Categories
Uncategorized

Phishing: Don’t get caught

OK, a poor title, I admit. Don’t filet me.


As noted, this week I am posting on some of the different ways Microsoft is working on improving your experience with your computer, with bits dedicated so far to OneCare, Windows Defender, spam and yesterday on Windows Live Safety Center.


Late last year I mentioned phishing and screen scraping, so let’s tale a closer look at…


Phishing: Have you ever gone to your email box and seen a message from a reputable, top company — perhaps a bank, popular web site or government office — and come across a message that asked you to confirm your personal identifying information (PII)? They’re actually emails featuring links to phony web sites that look like the real thing. Welcome to the world of phishing scams. (See “What is a phishing scam?” for more details.)


Phishing scams are a ruse to steal your PII, a valuable commodity that can help someone impersonate you and cause all sorts of problems. I get a few of these a month usually posing as messages from eBay or PayPal, or major banks where I don’t have an account. Once a phisher has your PII — which can be your name, account numbers, passwords, and Social Security numbers — you could easily find yourself with debts you never imagined, or your bank account wiped out.


According to Consumer Reports “State of the Net” survey in 2005, phishing scams cost consumers an average of $395 per incident in the United States. In 2004, CNET reported that these online cons cost US consumers a total of $500 million. Phishers use many tactics including creating and sending e-mail messages or links to fraudulent Web sites or that appear to be valid in an attempt to fool you into submitting personal, financial, and password information. MSN has a helpful page with more info on battling phishing.


The Microsoft Phishing filter add-in for the MSN Search Toolbar provides offers access to a new dynamic online service, updated several times an hour, to warn you and help protect your personal information from these fraudulent Web sites. The add-in dynamically checks the web sites you visit and gives you a warning if the sites are suspicious. It blocks you from sharing personal information if a site is a known phishing web site. The online information in the add-in is regularly updated. (Note that the Phishing Filter is a new feature in Internet Explorer 7.0.)


Screen scraping attacks are becoming more common in scammer’s schemes to subvert sophisticated security systems – I’ll tackle this one in my next post.


More information:



  • Microsoft’s page on Antiphishing
  • Read more about the improvements we’ve made in our Trustworthy Computing initiative. Some helpful links are noted on the page, including:
  • MSN Online Safety and Security provides helpful tips, information, interactive quizzes, and downloadable safety brochures. The site has information about privacy and e-mail protection as well as ways to keep kids safe online.
  • GetNetWise (getnetwise.com) is a Microsoft-supported site that offers ways to protect families from malicious threats on the Web.

Tags: , , , .

Categories
Uncategorized

News: Windows Live parental controls due this summer

CNET reports today that just in time for your children’s summer vacations, Windows Live parental controls is due this summer…



As reported earlier, Windows Live Family Safety Settings software is designed to help keep Web content that parents deem inappropriate from reaching their children. A preview version of the tool is currently available to testers.


The first version of the new software will let people filter online content and get activity reports on Web sites that were visited by others, Microsoft representatives said.


Tags: , , , .

Categories
Uncategorized

It’s flu season: check up with Windows Live Safety Center

This past weekend, I started looking at some of the different ways Microsoft is working on improving your experience with your computer. I featured initial looks at OneCare, Windows Defender, and yesterday on the affects of spam.


For my next trick, a general look at securing your PC through Windows Live Safety Center, a new, free service (in beta) designed to help ensure the health of your PC. 






Windows Live Safety Center



 Safety Center

On the site, you can run a service scan that will check for and remove viruses on your computer, improve your PC’s performance and help to get rid of junk on your hard disk. You can run a full service scan to check everything, or target the services to meet your specific needs (to protect, clean up or tune up your PC).


Reminds me of the old Adam-12 TV series, where the motto “to protect and to serve” was prominently featured. I wonder if Scott Charney or Mike Nash were ever extras in an episode…


Additional, handy links:



  • Here’s a link to our corporate site on protecting your computer experience at home, whether your surfing the web, staying in touch via email and IM.

  • On the section, you’ll find that there are a number of newsletters available, covering the Windows OS, Security at Home, Office and more. As an added bonus, when you do sign up for a newsletter, you’ll also be entered for a chance to win an Xbox 360, a Dell Axim X51v Handheld, or Microsoft Office 2003 Standard Edition. (Disclaimer: see the site for more details.)

Tags: , , , , .

