This is the text message some spammer/phisher sent to my cell phone today. Has anyone else gotten one of these SMS messages? (Click to enlarge.)
[PHOTO: P. Eng, Consumer Reports]

I almost fell for a rather clever phishing message sent to my cell phone, not my computer's e-mail inbox. A text message from "Unknown" popped up on my cell phone, warning me that my "Card" with Chase had been deactivated. To reactivate it, all I had to do was call the toll-free number listed in the message. (See image at right.)

Because I have several accounts with Chase—and I do take advantage of "Chase Mobile Banking"—I nearly pressed the "Call" button to reactivate my card.

But on closer look, I realized this was a scam. Here's what tipped me off:

• The "Unknown" sender. All the previous official alerts from Chase to my cell phone were clearly identified by a specific ID number clearly linked to "Chase" in my phone's address book.
• The "Card starting with..." text. Most banks use "Your account ending with..." not, "starting with."
• The improper capitalization. "...has been Deactivated."
• The incorrect account number. I don't have any Chase accounts starting with 511182.

Thankfully, I didn’t press the "Call" button on my cell phone. But I did phone Chase's official customer service line (1-800-436-7927) and was quickly connected with the Chase bank's online fraud and security center. The Chase representative told me the bank is aware of these phishing text messages, but the version of the phish they had on record had a different toll-free number. They noted the details of the phishing message I received and said they'd monitor my Chase accounts for any suspicious activity since this appeared to be a "new type of fraudulent e-mail."

(Click to enlarge.)

It may be a tad early to start your holiday shopping, but there’s a good chance you’ve at least been thinking about it. Maybe you’ve had a big-ticket gift—like a new TV or home theater—in mind for a while now, but are putting off the purchase till November or December. If it’s sales you’re waiting for, you probably know what you want and how much you’re willing to pay. On the other hand, you might just a teeny bit leery of throwing so much cash at something you know very little about. Which is better: a plasma or LCD TV? Should you upgrade to a Blu-ray player or stick with standard-def DVDs?

If you find yourself in need of expert advice, consider the newest edition of the Consumer Reports Electronics Buying Guide. Inside you’ll find a wealth of information on everything from televisions and computers to smart phones, GPS units, and much more. For each product, the Consumer Reports editors walk you through the basics, explaining what’s available, which features matter, brand profiles, and offering tried-and-true shopping tips.

In addition to product information, the guide offers advice on how to shop smarter, including:

• Netting the best deals online, and protecting yourself when you shop on the Web


• When to repair and when to replace a broken item


• How to haggle effectively


• Finding the best electronics retailer based on our comprehensive annual survey


• How to save—and what to be wary of—with refurbished or open-box products on store shelves


• Where to get free office software, free computer security programs, and more useful freeware

More than 100 people have been charged with identity theft and other computer-related crimes in a joint investigation by U.S. and Egyptian law-enforcement agencies.

Operation Phish Phry uncovered an international conspiracy that was allegedly using phishing tactics to steal personal information from account holders at American financial institutions. The investigation was conducted on the U.S. end by the FBI, the United States Attorney's Office, and the Electronic Crimes Task Force in Los Angeles.

The indictment charges that cyberthieves located in Egypt used classic phishing tactics to direct victims to phony Web sites, where they entered passwords, account numbers, and other data. That info was used to hack into accounts at two banks. Money was transferred from the compromised accounts to fraudulent accounts created by "runners" recruited by the U.S.-based co-conspirators.

Fifty-three defendants were charged in the United States with conspiracy to commit bank fraud and wire fraud; 47 more were charged in Egypt.

Remember never to access a financial account online by clicking on a Web link embedded in an e-mail. For more security advice, take a look at our Guide to Online Security. —Donna Tapellini

You’ve got one less excuse for leaving your computer unprotected against viruses and spyware: Microsoft recently added its new software package, Security Essentials, to the list of free antivirus tools available for download online.

We gave Security Essentials a preliminary test run on several PCs here in our labs. The program installed in less than a minute on the typical PCs we tried, appears to use relatively few system resources, and has reasonable default settings. It’s compatible with Windows XP or later.

The user interface is deceptively simple, which is a good thing. The program automatically updates itself, and performs a quick scan every Sunday night by default, though you can change that and other settings.

