Attached Link: http://www.internetweek.com/showArticle.jhtml?articleID=53701025

This is one of those posts that I hated to delete.. but.. based on the Terms of Server of CMP Media / Information Week, I knew I had to. However, I do believe that it is information that everyone should be aware of... so instead of reposting the Article, which was the no-no, I have just included the link to the article. Cheers, - James

Attached Link: http://www.antiphishing.org/index.html

Is this the replacement for the "...Re: OUCH: The Report On Identity Theft and Attacks On Computer Users..." thread??????? If so that article isn't that helpful, but the site that was in the original post was, it showed you what to look for in the bogus emails to keep from being scammed.....

Attached Link: http://www.sans.org/newsletters/

The one he had quoted is available (so far) only in an electronic new letter, the OUCH Report... at SANS.ORG I've looked through their reading room and other locations and can not find the entire article. Now, it has been taken to a ruling by the Administrative staff here to see if they will allow this newsletter to be republished. We'll see how that goes. In the mean time, the link above goes to SANS and their newsletters area. You do need an account with them to get on the mailing list. There is a lot of information that can be found there, although most not for the 'novice'. That is, this is a place where security experts share knowledge. Some of this stuff can be a bit technical. Cheers, - James

Well, for novices, there's a couple of simple rules: - install antivirus - install firewall (recommend ZoneAlarm) - install Spybot Search & Destroy and enable TeaTimer, its registry/process watcher - install Ad-Aware Keep them all RELIGIOUSLY updated. Turn automatic updates on, even if you're on dial-up. Abandon Internet Explorer. Or if you don't want to, turn off ActiveX completely. Turn off automatic installation of programs. Avoid suspiscious looking sites. And that means ANY. For instance, I was writing an article about MP3 piracy on the web and went to a site that purportedly has MP3's for download. The site didn't work in Opera. Of course. They wanted me to download their downloader. So I fired up Explorer and clicked to download the downloader. Explorer asked me whether I want to install an ActiveX control. I said yes. Then TeaTimer started shouting that somethign wants to change the registry. I said to let them. And then antivirus started screaming that a Trojan dropper was trying to invade my computer. Well, it was time to cease and desist. I terminated the connection to the server, but a part of damage was already done. I had to spend ten minutes cleaning my computer. And I had all the help in the installed programs and knew what I was doing. Your default user would have been infected and probably wouldn't even have an MP3 for their trouble. So, the key word is paranoia. Paranoia. PARANOIA. Internet's not a walk in the park anymore. Hasn't been for quite a while. A propos phishing, well, will you click on a "cancellation of account" mail from Ebay even if you don't have an account at Ebay?

membership with sans is free and thier newsletters are all about security. turning off all clientside scripting support also helps defeat this crap. not using ms outlook / outlook express also reduces the risks. with the numbers of people in the community that use paypal, knowing paypal has at least one group targeting thier customers for phishing expiditions can help avoid getting caught.

I prefer Mozilla Firefox over IE... though I suck at com stuff and haven't been able to get Mozilla's free email prog to work so I'm still using Outlook sigh cara oh and i use a free virus prog too, called AVG and it's excelllent

cara, download the full mozilla suite. that includes everything. Mozilla Suite

i'll have to give that a try :> thanks cara p.s. goodnight :>

Well since nobody has mentioned it here - one of the most important things to remember is DON'T OPEN ATTACHMENTS

On top of having a firewall, anti-virus, spybot etc.. we keep our ports closed and have cookies turned to an "ask me" always situation. We don't ever use a "downloader" nor do we ever auto-install anything. If we do download something from the "net" that is in zip format, we scan it first before extraction. Anything we are unsure of we rename into a text file where possible for analysis or delete it altogether. As for MP3's, the only ones I download are those the artists sanction themselves. Much safer that way. Also, if I get an email from an add or person I do not know (on those accounts I don't have address blocks on) I don't even read it. It goes straight to "delete" then "empty deleted items folder". All scripting, active x etc. is disabled - both in email and in browser.