In order to be eligible to win these prizes, you need to register to the site and then submit a photo showing the panic caused by PST files. This could be either a photo of your stressed admin, or one of yourself in the midst of your stressful and frustrating job; or possibly a screenshot of a horrible software crash. You could even get your creative skills going and produce an edited photo of all the very wrong things you want to do to your PC when you find out that your PST files are damaged and unrecoverable!

PST files are personal storage tables where Microsoft Outlook data in stored on a local computer. These files are still widely used despite being known to be unreliable and cause problems from a compliance and usability perspective. As a solution to this problem administrators use email archiving to store all the organization’s email correspondence.

Email archiving is also important for judicial reasons where eDiscovery regulations and compliance legislation states that all emails must be stored in their original format and recovered should the need arise. Email archiving is the simplest and most efficient solution to keeping an organized store of all emails that is searchable and through which emails can be recovered. Failure to comply with these laws could result in serious legal ramifications.

Visit www.pstpanic.com for further information about email archiving and the compeition.

          “Phishing appears to be a low-skill low-reward business. The enormous amount of phishing activity is evidence of its failure to deliver riches rather than its success. Repetition of easy money stories without scrutiny makes things worse by ensuring a steady supply of new entrants,” the researchers argue.

They estimate that just 0.37% of users fall for phishing scams, but far fewer actually suffer any financial loss due to anti-fraud measures in place at their financial insitutions. The total loss is around $61 million. Since the study doesn’t give any details as to how the money is divided, it’s possible the large phishing operations may still manage to rake in decent profit, but the researchers say the average phisher makes only hundreds of dollars in profit from their schemes.

The shopping spam offers fake Rolexes and urges the recipient to start their Christmas shopping early. Similar messages promise a chance to win money for holiday spending. Some of the messages lead to phishing sites, others install malware and turn the recipient’s PC into a zombie machine.

Image spam appears to be remerging in holiday spam. This time the images are company logos in spam messages offering job opportunities. Spammers are taking advantage of the current economic turmoil and people’s job security fears in this particular holiday spam campaign. Other economy related spams include one claiming to be from U.S. Treasury Secretary Henry Paulson, and another offering a free DVD about President-Elect Obama’s plans to help the economy. Anyone who attempts to order it is prompted for banking info.

Lottery spams are also on the rise as scammers attempt to prey on those suffering financially due to the economy. The recipient is informed they’ve won a large sum of money in a lottery and all they have to do is either provide their banking info so that the money can be transferred to them, or in many cases, must provide their SSN and a fee for “processing”.

Spammers aren’t likely to let up soon; in fact researchers say spams and scams will continue to increase as the economic chaos continues.

          “Your former classmates are trying to contact you! Upgrade now to see their messages!” That’s the pitch many of us have seen from Classmates.com as a lure to pony up for a subscription. At least one former customer says that the claims are fraudulent and has filed a class-action lawsuit against the company. Depending on how the case moves forward, it could have an impact on how Classmates.com, and other sites, advertise their services.

The problem is, once you get the email and go to the site to satisfy your curiosity, you discover their free service won’t let you check the messages they claim are waiting for you, so you fork over your credit card info and sign up for their paid service only to discover there isn’t actually anyone looking for you at all. Ouch! Classmates.com’s rival, Reunion.com pulls a similarly sleazy stunt, but worse. When a new member signs up they automatically give the site permission to access their address book and spam everyone in it with a message claming that member is trying to connect with them. Hopefully this lawsuit will be a wake up call to both companies that spamming and deceptive emails are not the marketing tools reputable companies should be using!

Experts say the company hosts a vast community of cyber criminals including spammers, phishers, malware distributors and even peddlers of child porn. It’s also believed that McColo servers hosted the massive Rustock and Srizbi botnets. But will the move really take a bite out of cybercrime? Probably not. The criminals will in all likelihood move their operations elsewhere, most likely to an overseas host. Another ISP notorious for hosting cyber crime, Intercage, was shut down twice last month, and while experts say that closure helped kill the Storm Worm, evidence shows some of Intercages clients have set up shop on a server hosted in the Ukraine. As long as there are webhosting firms willing to look the other way, these shutdowns will only be temporary obstacles rather than permanent solutions.