If you have antivirus software already, there's no need to change. If you decide to make the switch to Security Essentials, be sure to uninstall your old antivirus program first. Security Essentials disables Windows Defender if it finds it, since they duplicate anti-spyware tasks, and since running two real-time anti-spyware programs can lead to problems.

The number of hijacked social networking accounts is on the rise, according to a warning issued by the FBI this week. (For free advice on how to protect yourself online, see our Online Security Guide.)

The warning addresses one of the more popular online scams, perpetrated on sites like Facebook and Myspace: Criminals plant malicious software on a victim’s computer, hijack their social networking account, then use the account to send emergency distress messages, for example claiming they are in legal or medical peril, requesting money from their social network contacts.

The FBI’s announcement also describes several other online scams, such as spamming to promote phishing sites and distributing malicious software via social-networking “applications.”

One of the best ways to protect yourself against malicious software is to use an effective security software suite. Our Ratings of security software (available to subscribers) provide recommendations on which products offer the best protection.

If you’re looking for a free antivirus, be aware that Microsoft has just released its own called Microsoft Security Essentials. We haven’t tested it yet; we will be posting more details on this product in this blog very shortly.

For the rest of October, which is National Cyber Security Awareness Month, we’ll continue to post the latest news and advice about online security. —Jeff Fox

Last week, my colleague, Jeff Fox, was perusing the New York Times online when a window popped up warning him (and many others) that his computer was “at risk” and in need of immediate protection. The window looked legitimate, very similar to his own security software. But Jeff knew better. From years covering all the nasty maladies that can infect a computer, he recognized the popup as a “malvertisement.” He immediately closed his browser and, to be safe, ran a virus and spyware scan of his hard drive. Had he followed the popup’s prompt, seeking protection, he might have exposed his computer to an online attack.

So-called malvertisers have become adroit at smuggling their software into online ads, where they can entice or frighten users into following harmful links in hopes of remedying a supposed problem with their computer. The tactic NYTimes.com readers saw—a malvertisement warning them of infection—is known as “scareware,” as it hopes to snare less savvy folks than Mr. Fox. (Another coworker mentioned to me recently that his elderly father, unaware of such ploys, is notorious for clicking on malvertisements, which infect his computer.)

Perhaps in response to the attack on such a well-trafficked, reputable site as NYTimes.com, Microsoft last week filed five lawsuits against alleged malvertisers. Although the guilty individuals remain anonymous, Microsoft hopes that the suits, which are directed at several front companies (named Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC. and ote2008.info) will uncover the culprits.

To protect yourself, be vigilant. Be wary of any popup windows that look fishy, especially if they appear alarmist. When closing such a window, carefully click the “X” in the corner and not anywhere inside the window itself. Sometimes the popups make it exceedingly difficult for you to get rid of them. In those frustrating cases, it’s best to quit your entire browser.

For more on staying safe online and avoiding clever tricks like malvertising, see our free Online Security Guide. —Nick K. Mandle

USB flash drives are small tools that can help back-up the data on your computer.
[PHOTO: Consumer Reports]

Any computer clean-up plan should also include a backup strategy. In fact, backing up your computer is probably one of the most important things you can do, and it won’t cost you much at all.

We recommend three ways to back up your data. You can either buy an external hard drive, use a high-capacity flash drive, or set up a subscription with a low-cost online storage site. Here’s a quick look at each option. For more details, take a look at our Computer Backup System Buying Guide (available to subscribers).

External hard drive. Easy to install, an external hard drive usually requires a simple USB connection to your computer. With some, you may not even need software to get the backups running. They also don’t cost much, so you should be able to get a drive that meets your needs for $150 or less. Get a drive that’s at least the size of your current hard drive. If you get one smaller than that, make sure you weigh your future needs as well. Homes with more than one computer will need a networkable hard drive, which costs a bit more and is harder to set up, but a convenient way to share files across all your systems. The downside of an external drive: Most are not very portable.

USB flash drives. Tiny and convenient, USB flash drives have gotten large enough to serve as backup devices. Like external drives, they’re easy to set up, and may run backups without requiring extra software. A 32GB backup drive should cost between $150 and $200. Best of all, you can carry the drive around with you. But that portability can also be a danger, since flash drives are easy to lose or steal.

