Computer virus company McAfee has assembled a list of the top search keywords that are most commonly linked to malware exposure. The winning phrases are: word unscrambler, lyrics, myspace, free music downloads, phelps, game cheats, printable fill-in puzzles, free ringtones and solitaire. In addition, the general categories that are considered riskiest are: screen savers, free games, work from home, Olympics, videos, celebrities, music and news.
It turns out that weird evening bank verification call from AmEx was legit. Brandon wrote back, “After reading all the comments on Consumerist, it stoked my fear of fraud even more, so I called Amex security. They verified the call was legitimate and was from American Express. It was just poor customer service after all.”
Update: It turns out the call was legit.
This story from Jessica is a good reminder that scammers don’t care about the technology, they care about about fooling you. That means they’ll use whatever method is available—in this case, SMS.
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
Here’s the recording of us, spruced up by the visual wizardy of our video slave Alex Goldberg, calling Investor Relations (480-693-1227) yesterday, pressing 0, and brute forcing our way to somebody, anybody, any live person to help us just file a simple (and yes, probably totally hopeless) Lost and Found request.
Like many companies, Comcast doesn’t train its customer service reps enough in security verification. The result is that anyone can call up, pretend to be a service tech, and get your info. Criminals can pick up pieces from one company and use them to get more information out of another, and so on. They can use the end result to steal your identity, your bank account information, and other fell deeds.