A Yahoo Fix, EBay Scams, and the Tax Man - June 2007

Here is your weekly summary of important computer security news, to keep you safe and sound on the Internet. Yahoo! IM Fix is Now Available Yahoo has now fixed the critical flaw in its Instant Messaging program. As we saw recently, there was a critical flaw in the ActiveX control that could have allowed hackers to install software on your computer. What a scary thought. The patch, or update to version 8.1 is reportedly not vulnerable to this attack. If you use Yahoo IM, you should get the update automatically, or you can go to the Yahoo IM site. June 12 was Patch Tuesday . Microsoft released a bunch of fixes for Internet Explorer, Outlook Express, Windows Mail and others. Four of the patches are critical. Make yourself a note to ensure that your computer updates itself automatically, or do a manual update. Beware also of fake emails telling you to go to a particular site to get the updates. Follow this procedure only: Click Start, Windows Update, OR Start, All Programs, Windows Update, OR launch Internet Explorer and click Tools, Windows Update. More on eBay Phishing Scams I have often warned about eBay phishing scams, which turn up in your email inbox regular as clockwork. It works like this: You get an email from an angry customer who claims to have paid for your auction, but never received the merchandise. You are sorely tempted to click the link, to see what the heck this customer says he bought. If you do, you are asked for your eBay ID and Password, which go straight to the hacker behind the whole scheme. Now here is another long-running eBay s cam that seems to come and go with the seasons. Say you are searching for an item, perhaps an MP3 player, and you find a few entries. But instead of a picture of the item as you were expecting, you see a pornographic image, usually of a nude woman. Again, you are sorely tempted to click on the image. If you do, you may receive a load of spa m, if you are lucky. If you are not lucky, you will be the victim of some sort of malware attack. When surfing eBay or any other site for that matter, do not click on links that don’t seem right or that are unexpected or out of the ordinary. I have often repeated, even the best security programs will not protect you unless you think before you click! The Taxman Cometh, Round Two First it was Canadians being targeted with fake tax notices from their Government, now it’s the turn of U.S. citizens. Spammers are sending out fake Internal Revenue Service notices, saying you are under investigation. Keep cool; it is a fake, to get you to install a malicious Trojan on your computer. There are various versions, some with an attachment supposedly containing the details of the IRS complaint. If you open the attachment, the Trojan installs itself and gives the criminals complete access to your computer. The IRS does not send out unsolicited emails, so any communication you get from them is almost surely a phishing s cam. Do not be intimidated by the official-looking email or legalese. Do not open the attachment. You can report suspicious emails to the IRS here: phishing@irs.gov If you live outside North America, beware of similar scams in your inbox. Be vigilant, and use common sense on the web. Syd Tash is a noted security consultant and author of How to Protect Your Computer Online - A Complete Guide. He has been keeping surfers safe since the last century. For more free Daily Tips and info to keep you safe online, visit mypcsecuritysite.com and bookmark it!