Tuesday, February 9, 2010

Phishing Lures

WXPNews: Published by Sunbelt Software since 2001

Vol. 10, #6 - Feb 9, 2010 - Issue #416

 Phishing Lures

  1. Editor's Corner
    • Phishing Lures
    • Follow-up: "Antique" computers
    • Quotes of the Week
  2. Cool Tools
    • Tools We Think You Shouldn't Be Without
  3. News, Hints, Tips and Tricks
    • New XP MID: Could it be an iPad Killer?
    • Speaking of iPad killers ...
    • IE 8 overtakes IE 6 as the "most used" web browser
    • Windows Phone 7: Say it isn't so
  4. How To: Using XP Features
    • How to make an application always open in a maximized state
  5. XP Security News
    • IE vulnerability on XP
  6. XP Question Corner
    • Can't play YouTube videos on new installation of XP
  7. XP Configuration and Troubleshooting
    • Winspool.drv error message when you start your XP computer
    • DirectX playback app fails when playing DRM content
  8. Fav Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  9. Product of the Week
    • The Ultimate Troubleshooter

Nothing Says "I Love You" More Than Free Antivirus Software

Protect yourself and the one you love from online threats this Valentine's Day. Now through February 15, 2010 when you purchase a 1-year VIPRE Antivirus subscription you will get another subscription free!

 Editor's Corner

Phishing Lures

Phishing comprises a broad category of fraudulent activity, the objective of which is to obtain your personal information, account information, passwords and other sensitive information to use it for illegal purposes. Those purposes can range from merely embarrassing you by posting something inflammatory, offensive or inaccurate under your name on your social networking site to wiping out your bank accounts and destroying your credit record. With the right information and the highest degree of malevolence, a phisher might even be able to get you arrested by committing crimes using your identity.

In an age of electronic communications and a world where so many people who don't know each other are connected to one another through the Internet, there are many different ways to steal information. For example, a hacker can use an operating system or application exploit to gain access to a computer and download files that contain the info, or install a key logger that will record usernames, account numbers and passwords you type in and send it back to him. But the easiest way is to let the victim do most of the work for him.

The techniques used for that are called social engineering, and most phishing expeditions are a type of social engineering technique. Whereas the example above would be analogous to a burglar breaking and entering a home to steal valuables, social engineering is more like a con man tricking the victim into inviting him in and giving him the valuables - perhaps by claiming he's a police officer and is going to take them to the police station to mark them with your driver's license so they can be identified if they're ever stolen. Or maybe he uses intimidation tactics and tells you that your property is suspected to be stolen and you'll go to jail if you don't give it to him so he can "investigate" and verify that it's really yours. But he's not who he claims to be and he's the one who is really the thief.

That's how phishing works. The phisher claims to be someone or something you're likely to trust, and tricks you into revealing the information he wants to use to profit (or, less often, just to hurt you). The term has been around since the late 1980s and became common on America Online (AOL) in the 1990s, when phishers pretending to work for AOL started sending instant messages and email messages asking users to "verify their accounts" by replying with a message containing their passwords and/or their credit card information.

AOL cracked down on phishers years back but phishing attempts continue to flourish, and today phishers flood mailboxes with messages wherein they pose as bank and credit card company employees, representatives of well known corporations with whom many people do business (such as Microsoft, Ford, Dell, HP, etc.), IRS agents and other government officials.

Phishing attempts have been on the rise for the last few years. Unique phishing reports reached a record high of 40,621 in August 2009. The number of phishing web sites was even higher, 56,362. The most targeted industry was, not surprisingly, the financial services industry. The good news, though, is that the number of computers infected with desktop "crimeware" (such as phishing-based keyloggers and other data-stealing malware) dropped some, to just over 11 million. Still, that is lot of infected systems out there. And although you might think most of the illegal sites are hosted on overseas servers, it turns out that the vast majority are hosted in the U.S. China, Canada, the U.K. and France are also consistently in the top ten list. For more about these statistics, see the 3rd Quarter 2009 Phishing Activity Trends Report by the Anti-Phishing Working Group (APWG) at

On the other hand, China is reported to be the world's largest victim of cyber attacks, including phishing. That makes sense, as they have more potential victims than any other country. Phishing web sites have caused huge economic losses there, and over the last year, the government has begun to crack down harder on these types of crimes.

Phishers can be creative when it comes to ways to profit from their scams. Last week a phishing scheme was reported to have been responsible for the theft of over $4 million USD in carbon emission permits registered with the German Emissions Trading Authority. Over 250,000 of the so-called "carbon credit" certificates were moved out of the accounts of seven different companies.

Many phishers love to prey on their victims' generosity. The recent earthquake in Haiti has spawned a plethora of fake charity solicitation messages and donation web sites, set up to con you into giving your credit card information in the name of doing a good thing. The same thing happened in the wake of Hurricane Katrina, September 11, and other major disasters.

