The Center for Disease Control recently provided a news release that states that fraudulent emails are being received across the country referencing a CDC State Sponsored Vaccination Program.

Apparently the email is requesting that users create a personal H1N1 Vaccination Profile on the CDC’s website. The email promotes a sense of urgency because it states that anyone over the age of 18 is required to have their Vaccination Profile registered with the CDC.  When the user clicks on the link, a virus is immediately uploaded to their computer that compromises all the personal data on the computer and makes it easily accessible to would-be hackers.

The following is a sample image of the fraudulent email:

Because of these potential phishing attacks and e-mail scams, SmartSecurityPeople.com encourages consumers who are interested in H1N1 influenza virus information to visit the U.S. Department of Health & Human Services informational Web site at  www.flu.gov . We are also pleased to offer the following tips to help our readers avoid phishing scams:

• Contact the institution yourself: Don’t respond to unsolicited requests for your personal information. Instead, contact the organization at a phone number or a Web address you know to be correct.
• Don’t click on links in e-mails: Be cautious about opening any attachments or downloading any files from e-mail messages. Links and attachments can make your computer vulnerable to viruses.
• Look for warning signs: Misspelled words or a lack of personal greetings may signal fraud. However, the presence of a personal greeting or a lack of errors does not guarantee legitimacy.  Always be skeptical.
• Use spam filters, anti-virus software, anti-spyware software and a firewall: Update your security software regularly. The software can help stop your computer from accepting unwanted files that can be sent via phishing e-mails.
• Don’t give out personal information via e-mail: E-mail is not a secure method of transmitting personal information. A bank or governmental agency will never request personal information via e-mail.
• Monitor your accounts: Review credit card and bank account statements as soon as you receive them. If you find unauthorized charges, immediately notify your bank or credit card provider.
• Report Phishing Scams to the company or organization that the scam artist is impersonating.

We hope you find this information useful.

As our readers are aware, this is National CyberSecurity Month. In order to pay tribute to the month, Google has recently released the top 5 security tips that should be utilized by those of us that use Gmail as our free email service provider.

The tips below are directed specifically for Gmail users but they can be applicable for most any free email service provider. If you find that your email service provider can not provide similar security features as our friends at Google, you may want to consider shifting your email to Gmail. We hope that our readers at SmartSecurityPeople.com find this information helpful as we continue to celebrate National CyberSecurity Month.

1. Remember to sign out. Especially when using a public computer, be careful to sign out of your Google account when you’re finished. Just click the “Sign out” link at the top right corner of your inbox. If you’re using a public or shared computer and want to be extra thorough, you can also clear the browser’s cache, cookies and history. Then, completely close the browser. On your personal computer, you can also lock your computer with a password-protected screensaver if you need to step away momentarily. Learn the best ways to lock your screen in Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on another computer and use Gmail’s remote sign out feature to close any sessions that might still be open elsewhere.

2. Be careful about sending certain sensitive information via email. Once you send an email, you’re no longer in control of the information it contains. The recipients, if they so choose, could forward the email or post its contents in a public place. Even if you know and trust the people you’re emailing, that information may become exposed if their accounts become compromised or they get a virus on their machines. As a rule of thumb, should you need to provide a credit card number or financial account number to respond to a message, provide it over the phone or in person - not over email. And never share your password with anyone. Google does not email you to ask you for your password, your social security number, or other personal information - so don’t send it!

3. Enable “Always use HTTPS.” Any time you visit a webpage, your computer needs to send and receive information across the Internet. HTTPS is used to encrypt data as it is transmitted between computers on the Internet, so look for the “https” in the URL bar of your browser to indicate that the connection between your computer and Gmail’s servers is encrypted. We use HTTPS on the Gmail login page, and you can choose to protect your entire Gmail session with HTTPS as well. HTTPS can make your mail slower, so we let you make the choice for yourself. Open Settings and choose “Always use HTTPS” on the General tab if you want to turn it on.

