Gmail Can Encrypt Connections Automatically

Gmail has a new feature to always encrypt connections. It’s always been possible but not everyone uses it.

What’s encryption? Say you’re at work (or at school, or at a library or an internet cafe) and using a computer to read Gmail – it’s technically possible for someone to monitor everything going out to the internet. Encryption protects your privacy in this situation, making it difficult for someone to monitor your internet usage.

How do you use it? Inside Gmail go to the Settings menu. You get the following options:

1. Always use https (select this option to use encryption)
2. Don’t always use https

Pros:

• It provides a good level of privacy, especially if you’re using someone else’s network. This is great for public networks (e.g. libraries), offices, and internet cafes.
• It’s easy to use. Just turn it on, never think about it again.

Cons:

• It slows Gmail down a bit (every single part of your Gmail emails needs to be encrypted then decrypted, this takes a small amount of time).

I strongly encourage you to use this feature. Every little bit of additional security helps, especially when it’s so easy to use.

Note that using this form of encryption only protects your privacy between the computer you’re using and Gmail. Emails were never meant to be secure or private.

Facebook Exposes Birth Dates

A flaw in a beta version of Facebook made it possible to see member birth dates, even those set to hide this information. Birth dates are often used to confirm someone’s identity. By having a full name and birth date it’s possible to phone up companies and ask for more private information (this is called Identity Theft).

Facebook has already fixed the flaw. However it’s a good reminder that any private information you enter into a social network such as Facebook could some day be read by someone not meant to read it.

If something is important enough to be private then don’t enter it into someone else’s system without thinking through the potential consequences.

You can view a video of how this flaw works here.

Fake Invoices

There’s some new spam that claims you bought a plane ticket and has an invoice attached. The invoice is in fact a piece of malware. This is similar to the UPS (United Parcel Service) emails that have been popular in the past couple of weeks.

The email will have a variation of the following:

• It claims to be an order for a flight ticket from some random airline
• It gives you a login name and password
• It claims that your credit card was charged for some amount. This could cause people to become concerned
• Tells you that the invoice is attached. If you’re concerned about being charged for something you didn’t order then you’d be tempted to open the invoice.
• Claims that an e-ticket is also attached and that if you print it you can just board a flight. This "getting something for free" could get people’s attention.

If you get any emails like this just delete it. Don’t open the attachment.

Latest Trojan Emails

New trojan emails will never cease. I’ll just summarise these new spam emails below. The deal’s always the same, some story and/or photo to get you interested enough to click on a link, download some malicious code or to type in some personal details into a stranger’s web site.

So delete unsolicited emails featuring the following:

• A pixelated photo of Angelina Jolie, promising to show you a video of her
• A notification from UPS about an undelivered parcel
• As above (UPS) but in German
• You won the Beijing 2008 Olympics Lotto (something that you didn’t enter and that doesn’t even exist). It promises US$500,000 if you provide enough personal banking details.
• "‘Roswell’ Victims Spill Beans on the Beijing Olympics"  (the subject doesn’t even make sense)

Legally Installed Spyware

In December last year I wrote about Germany’s police wanting to install spyware on people’s computers when they deem it necessary. The legislation has now been approved, at least  in the German state of Bavaria.

What this means to you:

If you live in Bavaria, either as a resident or as a visitor, keep in mind that authorities can now legally install spyware on any computer you use if they suspect you of being a terrorist, or posing other serious criminal threats. This sounds fairly general and could apply to a lot of situations.

If the police can’t install spyware on your computer remotely they also have the authority to enter your premises and install the spyware directly onto any computers you use.

No judicial warrants are required.

So if you have any data you wish to keep private (assuming you have a perfectly legitimate reason to do so) you’ll have to start being creative. You could take your business elsewhere, be paranoid about what computer or operating systems you use (hint: popular systems are usually easier targets), and keep informed on the latest computer spying and hacking techniques.

This article’s aim is to raise awareness that governments can and do spy on people’s computers.

More information here.

Iran Invaded – Malicious Emails

Some emails have been seen with headlines such as:

• World War III has started
• US has invaded Iran

The email looks like it has a link to a video.

In the background it installs a variant of the Storm trojan, probably the most widely spread and malicious trojan to date. Your PC will then be under the control of others without your knowledge. It’s bad. Estimates vary but there are between 1 million and 10 million PCs in the world that are currently under the control of Storm.

So don’t open this email. At this time Iran has not been invaded (and hopefully no country ever will be). Delete it, and let others know.

Skype Phishing Emails

Skype has issued a warning that people have been receiving emails that appear to be from Skype. When a user clicks on a link in the email, they’re taken to a login page that looks like Skype’s website (but in fact it’s operated by someone else). When you enter your username and password, they’re sent to someone who will then use them for some malicious purpose.

How can you tell a real Skype login page from a fake one?

According to Skype the only page that they will ask you for login details is:

https://secure.skype.com/…(anything else is ok here)…

If you’re about to enter your Skype details into a website that doesn’t exactly match the above then it’s probably fake. What if it’s just a few letters different? What if the dot’s in the wrong place?

The part after the // and before the first / needs to be an exact match. I’ve made this bold just to make it as clear as possible. The part at the end is ok.

Below is a copy of one of these Skype phishing emails. I’ve copied the contents here to help Google index this page. When you receive suspicious emails it’s a good idea to copy and paste a few lines into Google. You’ll soon be able to tell if it’s a known fake email or real.

Account blocked

Hello!

We have to notice that your account is suspended because Skype major Terms are being changed.
To re-activate your account you need to agree with the new Terms here:

Follow this link to re-activate: ACTIVATE

after that, your account will be automatically re-activated.

Thank You!

Skype Administration

The word ACTIVATE has a link that goes to the fake Skype login page. In most email clients, if you hold the mouse pointer over the link you can see the real destination. If it’s not like the one shown at the top of this article then it’s fake. See this screenshot of the fake one:

Camera Memory Card Scam

This scam is interesting. A shopper was approached by someone and asked not to photograph in the store. Then he was asked for his camera’s memory card. It wasn’t a security guard that did this, just some random stranger hoping to be mistaken for some security person.

Within a few minutes a man came up dressed in plain clothes, flashed a badge, and told him he couldn’t take photos in the store.

Read the full post here.

Gmail and Yahoo Mail blocking fake eBay emails

Yahoo owns some technology called DomainKeys that can verify the sender of some emails. One thing it can do is recognise real and fake emails from eBay and PayPal. This is good because quite a few phishing emails claim to be from eBay or PayPal, intended to trick people into providing their login details.

Google has just implemented the technology for Gmail. So if safe email is of concern to you, your best bets are to use either Yahoo or Gmail for your emailing.

More technical information here.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Ads

  • Anastasia International Scam

• Recently Written

  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email
  • Microsoft Does Not Send Updates By Email
  • Texaco Money Mule Scam
  • Facebook Un Named App
  • Avast 5
  • ATM Card Skimmers
  • Common Passwords
  • Fake ATO Emails
  • TwitterBuilding
  • IE6
  • BlackBerry Hoax Message

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month March 2010  (2) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Ads

• Affiliates

• Spam Blocked

  30,855 spam comments

  blocked by
  Akismet

• Stats