A warning to all you job hunters out there: The Better Business Bureau reports a spike in the work at home, get-rich-quick schemes being offered through the social-networking site Twitter.

The scams are similar to the classic Web and e-mail offers. Sites claim you can make loads of money, with little effort, and no experience, as long as you pay for an informative CD—as featured on the fill-in-the-blank nationally syndicated television show—that will reveal the mystery of making thousands of dollars a month.

According to the BBB, the purported offers being posted by companies on Twitter promise to pay users hundreds of dollars a day to be professional “Tweeters”—the name for a person who uses Twitter. “‘Make Money With Twitter’ schemes may sound risk-free but bear many red flags,” according to the BBB.

Here’s your chance to easily opt out of many of those ad-trackers that follow your every move as you surf the Internet. A new, free tool called TACO, or Targeted Advertising Cookie Opt-Out, lets you do just that.

Developed by a student fellow at the Berkman Center for Internet & Society, TACO places cookies in your browser that prevent 84 online ad networks from tracking your browsing habits. Right now, the tool works only with the Firefox browser.

Without TACO, you’d have to visit a large number of Web sites individually and opt out of each network’s program. —Donna Tapellini

An e-mail message purporting to be from PayPal warns the recipient that their PayPal account has automatically sent money to any unfamiliar person. But if the person clicks on "Cancel Transaction," that's when the real problems begin. (Click on the image above to see the complete "phishing" e-mail.)
[ Photo: J. Fox ]

I've been getting e-mail phishing scams for several years and thought I'd seen it all. But this week I received an e-mail that wasn't the usual "We're doing a security check and need your password" scam.

The e-mail appears to come from PayPal, a popular institution often imitated by scammers. What's unusual is that it seems to be a confirmation of a purchase, for more than $400, paid from my PayPal account. There's even a realistic-looking transaction, including the name and address of the person whom you're supposed to assume made the purchase.

I picked this up as a scam fairly quickly because I've trained myself to recognize such cons. But I suspect that a consumer fearful that their PayPal account had been incorrectly charged would hastily follow the scam's instructions to click on the “CANCEL TRANSACTION” link to sign into their account.

If that link were still active (it wasn't when I tried it), doing that would give the criminals the information they need to immediately access the account and drain its funds. (Based on our most recent State of the Net Survey, we estimate that, over the past two years, about 7 million American consumers gave such phishers personal information and that, nationally, phishers stole nearly half a billion dollars from online consumers.)

Here's how to avoid becoming a cybervictim:

If you’re a subscriber to McAfee or Symantec’s security software, you’ve probably noticed automatic charges for renewals on your credit card, even when you didn’t request them. Look for that practice to change, now that the two companies have agreed to pay $750,000 in penalties after settling charges stemming from an investigation by New York Attorney General Andrew M. Cuomo.

As part of the settlement, the companies must clearly disclose any automatic renewal programs, as well as provide easy and transparent methods for opting out of such programs.

The companies also must disclose how long they will provide updates before a charge is incurred, provide a refund to any customer who requests it within 60 days of being charged, and pay the Attorney General’s office $375,000 each in penalties to settle any claims made by consumers.

 “Consumers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months,” said Cuomo. “In other words, no more hide the ball with renewal fees.”—William Dilella

[ Photo: Mateusz Stachowski ]

Yesterday, the parent company of Sears and Kmart settled charges by the Federal Trade Commission that it used software to track the online bank statements, drug prescription records, video rental records, library borrowing histories, and personal e-mail of some Sears’ customers without adequately disclosing that activity to them.

As we reported here on Wednesday, the FTC has expressed concern that more consumer data is being collected online than is necessary.

In this case, the agency says, some online customers were invited by Sears to participate in an initiative called “My SHC Community.” Those who accepted were paid $10 and asked to download “research” software that would confidentially track their “online browsing.” But the FTC said the broad extent of the tracking was revealed only in a lengthy user agreement, which the agency ruled was “deceptive” and in violation of the FTC Act.