Other phishing scams don't rely on anything as benign as gentle persuasion; they find scare tactics to be more effective. These can be relatively mild (such as the threat that your credit card will be cut off if you don't respond immediately) to severe (such as the threat that the IRS is about to seize your property and charge you with a criminal offense unless you provide the information they're asking for).

Then there are those that count on your greed. Just yesterday, one of these landed in my mailbox. It was a notification from the "Managing Director of the HSBC Bank, UK," informing me that "the Obama's Foundation and the United Nations" had designated me as a beneficiary of $900,000 USD (why not a cool million?) as compensation for being a scam victim. Oh, the irony. Of course, to claim my money, I would have to fill out a form providing my personal information. Does anybody really fall for this? Apparently some people do.

In the U.S., the official census data is collected every ten years, and 2010 is the year. Expect to see scam emails, requesting that you fill out and return an emailed attachment purporting to be from the census bureau, or containing a link to visit a web site purporting to be an official census site and provide your information there. These fake census forms and sites are likely to ask for information that the real census form doesn't require, such as your social security number, driver's license number, information about your mortgage loan, etc. The real census form asks only ten questions; you can see what they are here:

If you receive a bogus message that uses the census premise in a phishing attempt, report it to the Census Bureau's fraud reporting address. You'll find that here:

Some phishing messages don't ask you to respond electronically. On the belief that most people are more trusting of someone they talk to on the phone, some phishers provide a phone number for you to call. These are usually Voice over IP (VoIP) numbers, which are portable and make it hard to track the physical location where the phone is. Some of these even use technology that fakes the caller ID information to make it appear that the phone belongs to a legitimate company or government agency.

Popular web browsers now contain anti-phishing mechanisms, but it's important to be sure you have it turned on, and to realize that the technologies can't offer 100% protection against phishing.

However, there has recently been controversy over the 3-D secure authentication protocols used by Visa and MasterCard to verify the identities of online customers, because it goes counter to most anti-phishing advice. That's because it pops up a box that asks for your password, which makes attacks easier and makes it harder for users to determine whether the site is secure (since there is no address bar to display indicators that SSL encryption is being used).

Have you ever been the victim of a phishing scam, or do you know someone who has? Have you come close (maybe by clicking a link and starting to enter your information before realizing that something was "not right" about the web site)? Do you take any special precautions to protect against phishing? Or do you believe that only dummies could possibly fall for the phishers' scams and that anyone who does, deserves what he/she gets? Tell us about creative (or ridiculous) phishing attempts you've seen. We invite you to discuss this topic in our forum at

Follow-up: "Antique" computers

In last week's editorial, I wrote about how some people prefer classic cars and classic computers to brand new ones. We seem to have plenty of those people out there who read this newsletter! While some took issue with my calling almost-ten-year-old XP an "antique," others are running systems that truly qualify as "ancient" in computer years. Markkino has an IBM Pentium 3 running Windows 2000, and several of you are still running Windows 98 or Millennium. George95662's favorite machine is running NT 4.0 with SP6. Joatman is running Windows for Workgroups 3.11 as a main home system. Kenneth F. even has a Turbo-XT 8 MHz machine with 640K of RAM and MS-DOS 5.0. That OS was released in 1991. C'mon, Ken - I think it's time to upgrade to MS-DOS 6.22. And fidolido still owns an 8088 with 32MB of RAM and a 5 MB hard drive.

PhilC is definitely a winner in the antique race with his Atari 400 that he bought in 1980 and still runs today, and TimG's antique OS really is: CPM.

DavidW made a really good point: that many people truly don't realize how much faster a new system can be - until they upgrade. If speed is important to you (and in this fast-paced world, for most of us it is), a new system can make a huge difference in your productivity. But just as my mom would have been perfectly content with a car that wouldn't go more than 40mph since she went out of her way to avoid freeways and highways, some folks are not in a hurry when they log on, and are happy with a system that takes minutes to boot up and doesn't open applications instantly.

PapaJon56 also brought up an important issue for both cars and computers: preventative maintenance. Most people take their vehicles in for regular oil changes, tune-ups and other scheduled maintenance. Preventative maintenance for computers is becoming more automated - installation of updates, schedule defragmentation, and so forth - but many people allow their systems to bog down over the years because they install many programs, fill up the hard drive with unneeded data files, and don't take any preventative steps until the OS balks and shuts down.

Thanks to all of you who participated in this discussion. I enjoyed reading about your experiences.

'Til next week,
Deb Shinder, Editor

Follow Deb on Twitter

PS: Did you know this newsletter has a sister publication called Win7News? You can subscribe here, and tell your friends:

And for IT pros, there's our "big sister," WServer News, at

Join the WXPnews Fan Page on Facebook!

