In this issue:

• Consumer Awareness: 12 Tips for Keeping Your Laptop Secure
• Scams and Hoaxes
• Microsoft and Apple Security Updates
• Security Newsbytes

Consumer Awareness: 12 Tips for Keeping Your Laptop Secure

Laptops or notebooks are often the “other” computer—the one you do not use on a daily basis or only use when you travel. When your laptop is not powered up and online on a regular basis, its security software will get out-of-date or may expire and become ineffective. Your laptop may also be missing security updates and patches for the operating system and software applications, leaving it vulnerable to attack. Whether you use your laptop a lot or just occasionally, keep it secure at all times by following these 12 tips.

• Make sure your security software has not expired. If it has expired, renew or replace it immediately.
• Update the anti-virus, anti-spyware and software firewall before you use your laptop.
• Check to make sure that patches and updates are current. Not sure how to keep your software up-to-date? Contact a computer consultant or your Internet Service Provider (ISP), or ask the computer support staff at the office.
  • Windows
  • Mac
• On the road, pick your hotspot connection carefully. Don't log on to any public hotspot that presents you with an invalid security certificate.
• Turn off the wireless adapter (Wi-Fi) when you are not using it. This will help prevent hackers from breaking into your laptop wirelessly.
• Avoid using computer bags. They make it obvious that you’re carrying a laptop. Tote your laptop in something more common like a padded briefcase or suitcase.
• Never leave access numbers or passwords attached to your laptop or in your carrying case.
• Carry your laptop with you. Always take your laptop on the plane rather than checking it with your luggage.
• Keep your eye on your laptop. When you go through airport security, don't lose sight of it.
• Avoid setting your laptop on the floor. Putting your laptop on the floor is an easy way to forget, lose track of it, or step on it.
• Buy a laptop security device. If you need to leave your laptop in a room or at your desk, use a laptop security cable to securely attach it to a heavy chair, table, or desk.
• use a screen guard. These guards help prevent people from peeking over your shoulder as you work with sensitive information in a public place.

For more information & tips:

• Microsoft Laptop Security
• OnGuard Online
• Microsoft Encryption Tips

Return to Top

Scams and Hoaxes

Report email scams to Federal Trade Commission

Mortgage Crisis Spawns Spam Scams
Spammers are increasingly using the mortgage crisis to fill up the inboxes of email users. Since the start of the year, there has been an increase in the number of unwanted email messages offering relief from foreclosure. Or spammers will invite people to buy a foreclosed house and cash in. Spam watchers say there has been an uptick in spam messages shouting, “Don't let them foreclose!” or “Homes given away.” Doug Bowers, who monitors spam for Symantec, says these emails lure consumers in slowly. “Someone will then be on the other end who will try and engage in a dialogue that will end up with you sending information, which then could be used to actually make purchases, open new credit cards, potentially access your current bank accounts or financial information.”  More information

Craigslist Scams Targeting Renters
The apartment on Craigslist sounded too good to be true. A fully furnished two-bedroom with a balcony in Bay Ridge, Brooklyn, going for $950 instead of the $2,200 it would normally fetch because of the tenant’s sudden job transfer. The catch: You have to take it sight unseen and send a security deposit. The bogus rental was even more of a steal than unsuspecting would-be tenants thought, part of a growing number of scams designed to fool gullible people desperate for affordable housing. This particular listing on Craigslist.org, the go-to site for frazzled city dwellers, featured appealing photos and a quick response to inquiries from a scam artist, along with a tale about being transferred to North Carolina.  More information, VIDEO

Expired Visa Card Phishing Scam
This email, which purports to be from Visa, claims that the recipient's account has expired and he or she must renew it immediately or the account will be closed. The message instructs the recipient to click a link, ostensibly to login and start the Visa account renewal procedure. Surprise: the message is not from Visa. Instead, it is a phishing scam designed to steal the recipient's account information. Those who click on the link will be taken to a webpage that asks for a card number, expiration date and PIN, supposedly to verify the account for renewal. Although the bogus web page includes a seemingly genuine Visa logo, it has no connection whatsoever to any genuine Visa website. All account details and other personal information entered into the bogus site will be in the hands of Internet criminals.  More information

