First, let me say that I had Norton 360 installed on my laptop. I downloaded and installed the latest version in August, but sometime in the last month or so, it abruptly stopped working. I didn’t notice the lack of protection, however, until my laptop started performing oddly. Start-ups took longer and longer (and frequently froze up), and websites took longer to load. But the final straw was last week, when I tried to run Google searches. Each time I got a page of results from a given search, my attempts to visit the resulting links were redirected to full-page ads for a variety of offers and services. It was maddening. I could type URLs into the browser and go directly to them, but my efforts to click on Google results ended up with ads for “free ipods” and “Victoria’s Secret gift cards.” I was frustrated.

Worse, I didn’t know where the offensive programs had come from. I never click on questionable links, in email or otherwise. I almost never download software; the last time I’d downloaded any was a year ago, and it was from a reputable source. Also, no one else uses my computer, so it was impossible that another user had downloaded something questionable without my knowledge. I wondered if a virus piggybacked onto an email I’d received from someone I trusted, and it bothered me that I couldn’t know for sure. But whatever the source, I was now stuck with a problem. And my attempts to run Norton 360 led to my discovery that, somehow, it had stopped running. What should I do now? Was it even safe for me to send email to anyone? Had the virus made its way onto my jump drive when I’d backed up my photo files? Was my identity safe, or had someone accessed my personal information from my comptuer? I needed to make things right with my laptop, and fast.

I went to the Norton websiteand purchased Norton AntiVirus 2009 for immediate download. I figured, this should take care of my problem! But the problem didn’t want me to take care of it. My attempts to download the software failed because of a “communications error.” I followed all of the troubleshooting advice on the site to no avail. Finally, I found a phone number to call, and after a few minutes, I was on the line with a customer service rep. I felt vaguely bad for the guy… I reported both the problems with Norton 360 and the problem with downloading Norton AntiVirus 2009, and he wasn’t sure which problem to deal with. Finally, we decided to go for the Antivirus, which he told me can’t coexist on the same computer as 360 anyway. Figures.

He walked me through wiping my laptop of all Norton products and attempting another download. Again, it failed. He set up a connection between us and tried to help me download it from his end. Still no dice. Finally, he had to download the program to HIS computer and send it to mine via the connection. I was on hold the entire time the program creeped across the miles, all 56 Mb of it. On the upside, the rep was very nice and clearly stymied by my computer’s efforts to thwart him; I felt like apologizing for the laptop’s bad behavior. Every time he asked me to restart the machine, it took me several tries to get past the freeze-ups and delays.

Eventually, the program was on my desktop, and the rep installed it remotely. He started the scan running, and now that I’d spent an hour on the phone with the guy, we disconnected with some satisfaction. He DID say that he would try to get me a refund for the Norton 360 that had failed me, since I didn’t want to pay for something that hadn’t worked. I have yet to see the refund, but since he gave me a confirmation number for the transaction, I have high hopes that I can track it down, if necessary.

The Norton AntiVirus 2009 scan turned up the culprit: a Trojan virus was crawling through my computer. Norton zapped that bug with no trouble, and I settled back to enjoy a blissful, virus-free computer experience. But then, suddenly, Internet Explorer windows started to randomly pop open, each one a full-screen ad for everything from Proactiv to, surprisingly, Norton itself. Internet Explorer didn’t even have to be open for the ads to appear, blocking everything on the screen. They were easily closed, but they kept coming back. But Norton didn’t see a problem. I did another update, restarted the computer, and did another scan, but nothing turned up. The windows kept popping open.

I searched for answers on Google (now that my Google search was working again), and I saw that other people had had this problem, and that Norton hadn’t recognized it. The fix, many said, was long and arduous, including downloading more security software, starting up in safe mode, and jumping through a variety of flaming hoops. I was beaten down at the thought. I considered the ads to be more annoying than threatening, and I gave some thought to just letting them continue to appear. But then, I talked to my boyfriend, who suggested another solution: Lavasoft’s Ad-Aware product. He said that the free download found far more hidden problems on his own computer than Norton had, so I decided to give it a try.