Quotes of the Week

"Nothing can be so amusingly arrogant as a young man who has just discovered an old idea and thinks it is his own." - Sidney J. Harris

"There is nothing new under the sun but there are lots of old things we don't know." - Ambrose Bierce (1842 - 1914)

"The surprising thing about young fools is how many survive to become old fools." - Doug Larson

Own a Single-user VIPRE?

Upgrade Now To Unlimited Home License For Just $19.95
You run VIPRE and love it. But what about the other PC's at the house? We have a special, limited time upgrade offer. You can upgrade now and just pay the difference (20 bucks) between the Single License and the Unlimited Home License (UHL). But wait, it gets better. Your UHL starts fresh and you get a new 12 month subscription! Do the math. Wait and pay 30 bucks later, or buy the upgrade now and get a whole year for 20 bucks. A no-brainer! Remember this is for a limited time only, get that upgrade now! Click here to learn more and order:

 Cool Tools

Tools We Think You Shouldn't Be Without


Never reinstall your Windows again. New technology: easy set-up, no loss of data or applications. The ultimate professional repair tool. Free comprehensive PC diagnostic with every scan, get it now!

MediaWidget is the quickest and easiest way to transfer all of your music, videos, photos, podcasts, and more from your iPod to PC. Check out the cool Youtube demo and download the trial here:

Do you have programs you just can't seem to get rid of? Uninstaller! 2010 "ALL New" Version Just Released:

Billing address autofill, Secure password storage, all automatic and safe. Not a little toolbar utility. Huge time saver!

Moving to Windows 7 is Easy! PCMover moves programs, files, and settings from your old PC to your new PC

Search for a driver and you get a ton of Driver Software offers instead. But how do you know which one is good? Try Driver Genius 9.0. Free scan.

Behind on your backups? Why back up when you can sync? Simply replicate every piece of data to another drive in real-time. Set it and forget it.

Spellchecker is NOT ENOUGH! Improve your English writing skills with WhiteSmoke a smarter solution for high quality writing. Try it:

 News, Hints, Tips and Tricks

New XP MID: Could it be an iPad Killer?

What's a MID, you ask. It stands for Mobile Internet Device and it's a small flat handheld computer with wi-fi that you can use for web surfing, entertainment, etc. Sound familiar? Sound a little bit like the Apple iPad that was introduced to such fanfare late last month? A new MID from China might give the iPad a run for its money if it becomes widely available in the U.S. It has a 7 inch screen with 1024 x 600 resolution, a 1.1 GHz processor, 1 GB of RAM and a 32 GB SSD. And unlike the iPad, it also has USB ports and an HDMI port. Finally, it runs Windows XP, which is still the OS of choice for many of its loyal fans. Read more about it here:

Speaking of iPad killers ...

Now Sony wants to get into the act. The company has said this is "a market we are also very interested in." That's exciting, because Sony is the only company that has outdone Apple when it comes to making a light, super-thin notebook PC (the Sony X series weighs less than the Macbook Air and has a more elegant look). Will it run Windows, or a proprietary OS? Nobody knows that yet, but I'll be watching this one closely. Read more here:

IE 8 overtakes IE 6 as the "most used" web browser

According to Net Applications, which monitors web browser usage, IE 8 has taken over the number one spot in the world in the web browser market, with 22.31 percent of market share as of January 2010. IE 6 is still in second place with 20.07 percent and Firefox 3.5 comes in third with 17.01 percent. Although IE 6 comes with XP, this doesn't necessarily indicate that all of those people are dumping XP (as this article seems to imply). Many XP users have upgraded their web browsers to IE 7 and then IE 8 while continuing to use the older OS.

Windows Phone 7: Say it isn't so

The rumors are swirling around the unveiling of the latest Windows Phone OS, formerly known as Windows Mobile 7, which is expected to occur at the Mobile World Congress in Barcelona next week.

According to some of those rumors, the new Windows Phone will incorporate some of the iPhone "features" that I hate most, such as no multitasking and distribution of applications only through "official channels" (think App Store). Maybe (I hope, I hope) the rumors are false. The other big rumor is that the interface will resemble that of the Zune - which isn't necessarily a bad thing - but also that the Zune software will be responsible for synchronization (shades of iTune). I really hope my Omnia II doesn't turn out to be my last Windows phone. I would hate to have to switch to Android to have the freedom to get my applications wherever I want.

 How To: Using XP Features

How to make an application always open in a maximized state

You may have certain programs you prefer to always run maximized so they fill your whole screen, especially programs like Excel. It's annoying to always have to maximize them manually and it's easy to change them to open up that way every time. Just do the following:
  1. Right click the shortcut for the application.
  2. Click Properties.
  3. Click the Shortcut tab.
  4. In the Run field, click the down arrow and in the drop-down box, click Maximized.
  5. Click OK.
You'll need to do this for every app that you want to always open in full screen mode, but once that's done, it will save you some clicks.

