A couple of days ago, I was searching for a popular eBook online.

Now I’m not going to tell you the name of this eBook for reasons you’ll understand in the next few minutes.

Okay, so here I was, opening Google, entering the name of the eBook - clicking search, and checking through the first few pages of search results.

-> Forward to Page 5 of Google

I saw a link that looked like a PDF document.

Right click -> open in new window

There, in full glory, was the eBook I was searching for!

The complete eBook, mind you, not a trial or demo - sitting there for the world to download.

And this is a product that sells for over $25 online!!

Obviously I’m not going to tell you the name of the eBook because it would not be fair to the reseller.

But it just made me realise that one of the reasons digital theft is so prevalent is simply because… its so EASY!

Don’t get me wrong. I don’t condone theft of any kind - digital or otherwise.

But would YOU shell out $25 for a product that everyone can ‘legally’ download off the 5th page of Google?

Most people would just shrug their shoulders, hit the save button and thank their lucky stars.

Result: The opposite of $ KA-CHING $ for the sellers

One of the problems with selling digital products online is that it is so SIMPLE to do. So now everyone and their grandmother wants to do it.

But most newbies have no idea that it requires only a few simple steps to ensure a moderate degree of security for your downloads.

So here I’ve outlined the five most BASIC security steps That anyone selling digital products online must take.

These will take you only a few minutes to do, and you do not need any special software or programming knowledge.

1. ZIP THAT FILE

The biggest problem arises when sellers store their downloads as PDF documents, as in my experience above.

Now you should know that Google, Altavista and many other search engines can read and list PDF files.

While this may not be a problem for those adding content to their sites in the form of PDF newsletters and reports, it also means that you must never store a product you want to SELL as a PDF file (unless it is in a password- protected folder).

It gets worse. Google also converts your PDF files into HTML documents. So ordinary browsers not only have access to your PDF file, but - horror of horrors - they can download your SOURCE FILE as well!!

The next logical step is for them to customize it with their own links, compile it and sell it or give it away.

Result: The opposite of $ KA-CHING $ for the sellers …AND the author.

A simple way of keeping your files out of the reach of spiders is to upload them as a zip file. Search engines cannot look inside zip files (yet) and list their contents.

2. CREATE AN INDEX.HTML FILE

You MUST have an index.html file in EVERY folder. It acts like a curtain that keeps your files away from prying eyes.

A folder without an index file is like a house without walls. Everyone can enter and help themselves to the valuables.

The ‘index.htm’ file is the default file that opens when you click on the link here -

http://ebizwhiz-publishing.com/

If you don’t create an index.htm or index.html file, you’d be allowing everyone to directly access the root directory of the folder where you store your downloads.

Here is a folder I uploaded to show you what happens when you DON’T have an index file.

http://ebizwhiz-publishing.com/test/

As you can see, all the files stored in it are clearly visible and ready to download.

And yes, feel free to help yourself - I won’t accuse you of stealing

3. SHOW PEEPING TOMS THE EXIT

You can use a simple script to redirect peeping Toms back to your home page.

Here’s the easiest way to do it using what it called a "meta refresh tag." Add it between the Header tags like this.

< META HTTP-EQUIV="refresh" content="0;URL=http://ebizwhiz-publishing.com" >

Replace
< with <
> with >
" with "

Just replace my URL with your own in the example above and paste it into the head of your document (before your text).

You can see how it works by clicking on the test folder here.

http://ebizwhiz-publishing.com/redirect/

Now even though you click on the folder URL, you will be sent to my home page.

4. SPIDER-PROOF YOUR DOWNLOAD PAGES

To prevent search engine spiders from reading and listing the download pages that link to your eBooks add the tag below in the head of the document.

This "Robot" tag tells the spider that this page is not to be spidered or indexed. As a result it should never show up on a search.

5. CHANGE YOUR DOWNLOAD LINKS OFTEN

To prevent unscrupulous people from posting your download links on forums or message boards, change the folder or file name where you store them from time to time, even if it means having to change the download links in your merchant account.

Using these methods will give you a good degree of satisfaction, knowing that you have taken the most basic steps to protect your digital valuables - and at absolutely no cost to you.

If you want greater security and more information on plugging the security loopholes in your website, check out a selection of digital download protection tools.