Check the Size of Your Webmail Inbox Phishing Scam
This email purports to be an automatic webmail admin message that warns account holders that their webmail account inboxes are nearing the maximum allowed size and need to be reset in order to allow the continued delivery of email. The message claims that account holders need to reply to the message with their webmail username and password so that the account's email database can be reset. Surprise: the message is not from any webmail system's administrator. Instead, it is a phishing scam designed to steal webmail account details. Those who reply as instructed will be handing over the email account username and password to Internet scammers.  More information

Wal-Mart Scam Sweeps the Web
A new email scam involves a Wal-Mart survey emailed to your personal account. If you fill it out, the email claims you will receive $150. Don't open it, warns the Better Business Bureau. You will only be giving away your money and your identity. Attached to the email is the survey, which looks harmless until you get to the bottom of the page where it wants your credit and debit card information. In addition, scammers want your card verification code from the back of the card and your pin number. This isn't the first time the Wal-Mart name has been used in a phishing scam. Last April, emails went out claiming customer accounts had been compromised. It was also a hoax and an attempt to trick people into giving out personal information.  More information

Beware of "Friendly" Email Scams
A friend in need? Maybe not. Scammers are assuming the name and email address of one of the victim's real friends to make a message appear legitimate. The email, which appears to be sent by the friend, asks for a favor: a wire transfer of almost $2,000 to help her out of jam. In the message, the “friend” says she is traveling overseas for a seminar. She says she was robbed and needs money to pay her hotel bills and come back home. She promises to pay back any money she borrows. Surprise: the message is not from the friend at all and any money sent will go to the scammer.  More information

Return to Top 

Microsoft and Apple Security Updates

Microsoft and Apple provide free security updates for their software products.
Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The scheduled release date is May 12th. This is a good occasion to check manually, a practice that you should follow once every two weeks, to make sure all of the updates have been installed.  More information
OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).  More information

Security Newsbytes

Computer Worm Conficker Is Doing Its Dirty Work
Just as many computer security experts began to believe it was a fluke, the computer worm Conficker, which has the ability to silently penetrate vulnerabilities within the Windows operating system, has begun to rear its ugly head. They say that the software is installing new and malicious programs on some of the computers it has already invaded with the aim of using those PCs to send out criminal spam and scrounge around on unsecured computers for valuable personal data, Reuters reports. Conficker, also called Downadup and Kido, works like this: Once the worm wiggles into a PC, it then has the ability to install software and enable the computer to receive additional viruses from the program’s creators. It can also link an individual PC to other infected machines and create a botnet -- an army of computers under its control -- which can be strung together for launching cyber attacks.  More information

Crooks' Bots Swarm Facebook and MySpace
Scams and identity-theft programs that attack email accounts and users of social-networking sites such as Facebook and MySpace have become a new front in cybercrime. To carry out many of these automated attacks, cybercriminals first must overcome “captchas,” the distorted letters and characters that users of an email or social-networking account are required to type to complete certain online forms. For years, captchas have helped to stop or bog down automated programs aimed at creating email accounts that promote scams such as fake computer virus protection and bogus accounts on social Web sites that can be used to collect personal information on legitimate users. Security specialists say a growing number of captcha-breaking groups are using real people to type in captcha responses for cybergangs around the world. This is allowing the gangs to create fake email and social-network accounts by the tens of thousands — and use them as the starting point for a variety of cyberscams spread by email and instant messages. MySpace and Facebook say that, so far, they have kept such attacks largely in check. But as long as captchas are a key security feature on networking Web sites, cyberattacks on such sites are likely to intensify.  More information

Bogus Security Software a Growing Threat
Hackers are increasingly hiding viruses in bogus computer security software to trick people into installing treacherous programs on machines, Microsoft has warned. The software giant said in a security intelligence report that “rogue security software” is a growing threat as hackers take advantage of people's fears of worms such as Conficker. Rogue security software, referred to as “scareware,” pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee. “The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information,” Microsoft said. Two “rogue families” of scareware were detected in 1.5 million computers. Another form of scareware was found on 4.4 million computers, a rise of 66% from the previous six-month period. “That means when users downloaded the software, they probably gave away credit card numbers and got infected,” Microsoft said. “That's a double hit.”  More information

Return to Top 

Source material reproduced with permission from:
OUCH Monthly Newsletter
SANS Institute (http://www.sans.org)