 XP Security News

IE vulnerability on XP

A presentation at the BlackHat conference in Washington, D.C. demonstrated a vulnerability in Internet Explorer that can allow it information from your computer to be exposed to malicious web sites when running on Windows XP. This normally doesn't happen with Vista and Windows 7 because IE runs in "protected mode" by default on those operating systems, although if that mode has been disabled, they could be vulnerable, too. Microsoft issued a security advisory on February 3rd. There are several workarounds for XP users, which include setting Internet and Local Intranet security zones to "high," set IE to prompt before running Active Scripting (or disable Active Scripting), and enabling IE Network Protocol Lockdown for XP. You'll find links to the instructions for these actions here:

 XP Question Corner

Can't play YouTube videos on new installation of XP

I bought a computer with Vista installed on it last summer. I didn't like Vista so I wiped the hard drive and installed XP. I found the drivers and it works fine except I have never been able to play videos on sites like YouTube. I get a message saying Flash isn't installed but when I try to get it at the Adobe web site it says Flash is already installed. I am using IE 7 and I uninstalled it and reinstalled it but the same thing happens. Can you help? - Justin V.

Close all running applications that could be using Flash. Uninstall Flash and the ActiveX control using the Adobe Flash Player uninstaller. You can download it here:

Now reinstall Flash from the Adobe site. This often fixes this problem. If that doesn't work, try installing the updated version of Windows Script engine. You can get it here:

 XP Configuration and Troubleshooting

Winspool.drv error message when you start your XP computer

If you get an error message when you boot your Windows XP computer that says "The application or DLL C: \ Windows \ system32 \ winspool.drv is not a valid Windows image," it probably means that file has become corrupted. Winspool.drv is a process that belongs to the Windows print spooler. The fix is pretty easy; for instructions, see KB article 919753 at

DirectX playback app fails when playing DRM content

If you use certain DirectX applications (not Windows Media Player) to play video content that is protected by Digital Rights Management (DRM) on your XP computer, you may find that the application fails. This happens when the content you're trying to play is interlaced. There is a hotfix for the problem, for both the 32 bit and 64 bit versions of Windows XP. You can read more about it and download the fixes in KB article 939209 at

 Fav Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Disclaimer: WXPNews does not assume and cannot be responsible for any liability related to you clicking any of these linked Web sites.

 Product of the Week

The Ultimate Troubleshooter

Possibly The Most Complete And Most Effective PC Tuning Program Ever Written

A staggering 65% of problems which a PC encounters (PC slowness, temporary freezes, full lockups, crashes, blue screens, sluggish behavior), whether in business or at home, are not caused by hardware problems, they are not caused by spyware, they are not caused by viruses - they are caused by background tasks belonging largely to legitimate and often well-known software you use every day! Don't believe it? OK - here is a little story....

 About WXPnews

What Our Lawyers Make Us Say
These documents are provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any information presented after the date of publication.


This newsletter and website and may contain links to other websites with whom we have a business relationship. Sunbelt Software does not review or screen these sites, and we are not responsible or liable for their privacy or data security practices, or the content of these sites. Additionally, if you register with any of these sites, any information that you provide in the process of registration, such as your email address, credit card number or other personally identifiable information, will be transferred to these sites. For these reasons, you should be careful to review any privacy and data security policies posted on any of these sites before providing information to them.

The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software, Inc. 1996-2010.

WXPnews Archives
Looking for a past issue? Missing an issue? Accidently deleted an issue? Trying to find that article that pointed you to that cool site? All our newsletters are archived and are searchable:

About Your Subscription to WXPnews
This is a posting from WXPnews. You are subscribed as cpedley.killcomputer@blogger.com.
To manage your profile, please visit our site by clicking on the following link:

If you have feedback or wish to write to the editor, write to us at feedback@wxpnews.com

Sunbelt Software
33 North Garden Avenue
Clearwater, Florida USA 33755

No comments:

Post a Comment

Thanks for understanding that we need to prevent the nasties.

Terms of Use

Personal & Educational Use Only This blog consists mainly of FREE newsletters from computer web gurus that I receive. I thought you might like to see them all in one place than try to discover them on your own. A moderate amount of editing may be done to eliminate unrelated repetitious ads or unnecessary text which bloat the post. However I have given the authors full credit and will not remove their site links because you deserve to see where it comes from and they deserve to get credit for what they have written. Your use of this site is simply for educational purposes. For more computer-related help go to: CPEDLEY.COM for free software, advice and tips on low cost products which are very helpful. If you want to contact the editor, please go CPEDLEY.COM and check the Contact page for email address.