Phishing

As April 15 approaches, U.S. citizens preparing to file their taxes are susceptible to online scams designed to steal their personal information and, ultimately, their money. Here is a roundup of tips for how people can protect themselves.

First off, the Internal Revenue Service does not initiate taxpayer communications through e-mail, and the agency does not request details on personal information via e-mail. The IRS has detailed information on how to report and identify phishing and e-mail scams and bogus IRS Web sites here. More information about specific tax fraud schemes is here.

Microsoft's Security Tips & Talk blog … Read more

If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.

McAfee warned people in a blog post on Wednesday to beware of an e-mail that appears to come from Facebook urging recipients to open an attachment to get their new password.

The attachment contains a password stealer that targets Windows computers and which can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.

"This threat is potentially … Read more

Twitter is launching a new service designed to stop users of the social-media site from getting duped by phishing links that steal their login credentials and other attacks.

The company will route all links submitted to the site through a filter created to catch links that lead to malware, the company said on the Twitter blog on Tuesday.

"A couple weeks ago, Biz [Stone, Twitter co-founder] explained how Twitter users were being victimized by phishing scams spread primarily through links in direct messages," the post said. "Basically, people click the link and bad things happen. My team … Read more

Twitter users were being hit on Wednesday with what seems to be the second phishing attack this week, according to security firm Sophos.

The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page, according to a blog post by Sophos' Graham Cluley. If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.

Earlier in the week, a phishing attack was spreading via direct messages that were widely distributed because of third-party … Read more

Web robots, commonly referred to as "bots," are software programs written to do automated tasks, like crawling the Web looking for new sites. They also appear in chat rooms and instant messaging services masquerading as real people.

Depending on the level of sophistication of the artificial intelligence, they can attempt to understand questions and respond appropriately. Usually the conversation is pre-set, which makes for some rather silly conversations.

Bots are nothing new, but not everyone has personally interacted with one. I, for one, have never been approached by a bot in a chat room or on IM, so … Read more

Twitter reset passwords for an unknown number of users on Tuesday whose accounts appeared to have been compromised via phishing.

"As part of Twitter's ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite," the company said in a statement.

Some Twitter users apparently "used their Twitter username and password to sign up for an untrusted third-party application which then posted Tweets to their account," a spokeswoman said.

"While we're still investigating and ensuring that the appropriate parties are notified, we do believe … Read more

Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.

Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.

Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information. This allowed users to change their mind before adding the app. The company has changed … Read more

Smartphones aren't just smart, they're personal computers. Unlike a desktop or even a laptop PC, those devices and other mobile phones can easily slip out of a pocket or purse, be left in a taxi, or get snatched off a table. They let you store photos, access e-mails, receive text messages, and put you one browser click away from potentially malicious Web sites.

In effect, gadgets like the Apple iPhone and those running Google's Android software can be as risky to use as PCs, except that the wide variety of mobile platforms has deprived malicious hackers of … Read more

You and just about everyone else, it seems, are spending more and more time on Facebook and Twitter, updating statuses and checking friends' tweets. That's all well and good, of course, but the amount of personal information that all of you share in real time, and the level of trust implicit with the social networking sites, do pose particular security and privacy problems.

A recent study from Sophos found that Facebook users reveal a lot of personal information to new friends, including ones they really don't even know or have never met. Using fake profiles, Sophos sent out … Read more