Photo from Futurama.

When training your loved ones how to keep themselves safe online, you should remind them of the rule your parents probably taught you: If it sounds too good to be true, it probably is. Using a little common sense goes a long way to realizing that you aren't going to suddenly win the Spanish National Lottery when you didn't even know you had a ticket. That said, here's a few tips that you should share with your less-than-savvy friends and family to help them avoid falling victim to an online scam.

Never, Ever Click a Link to Your Bank or Financial Institution From an Email

Legitimate banks or financial institutions like Paypal will never email you asking you to click a link to verify your information, reset your password, or login to view anything. You should simply create a browser bookmark to your bank, and when you receive an email, use the bookmark or type in the bank name manually into the address bar.

Combined with training your parents to look for the special lock icon in the address bar, this should prevent them from giving away their bank login.

Never Give Out Your Email Password

It's become a trend in "web 2.0" sites to ask people to invite your friends to join by entering your email address and password into their web site—but this is something you should always avoid. Not only will you most likely end up spamming all of your friends with invite requests, but some sites will keep that information and continue to spam your friends forever. Of course, that is secondary to the fact that all your password reset requests will go to your email address—so if the wrong people get your password, they can access your entire online life. You should simply never give that information out to anybody for any reason.

Use Strong Passwords (and Secret Questions)

If your password is as simple as your spouse's name, it won't even matter if you give your email password out, since it can be guessed easily by scammers or hackers trying to get in. You'll want to make sure to read our guide on how to choose and remember a strong password—but your security lesson doesn't stop there. The weak link in your email security is those secret questions and answers that most sites ask you to enter to help you reset your password. Even if your password is tough, often your secret question isn't—so you should make sure to protect your email account with strong secret questions.

Do Not Buy Anything from an Email You Didn't Ask For

The easiest way scammers get you is by dumping spam in your inbox for everything from cheap watches to fake male-enhancement products—which is not only going to be bogus but probably redundant. The easiest and simplest rule is to never buy anything from an email. Sure, you could probably make an exception for email newsletters from sites you trust, like Amazon, but remember—it's relatively easy for scammers to pretend they're Amazon, just like it's easy for them to pretend they're your bank. Just make sure that you aren't buying, or even clicking on, anything from an unsolicited email. (You can always go straight to Amazon and search for the product they're advertising.)

Watch Out for Job Postings That Look Too Good

If you're out of work or just looking for a way to make some extra cash on the side, you should be very careful about the jobs posted on online sites like Craigslist, because there are scammers lurking there as well. It's not that Craigslist isn't a great place to look for jobs, but you have to be careful. Those jobs that say you can "Make $25+ / hour working from home!" or "Mystery Shopper Needed!" and promise tons of money for almost no work—yeah, they are completely fake.

The biggest thing to avoid is anything involving Western Union, Moneygram, wire transfers, money orders, or dealings with any financial transaction. The scammers will ask you to deposit a check or money order and wire transfer the money back to them—and it's not until later that you find out it was a forgery. I personally know somebody who was scammed out of $12,000 this way.

Do Not Give Out Your Personal Info or Social Security Number

This should go without saying, but no legitimate site is going to ask you to enter your Social Security number unless you are applying for credit. You should be very careful not to divulge your personal information to anybody online. The same thing goes for sites that ask you to re-enter your personal information, even though in some cases, like your bank, they should already have that information.

Learn to Use a Modern Browser's Security Features

The latest versions of Firefox and Internet Explorer have enhanced support for checking certificates from trusted web sites—you can click on the lock icon to see all the information about the certificate.

In addition, the latest browser versions maintain a list of phishing and malware sites, and will warn you any time you try and access a known bad site. Internet Explorer makes checking the URL even easier by highlighting the root domain name so you can more easily detect a new phishing site.

Ignore Web Site Popups Saying You Have a Virus

Last Friday half of my day was wasted removing a malware called Advanced Virus Remover from somebody's PC because they clicked an ad that said they had a virus, and then installed the "recommended" software, which proceeded to hold their computer hostage. These "scareware" viruses are becoming commonplace, and there are so many different names that it's impossible to keep track of all of them.

The simple solution is to pick a single antivirus app for your loved ones and train them to know exactly which one they have installed. My mom's PC came pre-installed with Norton Antivirus, and I've trained her to ignore any other messages unless they come from Norton—and that if she isn't sure, she should click the X in the upper right-hand corner of the screen, or even just turn the PC off entirely and restart it. It's not a perfect solution, and I'd rather have her using Microsoft Security Essentials, but she's used to it now and it's a whole lot better than spending a day removing a scareware virus from her computer.