Data collection by online advertisers was a hot topic at this week’s Computers, Freedom, and Privacy conference in Washington, DC.

As part of the settlement, Sears agreed to destroy any consumer data it has already collected and to clearly and prominently inform consumers about any data it collects. —Jeff Fox

Harvard researcher Rachna Dhamija painted a grim picture of how consumers deal with online security during the Computers, Freedom and Privacy conference in Washington, D.C.

Take how users deal with security when they visit their bank’s Web site. “They’re not thinking, ‘I want to be secure,’” said Dhamija. “They’re thinking, ‘I want to do my banking.’”

Users are overconfident in their ability to protect themselves, she added. The typical reaction by consumers when they see a dialog box pop up while Web surfing: “Something just happened and I need to click OK to get on with things.”

"Alas, consumers will sell their privacy for a candy bar; in fact, they demand to be able to do so."

That’s a sentiment posted on Twitter here at the Computers, Freedom and Privacy Conference  in Washington D.C. But advocates worry that consumers are unaware of just how much of their private information is being mined, retained, and shared by companies that engage in online behavioral marketing—and beyond.

“A global system has emerged designed to collect information about each of us wherever we are, and target us for advertising and increasingly for politics,” said Jeff Chester, Center for Digital Democracy.  “And it’s designed to affect our behavior.”

Yesterday, I attended the Congressional Internet Caucus Advisory Committee’s panel discussion of President Obama’s cybersecurity report featuring top cyber security and intelligence experts. The panel of experts debated aspects related to civil liberties, critical infrastructure, private sector regulation, and security of government data and systems.

Here is some of what the group said about the report’s impact on consumers:

It’s too soon to tell exactly what will change for consumers in the aftermath of the report’s release, the group agreed. “Consumers are going to have to wait,” said Gregory Nojeim, Senior Counsel at the Center for Democracy & Technology. “The report is so high level, it’s going to depend on how it’s implemented.”

One piece of good news for consumers, according to Marcus Sachs, Executive Director of Government Affairs for National Security Policy at Verizon, is that President Obama places himself in a consumer role. “He sees himself as a user—and a hackee,” since his campaign Web site was itself compromised during the election in 2008.

Melissa Hathaway, Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils, and leader of the team that produced the Obama administration's cybersecurity report, at the event today in which the report was unveiled. (Click to enlarge.) [Photo: Jeff Fox]

Bearing the title,"Cyberspace Poicy Review," and just 38 pages long (if you don't count the appendices), the long-awaited preview of how the federal government is going to secure cyberspace was finally released at the President's White House speech today. (I was actually handed a copy in the East Room 20 minutes before its official release time and then asked to return my copy until that time, 10:45 am EDT, arrived.)

While I haven't had time to read through the report in its entirety, here are some key points from it that the President stressed in his speech:

• The status quo is no longer acceptable. The US must signal to the world that it is serious about addressing the challenge of cyber security.
• "Ad hoc responses will not do." (That's a direct quote from Obama's speech). The President said the country cannot continue to react to cyber crime on a piecemeal, incident-by-incident basis; it must become proactive, organized, and partner with other nations.
• There will be accountability. The President promised that milestones and "performance" metrics will be used to ensure that goals are met.
• Although public/private partnerships will be pursued, there will be no monitoring of private sector networks or Internet traffic. There will be a strong commitment to privacy and civil liberties.

President Obama speaking on America's cyber infrastructure. Photo: Jeff Fox

In launching his cybersecurity initiative at the White House today, President Obama promised determination, cooperation, accountability, and a return in the 21st century to the can-do spirit that made America great in the 20th century.

As expected, Obama did announce the creation of a “cyber security coordinator” position in the White House, but didn’t announce who will fill it. But, in the wake of rampant speculation that such a cyber-czar would have a hard time effectively coordinating the federal agencies that routinely engage in turf battles over internet security, the President was very clear that whoever is chosen will have the power of the presidency behind him or her. Obama promised that whoever fills the position “will have my full support and regular access to me.”

I’ll be posting more analysis of the speech shortly on this blog. —Jeff Fox