4. Be wary of unexpected attachments.To help protect you from viruses and malware, Gmail automatically scans every attachment when it’s delivered to you, and again each time you open a message. Attachments you send are also scanned. That said, no system is foolproof, so if you happen to get an email from a friend with an attachment you didn’t expect, don’t be afraid to ask the sender what it is before you decide whether to open it.

5. Make sure your account recovery information is up-to-date. Your account recovery information helps you regain access to your account if you ever forget your password, or if someone gains access to your account without your permission. We currently offer several paths to account recovery. Every Gmail user must select a security question and answer - be sure to choose a combination that is easy for you to remember, but hard for others to guess or come across by investigating. Don’t choose a question like “What is my favorite color?” as others may easily guess the answer. We also encourage you to provide a secondary email address and/or a mobile phone number, so we can send you a link to reset your password if you lose access to your account.

October marks the sixth annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. The theme for this years awareness month is “Our Shared Responsibility”. The point that Homeland Security is trying to drive home is that computers users, as well as government and corporate entities, should be responsible for promoting good “Cyber Hygiene”. It is a shared responsibility that relies upon all of us to be vigilant in safeguarding ourselves and our families from cyber criminals.

The following are simple tips provided by the Department of Homeland Security to help all of us stay safe while being online and promote cybersecurity:

Take Action - There are many things businesses, schools, and home users can do to practice cybersecurity during National Cybersecurity Awareness Month and beyond.

• Make sure that you have anti-virus software and firewalls installed, properly configured, and up-to-date. New threats are discovered every day, and keeping your software updated is one of the easier ways to protect yourself from an attack. Set your computer to automatically update for you.
• Update your operating system and critical program software. Software updates offer the latest protection against malicious activities. Turn on automatic updating if that feature is available.
• Back up key files. If you have important files stored on your computer, copy them onto a removable disc and store it in a safe place.

Endorse - Demonstrate your commitment to cybersecurity.

• Show your organization’s commitment to cybersecurity and National Cybersecurity Awareness Month by signing the online endorsement form at www.staysafeonline.org.
• Create a section for cybersecurity on your organization’s Web site. Download banners at www.staysafeonline.org and post them on your organization’s home page.
• Add a signature block to your e-mail:
  “October is National Cybersecurity Awareness Month. Stay Safe Online! Visit http://www.staysafeonline.org for the latest cybersecurity tips.”

Educate - Find out what more you can do to secure cyberspace and how you can share this with others.

• Participate in the National Cyber Security Alliance Cyber Security Awareness Volunteer Education (C-SAVE) Program and help educate elementary, middle, and high-school students about Internet safety and security. For more information or to download the C-Save curriculum, visit www.staysafeonline.org/content/c-save.
• Review cybersecurity tips with your family.
• Print and post these cybersecurity tips near your computer and network printers.
• Use regular communications in your business-newsletters, e-mail alerts, Web sites, etc.-to increase awareness on issues like updating software processes, protecting personal identifiable information, and securing your wireless network.

For more information on Awareness Month and for additional material, please visit www.us-cert.gov and www.staysafeonline.org/ncsam.

We hope our readers at SmartSecurityPeople.com find this information helpful as you are surfing the world wide web.

Deceptive tactics are a very common tool for programmers to get you to purchase protective software for your computer. Since they can’t get you to purchase the software based upon it’s own reputation, they resort to making you think your computer is infected with a virus and the only way to fix the problem is by use of their security software. A popular example of this approach is currently being used by the SAFETY CENTER SUITE people and it is developed by the same group that promotes PRIVACY CENTER.

Safety Center pretends to be a security suite consisting of a spyware scanner, a firewall, a registry scanner, and privacy protection. In reality, this program has only one goal and that is to take your money without providing anything in return. It will pretend that it is scanning your computer for threats and will even act as though it has found a number of them. In all actuality though, your computer is probably just fine and has no apparent problems. The bad news is that if your computer did have problems, the Safety Center program would not be able to cure it because it’s only purpose is to act like you have issues and then “fix” those supposed problems.