The Ad-Aware site was deliberately confusing, unfortunately. The company wants to sell the upgraded service, so while the basic Ad-Aware product is free, the means of getting to the free download are distracting and aimed at driving the sale. I accidentally clicked on the wrong button not once but twice, on two separate pages, in my efforts to reach the free download. I got frustrated, as you might imagine. My boyfriend had the misfortune of being on the phone with me at the time, so he got to hear my annoyance firsthand. But in the end, I got the download right, and I started an Ad-Aware scan.

The scan turned up another bug, one that Norton had missed. It completed the fix for me at my request, and since then, the computer has run more smoothly, more quickly, and completely without pop-up ads and unwanted Internet Explorer windows. For the moment, I feel like my laptop is back to normal, and I’m breathing a little easier. At last.

So what have we learned from this little adventure? First (and always), make sure you have good antivirus software installed. Norton is just fine, and obviously their customer service is available if you need it (don’t hesitate to call them if you do). Second, never click on questionable links or open or run files from unknown senders, EVER (and make sure that any other users on your computer don’t download anything without your knowledge). Third, if your computer starts acting strangely, look into it. Don’t assume that it will “correct itself,” because it will only get worse. And fourth, don’t give up if you get frustrated or have a hard time fixing the problem on your own. That’s what the experts are for. If you do everything right and it still doesn’t work, find a phone number for the company and make the call to get some help. In the meantime, do your own research into your problem so you can be informed, even if it just means Googling something like “unwanted Internet Explorer pop-up virus.” You don’t have to be a computer genius to educate yourself about spyware, adware, malware, viruses, worms and other nasties that trouble us.

I was lucky in that the software that got onto my laptop didn’t seem to be after my private information or out to destroy my machine. It was annoying for me in that I had always tried to follow my own advice with online security, and I still ended up having to deal with it. But in the end, I learned a lot, and now, there’s not a pop-up ad in sight.

First, consider Janet Nelson, whom we learned about via Art News Blog. She’s behind the “A Planet Named Janet” blog, and she uses spam subject lines to create single-panel comics. The series of cartoons, called “Innocent Spam,” reinterprets spam subjects in more family-friendly, hilarious ways. As Janet herself says on her page, “Wouldn’t it be nice if all spam were innocent?” She places the cartoons into her blog periodically, so be sure to visit her site if you’d like a few laughs at the expense of clueless spammers. 

Also, check out Linzie Hunter and her series of Spam One Liners. We found this artist through Art News Blog, as well, and her use of spam subject lines is just as entertaining and creative as Janet Nelson’s. Linzie is a U.K. artist who turns spam subject lines into colorful, playful postcards and prints. She recently released a book of her creations, called Secret Weapon: 30 Hand Painted Spam Postcards (link goes to Amazon.com, where the book retailed for $9.95 as of 1/4/08). According to her bio on Amazon.com, she enjoys traditional print-making and book-binding when she’s not creating digital freelance artwork for a variety of clients (or making beautiful pieces of art from the unsolicited emails in her inbox).

Finally, don’t miss Alex Dragulescu, a computer artist who grows digital ”spam plants.” As we learned from both Alex’s site and CNET, Alex created algorithms that analyze the data and text contained within spam email messages and then create plantlike artwork from the findings. The spam plants expand and develop based on the spam that comes through the system, a process that Alex notes can serve to illustrate how technology changes art. As he told CNET, ”My efforts (have been) to expose the ubiquitous forms in which data and technology are both actively and passively shaping the ways we perceive and construct ourselves and others.” And for Alex, it all started with the spam messages that annoy and frustrate the rest of us. He claims that spam led him to see text differently, and the artistic creations that bloom from his algorithms are delightfully unique, thanks to spammers trying to unload everything from shady prescriptions to knockoff watches.  

With the rest of us struggling to handle the onslaught of unsolicited email messages, it’s good to know that some people are turning the annoyance of spam into creations of beauty, humor and art. So the next time you shudder at the thought of your email inbox, maybe you should consider buying some paintbrushes or grabbing a sketching pencil and unleashing your own creative side.