Online services. One worry with storing backups at home is the potential for theft, fire, or other catastrophic loss. Online storage provides an option outside your house, adding an extra layer of protection by storing your data in multiple locations. We looked at a few sites, and found that they’re easy to use but slow, especially during the initial backup. But you don’t have to worry about setting up any hardware, and you can access your data from any Internet connection. Costs vary, but two of those we reviewed were about $50 a year for unlimited backup.

Subscribers can check out our Guide to computer backup products for reviews on various data storage solutions. —Donna Tapellini

[PHOTO: Courtesy of Mirko Macari]

In a previous post, I explained how, according to a recent study [PDF], social networks like Facebook and Myspace are leaking the personal information of their users to third-party tracking sites. If you use a social network, here are some ways to protect your privacy:

1. Carefully limit the information you post on any social network to just what’s necessary to interact with friends. Don’t list your address, phone number, birthday, or other sensitive information.


2. Familiarize yourself with the social network’s privacy controls and use them as vigorously as necessary to restrict access to your information to just your known circle of friends. You can usually find those controls by signing in and by accessing the service’s “account settings” screen.


3. Use your browser’s security settings to reduce your exposure to tracking sites. For example, you might configure the browser to refuse third-party cookies. The aforementioned study provides more details on ways to protect yourself via your browser, although the protection those afford isn’t foolproof.

Use our other advice on how protect yourself online. For tips, including ways to avoid identity theft, see our free online security guide.

How much personal information do you post on the social networks you use? Is that affected by security concerns? And have you used the service’s privacy controls to block unwanted access? Tell us about your experiences in the space below. —Jeff Fox

A new study suggests so-called tracking cookies used by social networks such as Facebook and Twitter may help reveal users' sensitive personal information to third-party advertisers, hackers and online criminals.
[ PHOTO: Courtesy of Sean Carpenter ]

In our 2009 State of the Net survey, roughly 13 percent of people using social networks such as Facebook and Myspace reported being subjected to some kind of abuse and 17 percent of all online users reported having recently experienced identity theft online.

Now a new study (PDF) raises another, possibly more serious threat to users of social networks: the leaking of their personal information to third-party tracking sites that run banner ads on those social networks.

Such tracking sites are known to compile, over a period of years and using cookie files on people's home computers, anonymous records of users' online behavior. For example, they track which web sites people visit. Having the ability to tie those anonymous records to the identities of social network users would all but eliminate their anonymity.

The study, co-authored by a researcher at the Worcester Polytechnic Institute, examined the practices of 12 social networking services, including Bobo, Digg, Facebook, Friendster, Hi5, Imeem, LinkedIn, LiveJournal, MySpace, Orkut, Twitter, and Xanga.

Jessica Biel has been named the "most dangerous celebrity in cyberspace."
[PHOTO: Courtesy of Maggiejumps]

No, she’s not hacking on the side, but Jessica Biel—or, rather, her popularity—still poses a risk to the health of your PC. McAfee has named Ms. Biel “the most dangerous celebrity in cyberspace” when it comes to the glut of venomous Web sites a user encounters when performing an online search for the A-list star.

From McAfee:

Fans searching for “Jessica Biel” or “Jessica Biel downloads,” “Jessica Biel wallpaper,” “Jessica Biel screen savers,” “Jessica Biel photos” and “Jessica Biel videos” have a one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

This is the third year McAfee has researched celebrities on the Web to determine the riskiest among them. Biel sits atop a list of other search-at-your-own-risk celebrities including Beyonce (2nd riskiest), Tom Brady (4th), Miley Cyrus (7th), and Lindsay Lohan (14th). Brad Pitt, last year’s “most dangerous”, was bumped to number 10 on the list.

A twenty percent chance of encountering an online threat on a single search is a disturbingly high fraction. To minimize your risk, use a security suite such as the ones we rated (subscribers only).

Also, be careful to only visit reputable sites when searching for a celebrity on McAfee’s “most wanted” list, or for that matter, any celebrity. Additionally, check out our 19 tips to stay safe online, 7 common blunders to avoid, and our free online security guide. —Nick K. Mandle