Priya Shah is a partner in the search engine optimization firm, SEO & More and writes an online marketing blog

The Federal Bureau of Investigation has identified “phishing” as the “hottest and most troubling new scam on the Internet.”

What is Phishing?

Phishing is a scam initiated via e-mail. Messages are “fishing” for personal and financial information. Most often, e-mails appear to be from reputable companies (internet service providers, telephone companies, etc), banks, and other financial organizations. The e-mail message often gives a story of the bank needing to update its personal information database or a financial institution claiming your personal data had been lost.

Who Phishes?

Hackers and Scammers looking for personal and financial information use phishing as an effective method of gathering information. Phishers imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include:

• Bank of America
• Best Buy
• America Online
• eBay
• PayPal
• Washington Mutual
• MSN (Microsoft Network)

History of Phishing

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users’ financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company’s site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user’s credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company’s site so they don’t suspect a thing.

Avoid Phishing

Fortunately, common sense can save you from giving away your personal information. For example, be aware for the company requesting information. I have received e-mails from banks I have never had business with. Know that your bank or ISP will never ask for your information out of the blue. Banks do not update their databases and misplace information.

Tips To Avoid Phishing

• If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.

• Look for words misspelled or other grammatical mistakes.

• Before submitting financial information through a Web site, look for the "lock" icon on the browser’s status bar. It means your information is secure during transmission.

• If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

• If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

• Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general’s office or through the FTC at www.ftc.gov.

Jacob Madison is an internet marketing professional specializing in high-return growth and advanced marketing tactics. Find out more about him at http://www.jacobmadison.com

Spelt phishing, but pronounced as above, this despicable act is an effort to batter your bankroll or commandeer your cash.

To put it simply, you can get emails from account administrators, which strongly urge you to update details attached to that account. The issue, though, is the pretence of such mail.

You may not even have such an account as referenced.

It doesn’t come from the account provider.

It can use false S.S.L. references, to present an illusion of trust and security.

It can prompt for immediate action on your part, alleging false log-in’s by persons unknown, and from countries unknown. If action is not taken, they can impress on you, that the account will be suspended or closed. Indeed, anything likely to work can be fabricated, to get you to the webpage suggested in the link or hyperlink. Note the word “suggested”. Likenesses to company logos are used to re-enforce “credibility”.

In fact, these phishing attempts actually look pretty good or realistic. So much so that any qualms of guilt or stupidity, experienced by a “conned party” are groundless.

Experience, specific education or forewarning, is all that prevents this type of charade from widening its base of “victims”.

The goal is to get you to type in your details, complete with credit card number and the rest can be guessed.

Some damage is also absorbed by the organisation or company being misrepresented and they can do little about it but warn their customers what to watch out for, and issue security instructions. Indeed, it is from accounts at reputable companies that most passing trade learn the correct or most secure procedures. It is therefore important to read any material that they offer.

Generally though, reputable companies with a mind to preserve their integrity will tell you to log-in at their main page and proceed from there. Not through a link specific to your account!

Hyperlinks can mask the true domain that you’ll be brought to, with the text linked to www.anydomaindotcom (example, only), a replica or fake page. Only going to secure pages where one believes that “https” will do it, will always help but wholly unreliable. The “s” is an indication of a secure page, but are you at the right domain?

Place your mouse over the link and the domain attached to such a link, should show itself. Viewing the source code is another way but some knowledge of it is necessary.

Another ploy, sometimes deliberate and sometimes “convenient”, is inserting a reference to the “legitimate company” anywhere after the domain name. Ex. https://www.anydomaindotcom/ebay/aagle/. Unwary victims may overlook the fact that “ebay” is not the domain, but see it anyway as a directory or file name. Anyone, anywhere can have a file or directory named like that of a company.

To make matters somewhat worse from an “easy to identify” viewpoint, the source code of the link can be represented as an I.P. address rather than its named counterpart. There are some tools that you can use at http://centralops.net/co/ which you can use to type in the I.P. address and cross reference it with the official account domain presented in the e-mail, or web page for that matter. Opening a second window for investigative purposes and re-sizing both to be side by side can be revealing, and comparisons be made between the alleged source and that of the source code.

www.ebay.com can be put in one window and www.suspiciouslyspurious.com can be put in the other. NOTE; you should be checking domains and ignoring everything that comes after the forward slash at the end of the domain. A similar test can be done for email viruses, where suspicious email addresses can be searched for some degree of authenticity.