Categories
Uncategorized

On10.net is live… but not Live.com (yet)


On10.net is now live… should be an interesting site. The site is from the team who brought you Channel 9, with promises to have a new video on the site every weekday at 10:00 am, with all the videos compiled into a single show at the end of the week. On10 “is a place for people who want to use technology to change the world.”

To quote a wise man on what could be next, following On10…


“Where can you go from there? Nowhere. What we do, is if we need that extra push over the cliff…Eleven. One louder.


As I have a Windows Live home page, I am looking forward to when I can to add on10 to my stuff on my live.com home page. As the average web surfer visit just six or less sites on a regular basis, it’ll be nice when this site can be added as part of my home page.

Until then, enjoy.

 OnTen.net

Categories
Uncategorized

How much does spam weigh? (And what to do about it)

Often when meet and talk with our customers and partners, I hear some of the same concerns that impact their satisfaction with our products and services: PC security, quality and reliability of our products, and issues with email around spam and phsihing. Starting this weekend I am posting more info, tips and feedback on how we’re meeting some of these issues. I kicked it off on Friday with my reference to the anti-spyware addition to OneCare, and yesterday on Windows Defender.


Today, it’s about email and how to reduce spam.


First, just how much of a problem is this?


Microsoft IT reported in 2005 that the company received about 10 million e-mails per day via the Internet, with up to 90 percent filtered out as spam. In addition, a recent report cited that the company blocks more than 3.4 billion spam messages per day from reaching the inboxes of MSN Hotmail customers.


On an individual level, I read that average person gets only 1.5 personal letters each week, compared to 10.8 pieces of postal junk mail. This amounts to 560 pieces of junk mail per year per person. Recent research estimates that 80 percent or more of all e-mail sent these days is spam. In 2004, enterprise users reported receiving an average of 29 unsolicited messages a day, more than a four fold increase from 6.2 spam messages per day in 2002, and 3.7 messages in 2001.


So, how do spammers get your address? A couple of years ago, the The Center for Democracy and Technology released a report on their six month study, “Why Am I Getting All This Spam?” They found that e-mail addresses posted on web sites or in newsgroups attract the most spam, as spammers most often harvest addresses from the web. Just like the big search engines, spammers have automated web bots (called ‘spiders’) collect as many email addresses as possible from web sites. (Here’s a link with more details on how spammers get addresses.)


Now let’s make this personal.


A month or so ago, after grumbling about how much of our curb-side recycling was junk mail, I decided to take a closer look at what we receive in the post. And over the last couple of weeks, I kept a running total of how much mail we received at home, counting the number of pieces of mail and the aggregate weight. (Yes, my wife questioned my sanity, but I explained that it’s all in the effort to improve customer satisfaction.) I divided what we received into two piles: mail we wanted or had requested (bills, notices and the occasional letter) and mail that was junk (flyers, catalogues, credit card offers, solicitations from companies we’d never heard of before…).


Over the course of two weeks, we collected a little more than the reported national averages:



  • 36 pieces of mail, totaling 2 lb 6oz (or about 63 pounds a year), and
  • 80 pieces of junk mail, totaling 10 lb 6.6oz (a little more than 270 lbs per year)

Now that doesn’t sound like much, but in comparison let’s look what came in just to my personal email address at home: 232 pieces of junk mail. That’s 149 caught by my Outlook spam filter and 83 snagged by my internet service provider. If that junk email were junk postal mail filling my post box, it would weigh close to 31 pounds. Over the course of a year, we’re looking at more than 6,000 junk emails, at a total weight of about 792 pounds.


Ouch.


At an average of two to three seconds per email, that’s at least four to five hours of my life a year just deleting spam mail (and that estimate is on the low side).


The Crabby Office Lady’s latest tip of the month includes a link to an entire site devoted to fighting spam and sharing news about those nasty spammers and phishers. Here is one of her favorite tips:




  • Turn off auto return receipt acknowledgement: Some spammers put a “delivery” or “read” receipt request in their e-mails. If your e-mail program (or mail server) automatically confirms these receipt requests you will just be confirming your address is valid (= MORE SPAM). We would recommend you either turn this feature off or make sure it is set to “prompt” first before sending.

For information on how to do this in Outlook, read Change automatic response to read receipts.


We also have a section on our web site, Microsoft Security at Home: E-mail, which provides information and resources to help you reduce the risks of spam, viruses, identity-theft schemes, and hoaxes, while enjoying the benefits of email.  



More info:



Tags: , , , , .


Delicious Bookmark this on Delicious Bookmark and Share


http://bit.ly/lw892