Sources for this article: A Planet Named Janet, Art News Blog, Linzie Hunter’s webpage, CNET, Alex Dragulescu’s page

This spam message enters the Hall of Shame for a few reasons. One, it’s blatantly trying to capitalize on the negativity of the current economic climate. The best spam draws on the opportunities that are available, after all, and this one certainly fits that bill. Many people are afraid of foreclosure, and playing to that fear is a powerful method to gain attention. The emotional manipulation begins with the title of the message itself: “Behind on House Payments? Don’t go into Foreclosure!” Gosh, maybe I AM behind on my payments! I fear foreclosure! And exclamation points make me excitable and nervous!

Two, it’s persistent. The spammers behind this message want to be certain that EVERYONE receives it, and that they receive it enough times for the message to sink in. Over the past three days, I received this message in my spam email box a total of 18 times. That’s some very determined spam! I guess I see their point, because you never know, I might have missed the first 17 emails that came through, so that 18th one was important.

Three, the message itself contains carefully-chosen imagery that further manipulates the reader’s emotions on a subconscious level. See the smiling, all-American family, posed in front of the home they hold so dear? See the combination of American flag and America itself, indicating patriotism and all the great things about this country? See the holiday artwork, evoking further feelings of family and home? And of course, see the scary threat of foreclosure in red and white, with the calm, rational solution in soothing blue? Every visual piece of this spam is calculated for maximum emotional impact. There’s no way your subconscious can avoid equating loan modification with mom, the flag and apple pie.

Last, it’s vague. How do you modify your loan and save your home? There’s no way to know for sure from this ad. What about the pull-down menus? They don’t actually work, it turns out. Is there any information at all that might explain how this loan modification thing works? Nope. You’re supposed to simply trust the emotional imagery and fear the potential consequences enough to click the ad and start the process. Simple enough!

Congratulations to the loan modification spammers for your persistence, timeliness, vagueness and emotional manipulation! It’s all earned you a spot in the Marketing Hall of Shame.

Consider the case of James McGrath Morris, who publishes an email newsletter called “The Biographer’s Craft.” When some of his readers were not receiving the newsletter, he ran his copy through a spam checker. Use of the phrases “young adult” (as in literature), “getting nasty” (referring to a legal matter) and “hot” (in reference to what’s popular in books) were red flags, so to many spam filters, his content was questionable enough to block it from those at the other end of the email stream. Context was irrelevant.

Or consider Mike Fratto, a writer at InformationWeek.com who reported that one of the site’s visitors was having trouble forwarding spam to the FTC’s spam reporting email address (spam@uce.gov) because the forward was — what else? — blocked by a spam filter. The same email, when forwarded to Mike himself, also ended up in the junk email folder.

It’s reasonable to expect some normal emails to fall into the spam filter through unlucky phrasing, but the problem has begun to increase. When Morris asked a professional about lowering his spam-check score, the answer was simple: he just had to censor himself and change any questionable phrases to different ones. But that, as he notes, creates a slippery slope as spam filters try to keep up with more sophisticated junk email onslaughts. “If I surrender those words now,” he writes, “what might I be asked to give up next month?” He muses about ordinary writers becoming stymied in their craft when spam filters trip them up for using phrases like “beastly behavior,” Lolita” or “swelling ranks of investors.” Those who write and distribute email newsletters are fighting a battle of words against software, with strict self-censorship as a result. Writers have had to begun to write for the filters, not for the audience.

In addition to screening for key words and phrases, some filters also check for “bad reputations” from mail servers and IP addresses. If a given server or IP address has been used by spammers, it could end up on a list that makes content from that server or IP address automatically questionable to spam filters. These lists change constantly, and as Fratto notes, it’s hard to get one’s server or IP address removed from the list. Morris experienced this sort of frustrating filtering when his IP address turned up on a list of questionable sources at www.spamhaus.org. The Spamhaus Project claims to maintain the list free of charge to keep email administrators in the loop on spam sources, but Morris hadn’t sent any spam from his IP address. Later, when he checked his IP address again, it was no longer on the list, or on any other lists he checked.

These sorts of restrictive filtering and quiet blacklisting are an obvious problem with spam filters today. What complicates matters is that the person sending the email might not know that their IP address or server is on a black list (the list keepers don’t notify those who are listed; they just maintain the lists), and those who receive an email that is labeled a spam message may never see it, as it’s usually diverted into a junk mail folder or deleted entirely without notifying the recipient. In my own case, Yahoo! puts my spam into a junk mail folder and tells me when I have new messages there, but it’s up to me to wade through the hundreds of spam emails I receive in a day to make sure that no legitimate email is being sent there in error. If I delete the contents of the spam folder, they’re gone, bypassing the “trash” folder completely and going out into the ether. 