If you are phished, try to learn as much as possible about it as phishing attempts and email viruses have some aspects in common. Incorrect spelling is one of them. You must understand that the authors can be from anywhere and not necessarily have degrees in English. Legitimate companies can also be from anywhere, with different primary languages, but do perfect their spellings and general grammar.

Attention to upper and lower case can be another giveaway. This is especially true where particular portions of the text are the design of the author, and not just copied and pasted. Typically, these portions are customised to be customer specific in a general sense, and fonts may even be different or out of place. Such “special” additions are to strengthen the sense of urgency and call to action.

Should you be the recipient of “phishy mail”, you can forward it to spam@uce.gov

Seamus Dolly and phising samples are at http://www.CountControl.com/phishy.html

Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Online services such as Internet banking save time and money. However, from the depths of its vast expanse have come the dregs of society intent on preying on the new, the naïve, and the less informed.

Phishing is one of the main scams in the present moment. People set up phoney websites and email addresses. Then they spam Email inboxes with official-looking messages explaining that your account with Company X has encountered a problem and that they need you to login and confirm some details. The email addresses are masked to appear official and the links provided in the email all seem to check out. If you click on the link provided then you will usually be taken to a site that looks for all intents and purposes to be official. When you click ’submit’ your details will be sent to a criminal somewhere who will do as they please with your information, such as withdrawing money from a bank account or purchasing things in your name.

The scam has been labelled ‘Phishing’ because the criminals engaging in the activity behave similarly to a fisherman throwing bait out in the hope that they’ll receive just one bite from the millions of people that receive the email.

So how do you avoid these online scams? First and foremost, it is important to realise that no legitimate organisation should be sending you a request to fill out your personal details because of some server error or for any other reason. Your bank will never send you an email with content along the lines of "We’ve lost your bank account number and password… please supply them again for our records". You should also know that no bank is going to require your social security number, bank account number, and PIN number just to log in to your account or retrieve your password. Other sites such as Ebay, PayPal, and the like will not email you asking for these details either.

If you’re a little unsure as to whether or not an email is official, scroll down a bit until you find the link that they are requesting you to click and simply hold your mouse pointer over the link text without clicking. Now take a look at the bottom left-hand corner of your browser window. The link text is often the address that the phisher wants you to think you will be heading to but the real address will be revealed in the bottom of the browser. This address will most likely not have anything whatsoever to do with the company that the email is attempting to imitate. It could be a dodgy web site or even just a page on someone’s personal computer. If the address doesn’t appear in the bottom left-hand corner then you can right-click on the link, select ‘properties’ from the pop-up menu and then read the address listed in the information box.

To avoid further scams make sure that you have updated firewall and anti-virus software active on your system at all times. This will make it harder for anyone to install key loggers, Trojans, spyware, or other similar devices intended to retrieve your information. Keep your operating system up to date with the latest security patches and updates and be careful where you enter your details. Always look into the reputability of the site that is requesting your details and keep an eye on the lower right-hand corner of your browser. If the page you are viewing has a little padlock symbol appear in the corner, then it means that your details are being secured by some encryption method. You can double click on the icon to get more details if you wish. Sites without the padlock icon don’t have encryption, which means that your details are a lot easier for malicious crooks to get a hold of.

Even if you’re sure the website is legitimate, it’s not a good idea to send your details over an unsecured connection. By the way, email does not count as a secure connection, and neither does any instant messaging program, (such as MSN, ICQ, Yahoo Messenger, AIM etc.) so don’t give out personal details that way either.

Another common scam very similar to phishing involves the emailing of promises of great wealth. Seriously, what do you think your chances are of winning the lottery, let alone one that you never even entered? Or of some obscure yet ridiculously rich person in Africa dying and you being legally allowed to pick up their money? Or of a foreign prince wishing to smuggle money out of his country using your account? These emails are all scams. I wish it were true that I won three different lotteries every single day, but if you get in contact with the people sending these messages they’re going to do their utmost to clean out your pockets. Unfortunate as it may sound, the ‘Please Donate to Charity’ emails sent are usually also scams.

If you really want to donate money to a charity, look them up and send it the usual way, don’t respond to a multi-recipient email that may or may not be real. You also shouldn’t donate to some random charity that no one has ever heard of before. Some of the Internet lowlifes have started up fake charities, ‘dedicated to helping Tsunami victims’ or similar and are simply pocketing the donations.