It would be simple for a scammer to set up a fake IceSave website, and using the details provided by the FSCS, create and send legitimate looking phishing emails. Fortunately the FSCS is also offering a way for customers to claim their refunds via postal mail, and so far no fake sites or phishing emails related to IceSave have been detected, but given the nature of phishers it is likely only a matter of time.

Here’s how it will work:

• The APWG-IPC and CMU’s STDP created a webpage to educate users about phishing.  The page (http://education.apwg.org/r/en/) explains that they have just fallen for a phishing communication (email or otherwise) and advises consumers and enterprise users about ways they can help themselves to avoid being victimized in the future.
• As part of the process for shutting down a phishing site, we are asking ISPs, registrars, and anyone else who has control of the phishing page to take the following steps:
• => Determine if the brand being phished has approved having the phishing site URLs re-used to redirect their customers (who’ve been fooled) to this educational page.
• => If the brand has approved the use of the redirect, instead of serving an error page when a customer arrives at the URL, redirect them to the APWG/CMU Phishing Education Landing Page

The APWG-IPC created a separate webpage that will help the manager of the company whose servers have been co-opted for use in phishing attack learn how to initialize redirects to the APWG/CMU education page.

The APWG and CMU’s STDP encourages all brand owners to approve this process, all takedown providers to request the use of this redirect scheme, and all ISPs, registrars, registries, etc. to redirect to this page instead of serving an error page.

The infiltration was accomplished by impersonating a component of the network used to send instructions between the host server and the infected PCs (commonly known as bots or zombies) it controls. This allowed them to place their own URLs in some of the spam sent. These URLs redirected to fake store fronts appearing to offer a variety of pharmaceuticals. These fake stores were fully functional up until the point a customer tried to check out. Before they could enter any payment info the site gave them an error message. The researchers never collected or even saw any personal info.

The researchers discovered that Storm sent out 350 million emails in 26 days, resulting in 28 potential customers. Not surprisingly almost all of them ordered “male enhancement” drugs. The average sale was roughly $100 which would have given the researchers a tidy $2,700 or so. Based on this they calculated the average daily profit from the Storm’s spam campaigns to be between $7,000 and $9,000, which equals roughly $3 million a year.

The study showed that despite all the warnings and spam filters, people are still clicking on links in spam messages, which is quite disturbing as this is still one of the most popular ways cybercriminals distribute their malware. The study showed that 10% of people who click on malicious links actually install and run the malware. That equals 1 in 10, and is the reason Storm produces a whopping 3,000 to 9,000 new bots a day.

Steven Barnes was also ordered to pay a fine of over $54,000. Prosecutors say Barnes hacked into Akimno Systems’ network, turned the mail server into a massive open relay which sent out so much spam that the company’s email service was restricted, deleted its Microsoft Exchange data base, and compromised core boot files. Barnes pleaded guilty to the charges.

In a sentencing memorandum, federal prosecutor Shawna Yen urged U.S. District Judge Jeffrey White to sentence Barnes to 16 months. She said it was necessary to “send a message to future would-be hackers that this kind of crime - namely, intentionally attacking a company’s computer system and wreaking damage to the company’s business - is taken seriously by the courts.”

Barnes’ former employer is partly to blame however. Amazingly, they had no firewall installed and had not deleted his user account or changed the network passwords after he was fired over 4 years ago! Such lax security is inexcusable these days, and hopefully Akimno Systems has learned a valuable lesson.
 

According to security expert Bill Mullins, in the last year, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.

This time around, the domain name being used by these scammers is Greetingcard.org, which is a legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on its website, “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.

Bill goes on to further explain that this type of socially engineered email scam is based on playing the human curiosity card. This scam exploits the fact that people are naturally pretty curious. The surprise factor appeals to people to further make them want to open one of these dangerous scam emails. Receiving good news feeds into the “wow” factor that heightens the effect of making people want to open these bogus email greeting cards. Spammers are counting on all these different factors to lure people into the trap. Many people fall for it with disasterous results being unleashed on desktop computers or company networks.

