This week in security

Microsoft and America Online this week announced plans for money they've culled from spammers, even as phishers came up with a new e-mail-based scam.

In the new scheme, attackers are sending e-mail warnings that appear to come from PayPal. These e-mails say that someone tried to reset the recipient's password and asks him or her to participate in an investigation.

The e-mails direct people to a Microsoft Word document hosted on a Web site and urges them to download the form, fill it out, and fax it to a toll-free number.

The new tactic comes as people are becoming more suspicious of e-mails asking them to fill out sensitive information online, said Graham Cluley, a senior technology consultant for Sophos.

"We've seen a few attempts of this in the last few days, where phishers are trying out a new technique with people who have learned their lesson about filling out forms on a Web site," Cluley said. "They're hoping people will feel it's safer to fax back a form."

At the same time, Microsoft is planning to invest some of the $7 million it is expecting from a damages settlement with "spam king" Scott Richter into fighting Internet crimes. After covering its legal expenses, Microsoft will dedicate $5 million to helping law enforcement agencies address computer-related crimes. The company also said it will give $1 million to community centers in New York for programs that help expand computer-related skills. The software giant, which had sued Richter in conjunction with New York Attorney General Eliot Spitzer, says it wants to "reward" the state.

Describing Richter as one of the world's most "prolific" spammers, Microsoft called the settlement a milestone and expressed hope the decision will send a clear warning to those dabbling in spamming.

Meanwhile, AOL is on the brink of giving away a fully loaded Hummer H2 and nearly $100,000 worth of gold bars and cash, all of which once belonged to an e-mail marketer. Both AOL members and nonmembers--all of whom will have a chance to win the goods--can thank the Can-Spam Act.

AOL obtained the goods as part of a settlement earlier this year in the first lawsuit it filed under the Can-Spam Act, in a case involving a then-20-year-old New Hampshire resident. The law not only arms Internet service providers with legal weapons against those who fire off unsolicited e-mail, it also allows courts to seize any property that a convicted spammer has obtained using money made through the offense. Any equipment, software, or technology used for illicit purposes is also fair game.

In other security news this week, the federal government is financing the development of a prototype surveillance tool by George Mason University researchers who have discovered a novel way to trace Net phone conversations.

Their project is designed to let police identify whether suspects under surveillance have been communicating using VoIP, or voice over Internet Protocol--information that is unavailable today if people choose to communicate surreptitiously.

The National Science Foundation grant comes as federal officials are fretting about criminals using VoIP to mask their communications. The Federal Communications Commission has approved mandatory wiretapping requirements for some VoIP providers, and the FBI has been warning for more than two years that VoIP may become a "haven for criminals, terrorists and spies."

[qazwiz]

I was hit

I got a couple notices from "paypal"... actually four but the first three all came the same day, they all had the same info, and they didn't hold up to the "where are you going" test (they didn't go to www.paypal.com rather they were directed to an IP address that wasn't even american

REMEMBER:

NEVER click through an email from a financial institution

NEVER cut and paste from an email from a financial institution

NEVER rush or take shortcuts trying to go to your financial institution's webpage

-------------------------------------------------

ALWAYS open a new window(even if you have a tabbed browser)

ALWAYS hand type the normal IP NAME for your financial institution into said new browser window

and most of all, ALWAYS ASK YOUR FINANCIAL INSTITUTION about ANYthing thing that you don't know 110% to be OK!!!!!

When it comes to your financial health the only dumb questions are the ones you DON'T ask.

[George Cole]

NEVER click through an email

<a class="jive-link-external" href="http://www.analogstereo.com/fiat_ulysse_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/fiat_ulysse_owners_manual.htm</a>