Everything in this world can be used for either good or evil purposes and the Internet is no exception. Staying alert and having just a little bit of Internet know-how can keep you out of harm’s way for the majority of the time, and allow you access to the wonderful online services available with relative safety.

Daniel Punch
http://www.m6.net

For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine – or a friend’s hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.

Now, imagine coming across your phone bill, thicker and heavier than normal. When you open it, instead of “statement stuffers” from the phone company’s marketing department, the bill is dozens of pages long ending in a one-month total of almost $5,400.

A quick glance at the details reveals hundreds of calls to the same 1-900 number. “A mistake,” you insist. After all, you’re the only person in the house and you have never called a 900 number before. Actually, this is no mistake. In this true story, the homeowner had fallen victim to one of the oldest computer scams around: the "Auto-Dialer" virus.

How Did This Computer Security Nightmare Begin
———————————————————–
What is an “auto-dialer”? Some time ago, the phone companies came up with a feature that allowed merchants to reach a broader range of customers by allowing consumers to make payments via your phone bill. If you did not have a credit card, you just dialed a 900 number, connected by voice or modem (for Internet sites). Every minute you used the service, you were charged a fee ranging from $1 to $5 or more per minute. At month’s end, the charge appeared on the phone bill. Many services were legit: Consumers called weather, horoscope and gambling services offering this feature. But many merchants sold expensive phone or online adult content.

How Did An Auto-Dialer Get Installed
———————————————————–
But how did $5,400 in charges end up on the person’s phone bill? Although many of these services require the user to physically dial the number or connect to the online site by instructing the modem to dial the number, this can happen without the user’s knowledge. In the above case, the person’s computer was infected with an auto-dialer virus. Somewhere during his Web travels, he connected to a site that popped up a rather confusing message instructing him to "Hit OK" to make the message go away. What this person didn’t know was he was agreeing to download,install, and execute an adult content auto-dialer.

Behind the scene, the auto-dialer installed itself, checked for the presence of a modem and dial tone, and then proceeded to dial an overseas 900 number over and over again. Even though the person surfed using an always-on broadband Internet connection, the modem remained so he could send and receive faxes. One problem: When he wasn’t using the modem, it remained plugged into the phone jack. Why should he have unplugged it? It’s not like it could hurt anything, right? Wrong.

How To Protect Yourself
———————————————————–
Unfortunately, there is no single solution to avoid these types of malicious acts. A short list of protective measures would include:

1) If you no longer need a modem in your computer, remove it. Or at least disconnect the phone line from the modem;

2) Install anti-virus software such as Trend Micro or Symantec’s Norton Anti-Virus. Many are designed to prevent this kind of malicious software, or “Malware.” More importantly, make sure your subscription for new virus patterns is current and configured to automatically download and install updates;

3) Install and regularly run Adware protection solutions such as LavaSoft’s Ad-Aware or SpyBot Search & Destroy;

4) And do not, under any circumstances, blindly hit “OK” to pop-ups or similar annoyances without first making sure what you are agreeing to.

This tale is not fiction; in fact, it happens frequently, to businesses and consumers, kids and adults. But even the least savvy among us can thwart such an attack. A neighborhood teenager recently avoided potentially thousands in fees when an auto-dialer was downloaded and installed. How? She had unplugged the modem.

About The Author
—————-
Darren Miller is an Industry leading computer and internet security consultant. At the website - http://www.defendingthenet.com you will find information about computer security specifically design to assist home, home business and small business computer users. Sign up for defending the nets newsletter and stay informed and empowered to stay safe on the Internet. You can reach Darren at mailto:darren.miller@paralogic.net or at mailto:defendthenet@paralogic.net
URL
—
http://www.defendingthenet.com/NewsLetters/Auto-Dialer-Newsletter.htm

If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U.S. Bank Corporation that I received contains the subject "U.S. Bank Fraud Verification Process" and in the body of the mail it says "We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised:". It continues with a link to a webpage, which looks very similar to original web page of the bank.

The misleading web site appears authentic with familiar graphics and logos. The wordings are professional right down to the legal disclaimer at the bottom of the page.

If you happened to be holding an account of the claimed bank, followed the instructions of the email and input your account, pin, password, etc. you are doomed. You just have handed over access to your account to a con artist, who, in a matter of days, will drain off all the money available in that account.