In this scam, the body text of the message urges a person to click on an embedded link so that you can see the greeting card. However, clicking on this link will lead to malware being installed on your computer.

According to The Greeting Card Association, a legitimate e-card notification will always include the full name or personal email address of the sender. Furthermore, the sender will never be identified by a generic term such as a “friend” or “associate”, terms that are frequently used in fraudulent e-card scams.

Pass this information on to your email user community before the holidays get into full swing for sending more electronic greeting cards.

The Trojan works by waiting for the user to enter the URL for a banking or credit card site. Once it senses one, it replaces it with a fake one that captures the user’s details. So far it’s known to have the ability to sense nearly 3,000 different URLs, and is not detected by most anti-virus programs. It does this by using a rootkit to infect a PC’s master boot record, making it practically invisible.

Not surprisingly, security experts believe the criminals running the malware are in Russia, since that is the only company no infections have been detected in. They’ve made banks, credit card companies and law enforcement aware of the situation, but don’t rely on them to protect you. Use your common sense. Never click on a link in an email from any financial institution you do business with, and remember they will never, ever ask you for your password, account number, or any other personal info via email. Also be wary of emails offering links to videos of news stories, celebs, or anything else. Most of the time clicking on them will take you to a malicious site.

If you think you’ve been the victim of this Trojan, contact your bank or credit card company right away, and disconnect your system from the internet and any internal networks until you’ve cleaned out any infections.

Educate your email users with the following information in your next phishing alert email or newsletter:

What is phishing?  Phishing is when some one sits there and creates a spam message to fool the user into thinking that they are going to a legitimate web site and ask them to give up personal information, such as their social security, credit card and bank account numbers.  However, this fake web site is only set to steal the user’s information. The email may look like it is coming from a legit company - creating a web site is easy and to make it look like one from a legitimate business is not hard either.

I had received an email from my ‘bank’ requesting me to update my profile.  Within the email it stated to make changes if needed for my account number, social security, home address and home phone number.  I thought to myself, ‘why would my bank want me to update my profile when they had never asked me to do so before?’  I thought it was strange but did not act on the email right away.  I put it out of mind and continued with my day’s work.  By the next day I received another email requesting that I update my profile. Now I was curious as to why the urgency to update my profile.  I called my bank and spoke to someone in customer service.  I found out that they did not send any email and I was not respond to the email or go to the link that was within the email. I forwarded the fake email to the customer service rep and she assured me that the bank would never send an email to request me to update any profile. She told me that were I to receive any more emails, to call and verify if the request was a legitimate one.

How can you protect yourself from phishing? You can start by filtering and blocking spam from getting to your inbox.  Next is to protect your host file in Windows.  You can use security software to protect your host file and to check whether there are any entries that do not look familiar.  Another option is to change how email is received, from HTML to plain text - this will strip any codes embedded that may be executed.  It’s also important to have a very good anti virus software installed as well as an anti spam software.  With both softwares you can protect yourself much better against such attacks.  Another option you may want to consider is to change your Internet browser.  Most have Internet Explorer installed but you can change it to Mozilla Firefox, Opera, etc.  Many experts believe that Microsoft Internet Explorer is vulnerable to such spam.

Overall double-check the email that you receive requesting such personal information. If you are not sure about the legitimacy of the email, verify with a phone call or letter.  With a good anti spam software installed you can minimize the spam coming in.

Consider sending this type of information to your email user community on a regular basis.

          “This termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction,” Stacy Burnette, ICANN’s director of contractual compliance, wrote. ICANN rules permit the group to terminate registrars who have officers or directors convicted of a crime related to financial activities, she said.

Among the activities EstDomain’s hosting is used for are spamming, malware distribution, phishing,and sites selling fake drugs or those illegal in some countries. Not surprisingly, the company denies this.

          “We don’t provide the service for spammers/phishers etc, and we never did,” Konstantin Poltev, registry liaison for EstDomains, wrote in an email to The Register on Wednesday.