Aren't sure which antivirus to choose? You've chosen your five favorites, and we've explained the virtues of the free Microsoft Security Essentials, so the choice is up to you.

The How-To Geek is tired of dealing with scammers and wishes the government would crack down on them more. His geeky articles can be found daily here on Lifehacker, How-To Geek, and Twitter.

Ralsky and his cohorts netted millions from pump and dump stock scams which were bolstered by their spamming. He pleaded guilty in June and will be serving time along with his son, who was sentenced to 40 months. [Ars Technica]

While I'm all about stopping professional spammers, I find it amusing that this case revolved around Facebook. At this point, a good 75% of the messages I receive from that damned site are unwanted and annoying. Invites to shit from people I don't know, annoying app pings and all the rest of it. Hell, it's almost like Facebook is designed to send you annoying messages. That's the whole point!

But yeah, anyways, nice work nailin' the Spam King, guys. [CNNMoney]

The hole, apparently caused by the interaction of IE and ActiveX, has been used for about a week to install viruses on users who click certain links in spam emails. Microsoft's stopgap solution, available here, is to disable that video software, and the company is hard at work to fix the problem. Doesn't bode well for Microsoft's push into antivirus software, does it? [via AP]

Dear Sir/Madam,

I am pleasure to know you from Internet !
If this email disturb you, Please ignore or delete ! Thanks !

We are a professional manufacturer and exporter of life safety protection products from china,
We are looking for an importer/agent all over the world who would purchase our products.
Our leading products including:

1. Bulletproof series:
bulletproof cash-carrying car, bulletproof attack vehicle, bulletproof vest & plate, bulletproof helmet,
bulletproof glass (it can resist AK47 rifle), bulletproof door (It can resist AK47 rifle), bulletproof window etc.

2. Anti-riot series:
handcuffs, chemical protective clothing, cut proof clothing, stabproof vest, combined riot shield etc.

3. Explosion-proof series:
explosive-proof blanket, explosive-proof fence, bomb disposal suits,
explosives trace detector, drug/dynamite detector, explosive-proof glass etc.

4. Fireproof series:
fire helmet,fireproof blanket,fireproof glass, fireproof door,fireproof suits, high temperature resistant gloves etc.

5. Search and Rescue
police patrol vehicle, army/hunting vehicle, navy patrol boat, blast prevention torch, infrared imaging devices etc.

Our products can be used for police, prison, military, bank and Post Office (cash-transport vehicle),
fire department, VIP protection, Executive protection, Bodyguard, security Agencies, private detectives,
Patrol Teams, life safety consultancy, national security agencies, gun holder, government ministry of defence, army, anti terror work, law enforcement officer, special forces, anti-piracy patrol in the sea etc .

For further information about our products, kindly send a email to us,
We will offer our website and more detail for your reference as your request.

We are looking forward to receive your inquiry soon !
Best regards,
Mr. Frank (sale manager)

THANK YOU MR. FRANK!

Russia and Brazil were found to be the most infected.

Other interesting findings by Microsoft's cyber security team include that, at the moment, 97% of all emails are spam. In other words, for every 3 emails you want to see, you get 97 that resemble Gizmodo's mainpage on April 1st. (And you thought we were annoying...which we were.)

More interesting stuff over at the BBC. [BBC]

Disclaimer: You will still have to wait for your packages to arrive. [Product Page via Nerd Approved]

Obviously, this is a terrible, terrible idea. The company defended itself by saying that the texts were free and that people could easily opt-out by responding with "stop." But they shouldn't even be going there in the first place.

Once they start doing it, the other carriers will, and then third parties. You think companies aren't willing to pay for text ads? I guarantee someone out there is trying to work up a deal where they pay in bulk for 10,000,000 texts so they can advertise their new movie. And yeah, it'll be legal because it won't cost the end-user anything and they'll be able to opt out of ads from that company, but then another company will do it. And another.

Spam is already the scourge of email. Don't ruin texting for us too, AT&T. Your customers won't stand for it. [NY Times]

The chart here was sent to the Post by a German hosting facility manager, showing spam's immediate decline after McColo's shutdown (Security Fix has several more charts from security organizations and individuals showing the same thing). It's fun to consider the trickle down effects here—just think of the saved CPU cycles on webmail hosts worldwide who suddenly had 70% less U.S. spam to crunch on, and the energy savings resulting?

Last time this happened, when a similar northern California spam ISP called the "Atrivo" network was busted, it only took spammers a few days to get back to their old ways on another network. So, be sure to revel fully in a world free of Viagra deals, Kenyan wire transfer offers and content sharing proposals from personal lubrication sites (Mark's claim to wealth) while you can. [Washington Post, Security Fix]

Considering China surpassed the U.S. in overall internet users this June, it's probably not that surprising that the country would be targeted. Couple that with the influx of inexperienced users with freshly middle-class banking accounts, and you've got a major security problem. Microsoft recommended constantly updating to lower vulnerabilities, which probably won't happen since the newest Windows updates contain that anti-piracy black screen security measure. [Yahoo News] (Flickr credit - Kai Hendry)

The two alleged organizers hail from different sides of the planet—one a New Zealander living in Australia, and the other an American living in Texas. Servers in China hosted websites that emails would link to. Operatives in Cyprus and Georgia would process credit card information, and drugs—including Zoloft and Lipitor—would be shipped from India.

Even though their assets have been frozen, antispam researchers doubted that spam volumes would decrease. Spam now accounts for 90% of all email on the internet, and even if these servers have stopped sending, a new network is undoubtedly already prepping to spring up and take its place. [NYTimes]

In the suicide operation, the botnet's connections were used by Kaspersky to notify all 150,000 of the infected machines (which is uncommon in itself—most would prefer to not know their computers have been doing naughty things in the dark). Instead of popping up a window full of l33t retardedness, Shadow provided instructions on how to kill itself, one node at a time, to the unsuspecting users. You can check out the details of the fix here. [Kaspersky via Ars Technica]

Our own Jason Chen also noticed a surprise when he docked his iPhone this morning—this big fat ad for MobileMe in iTunes under the "Summary" tab for his phone. No code installed here, but getting spammed for a service that's had hiccup after embarrassing hiccup over the last several weeks is not the best way to keep those already in your customer base happy. Tsk tsk Apple. [Computerworld]

I hope you are right about CERN's Large Hadron Collider exploding and destroying the whole frikkin' universe in a big fiery ball of antimatter, neutrons and Higgs bosons.

That way we won't have to try and decipher your spam any more.

Yours Sincerely,
j.

P.S. Check out MIT Center for Theoretical Physics' admin answer to this guy after the jump. Apparently he doesn't only spam via email, but calls and harasses people everywhere and leaves messages on answering machines.
P.P.S. Stop sending mail, you psycho.
P.P.P.S. Can someone at Google shut down this spammer's Gmail account at once? Thanks.

On Fri, May 9, 2008 at 12:42 PM, Scott Morley <****************@mit.edu> wrote: Dear Sir,

I am the Administrator for the Center for Theoretical Physics at MIT. You have been repeatedly sending emails to the CTP regarding the LHC in Geneva. You have left dozens of messages on the answering machine of Professor Frank Wilczek and on the machines of various other professors. You have also called and attempted to speak with other professors—ones not involved in any way, shape or form with the LHC.

You have additionally phoned a member of my staff repeatedly and then chose to send a large mailing list of individuals an email where you directly insulted this person.

I am writing you to ask you to please cease your contacts with all members of this Center.

Thank you.

Scott Morley

Spam, spam, spam, spam, spam, spam, spam, SPAM! LOVELY SPAM!

Many security programs simply trigger an alarm when bandwidth demands exceed a certain point. They can be dumb, and might not know that it was you who wanted to download four movies at once, or send picture e-mail to 100,000 of your closest friends. This thing sees what you're doing and how you're doing it, and can safely say more frequently that some bizarre behavior is acceptable—though maybe not to your boss.

The software also watches for regular pings to computers across the net. By seeing not just the location but determining the intervals of the calls "home," Proteus can even figure out which malware is in use.

The reason this is so effective is that it differentiates systems that otherwise look identical. Corporate laptops all look the same, software wise, right? If someone can crack one, they can crack them all. If Proteus gets deployed, hackers have a much harder time with the old virtual B&E. Even when, say, a spambot was in place, it would have to know when each user would typically be in the mood for more bandwidth in order to fool Proteus.

Since this comes from Intel, word is that the company is trying to figure out a way to hardwire this stuff right into the chips, rather than let it be some subscription program that pops up every so often to scare you with over-the-top allegations of your system's vulnerability. [Technology Review]

The sheer volume of spam that can be sent by harnessing the full power of the Storm worm is much greater than anything before. Due to this fact, the money that is generated from spamming, as well as from business deals that are a result of said spam, is thought to be in the area of millions of dollars per day. Clearly, we're in the wrong business. [Personal Computer World]