This new scam, which is proliferating in a very rapid pace, is called "Phishing". Phishing is a form of identity theft, where a con artist with the help of official looking email containing link to phony web pages capable of harvesting information, tricks an unsuspecting victim into divulging sensitive personal data. Scammers use these data to bilk victims out of their savings.

One of the most common phishing campaigns being waged has targeted users of Web auction giant eBay and its PayPal division with financial services giant Citibank serving as another popular target. However, recently, every major bank has been hit with this scam. Crooks send out huge amounts of emails with an expectation that some of these email address owners may have online access to their accounts at the bank.

The term "Phishing" is a deviation of the word "Fishing". In hackers’ lexicon, in many words, "F" becomes "Ph". The term derives from the fact that scammers use sophisticated bait as they "fish" for users’ personal information.

According to Gartner, a research firm, illegal access to checking accounts gained via phishing has become into the fastest growing type of consumer theft in the United States. Roughly 1.98 million people reported that their checking account was breached in one way or another during the last year and US$ 2.4 billion were defrauded from the victims!

Gartner also estimated that 57 million U.S. Internet users have received phishing emails and 3 percent of them may have fooled into revealing their personal sensitive information.

The Anti-Phishing Working Group has also spotted a dramatic increase in reports of phishing attacks in recent months. Since November, 2003 phishing scams increase by about 110 percent each month. In April alone, the group identified 1125 unique phishing scams, a sharp lift of 178 percent from the previous month.

MessageLabs, a company that watches phishing scams closely, has noted an even more dramatic increase in number of phishing emails. It claims to see phishing messages jump from just 279 in September, 2003 to a staggering 215,643 in March of 2004.

The scammers also started to use more sophisticated technologies in recent months. The latest generation of phishing scammers uses several methods to trick users, including pop-up graphics to mast the true web URL of the phishing site and the installation of Spywares and Trojans on victim’s computer. The perpetrators also take advantage of security bugs in web browsers, in which the URL in the address bar appears to be for one site but is, in fact, a link to a totally different site.

A new Windows worm under the name "Korgo" is able to infiltrate into victim’s system with a key logging Trojan, steal information that the victim input in web forms and secretly transmit to designated server. There are a number of variants of this worm and they are spreading rapidly. However, Microsoft in April came up with a patch to seal this glitch. Many computers without the patch are still vulnerable to this potentially dangerous worm.

A U.S. Treasury report provides consumers with steps to prevent and report phishing scams:

Other cautionary measures you should take in order to protect yourself are:

About The Author

Nowshade Kabir is the founder, primary developer and present CEO of mailto:nowshade@rusbiz.com, http://ezine.rusbiz.com , http://www.rusbiz.com , http://ezine.rusbiz.com/newsletters/newsletter31.htm

As soon as almost all computer users already got used to — or at least heard about — the word "phishing", another somewhat confusing word appeared not long ago. Pharming. Does it differ from phishing — and if yes, how?

Two Pharmings

Actually, two completely different fields use the term "pharming" now. We can say there exist two separate "pharmings".

If genetics or businessmen from pharmaceutical industry are talking about pharming (spelled like that) it might have nothing to do with computers. This word has long been familiar to genetic engineers. For them, it’s a merger of "farming" and "pharmaceutical" and means the genetic engineering technique — inserting extraneous genes into host animals or plants in order to make them produce some pharmaceutical product. Although it is a very interesting matter, this article is not about it.

As for PC users, the term "phishing" recently emerged to denote exploitation of a vulnerability in the DNS server software caused by malicious code. This code allows the cybercriminal who contaminated this PC with it to redirect traffic from one IP-address to the one he specified. In other words, a user who types in a URL goes to another web site, not the one he wanted to–and isn’t supposed to notice the difference.

Usually such a website is disguised to look like a legitimate one — of a bank or a credit card company. Sites of this kind are used solely to steal users’ confidential information such as passwords, PIN numbers, SSNs and account numbers.

Dangerous Scams

A fake website that’s what "traditional" phishing has in common with pharming. This scam can fool even an experienced computer user, and it makes pharming a grave threat. The danger here is that users don’t click an email link to get to a counterfeit website.

Most people enter their personal information, unaware of possible fraud. Why should they suspect anything if they type the URL themselves, not following any links in a suspiciously-looking email? Unfortunately, "ordinary" phishers are also getting smarter. They eagerly learn; there is too much money involved to make criminals earnest students. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more fraudulent websites looked like legitimate ones.