ICANN will oversee the transfer of the 281,000 domains under EstDomain’s management. However, since many of the company’s domains are used for malicious purposes, it’s doubful any legit host will be willing to take them aboard.

The third quarter reports also found that the U.S. leads the “Dirty Dozen” of top spam producing companies, with nearly 19% all spam coming from them. The other countries on the list are Russia, China, Turkey, Brazil, South Korea, India, Argentina, Italy, the UK, and two new countries to the list, Columbia and Thailand.

Experts believe malicious spam will continue to rise and that the use of social networking sites to deliver malware will also continue to rise as spammers and cybercriminals continue to look for cheaper and more effective ways to do their dirty work.
 

MillerSmiles.co.uk was originally founded in February of 2003 by Mat Bright. His intention was to use the site to sell and promote his love of Book Collecting, but when becoming involved in using eBay, he found that buying and selling online had many dangers. The biggest of these was the threat from spoof email and phishing scams, and users of eBay seemed to be the main targets.

Appalled at the lack of insight for internet users about this kind of identity theft and fraud, Mat set about posting snapshots of the emails and bogus web pages on the site with the intention of building awareness. What followed was a surprise…

Mat began receiving copies of other spoof eBay emails from fellow internet users who came across his site. He decided to expand and develop the site into an awareness building tool and a weapon against the perpetrators of these crimes. Having a security professional background he was up to the task, and set about logging reports of the spoof emails he received daily.

In late 2003, Tam Digital took over the running of millersmiles.co.uk with a view to developing the spoof email and phishing scam section of the site. This they did, and the site and its archive of reports continued to grow rapidly.

Then in early 2004 the site changed hands again, and Oxford Information Services Ltd stepped into the fold. They continue to run the site to this day, maintaining an ever-expanding archive of scam reports dating back over two years.

In February 2004, millersmiles.co.uk launched the world’s first scam alert service using an RSS news feed. RSS is a growing technology with rapidly increasing numbers of users. You can now include RSS news feeds in your Yahoo page for instance, and all of the major sites on the web now have a news feed of some sort, (including Yahoo, CNet , CNN and the BBC).

The scam alert news feed can also be used by webmasters within their own web pages and many sites have taken the opportunity to help millersmiles.co.uk build awareness and bring the growing problem of identity theft using spoof emails and bogus web content to the forefront of surfers’ experience.

millersmiles.co.uk continues to stand out as the prime international source of information about spoof emails and phishing scams, with a vast library of real examples including details and images of the emails themselves and related bogus web content.

This new kind of scam brings the average cybercriminal over $10 million a month. Researchers have found a definite relationship between the economy and cybercrime. Stock market declines and other economic crisis almost always result in a surge in scams and spam. That’s bad news for all of us if the current economic forecast continues to worsen. Already new campaigns exploiting Citizen’s Bank, the 2012 Olympics and the Better Business Bureau have been detected, and despite the recent suit filed against the makers of the infamous and much hated “Antivirus XP” malware, similar rogue programs continue to be distributed via spam and popups. Researchers and security experts expect this trend to continue for the foreseeable future.

The Center for Democracy & Technology (CDT) embarked on a project to attempt to determine the source of spam. They set up hundreds of different email addresses.  Then the CDT waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most email users that many of the addresses the CDT created for this study attracted spam.  What is very interesting is the different ways the email addresses attracted spam. There were also the different volumes, depending on where the email addresses were used.

The results offer insights about what online behavior results in the most spam. The results also debunk some of the myths about spam.

*The analysis indicated that email addresses posted on Web sites or in newsgroups attract the most spam.

• Web Sites: CDT received the most emails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as “robots” or “spiders” to record email addresses listed on Web sites, including both personal Web pages and institutional (corporate or non-profit) Web pages.

CDT tested two methods to stymie address harvesting:

1. Replacing characters in an email address with human-readable equivalents, for example “sample@domain.com” was written “sample at domain dot com;” and
2. Replacing characters in an email address with HTML equivalents.

Email addresses posted to Web sites using these conventions did not receive any spam.

