive. It is also in the www.CastleCops.com archive. Oh, and once you find where the hash is you will need a password to extract it. This one I am going to give away. The password to extract the hash is ‘letmein’ (without the ‘ ‘ of course).

Then, you will need a tool that can easily handle deciphering of the hash once you extract it from this article. There are quite a few out there that will do the job, however, I highly recommend using pnva naq noyr i2.69, a publicly available security tool that no self respecting security engineer should be without. You will also need to know the type of hashing algorithm that was used. I decided to use zrffntr qvtrfg svir because it is relatively well-known. (Try saying that 13 times real fast!)

Conclusion
—————-
The first person to successfully unravel this riddle and e-mail me at riddle@paralogic.net with the deciphered phrase, along with a detailed description of how they accomplished the task, will receive a 512MB, USB2.0 Jump Drive. As soon as we receive this information we will post it on the main page of www.defendingthenet.com.

About The Author
—————-
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net