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for — to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware — cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Spy Audit survey made by ISP Earthlink and Webroot Software also shows disturbing figures - 33.17% PCs contaminated with some program with information stealing capability.

However, more sophisticated identity theft attempts coexist with "old-fashioned" phishing scams. That is why users should not forget the advice which they all are likely to have learned by heart:

• Never follow a link in an email, if it claims to be from a financial institution
• Never open an attachment if the email is from somebody you don’t know
• Protect your PC from malware
• Stay on the alert

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company that provides various solutions for information security.

The company’s R&D department created an innovative technology, which disables information-stealing programs. Learn more — visit the company’s website http://www.anti-keyloggers.com

Beware of a New Scam Aimed at Bargain-Hunters

Trying to buy something cheap is absolutely natural–and online crooks set traps for unwitting bargain-hunters. On April 6 Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. Several websites offering cheap airline tickets in fact weren’t selling anything; the aim was to cheat users out of credit card details.

Of course, these sites have already been identified and disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

The scam is very simple; the thieves simply wait until some unsuspecting user who is searching for airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Luis Corrons, the director of PandaLabs, comments on this scam: "This kind of online fraud differs from those witnessed previously. The malicious user does not contact the person interested in buying the product, but it is actually the buyer, in searching for the best prices online, who goes to the fraudulent web page. This creates a false sense of security that can lead users to proceed with the transaction".

This makes such a scam very dangerous. It is the user who finds the "bargain"; no spam or pop-up ad is involved– actually, nobody either forces or tries to persuade the user to buy something. This tactic is bound to be "effective", if such a word is appropriate here. That is why it is extremely likely that there will be other websites and other scams using the same pattern.

Too Cheap to be a Bargain? You’d Better Steer Clear

How to avoid this kind of fraud? "Users are best advised to treat ‘bargains’ with suspicion, and only make online purchases from trusted sites. In any event, if in doubt, it is a good idea to search for information about the website in question on the Internet. Users should be able to find opinions and experiences of other users who have used the same service," says Luis Corrons.

That’s all users can do so far — to steer clear of suspicious bargains and to check the firm one is going to buy from. Of course, the authorities are informed; these cybercriminals will be tracked, caught and sent to jail.

But this entire story gives a strong impression that cybercrooks are becoming more and more shameless. People get cheated when they expect it the least — just remember bogus appeals to make donations for tsunami victims.

Such criminals are impudently taking advantage over majority of people — over those who remember the Golden rule and expect others to behave the same way. That is why everybody who either falls the victim of this –or any other–scam, or learns about such incidents, should make this information public. This will be a small contribution that may help to curb growing cybercrime.

Alexandra Gamanenko currently works at Raytown Corporation, LLC — an independent software developing company that provides various solutions for information security.

Learn more — visit the company’s website http://www.anti-keyloggers.com

Fishing on the Internet has come a long way. However, we TechWeb junkies like to call it Phishing. What I am talking about here is not going after your ordinary, everyday catch. Yet a fine catch it indeed may be to those thieving bandits if they can lure you into giving up your personal and private information. Trickery is vast and common on the World Wide Web. Beware, I say, beware!

Email schemes, called “phishing” or “carding”, attempt to trick consumers into disclosing personal and/or financial information. The emails appear to come from legitimate companies with whom consumers may regularly conduct business. I have seen scams appear to come from such noteworthy corporation as AOL, Earthlink, Paypal, eBay, or major credit card issuers. Often times the email threatens termination of accounts unless consumers update billing information.

Phishing comes around in all forms. How many of you have had some Nigerian Prince that just inherited 35 million US dollars offer to share it with you for one reason or another? How many of you have received an e-mail supposedly from your bank that for “security reasons” requests you to click a link that takes you to an online form to fill out, requesting all your personal and confidential information about your bank account?

A word to the wise: there is no Prince in Nigeria that needs your help, and your bank will never ask you for that info in an e-mail!

The latest Internet scam appears to come from the South African Department of Mining. “Resources and we are in dire need of a foreign partner to assist us in the receipt and investment of US$15,500,000.00…” All they request is a secure place to deposit the lump sum on US territory, and you will gain a large piece of the pie. WOW, what a deal!

