Computer-virus infections don’t cause your machine to crash anymore.

Nowadays, the criminals behind the infections usually want your computer operating in top form so you don’t know something’s wrong. That way, they can log your keystrokes and steal any passwords or credit-card numbers you enter at Web sites, or they can link your infected computer with others to send out spam.

Here are some signs your computer is infected, tapped to serve as part of “botnet” armies run by criminals:

See the full report at MSNBC.com.

For the ninth year in a row, identity theft is the top consumer complaint as reported to the U.S. Federal Trade Commission.  I bet next year will be the tenth.

I first got involved in the battle against identity theft in 1998 when I testified in July of that year before the United States House of Representatives about the growing threat of information brokers stealing and selling citizens’ financial information.  In 1999, the Federal Trade Commission (FTC) reported for the first time that identity theft was the crime that Americans complained about the most as a consumer issue.  Since that year, identity theft has remained at the top of the list.

If anything, identity fraud and identity theft are now far more sophisticated crimes than they were back in the 90’s when the government first started to take note of the increasing levels of financial fraud associated with identity theft. 

There is no doubt that international organized crime is playing a significant role and even domestic cases are becoming more complex.  The days of merely stealing mail or dumpster diving for personal identifying information seem quaint at this point.  Today’s identity criminals are full-fledged participants in the world of cybercrime and utilize sophisticated hacking techniques to perform large scale data breaches.

The sad reality is there will be little relief from identity theft until there is a coordinated international effort backed up by laws that recognize this growing menace for the threat it is.  Until that day, we will continue to see identity theft continue as the top consumer complaint year after year.

Online con artists are always coming up with something new.

Now they’re phishing for private information via fax – while pretending to be the IRS.

The phony e-mail arrives, pretending to be from “Internal Revenue Service,” with a subject line such as “please see the attachment.”

One e-mail still circulating yesterday had two attachments.

One looks like a letter on official IRS stationery, saying: “Our records indicate that you are a non-resident alien.”

The other is a copy of an actual IRS form.

See the full report at philly.com.

What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks. Here we look at some of the most common lines these people are using to fool their victims.

See the full report at NetworkWorld.com.

Using the simplest of social engineering hacks — an enticing message with a link, labeled “don’t click” — a “clickjacking” exploit of the Twitter microblogging service flooded its network today, hijacking users’ status to spread itself before the link could be shut down.

The exploit’s link — http://tinyurl.com/amgzs6 — relied on a URL hidden through use of the TinyURL link-shortening service. The hack was shut down early this afternoon by TinyURL’s founder, Kevin Gilbertson, after Twitter users notified him of the attack.

“On my end, I just got some e-mails mentioning it. So once I found that out, I terminated the URL like I do with other abuse instances,” Gilbertson told InternetNews.com. He added that he replaced the forward of the URL with a notice that the URL had been terminated due to a breach of TinyURL’s terms of service.

See the full report at internetnews.com.

Posing as homeowners or city officials, a team of 15 criminals fraudulently sold 82 unoccupied houses to unsuspecting buyers over the last five years, a grand jury charged Wednesday.The homes were in poor neighborhoods and were sold for as little as $6,000, often to immigrants and non-English speakers, and often for cash, according to the grand jury report. Proceeds from the scheme could be as much as several million dollars, the authorities said.

“Both sides of these cases have suffered immeasurably,” District Attorney Lynne Abraham said in a statement, “the families who paid cash for ‘buying’ what they never owned and spending more money for rehabilitation of the properties, and the rightful homeowners who had to hire attorneys to get their rightful property returned to them.”

The authorities first got wind of the scheme in September 2004 when a homeowner, Fernando DeCastris, contacted the district attorney’s office to report the fraudulent sale of a house that he and his wife had owned since 1989 but had left vacant and boarded up because it was an investment property.

See the full report at the New York Times.

Bryan Rutberg’s Facebook account was taken over by a thief who sent out a message  that read URGENT NEED OF HELP (supposedly from Bryan) and that he needed money.  His friends thought the message was from Bryan and generously wired him money (to London).  The thief also blocked Bryan’s wife’s Facebook account so she could not see activity on Bryan’s Facebook Wall.

See the full story in this video:

[youtube]http://www.youtube.com/watch?v=zlt25QLeoGA[/youtube]

An 18-year-old Wisconsin man is being charged with using Facebook to extort sex from boys by threatening to expose nude pictures of them he obtained by acting as girls on the social-networking site.

Waukesha County prosecutors alleged Anthony Stancl posed as females on Facebook, and solicited nude photos and videos from young boys, some of them he knew were under-aged. Stancl, a high school student just west of Milwaukee, was recently expelled for allegedly making a bomb threat. He’s also accused of forcing six under-aged boys and one aged 18 to have sexual encounters with him, prosecutors said.

He enticed them by threatening to release their nude images to classmates, Waukesha County District Attorney Brad Schimel said. “The extortion was all about sex,” Schimel said in a telephone interview.

See the full report at Wired.com.

The following phishing email purporting to be from the IRS was in my in-box yesterday.  Can you spot the obvious flaws that mark this as a phish?

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund under section 501(c) (3) of the
Internal Revenue Code. Tax refund value is $189.60.

Please submit the tax refund request and allow us 6-9 days in order to IWP the data received.

If u don’t receive your refund within 9 business days from the original IRS mailing date shown, you can start a refund trace online.

If you distribute funds to other organization, your records must show wether they are exempt under section 497 (c) (15). In cases where the recipient org. is not exempt under section 497 (c) (15), you must have evidence the funds will be used for section 497 (c) (15) purposes.

If you distribute fund to individuals, you should keep case histories showing
the recipient’s name and address; the purpose of the award; the maner of
section; and the realtionship of the recipient to any of your officers, directors, trustees, members, or major contributors.

To access the form for your tax refund, please click here

This notification has been sent by the Internal Revenue Service, a bureau of the Department of the Treasury.

Sincerely Yours,

John Stewart
Director, Exempt. Organization
Rulings and Agreements Letter
Internal Revenue Service

Phishing fraudsters have moved on from banking sites with an attack designed to hoodwink hotel customers, according to a team of security volunteers.Hotel chains including Hyatt, TraveLodge, Comfort Inn, Ramada, Days Inn, and Wyndham are being targeted in the reported scam. More than 71,000 travelers each month have been redirected to counterfeit sites, volunteer security community FraudTip.com warns. Mainstream net security firms are unable to confirm these figures.

FraudTip.com culled its figures using “audience measurement” technology. It reckons the scam combines “advanced online advertising, bogus hotel locators, third-party reservation systems, and Internet browser crimeware to redirect hotel guest traffic to fake versions of well-known hotel chain websites”.

However net security firms reckon the attack is nothing more or less than a straightforward phishing scam, albeit one directed at hotels rather than banks or ecommerce outlets. Some element of search engine trickery to inflate the rank of counterfeit sites may also be involved.

See the full report at The Register.