And to add insult to injury, many spam messages still slip by the filters and into my inbox.

What can be done to make spam filters and blacklists more aware of context and intent in email? Not much, unless we’re willing to open up the restrictions and allow more spam to reach our inboxes as a result. The price of protection from unsolicited advertising in our email is that some emails will be filtered that shouldn’t be. So which is more important: access to the information, or protection from the noise? For now, that’s an individual choice. You can help the filters perform at their best by putting desired addresses on your email “approved” list, removing yourself from as many spam lists as possible, and checking your junk mail box periodically to see if any legit messages fall through the cracks.

The vast majority of emails sent today are spam… We just have to do what we can to make sure that the filters we use don’t eventually consider ALL email spam.

Sources for this article: InformationWeek, The Hartford Courant, The Spamhaus Project

You can imagine my confusion: I hadn’t sent any spam emails selling vitamins and supplements, but I was receiving the undeliverable spam messages back to my account. Sure enough, in each message, the “return” address was listed as mine! Now I was concerned. I followed the link in the emails and contacted the company about the my email address being used as the return address on their spam messages (no one responded to me). I also contacted Yahoo! and let them know that I was receiving these “undeliverable” messages, but that I hadn’t sent them in the first place. In short, I was inconvenienced, annoyed, and slightly violated because of spammers using my perfectly legitimate email account as their own return contact.

As it turns out, I wasn’t alone in my “undeliverable” spam troubles, and this problem is growing worse. There’s even a name for it: Backscatter spam.

According to USA Today, backscatter spam now makes up 3 percent of all email sent, and it clogs up the email accounts of hapless users. Backscatter spam consists of NDR (undeliverable) messages, but it’s also floods of “out of office” autoreply messages, waves of “confirm your subscription to our service” emails, and misdirected virus alerts. Spammers create this problem by collecting legit email addresses (like mine), often by employing viruses that attack corporate databases and steal the data. Email addresses that have been in use for a long time (again, like mine) tend to be good targets because they’ve been “floating” around in cyberspace for a while. The real email addresses are then “spoofed” so that any emails the spammers send look like they’re coming from the real email accounts, not from the spammersthemselves. The holder of the legit account is unaware of all of this, meanwhile, until the “undeliverable” spam emails – those sent to inactiveaddresses that can’t receive email – start bouncing back. They go to the return address that the spammers provided, which of course is the one that belongs to the victim. The bounced messages can pack the victim’s inbox full and create a very large headache.

Why would spammers do this? Aside from the obvious desire to avoid bounce-back emails themselves, spammers know that most emails sent without a valid “From:” address (or those sent from addresses and/or domains that are known as spam originators and are blocked accordingly) don’t reach their destinations. A forged return address gives an air of legitimacy to the mailing. The spammers aren’t using your server for their mass mailing; they’re just using your email address in the “From:” field.

How many messages are we really talking about here? Spam email lists are notoriously inaccurate, as a high percentage of the emails on the lists are no longer active or deliverable. Of the undeliverable emails sent, most will simply disappear, but 7-10% of the emails will be accepted by the server on the other end, then sent back as undeliverable later. These are the bounce-backs that end up causing the problem. As Al Iverson wrote on his Spam Resource blog, the math is simple: if a spammer sends 2 million messages in a single mailing, and 40% of the email addresses he uses are invalid, and 9% of those invalid addresses send the message back as undeliverable, that means that 72,000 bounce notifications will go to the return address listed on the spam emails. And that address might be yours or mine.

So what can you do? For one thing, don’t contribute to backscatter yourself. Don’t use a “challenge/response” anti-spam program, since your automated challenge/response messages are a form of backscatter, and they make life more difficult for other legitimate users. Also, don’t use an “out of office” auto-response message if you can help it… Again, this is a form of backscatter, and worse, it lets spammersknow that your address is active. Finally, don’t use a fake bounce-back anti-spam system (a system that sends fake bounce-backs in response to spam in the hope that spammers will take your address off their lists when the spam is undeliverable) – your bounce-back doesn’t go to the spammer, as we’ve already made clear. It goes to a victim whose email address was spoofed as the spammer’s return address, and your bounced message just becomes another of the backscatter messages that the victim receives. Since the spammers never receive the bounced message, they don’t update their own mailing lists based on the bounces, so the fake bounce-back systems are pretty useless.

As for stopping backscatter from hitting your own inbox, it’s generally hard to prevent it if a spammer has used your email address in the “From:” field. A spam filter sometimes helps to stem the tide a bit, so make sure you have one. Also, if you have a domain with a catch-all mailbox (an email inbox that catches any emails sent to your domain that aren’t sent to a specific user’s mailbox), you can deactivate the catch-all, since most backscatter spam heading for your domain will end up there as the spammers try different variations of emails for the return address. Check with your ISP or hosting provider on how to eliminate the catch-all address while still receiving emails directed at specific mailboxes or at certain required accounts, such as “postmaster.”

Backscatter is annoying, but if you get spoofed and end up with an inbox full of undeliverable email, you can rest assured that your reputation is probably safe. Few people in today’s world of spam email believe that the “From:” address in a spam message is the actual source of the message. If you do get backlash from an angry Internet user, show them this article; after all, they might be the next personspoofed by spammers.

Sources for this article: USA Today, Al Iverson’s Spam Resource blog, SpamNation

Photo attributed to freezelight, posted to Flickr, licensed under Creative Commons Attribution-Share Alike 3.0

The answer is as simple as it is frustrating: Spam works.

Up until recently, the general belief was that spam received low response rates, meaning that a million spam messages sent might result in 10 purchases, tops. But on August 19, the Internet security company Marshal released a study regarding the success of spam email marketing. It found that not only were people reading their spam emails, but that 29% of Internet users surveyed admitted to actually BUYING something from a spam email. Perhaps not surprisingly, the most popular items purchased were sexual-enhancement products, adult material, pirated software and luxury items, many of which are knock-offs.

And before we can assume that “regular” people don’t buy anything from spam, we must remember what the spammers are selling. Marshal’s VP of Products, Bradley Anstis, said, “The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam.” Worse, most of those who admitted to buying from spam also admitting to buying multiple times from spam. A similar poll by Forrester Research in 2004 found that fewer people (20%) were buying products from spam emails, which means that, if this recent survey is accurate, the percentage of spam-buyers has gone up significantly in 4 years.

Can this be true? Can almost one-third of Internet users actually be misled enough to buy things advertised in spam? That doesn’t inspire a lot of hope for the fight against unsolicited email marketing. After all, maybe the spammers are actually giving people what they want: an anonymous way to buy questionable stuff they can’t get elsewhere.

Before we get too despondent, it helps to keep in mind that the poll surveyed just 622 people, hardly a representative sample of Internet users. In fact, that’s a less than .0002% sampling of the roughly 360 million people using the Internet (according to Download Squad). Add to this the fact that there is some skepticism regarding the veracity of these numbers because of the small sample and the data gathering method in general (Terry Zink’s anti-spam blog, for example, raises questions about whether so many people would actually make purchases from their spam folders). Even aside from the skepticism, one can find instances of general “who cares?” attitudes about the number of purchases made through spam; as Lee Mathews of Download Squadput it, “People decide to buy things from all kinds of unwanted sources: flyers, stickers, magazine insert cards, bumper stickers, board signs at hockey games. Why is it big news that people buy products advertised in spam?” He’s got a point; we assume spam is widely disdained, but every unsolicited marketing campaign can find a handful of people willing to buy from it. 

Still, spam is annoying to most of us, and in recent years, spam messaging has grown by leaps and bounds; the Marshal TRACE (Threat Research and Content Engineering) team found that global spam volume doubled for the year ending in June 2008, with approximately 150 billion spam messages sent per day. That, according to Marshal, accounts for more than 85 percent of the total emails sent around the world, and because it uses bandwidth and resources (and also because it’s increasingly becoming a means to spread malware), it’s a major problem for Internet security professionals and for the public in general. It’s true that most of the spam ends up filtered, so it’s just a small percentage that makes it into a user’s inbox. But once it gets to the inbox, the response rates go up much higher than the 10-purchases-per-million-messages estimate.