• USENET newsgroups: Newsgroups expose email addresses of every person who posts to the newsgroup to spammers. Newsgroup postings, on average, generated less spam than posting an email address on a high-traffic web site. In our study, we discovered that most newsgroup related spam is sent to the address in the message header. This held true even if other email addresses are included in the text of the posting.

• For the most part companies that offered users a choice about receiving commercial emails respected that choice. Most of the major Web sites which we provided email addresses for respected the privacy choices we made, if a choice was made available.

• Some spam is generated through attacks on mail servers, methods that don’t rely on the collection of email addresses at all. In “brute force” attacks and “dictionary” attacks, spam programs send spam to every possible combination of letters at a domain, or to common names and words. While these attacks can be blocked, some spam is likely to get through. In many cases, spam generated by these attacks will be directed to shorter email address (like joe@domain.com) before it is directed to longer addresses (like joeanderson@domain.com).

Recently several readers contacted the News Sentinel to report they were victims of a scheme who had received emails from friends or associates claiming to be stranded overseas and asking for money.

The name and email accounts used were supposedly from known friends of victims. The accounts were used by scammers who sent the “stranded overseas” appeal to make the victims think friends they knew were really stranded and had no money.

Stacie Bohanan, spokeswoman for the Knoxville office of the FBI, said the broken into email accounts were infected by a virus and not “hacked” by an imposter targeting a specific individual. Bohanan said the FBI has been investigating this case.

Jason Pack, special agent with the FBI’s national press office, said the scam is “cyclical” and often runs through various communities as it picks up the contacts shared by local email accounts .

The emails, which appear to come from a friend or associate stranded overseas, are written in a chatty, familiar style and closed with the name of the person whose email account was hijacked.

Victims of the scam need to report it to U.S. government’s The Internet Crime Complaint Center, online at www.ic3.gov .

Bohanan warned that a similar virus claims your credit card account may have been compromised and directs readers to phone the company.

“Do not call that number,” Bohanan said. To check with your credit card company, call only the number listed on the back of your card, she added.

Redirection: This is a very hard-to-trace technique.  Many search engines now perform redirection when you click on a link resulting from a search. They do this to keep track of which sites are the most popular. Spammers have figured out how to use this to get you to their site by first sending you through these search engines. What you see is a really complex URL with a few well known search engines embedded within. It’s harder to dig out the final website URL, but it’s possible.

Relay Page: This spammer technique creates a “relay” page on a “throwaway” web site. This web site is typically created on one of those free hosting services. The spammer doesn’t care if s/he gets shut down. The web page on this site contains a link to the true web site of the business. This way, the spammer draws complaints away from the ISP that hosts the real business web site. Complaints will go to the free ISP, and the relay web site will get shut down. It’s worth the effort to dig into the relay page to find the true webpage address. There are even some businesses that make it their business to host these relay web sites. These are tough to get shut down, but they’ll eventually go away with patient and persistant complaints to their ISP.

Encryption: Often spammers will try to hide their true URL through a combination of techniques. Another technique is to completely encode and encrypt the relay page using JavaScript. A JavaScript decrypter is used to rebuild the page for your browser. Of course, with some well-placed changes, you can make the decrypter dump the raw HTML to your screen to expose the web site instead. This requires a little programming experience, however.

Web page lock down: Many spammers will secure a web page with JavaScript so that you can’t right-click and get the properties of the page, or view the source, or do anything else to trace the web site. If you can get the URL of the page, then you can download the page to a file instead of loading it into a browser. This allows you to inspect the file in a text editor, such as Notepad.

French president Nicolas Sarkozy is a victim of a phishing scam. French officials confirmed yesterday that he had money stolen from his bank account after inadvertently giving scammers his username and password through what was later found to be a phishing email.

           “[This] proves the system of Internet checking is not infallible,” French secretary of state for consumer affairs Luc Chatel said. “These cases are sufficiently rare that we haven’t had to really organize ourselves, but [are] sufficiently serious for us to reflect on how to improve the system.”

President Sarkozy filed a complaint with police and an investigation is ongoing. The specifics of the attack haven’t been released and officials say the president’s bank could face sanctions if it’s found their security procedures, or lack thereof, contributed to the hacker’s attack.