Another I received comes from Johnson Mgabe, the son of the leader of the Republic of Zimbabwe Agricultural Commission. His father has just been assassinated, and he, the only remaining heir, is trying to escape. If you help him, he will give you lots of dough! Right on! “Please e-mail and tell me of your decision. I am ready to pay you 25% of the money [$45.5 Million] for your help, 5% shall go for expenses you might incur during the transaction. The remainder [70%] shall be mine.”

Ok, ok, I am convinced; here is my private bank account, my SSN, DL# and address. Please tell me what I need to do next. Are they for real? Seriously though, if people didn’t fall for these types of stunts, there wouldn’t be so many floating around. Identity theft has become more and more rampant in this techno traveling world.

Again I say, beware.

Many of these email schemes contain links to “look-alike” websites that are loaded with actual trademarked images. The websites then instruct consumers to “reenter” their credit card numbers, social security numbers, bank PINs, or other personal information. If consumers actually provide the information requested, the data goes to scammers, not the legitimate company whose name is on the site. Thereafter, the data is often used to order goods or services and/or to obtain credit in the name of the consumer and potentially, steal your identity.

Again, I say, beware!

Rule for the road:

If you receive a precarious e-mail asking you for personal information, chances are it is a scam. It is better to be safe than sorry.

By Greg Richburg
Netricks, Inc.

All past articles written by Greg Richburg are available at http://www.netricks.com/news. Please address article suggestions to: info@netricks.com.

Greg Richburg is a Microsoft Certified Systems Engineer and the owner of Netricks, Inc. a network consulting, web design and hosting company located in Fresno, CA.

Visit Netricks at http://www.netricks.com Richburg also runs KlickCommerce, anInternet based marketing system for Ujena brand clothing. See http://www.klickcommerce.com for details.

More of Richburg’s work may be seen at http://www.valley411.com

When surfing the Internet you probably take your anonymity for granted, most of us do.

Tapping phones, listening to confidential conversations, reading others’ e-mail messages seems like something that only happens in spy movies to "other" people.

However, you probably don’t realize just how much information about yourself has the potential to get transmitted across the Internet every time you go online.

Every computer connected to the Internet has "ports" that allow it to connect. A "port" doesn’t mean you have a physical hole or opening in your computer’s case or hardware, but it does mean you have openings through which information passes back and forth between your computer and the Internet.

Depending on the type of connection (dial up, LAN, cable, DSL), you may have several openings for potential mischief by hackers, malicious code or viruses.

Computers with dedicated connections rate the most at risk. If someone or something gets into one of these ports and into your computer, they can potentially watch everything you do and see all the data you enter, including social security numbers and credit card information.

The easiest way to defeat this problem involves using a firewall. Firewalls, simple and inexpensive software available at virtually any office supply or computer store, block the most common ports hackers use to enter your computer.

Firewalls also help you detect and block unauthorized transmission of information from your computer to the Internet. This adds a significant measure of protection if you get infected with a Trojan Horse virus that tries to "phone home" to the hacker with your sensitive information.

If you’d like to test your connection for vulnerability to attack, log on to http://security1.norton.com and run the various diagnostics. I would strongly advise anyone connected to the Internet through DSL or cable to get and use a firewall to protect against unauthorized access.

Infected with "Spyware?"

Previously we talked about unauthorized access to your computer. But a growing problem online with people watching you and your activities involves using programs you willingly place on your computer.

Commonly called "Spyware," this refers to any program that transmits information about you to someone else without you knowing exactly what gets sent. The main purpose of Spyware involves tracking your surfing habits so advertisers know which targeted ads to send you.

Most Spyware basically comes onto your computer bundled with other software applications, as a standalone program, or as modification to the HTML on a web page.

Regardless of how you get it, you need to understand exactly what information gets transmitted about you so you can decide whether to keep or uninstall the software. Plain and simple, these Spyware programs can potentially reveal extremely sensitive information about you and your online habits.

If you have concerns about Spyware and whether or not your computer currently carries any, log on to www.lavasoft.de and check out the free PC software that will scan your system for known Spyware.

Jim Edwards is a syndicated newspaper columnist and the co- author of an amazing new ebook that will teach you how to use free articles to quickly drive thousands of targeted visitors to your website or affiliate links…

Simple "Traffic Machine" brings Thousands of NEW visitors to your website for weeks, even months… without spending a dime on advertising! ==> "Turn Words Into Traffic"