I read a really disturbing article on Wired yesterday about how internet service providers (ISPs), including some biggies like Earthlink, have been unwittingly complicit in helping these nasty scammers steal passwords, credit card numbers, and account information from unwitting 'net users - or they download small programs on the computer without you ever knowing. The ISPs thought they'd found a clever way to make a little extra ad revenue off mistyped domains. Instead, scammers were hijacking a security hole in their process to make illegitimate domains look legitimate to would-be victims.

Just this past week, our CEO Don got a very targeted bit of phishing: the hackers were only sending their emails to presidents and CEOs of companies, in the guise of an official subpoena (using uscourts.com rather than uscourts.gov as the domain name -- clever). Fortunately for us, our Fraud Prevention Manager, Shawn Moylan, is on top of the latest schemes and had already given us the heads-up, and Don was aware enough not to click. This email would have downloaded a trojan horse program onto Don's computer - one that even updated virus software would not have caught. Ouch.

In 1996, I was a volunteer in AOL's community area that dealt with the first password-phishing schemes (it was actually a trip to read that Wikipedia article I linked above and go down memory lane about that!) Educating AOL's members about never giving out your password or credit card information online was trickier than you think. The internet was as new to most people as a 33.6 dial-up modem in your shiny new 486 PC running Windows 3.1, and an AOL 2.0 diskette that you picked up at the grocery store. The idea of online security and things like viruses were simply unheard of. If someone sent you an email or instant message, said they were an AOL employee, and told you to click on a link and put in a password or credit card number - well, chances were in those early days that you'd believe it. Fortunately, we had a great group of volunteers (some of whom, like me, later worked for AOL) that got people educated as quickly as possible on the dangers of clicking on random links. Later, I worked on a team that developed education for eBay's and PayPal's users about account phishing, where we saw the phenomenon of the URLs that *almost* looked like eBay's, and HTML pages that were dead-on knockoffs of legitimate eBay pages. Tough times, those, and eBay still struggles mightily to stay one step ahead of the criminals and keep their customers educated on how to avoid being phished.

A certain innocence persists even among the most jaded old internet veteran - and I'm probably referring to myself there - about the intentions of people on the web. Too often we're lulled into a false sense of security by our antivirus software, for instance. When's the last time you updated yours? (Nudge to you if it doesn't update every day.) And if you say you don't have any at all, may I heartily recommend the free and easy to use AVG Anti-Virus and Anti-Spyware suites. And even if you DO update every day, situations like what happened to BigDog come along often, where a virus never seen before in the wild attempts to visit you before an update can be created. The German technology publication Computertechnik tested 17 leading antivirus solutions in January 2008 and concluded that the detection rate of new malware was between 20% and 30%. PC World found similar results in December 2007. Even with the best, most up to date, anti-virus software out there, 3/4 of the malware will go undetected. As Mad-Eye Moody said in the Harry Potter series, "Constant Vigilance!"

Phishing is as old as the public Internet; scammers keep having to find new and improved ways to steal your information, but they aren't going to stop, so it's important to know how to protect yourself. I recommend this informative and concise article to get your thinking cap on about keeping your computer and your information safe: 44 Ways to Protect Yourself.

Anyone have any stories about being phished, or the successful sidestep of such a scheme? It's a topic of great interest to me (if this ramble didn't convince you of that, I don't know what will...) Let me know!

A friend of mine, no not me a real friend...lol, was bidding on an item on eBay and ended up losing the auction. However, someone hacked into the sellers account and sent my friend a second chance email using his account, but with some tweaked links of course. I won't bore you with details, but lets just say a Moneygram was sent to London and you can picture the rest.

The money is gone, even after tracking down the London police who promptly told us they couldn't do anything because Moneygram doesn't keep records after the fact when people are picking up money. I gave my friend the standard don't ever send money to anyone outside the eBay community, as I had done before.

This is to belittle my friend, but to reiterate the point Rebecca made, that even veteran computer users can get fooled once in a while. If I personally get ANY thought that it might be shady, I always verify or dismiss it. If I happened to be wrong and it was legitimate, they will contact me again.

Not sure where I heard the 'Trust but Verify' statement, but it certainly applies to ALL Internet activity. If you don't you only have yourself to blame.

So I had to start the entire auction over again ( E-Bay reimbursed me for the first auction ) which kind of ticked me off because the winning bid was less than the second highest bid in the previous auction. Anyway, the second auction went smoothly, I got paid via Paypal, and shipped the item to the winner.

What's funny is around two weeks later; a man claiming to be the winning bidder from the first auction sent me an e-mail begging me to ship the camera ASAP, which once he received it,  would send me payment. The address he wanted me to ship it to was somewhere in Africa. I just forwarded it on to E-Bay's fraud prevention team and that was the last I heard anything about it

I'm a Mac user, as is TK's #2 man - Rich Hagen, our President and COO.  Kevin Corrigan, another of our  co-founders, plus a scattered band of others here at TK are all Mac lovers.  We try to be kind to all platforms, anyway!

Be Good,

Don Montanaro

TradeKing CEO 

I recieved an email last week, stating how they had 1.5 million that they needed someone in the US to transfer funds. Deleted it immediatly. Probably mentioned in 44 ways to protect. If a person uses Outlook Express have the setting set to non HTML or Block Pictures. That way the email doesn't automatically open with links

I third the AVG heres there link http://www.grisoft.com/ 29.95 for two years I believe. works very well with XP.

Thanks Rebecca

 PEACE

Ebay is probably the number one place that fraud touches the internet consumer. No matter what they do to try to protect sellers and buyers, it just seems that I hear every day about someone being scammed. I've had a seller account since 1998 and have worked internally advising Ebay on education, but the fact is, people are still getting scammed every day. In the 10 years that I've sold, I've lost several hundred dollars to people with stolen credit cards or stolen PayPal accounts - another thing that's just really hard to protect against. You can do all the right things and still get scammed. Best you can do is at least try to keep doing the right things, and know that you're minimizing your risk.

Glad some other people have gotten on the AVG train! WSK, there's a free version in that link that I sent that works quite well and doesn't cost a dime. Still, $30/yr for the best (IMO) antivirus solution out there ain't bad.

I wish I was a Mac user still - I had a G3 333mhz Tangerine iMac running OS 8.5.1 back in the day, but since then have been using PC laptops. (LOOK! http://www.youtube.com/watch?v=id6cyWbPGvI - that was my machine!) I'm addicted to iPods and have owned several, but I really haven't been able to justify shelling out the dough for a Mac again. My first iPod was a 512K shuffle that I won in a giveaway at a new Starbucks that opened by my house. After that I was lost. I just traded my old 30 gig 5th generation video for a new bicycle after being given a new 32 gig Touch as a gift. Sweeeet.

That was off topic. Anyway. Glad to hear you all chiming in on this pet topic of mine. Thanks for your stories.