[IS&T Security-FYI] SFYI Newsletter, May 26, 2009

Monique Yeaton myeaton at MIT.EDU
Tue May 26 15:43:27 EDT 2009 

In this issue:

1. FTC Goes After Robocallers
2. Phishers Targeting Scientific Community
3. Social Networking Risks


---------------------------------------
1. FTC Goes After Robocallers
---------------------------------------

Are you one of the many people who received those annoying "extended  
warranty" calls? If you live in the US, it's likely that you are. If  
you managed to avoid the calls, the automated call claimed your auto  
warranty is expiring and you should press 1 to speak to a "warranty  
specialist" about extending it.

The calls came from companies in Florida and Chicago, using  
robodialing systems to call through every phone number in an area code  
repeatedly. They had no consideration for who they were targeting  
(whether you own a car or not, you received a call) and whether or not  
you are on the No Call List. One company allegedly made about $10  
million by selling these fake warranties.

Thirty thousand people complained to the FTC, who finally found the  
perpetrators this month. The government filed a restraining order  
against the companies involved and will attempt to get back all the  
money made by the firms, planning to use it for "consumer redress."

It's nice to see one of these stories with a happy ending.

Read the full story here:
<http://arstechnica.com/tech-policy/news/2009/05/ftc-nukes-extended-warranty-robocallers-from-orbit.ars 
 >


-------------------------------------------------------
2. Phishers Targeting Scientific Community
-------------------------------------------------------

Targeted phishing scams, also known as "spear phishing," is any highly  
targeted phishing attack sent to employees or members within a certain  
company, government agency, organization, or group. The email message  
might look like it comes from a colleague or person in your field, and  
could include requests for user names, passwords, or money. The email  
sender information has been faked, or "spoofed," so that it appears to  
come from a legitimate source, but in fact often comes from a Gmail or  
Hotmail email account that was set up under a false name.

One targeted scam that was recently brought to my attention is an  
email apparently making the rounds within the scientific community.  
This email appears to come from the publisher Elsevier, the world's  
leading publisher of science and health information and serves  
scientists, students, and health and information professionals  
worldwide. The email is requesting a "call for papers," asking authors  
to submit scholarly articles via email for publication by Elsevier,  
and also involves a request for the authors to submit "handling fees"  
to cover the processing of the article submitted.

Read Elsevier's warning of these fraudulent emails and tips to prevent  
becoming a victim:
<http://www.elsevier.com/wps/find/authorsview.authors/spam>


---------------------------------
3. Social Networking Risks
---------------------------------

Everyone seems to be on Facebook or Twitter these days, or a  
combination of these and other social networking sites. So it is not  
surprising that these sites are being targeted by attacks. According  
to Kevin Haley, a director on Symantec's security response team, the  
bad guys always go to where there's a lot of people.

Facebook alone has about 200 million users. The newest Facebook attack  
resembles previous phishing rounds in their tactics: a compromised  
account sends a malicious link to friends. That link leads to a site  
that mimics the legitimate log-in page. But users duped into entering  
usernames and passwords are likely giving away more than just their  
Facebook credentials, said Haley.

Read the full story here:
<http://www.pcworld.com/businesscenter/article/165057/latest_facebook_phishers_are_out_for_profit.html 
 >


= 
= 
= 
= 
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >



=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090526/8cb25b55/attachment.htm

More information about the ist-security-fyi mailing list