By Daniel Armao, Security Advisor (Guest Blogger)

As many of you know, “Cyber Monday,” the Internet’s equivalent of “Black Friday,” is typically the biggest online shopping day of the year, marked by major discounts and promotions from online retailers. For many consumers this time of the year can offer up a golden opportunity for some great online deals.  However, it’s important to be aware of the plethora of Internet shopping scams, hacker attacks, fraudulent emails, and phishing schemes that often run rampant as well.

But don’t fret, you can still enjoy the convenience of online shopping by following a few simple rules:

• Be cautious of any email claiming to be from a legitimate company. A Phishing scam is usually sent by email or instant message.

v   Do not click the link provided in the email because the scammer can change the direction of the link's destination even if the link appears to be correct.

• Always access the legitimate company's website by typing in the company's information yourself in a new web browser.

• Do not enter your personal information on a popup screen as this is a way for thieves to steal your personal information.

• Shop only using websites that are SSL secured. Websites with SSL certificates will have a padlock icon. The website URL will also start with https://.

v   Websites that are SSL secured which will encrypt sensitive information such as credit card numbers during the transaction. You can also click on the padlock icon to verify the identity of the certificate owner.

• Spyware, installed on a person’s computer, can collect personal information without the user's knowledge. An example of Spyware is a Keylogger that logs and transmits keystrokes to a fraudulent source. To protect yourself against spyware, download ZoneAlarm Extreme Security, which has keystroke encryption to safeguard everything you type, along with other layers such as a firewall.

• Be sure to keep all installed programs and your operating system up to date with the latest security patches.

• Beware of Scareware. Never respond to an unexpected offer for security software, via a pop-up or bubble, telling you that you are at risk.

• Keep a secured password for accounts that you use for online shopping. Here are some tips to create a secure password:

v   Make your password complex by adding uppercase letters, lowercase letters, numbers, and special characters such as %#$^@\

v   Make your password longer than 8 characters

v   Consider a passphrase, such as “8 hens ride 6 buses!” to make your password harder to guess. Consider customizing a single password for each different Web site by using a memorable website characteristic. For example, if your website is Amazon.com, and your password is “8 hens ride 6 buses!” try “8 hens ride 6 AMA buses.” For Citibank, it would be “8 hens ride 6 CIT buses.”

• Use credit cards instead of debits cards. If a thief steals your debit card and withdraws money from your account, the money is gone. The bank will investigate and repay you, but this will take time and there could be a delay in receiving your money. A credit card is safer because the consumer is borrowing from the bank, and if the credit card is stolen the consumer is not required to pay any charges on their account due to the spending spree of a criminal.

• If you encounter fraud contact the Federal Trade Commission's complaint form at http://www.ftc.gov

By Daniel Armao, Security Advisor (Guest Blogger)

As many of you know, “Cyber Monday,” the Internet’s equivalent of “Black Friday,” is typically the biggest online shopping day of the year, marked by major discounts and promotions from online retailers. For many consumers this time of the year can offer up a golden opportunity for some great online deals.  However, it’s important to be aware of the plethora of Internet shopping scams, hacker attacks, fraudulent emails, and phishing schemes that often run rampant as well.

But don’t fret, you can still enjoy the convenience of online shopping by following a few simple rules:

• Be cautious of any email claiming to be from a legitimate company. A Phishing scam is usually sent by email or instant message.

v   Do not click the link provided in the email because the scammer can change the direction of the link's destination even if the link appears to be correct.

• Always access the legitimate company's website by typing in the company's information yourself in a new web browser.

• Do not enter your personal information on a popup screen as this is a way for thieves to steal your personal information.

• Shop only using websites that are SSL secured. Websites with SSL certificates will have a padlock icon. The website URL will also start with https://.

v   Websites that are SSL secured which will encrypt sensitive information such as credit card numbers during the transaction. You can also click on the padlock icon to verify the identity of the certificate owner.

• Spyware, installed on a person’s computer, can collect personal information without the user's knowledge. An example of Spyware is a Keylogger that logs and transmits keystrokes to a fraudulent source. To protect yourself against spyware, download ZoneAlarm Extreme Security, which has keystroke encryption to safeguard everything you type, along with other layers such as a firewall.

• Be sure to keep all installed programs and your operating system up to date with the latest security patches.

• Beware of Scareware. Never respond to an unexpected offer for security software, via a pop-up or bubble, telling you that you are at risk.

• Keep a secured password for accounts that you use for online shopping. Here are some tips to create a secure password:

v   Make your password complex by adding uppercase letters, lowercase letters, numbers, and special characters such as %#$^@\

v   Make your password longer than 8 characters

v   Consider a passphrase, such as “8 hens ride 6 buses!” to make your password harder to guess. Consider customizing a single password for each different Web site by using a memorable website characteristic. For example, if your website is Amazon.com, and your password is “8 hens ride 6 buses!” try “8 hens ride 6 AMA buses.” For Citibank, it would be “8 hens ride 6 CIT buses.”

• Use credit cards instead of debits cards. If a thief steals your debit card and withdraws money from your account, the money is gone. The bank will investigate and repay you, but this will take time and there could be a delay in receiving your money. A credit card is safer because the consumer is borrowing from the bank, and if the credit card is stolen the consumer is not required to pay any charges on their account due to the spending spree of a criminal.

• If you encounter fraud contact the Federal Trade Commission's complaint form at http://www.ftc.gov

By John Gable, Director of Consumer Product Marketing

Yesterday, Microsoft Security Advisory (977981) confirmed the latest IE browser exploit. Though this only impacts users of IE 6 and IE 7, those browsers are still very widely used (last number I saw suggested a 40% installed base though that number is shrinking).

“Summoner” is an unpatched Microsoft Explorer vulnerability that tries to access, or “summon from the dead”, a deleted object. That causes IE to exit into a vulnerable state where malicious code can execute. That malicious code can be just about anything: spyware, viruses, you name it. 

Although antivirus (including ZoneAlarm’s antivirus) catches known variants of the malicious code, it most likely will not catch other variants that are sure to come which are designed to by-pass traditional antivirus security.

ZoneAlarm’s browser security in ZoneAlarm Extreme Security and ZoneAlarm ForceField can protect you even from unknown variants of this attack. Just turn on browser virtualization if it is not on already. Like other browser exploits including Gumblar and Nine-Ball, any malicious code that is silently installed onto your PC through a vulnerability stays within a virtual sandbox, keeping it separate from your operating system. Your system remains unharmed.

This is just the latest browser exploit getting some attention. It is certainly not the last.

PS.  “Summoner” is known by many other names.  (There is no “naming authority” for malware like this.)  It has many technical designations, including Exploit.HTML.IframeBof (Kaspersky Lab), Exploit-IFRAME BO.demo (McAfee), Downloader.Trojan (Symantec),   Exploit.IframeBO (Doctor Web), JS/IframeBOShell* (RAV), EXPL_IFRAMEBO.A (Trend Micro), HTML/Expl.IframeBof3 (H+BEDV), HTML/IFrameBoF@expl (FRISK),   IFrame (ALWIL), Exploit.Html.Iframe.Bof.Gen (SOFTWIN), Exploit.HTML.IFrameBOF-3 (ClamAV) 

Glimpse into events of September 11, 2001, terrorist attacks comes from pager messages that have been anonymously published on WikiLeaks.org.

Originally posted at News – Politics and Law