The following is a screen shot of what the Safety Center Suite looks like:

As the software is running, it will continue to provide you with a number of warnings and pop up windows to let you know that your computer is at risk and in dire need of repair by their software program. Again, these are all tactics to try and get an unknowing person to purchase their software. If you think this is bad, it gets even worse. Safety Center is known to hijack your web browser and give you false alerts about an infectious malware program being found on your computer when you visit different websites. The following is the warning message that they provide:

We are sorry but your query looks similar to requests from a computer infected by viruses or spyware applications. To protect our users, we can’t proceed with your request at the moment. We will restore your access as quickly as possible, so try again later.

Meanwhile, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your system is free of viruses and other malicious software.

They then proceed to provide you with a SCAN NOW button that launches the Safety Center Suite when clicked. Of course, immediately it will encourage you to purchase the program to clean your computer of any viruses or malware.

If you believe that you have been infected by the Safety Center Suite Trojan, you should be able to quickly remove it by utilizing any accredited Virus/Malware removal tool. However, if you would like to remove the infected files on your own, the following is a list of the Safety Center Files and Registry Information that will be on your computer:
Associated Safety Center Files:

c:\Program Files\SafetyCenter
c:\Program Files\SafetyCenter\main.ico
c:\Program Files\SafetyCenter\protector.exe
c:\Program Files\SafetyCenter\sound.wav
%UserProfile%\My Documents\0886b8.vom
%UserProfile%\My Documents\102.exe
%UserProfile%\My Documents\cs_def.exe
%UserProfile%\My Documents\trojan.psw.stealth.a.exe
%UserProfile%\My Documents\Adrevolver.txtAds360.com
%UserProfile%\My Documents\default.pss
%UserProfile%\My Documents\emalware.cvd
%UserProfile%\My Documents\install_tag002.exe
%UserProfile%\My Documents\tdfhex.dll
c:\WINDOWS\gbaxl2.dat

Associated Safety Center Windows Registry Information:

HKEY_CLASSES_ROOT\CLSID\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
HKEY_CLASSES_ROOT\CLSID\{EB09B56A-91AB-11DE-95FD-A39056D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB09B56A-91AB-11DE-95FD-A39056D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{BCA9B86C-91BC-11DE-B1CD-35C755D89593}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyCenter
HKEY_LOCAL_MACHINE\SOFTWARE\SafetyCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce “SafetyCenter”

We hope our readers SmartSecurityPeople.com find this information useful. We know that there are a number of programs, spyware, trojans, and malware looking to find its way onto your computer. If you know of any other popular programs, using tactics similar to SAFETY CENTER, that we should be wary of or steer clear of, please be sure to share your information below in comments. The more we all know.. the better!

Hackers and spammers love just about any Hallmark holiday. However, extra effort does seem to appear on their behalf around Valentines Day. Maybe they are playing on our emotions and hoping that a harmless looking email with a warm and fuzzy Valentine header will make it past our usual email sorting defenses. Regardless, it is important to be vigilant at all times(especially at holidays) when going through your inbox.  If you are not, you may compromise your computer and all your personal data that you may be housing on it.

Back in 2007, many unsuspecting computer users fell prey to the Storm Virus that was released by an army of hackers and spammers. It was deployed again in 2008 utilizing Valentine Day spam and is estimated by security professionals to be used again in 2009.  “Clearly the old Storm folks are working as hard as they can to build up their new botnet, and are following the old tried-and-true methods of centering their social engineering tactics around holiday themes,” said Masiello in a post to the MX Logic Blog. Masiello goes on to say:”But it still impresses me that tactics like this continue to work and be so effective, despite how many times it gets recycled”

SmartSecurityPeople.com wishes all of our readers a wonderful Valentine’s Day. We hope that you and your computers remain safe from unwelcome Valentine viruses.

The Berkman Center at Harvard University sponsored a task force to research and report upon the safety and security issues for young people in regards to their participation with online social networking. MySpace, in particular, appears to be the main focus of the report. However, the same findings could easily be applied to Facebook, Twitter, etc…

The Internet Safety Task Force released their final report on January 14th and it is available online here.

