Your Daily Computer Security Tips

Boy, you know things are tough when even those Nigerian 419 scammers are complaining. Separating people from their money during this economic meltdown is not easy, they say. It requires hard work, resolve, and a pinch of voodoo.

Some say they used to make $30,000 to $60,000 a month from emails promising great wealth, jewels, true love, etc. But first, of course, you have to pay endless fees, bribes, insurance and travel expenses.

Americans appear to be the easiest prey, and business is booming. The scammers are mostly young men, known as yahoo-yahoo boys, and they learn from each other by sharing tricks and tips. One said his top swindle right now is the work-at-home deal, presumably because of the huge job losses around the world.

Nigerian officials claim to be cracking down on these 419 fraudsters, named for the relevant section of the criminal code. They even say they are using software that filters and blocks the scammers’ emails. But the list of victims just keeps growing.

What to do? Do not open or read spam. Do not open emails with subject lines like URGENT ASSISTANCE. Do not be greedy. You do not have a Nigerian or African relative who died and left you millions. No one is going to send you cash for little or no work. Stay alert, and think before you click, please!

So much has been written about online phishing attacks, that the message may actually be getting through to most people. Surfers may be a little wiser and a little more prudent these days. But do not expect the hackers to just sit back and do nothing. They will turn their hand to anything that will turn them a dollar. Mobile devices, for example.

Phishing attacks are increasing, by way of text messages on cell phones. The message claims to be from your bank, and asks you to call a fake 800 number for more information. When you call the number, a voice mail system takes your account details. Then the crooks promptly empty your account.

Most people have not heard of this and similar attacks, because the crooks are careful. They are targeting smaller, lesser-known banks. Then every cell phone in that area code gets the phishing message.

What to do? If you get a message like this, do not call the number given, or click the link. Instead, pick up an old-fashioned, clunky landline, and call your bank using the phone number in the phone book!

Researchers at security company Inverse Path say they can sometimes read what people type on their keyboards, from up to 15m away. This works because of poor shielding in the cable connecting the keyboard to the computer. There are six wires inside a PS/2 cable. When a key is pressed, data can leak onto the earth or ground wire in the cable.

This ground wire is connected to the PC power supply and then to the ground plug in the power socket, and from there to the electrical circuit supplying the room or area. So the information can be easily captured and read.

The researchers expect their methods and equipment to become more sensitive as they are further developed, allowing eavesdroppers to spy on users from farther away. Users take note. Try to minimize the confidential information you type into your computer, unless you are at home.

This type of attack is going to be demonstrated at the upcoming Black Hat conference in Las Vegas, which takes place July 25 – 30.

Microsoft has confirmed that a critical flaw exists in one of its own ActiveX controls, or mini programs. It is called the Microsoft Video Controller ActiveX Library, and is accessed by Internet Explorer (IE) 6 and 7. IE8 is not affected. Windows XP is at risk, but not Vista or Windows 7. This bug could allow an attacker to seize control of your PC.

It appears that the bug has been used by hackers since at least June 9. Attack code can easily be found on the Web to exploit this vulnerability. In fact, researchers at IBM reported the flaw to Microsoft last year. Microsoft could not or would not say why they had not fixed this problem earlier. But they are no doubt trying to come up with a patch in time for the regular monthly update on July 14.

A researcher at AVG Technologies thinks this bug has the potential to be another Conflicker, or worse. Conflicker exploits a flaw in Windows that was repaired long ago, so all you have to do is keep your Windows up to date. However, this latest threat has no fix yet.

What to do now? Well, you can get the Microsoft tool to disable the ActiveX control here. It sets a whole bunch of kill-bits in the Windows Registry, which turn off the control. You can also switch to IE8, Firefox or Chrome.

I have been writing about the Nigerian letter scam, also known as the Nigerian 419 scam (after the relevant section of the Nigerian criminal code) for years. This fraud has in fact been around in one form or another for some 90 years! And guess what? It is still going strong. It seems that when the economy takes a dip and times get tough, it is boom time for all kinds of fraud, whether online, by phone or by snail mail.

The Canadian Competition Bureau is warning that victims are losing millions of dollars a month to this type of fraud. But these are just the people who report they have been scammed, usually because they have lost a fairly large sum of money. The real losses could be five to ten times higher. In 2008, over 11,000 victims said they lost almost $10 million to this fraud.

Losses from identity theft, promises of employment, lottery and other fraud are much larger. Even so, please remember that you do not have a long-lost relative in Nigeria, no one left you millions of dollars, and you are not going to get an instant windfall. No matter how difficult your personal situation is right now, do not fall for these scams. It will just make things worse.