Friday, May 28, 2010

Who Can You Trust?

As parents, we are always warning our children about the cyber predators who stalk the internet, trying to seduce the innocent into divulging personal information, engaging in sexual activity, or more. We stress that: No matter how friendly or polite, an unseen communicator cannot be trusted. And, more importantly, strangers cannot be trusted.

However, we, as adults, often ignore our own advice. This is especially true for us in the blogging and webmaster world. Here, we try to build relationships with people from around the world. We comment, click on banners, and visit sites for purposes of expanding our visibility and attracting visitors to our sites. We approach our social activities with the full faith and trust of the reciprocal strangers. Yet how often have we discovered that a site we respect has been infiltrated with a malicious virus, disabling our computers and attempting to steal our identies? But yet, we shrug off the bad ones and continue to prod forward, hoping our next encounters are as trustworthy as we are.

On my website, I regularly monitor visitor activities by reading and comparing various log files.  Whenever I suspect malicious activity, I block individual users and unwelcome sources. My decisions may result if disallowing honorable users from accessing the site, but I believe that caution and safety outweigh individual accessability.

Just recently, I made a decision is disallow a wide group of visitors originating from a particular source. Shortly thereafter, I received an e-mail from a person named cvale, who claimed to be a long time loyal visitor of my site. The person noted that he was now receiving access denied messages and requested that I grant him access to my valuable information.

After checking my logs, I found that cvale had only registered as a member three weeks earlier, and only requested numbers once during that period. I replied and informed him of my recent security modifications. But, cvale politely responded, asking again for access to the site.

Should I trust him and grant access on a one-off basis to this individual?

While I was pondering this decision, I received a new e-mail from cvale. It was addressed to a group of reputable websites, and it contained a single link to a malicious website! What a goof-ball.

Reflecting on this experience, I realized that my initial instincts were correct: cvale and others in that group deserved to be blocked. The two lessons I learned is that:

Security standards should never be breached.
and
Never Trust Strangers!

Friday, May 14, 2010

Holder wants to challenge Arizona law he hasn't read

The new Arizona immigration law as sparked harsh debates, protests, criticism, and threats of constitutionality lawsuits by the U.S. Justice Department.

Fueling the controversy is Attorney General Eric Holder who has recently indicated "that the Justice Department was considering a federal lawsuit against Arizona's new immigration law" CNN reports in its article: Holder: Feds may sue over Arizona immigration law dated May 9, 2010.






Ironically, however, in a House Judiciary Committee hearing on May 13th, Holder admits that he has not read the 10 page law. He has only glanced at it and read newspaper accounts.

What kind of Government makes predefined judgements about laws that they have not even reviewed?

It's hard to have confidence in a leadership who simply aims to placate illegal immigrant ethnic groups while failing uphold the laws they are sworn to uphold.

In Holder's defense, he must be credited for responding truthfully when questioned. So then we must ask, Who is he trying to fool? The immigrants? The protesters? The President? Or, the common citizen?

Lest we not forget the May 6-9 Pew Research poll that finds: 73% approve of the Arizona law requiring people to produce documents verifying legal status where only 23% disapprove.

Count me in the 73% bracket. Where do you stand?

Friday, May 7, 2010

Persistent PayPal Phishing

In early March, I received the following email allegedly from PayPal indicating that my account would be closed in August.  At first I was very concerned, but I took some time to determine whether this was a legitimate notice from PayPal. Rather than responding, I telephoned PayPal. The customer service representative was very helpful and assured me that this was a phishing attempt. They informed me that PayPal does not close accounts for lack of activity. As instructed I forwarded this email to them, and forgot about the incident.

However, just a few days ago, I received a follow-up email from the phishers. This one indicated that I closed my account and that they would like me to take a Survey indicating the reasons for my action. Once again, I checked my PayPal account and found it was still intact. It's not closed.

So, I forwarded this email to spoof@paypal.com, and received a very suspicious reply! The phishers have taken over that email address as well!  

Since PayPal is an important resource for all of us bloggers, I wanted to alert all of you to the scam that these devious thieves are employing.

If you receive any suspicious PayPal emails, ignore them. DO NOT RESPOND Instead log into your account, change your password, and then CALL customer service. They will tell you what to do.

So stay safe and don't be fooled!

JL...........

Initial Fake e-mail #1
Subject: XXX, your PayPal account will be closed on 08/04/2010
Date: 3/9/10 3:21:19 AM
From: service@paypal.com
To:"XXX  XXXXXX"

PayPalHello XXX  XXXXXX, We noticed you haven't used your PayPal account in over 3 years. Inactive accounts like yours are often targeted by fraudsters, so for your protection, we'll close your account on 08/04/2010 unless you decide to start using it again within 30 days. If you have questions about our account closure policy, you can check out the User Agreementor email us at support@paypal.com Thanks, PayPal ___________________________________

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log into your PayPal account and click the Help link in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML, update your preferences.
PayPal Email ID PP1491


Fake e-mail #2 - the Followup
Subject: PayPal - Account Closure
Date: 5/3/10 3:49:08 AM
From: paypal.feedback@echosurvey.com
To:xxxxxxxxx@xxxxxxx.xxx

Dear XXX  XXXXXX,

According to our records, you recently closed your PayPal account. Your business is very important to us and we would like to ask you a few questions around the main reasons why you chose to close your account.
The survey should only take 2-3 minutes.

http://surveys2.incontact.com/paypal/survey_paypal.taf?survey_id=649&user_id=285C0C4B-FCA9-4B45-A513-838F5082566F

To respond to our survey, please click on the web address above. If
that does not work, please cut and paste the entire web address into the
address field of your browser.

Thank you.

PayPal Customer Support

** An important note from the survey vendor **

PayPal, as the party who controls the data collected in this survey, may
use your responses together with existing data it has about you to
ensure its products and services meet your needs. PayPal will treat data
collected from you in accordance with PayPal's privacy policy. To review
this privacy policy, please contact PayPal or visit PayPal's web site.

Remember: NEVER respond to or click on any of the links in suspicious emails.
Related Posts Plugin for WordPress, Blogger...

Earn Money - Join the Leading Affiliate Program