The Task Force’s research has been able to surmise the following:

• Sexual predation on minors by adults, both online and offline, remains a concern. Sexual
  predation in all its forms, including when it involves statutory rape, is an abhorrent crime.
  Much of the research based on law-enforcement cases involving Internet-related child
  exploitation predated the rise of social networks. This research found that cases typically
  involved post-pubescent youth who were aware that they were meeting an adult male for
  the purpose of engaging in sexual activity. The Task Force notes that more research
  specifically needs to be done concerning the activities of sex offenders in social network
  sites and other online environments, and encourages law enforcement to work with
  researchers to make more data available for this purpose. Youth report sexual solicitation
  of minors by minors more frequently, but these incidents, too, are understudied,
  underreported to law enforcement, and not part of most conversations about online safety.
• Bullying and harassment, most often by peers, are the most frequent threats that minors
  face, both online and offline.
• The Internet increases the availability of harmful, problematic and illegal content, but does
  not always increase minors’ exposure. Unwanted exposure to pornography does occur
  online, but those most likely to be exposed are those seeking it out, such as older male
  minors. Most research focuses on adult pornography and violent content, but there are also
  concerns about other content, including child pornography and the violent, pornographic,
  and other problematic content that youth themselves generate.
• The risk profile for the use of different genres of social media depends on the type of risk,
  common uses by minors, and the psychosocial makeup of minors who use them. Social
  network sites are not the most common space for solicitation and unwanted exposure to
  problematic content, but are frequently used in peer-to-peer harassment, most likely
  because they are broadly adopted by minors and are used primarily to reinforce pre-existing
  social relations.
• Minors are not equally at risk online. Those who are most at risk often engage in risky
  behaviors and have difficulties in other parts of their lives. The psychosocial makeup of
  and family dynamics surrounding particular minors are better predictors of risk than the use
  of specific media or technologies.
• Although much is known about these issues, many areas still require further research. For
  example, too little is known about the interplay among risks and the role that minors
  themselves play in contributing to unsafe environments.

The final recommendations of the Task Force are as follows:

• Members of the Internet community should continue to work with child safety experts,
  technologists, public policy advocates, social services, and law enforcement to: develop
  and incorporate a range of technologies as part of their strategy to protect minors from
  harm online; set standards for using technologies and sharing data; identify and promote
  best practices on implementing technologies as they emerge and as online safety issues
  evolve; and put structures into place to measure effectiveness. Careful consideration should
  be given to what the data show about the actual risks to minors’ safety online and how best
  to address them, to constitutional rights, and to privacy and security concerns.
• To complement the use of technology, greater resources should be allocated: to schools,
  libraries, and other community organizations to assist them in adopting risk management
  policies and in providing education about online safety issues; to law enforcement for
  training and developing technology tools, and to enhance community policing efforts
  around youth online safety; and to social services and mental health professionals who
  focus on minors and their families, so that they can extend their expertise to online spaces
  and work with law enforcement and the Internet community to develop a unified approach
  for identifying at-risk youth and intervening before risky behavior results in danger.
  Greater resources also should be allocated for ongoing research into the precise nature of
  online risks to minors, and how these risks shift over time and are (or are not) mitigated by
  interventions. To allow for more systematic and thorough research, law enforcement should
  work with researchers to help them gather data on registered sex offenders’ use of Internet
  technologies and technology companies should provide researchers with appropriately
  anonymized data for studying their practices.
• Parents and caregivers should: educate themselves about the Internet and the ways in which
  their children use it, as well as about technology in general; explore and evaluate the
  effectiveness of available technological tools for their particular child and their family
  context, and adopt those tools as may be appropriate; be engaged and involved in their
  children’s Internet use; be conscious of the common risks youth face to help their children
  understand and navigate the technologies; be attentive to at-risk minors in their community
  and in their children’s peer group; and recognize when they need to seek help from others.

We at SmartSecurityPeople.com applaud the efforts of the Internet Safety Task Force in compiling this data and providing it to the public. It is certainly a great service that they have done and we appreciate the education and information.