[IS&T Security-FYI] Newsletter, January 25, 2008

Fri Jan 25 12:06:09 EST 2008

In this issue:

1. FBI, IRS & Valentine's Day Scams
2. Online Social Networking
3. Tip of the Week: Are You Updating Your Smart Phone?

----------------------------------------------
1. FBI, IRS & Valentine's Day Scams
----------------------------------------------

It is unfortunate that when we receive information or offers through  
email or the Internet that are either timely or appropriate for our  
situation, we must proceed cautiously. The fact is that criminals are  
just waiting to scoop these types of communications up and turn them  
into social engineering scams: tricking us by posing to be helpful  
and legitimate during a time when we're most vulnerable or likely to  
respond.

Beware of these more recent ones:

  - IRS Tax Refund Phishing Scam: Bogus emails that claim the  
recipient is eligible for a tax refund from the Internal Revenue  
Service (IRS). The message instructs recipients to click on a link to  
apply for their refund. The email is not from the IRS, and clicking  
the link opens a bogus website designed to steal personal information  
such as credit card details and social security numbers. The scam  
email itself also uses seemingly official graphics and formatting to  
fool potential victims into believing its claims.
More information: http://www.networkworld.com/community/node/23371

  - Valentine's Day Scam: As with previous Storm emails, various  
subject lines with text appearing to be a Valentine's Day greeting  
and bodies will be used. They are using a similar attack vector as  
last year's Valentine's Day scam.
More information: http://www.websense.com/securitylabs/alerts/ 
alert.php?AlertID=838

- FBI Scam: The FBI has issued a warning to the public following a  
deluge of spam emails purporting to be from the agency.
More information: http://www.itnews.com.au/News/NewsStory.aspx? 
story=68284

-----------------------------------
2. Online Social Networking
-----------------------------------

 From Symantec: "Social networking sites are an increasingly popular  
way for people to keep in contact with friends, family and business  
colleagues. These sites offer a rich set of features that enable  
users to share personal information as well as videos, music, and  
images with members of their network—all in the name of keeping their  
contacts updated with what goes on in their lives. Although the  
ability to share information and multimedia files are among social  
networking sites’ greatest strengths, hackers see these assets as new  
vectors to attack unsuspecting users. With the increased use of these  
sites in the workplace, businesses should examine and understand the  
risks social networking sites pose to the enterprise."

Symantec developed a short "Ask the Expert" PDF document to provide  
an introduction to the topic.
http://www.symantec.com/enterprise/security_response/weblog/2008/01/ 
ask_the_expert_social_networki.html

------------------------------------------------------------------------ 
-
3. Tip of the Week: Are You Updating Your Smart Phone?
------------------------------------------------------------------------ 
-

Most of us make sure we keep our computer operating systems and the  
software we run on them up to date with the latest patches. However,  
do we all do this for our smart phones as well? When an operating  
system running on a phone---whether it's a Blackberry, iPhone or  
other---is found to be vulnerable, new updates are released, just  
like they are for our computers. However, even with a fully patched  
phone, we need to be weary of SMS messages with links to sites that  
we are not familiar with and use caution when browsing web sites on  
the phone. If you want to learn more about using mobile devices at  
MIT, see the IS&T web page: http://web.mit.edu/ist/topics/pda/.

Thanks,

Monique