«
»

Last week, we highlighted two of the recent explosion of new scams and frauds. Here are two more examples. Always be alert for suspicious messages and never give out confidential information unless you are absolutely sure who’s on the other end of the line.

Dept of Justice spams
The US Department of Justice announced a number of fraudulent emails claiming to be from the DOJ and alleging that the recipients (or their businesses) have been the subject of complaints filed with the DOJ and/or the IRS. The message often contains a "copy of the complaint" as an attachment and offers contact information to resolve the issue. Do not open the attachment. It’s a trojan horse and will load malicious software onto your computer. Don’t call the contact information either. You’ll just open yourself up to a social-engineering scam as the person attempts to scare you into revealing confidential information. The DOJ does not send out email notices for these issues. Read more here.

MySpace worm
Many thousands of MySpace.com websites were successfully attacked by a new and particularly complex computer worm. In this attack, MySpace visitors who are browsing an infected page are redirected to a fake login page that attempts to steal the visitor’s username and password. According to one researcher, about one in four falls for the scam. The hacker then changes the code on their MySpace page to trap even more visitors. The redirect works against some recent vulnerabilities in MS Windows and Internet Explorer. The same attack will also install software onto your computer, turning it into a part of a hostile botnet and possibly exposing all the personal information on your computer to the hacker.

Protect yourself by keeping your computer fully patched. By the way, the same research showed that many people choose weak passwords on MySpace, thinking that there’s nothing to protect. Remember that hackers use this as an avenue into your personal information. Pick strong passwords even for websites like MySpace. Read more here.

Next week, we’ll have an update on the State of Ohio’s recent security breach and the relative merits of their "identity theft protection service".

This entry was posted by Mike Rossander on 2007 July 23 at 00:00 under Malware, Specific Alerts. You can leave a response, or trackback from your own site. Follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply