This is the text message some spammer/phisher sent to my cell phone today. Has anyone else gotten one of these SMS messages? (Click to enlarge.)
[PHOTO: P. Eng, Consumer Reports]

I almost fell for a rather clever phishing message sent to my cell phone, not my computer's e-mail inbox. A text message from "Unknown" popped up on my cell phone, warning me that my "Card" with Chase had been deactivated. To reactivate it, all I had to do was call the toll-free number listed in the message. (See image at right.)

Because I have several accounts with Chase—and I do take advantage of "Chase Mobile Banking"—I nearly pressed the "Call" button to reactivate my card.

But on closer look, I realized this was a scam. Here's what tipped me off:

• The "Unknown" sender. All the previous official alerts from Chase to my cell phone were clearly identified by a specific ID number clearly linked to "Chase" in my phone's address book.
• The "Card starting with..." text. Most banks use "Your account ending with..." not, "starting with."
• The improper capitalization. "...has been Deactivated."
• The incorrect account number. I don't have any Chase accounts starting with 511182.

Thankfully, I didn’t press the "Call" button on my cell phone. But I did phone Chase's official customer service line (1-800-436-7927) and was quickly connected with the Chase bank's online fraud and security center. The Chase representative told me the bank is aware of these phishing text messages, but the version of the phish they had on record had a different toll-free number. They noted the details of the phishing message I received and said they'd monitor my Chase accounts for any suspicious activity since this appeared to be a "new type of fraudulent e-mail."

(Click to enlarge.)

It may be a tad early to start your holiday shopping, but there’s a good chance you’ve at least been thinking about it. Maybe you’ve had a big-ticket gift—like a new TV or home theater—in mind for a while now, but are putting off the purchase till November or December. If it’s sales you’re waiting for, you probably know what you want and how much you’re willing to pay. On the other hand, you might just a teeny bit leery of throwing so much cash at something you know very little about. Which is better: a plasma or LCD TV? Should you upgrade to a Blu-ray player or stick with standard-def DVDs?

If you find yourself in need of expert advice, consider the newest edition of the Consumer Reports Electronics Buying Guide. Inside you’ll find a wealth of information on everything from televisions and computers to smart phones, GPS units, and much more. For each product, the Consumer Reports editors walk you through the basics, explaining what’s available, which features matter, brand profiles, and offering tried-and-true shopping tips.

In addition to product information, the guide offers advice on how to shop smarter, including:

• Netting the best deals online, and protecting yourself when you shop on the Web


• When to repair and when to replace a broken item


• How to haggle effectively


• Finding the best electronics retailer based on our comprehensive annual survey


• How to save—and what to be wary of—with refurbished or open-box products on store shelves


• Where to get free office software, free computer security programs, and more useful freeware

You’ve got one less excuse for leaving your computer unprotected against viruses and spyware: Microsoft recently added its new software package, Security Essentials, to the list of free antivirus tools available for download online.

We gave Security Essentials a preliminary test run on several PCs here in our labs. The program installed in less than a minute on the typical PCs we tried, appears to use relatively few system resources, and has reasonable default settings. It’s compatible with Windows XP or later.

The user interface is deceptively simple, which is a good thing. The program automatically updates itself, and performs a quick scan every Sunday night by default, though you can change that and other settings.

If you have antivirus software already, there's no need to change. If you decide to make the switch to Security Essentials, be sure to uninstall your old antivirus program first. Security Essentials disables Windows Defender if it finds it, since they duplicate anti-spyware tasks, and since running two real-time anti-spyware programs can lead to problems.

The number of hijacked social networking accounts is on the rise, according to a warning issued by the FBI this week. (For free advice on how to protect yourself online, see our Online Security Guide.)

The warning addresses one of the more popular online scams, perpetrated on sites like Facebook and Myspace: Criminals plant malicious software on a victim’s computer, hijack their social networking account, then use the account to send emergency distress messages, for example claiming they are in legal or medical peril, requesting money from their social network contacts.

The FBI’s announcement also describes several other online scams, such as spamming to promote phishing sites and distributing malicious software via social-networking “applications.”

One of the best ways to protect yourself against malicious software is to use an effective security software suite. Our Ratings of security software (available to subscribers) provide recommendations on which products offer the best protection.

If you’re looking for a free antivirus, be aware that Microsoft has just released its own called Microsoft Security Essentials. We haven’t tested it yet; we will be posting more details on this product in this blog very shortly.

For the rest of October, which is National Cyber Security Awareness Month, we’ll continue to post the latest news and advice about online security. —Jeff Fox

Last week, my colleague, Jeff Fox, was perusing the New York Times online when a window popped up warning him (and many others) that his computer was “at risk” and in need of immediate protection. The window looked legitimate, very similar to his own security software. But Jeff knew better. From years covering all the nasty maladies that can infect a computer, he recognized the popup as a “malvertisement.” He immediately closed his browser and, to be safe, ran a virus and spyware scan of his hard drive. Had he followed the popup’s prompt, seeking protection, he might have exposed his computer to an online attack.

So-called malvertisers have become adroit at smuggling their software into online ads, where they can entice or frighten users into following harmful links in hopes of remedying a supposed problem with their computer. The tactic NYTimes.com readers saw—a malvertisement warning them of infection—is known as “scareware,” as it hopes to snare less savvy folks than Mr. Fox. (Another coworker mentioned to me recently that his elderly father, unaware of such ploys, is notorious for clicking on malvertisements, which infect his computer.)

Perhaps in response to the attack on such a well-trafficked, reputable site as NYTimes.com, Microsoft last week filed five lawsuits against alleged malvertisers. Although the guilty individuals remain anonymous, Microsoft hopes that the suits, which are directed at several front companies (named Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC. and ote2008.info) will uncover the culprits.

To protect yourself, be vigilant. Be wary of any popup windows that look fishy, especially if they appear alarmist. When closing such a window, carefully click the “X” in the corner and not anywhere inside the window itself. Sometimes the popups make it exceedingly difficult for you to get rid of them. In those frustrating cases, it’s best to quit your entire browser.

For more on staying safe online and avoiding clever tricks like malvertising, see our free Online Security Guide. —Nick K. Mandle

This week, the U.S. government issued a challenge to the youth of America to improve the state of Internet security. [Image: Screengrab]

With America’s cyber-defenses still in need of boosting, the US government has launched the US Cyber Challenge competition and talent search to find and develop 10,000 young Americans who can help the nation regain the lead in defending the Internet against attack.

The program includes the following three competitions, which are open to high school students and, in some cases, college and post-graduate students. Students can compete as individuals or in teams.

CyberPatriot, sponsored by the Air Force, is a cyberdefense competition that tests the ability of the students to defend a simulated corporate network from external hostile attacks.

DC3 Digital Forensics Challenge, sponsored by the Department of Defense Cyber Crime Center, focuses on cyber investigation and forensics.

NetWars, sponsored by the Sans Institute, which trains security professionals, is a competition in network vulnerability discovery and exploitation.

Here are some of the benefits for students who compete (drawn from the program’s description):

That shiny new computer you plan to send off with your college freshman could be in danger—from viruses, spyware, phishers, and spammers. But it’s easy to set up an effective line of defense with some software and a few safe computing practices. Here are some tips to share with your college-bound student.

Get the right security software. Your college might have a site license for security software, but if that’s not the case, you’ll need a suite that includes anti-virus, anti-spyware, and anti-spam tools. You can download some effective—and free—security software. Avira offers a free anti-virus program that we really like. And Windows Defender, an anti-spyware program from Microsoft, comes bundled with Windows Vista and will be included with Windows 7, too, when it’s released in October. If you don’t have it, you can download it free.

You might find that using a full suite of integrated products is an easier approach to security. Three suites we recommend in our Ratings (subscribers only) incorporate tools for fighting spam, spyware, viruses, and phishing.

If you’re a subscriber to McAfee or Symantec’s security software, you’ve probably noticed automatic charges for renewals on your credit card, even when you didn’t request them. Look for that practice to change, now that the two companies have agreed to pay $750,000 in penalties after settling charges stemming from an investigation by New York Attorney General Andrew M. Cuomo.

As part of the settlement, the companies must clearly disclose any automatic renewal programs, as well as provide easy and transparent methods for opting out of such programs.

The companies also must disclose how long they will provide updates before a charge is incurred, provide a refund to any customer who requests it within 60 days of being charged, and pay the Attorney General’s office $375,000 each in penalties to settle any claims made by consumers.

 “Consumers have a right to know what they are paying, especially when they are unwittingly agreeing to renewal fees that will not appear on their credit card bill for months,” said Cuomo. “In other words, no more hide the ball with renewal fees.”—William Dilella

When President Obama speaks on cybersecurity Friday morning at 10:55 (Eastern time), he’ll be doing a lot more than just announcing who will be the new “cybersecurity czar” and where they will fit into the White House hierarchy. (He may not actually announce who the czar is for a few days, according to the Wall Street Journal.)

He’ll be setting the stage for a new era in America’s cyber-defense, which has been woefully inadequate for many years. According to my White House contact, simultaneous with the speech, the White House will release electronically the report and plan that resulted from the Obama administration’s 60-day audit of US cybersecurity.

That report should provide the strategy, if not all the details, about how the cyber-czar, and the federal government itself, intend to meet the challenge.

For example, it should provide more information about how the government plans to partner with private industry in securing the nation’s infrastructure, an alliance essential to any effort to thwart hostile foreign governments, terrorists, and cybercriminals. The report may, or may not, also address the consumer privacy concerns raised by such a public-private alliance.

Those concerns are sure to be a hot topic most of next week, at this year’s biggest privacy and security conference, CFP2009, which will be covered on this blog by my colleague, Senior Editor Donna Tapellini. Are you concerned about online privacy? Let us know and  be sure to follow her coverage here next week.

We don't yet know his or her name, but it seems pretty likely, from press reports that before the week is out, President Obama will name a cybesecurity czar to oversee U.S. cybersecurity policy. As I blogged last week, the release of a long-awaited strategic plan is also imminent.

I’ve just been contacted by the White House press office about the “roll out” of their new strategy, so I expect to have firmer facts, not just media rumors, to make sense of when the news finally does break.

Some of the maneuverings being written about in the press now may sound like inside-the-beltway dealing to most consumers, and it probably is some of that, but it is still of profound importance to our national security and the online security of all consumers. How this all plays out may well determine whether some tech-savvy terrorist is someday able to play havoc with, say, our power grid, and whether you and your family will continue to walk on eggshells and lock down your computer just to be able to web surf, shop online, and exchange e-mail.

The new cybersecurity chief, and the policies which follow his or her appointment, will determine whether dithering and political infighting will continue to allow cybercriminals and terrorists to have virtually free reign online, at all Americans’ expense, or whether this country’s considerable power to defend itself will finally be unleashed.

Do you think that a new strategy will be more effective that what has passed for cyber-defense for the past 8 years? What measures do you think government and industry need to take to protect both our national infrastructure and the American consumer?

I’d like to hear your views. —Jeff Fox