Thanks to the advent of botnets (which infect regular people’s computers and allow criminals to send messages without the need for their own servers) and the sheer cheapness of spam messaging (Marshal estimates the cost can be as low as $5-10 US for a million messages), spam is a very lucrative endeavor for those selling less-than-legitimate products and services. But it wouldn’t be worthwhile at all, of course, if people didn’t buy what the spammers were selling. As the website SpamDontBuyIt.orgpoints out, “if you buy products or services from spam email, you are just as guilty as the spammers for creating the problem.” It’s a simple supply-and-demand equation: if spam didn’t pay, spammers wouldn’t do it. Which means we, as Internet users, must take a little responsibility for the ever-increasing pile of spam emails in our inboxes.

Seems obvious, but up to 29% of Internet users don’t seem to understand. Or maybe they just don’t care. Either way, you can take ownership for your own role in the spam problem: Don’t buy what you see in spam.

Sources for this article: Marshal, SpamDontBuyIt.org, Download Squad, Terry Zink’s anti-spam blog

According to security company MX Logic Inc., the spam attack traffic peaked on Thursday, with 11 million messages per hour. Even as the numbers have gone down slightly since then, it’s still in the millions of messages per hour. Security pros say that more than 1,000 hacked sites are hosting the fake Flash update, and they also say that hackers have gotten so cocky that they don’t bother trying to hide the sites they’ve hacked. The latest news is still worse: the spam has mutated since the news of the message first broke, claiming to be a CNN “MY Personal Alert” instead of a top 10 list and linking to several malware sites and filenames instead of just one. Some users even say that they’ve received the spam with subject lines that actually reference real articles on CNN, adding to the legitimacy of the message. The links in the email always lead somewhere that insists on a Flash upgrade, though.

Meanwhile, Adobe Systems Inc., source of the real Flash Player, warned people not to click on anything that didn’t come from Adobe directly. They pointed out that ALL software updates should originate with the company and not with a third-party site, so any questionable links should be avoided. If you want to be sure you’re downloading a real, non-malware update, go to the company’s website directly and look for upgrades to download from there. This may seem like too little, too late in terms of security warnings, but it’s one of those things that seems like a no-brainer to IT people but needs to be said (and said more than once) to the average email user.  

The lesson is the same as we’ve talked about here before, regarding email, phishing and other spam attacks: Don’t click on a suspicious link or URL that you get in your email. Put your mouse over a link to see where it really goes before you click it. Have a healthy dose of skepticism when something you didn’t expect arrives in your inbox. And if all else fails, contact the company that the message claims to come from, just to be sure. Don’t just blindly click whatever you’re sent, or you’ll learn some hard lessons (and get some pretty major headaches in the process).

Sources for this article: IT World, ComputerWorld, Techspot, MX Logic

First, some background: The Foreign Intelligence Surveillance Act (FISA), which went into effect in 1978, created a court that had to approve any wiretapping requested by the government. The idea was that the sort of secret wiretaps that occurred during Watergate and the Vietnam War, wiretaps that were for mostly political reasons, should not be allowed to occur. The court, it was decided, would provide the oversight that would keep the government above-board in its surveillance.

Fast-forward to the new millennium. According to an article published in The New York Times in December 2005, President George Bush secretly authorized the National Security Agency (NSA) in 2002 to start eavesdropping on the international phone and email communications of people in this country without a court order. The NSA was to be looking for and preventing terrorist activity after the 9/11 attacks. The monitoring went on for three years before the New York Times story broke, and once the cat was out of the bag, critics began to declare that such eavesdropping, often on up to 500 unsuspecting Americans at any given time, was both illegal and unconstitutional. The program’s defenders, on the other hand, said that the activity was a vital tool in preventing terrorist attacks, and that the lack of court approval meant that the government could move more quickly in protecting this country. They also said that Bush had been given the power to initiate the snooping based on the Congressional resolution that gave him power to wage war against Al Qaeda.

Even before the program was brought out of the shadows, senators and others who knew about the monitoring were raising concerns. Some were worried that the NSA had too much power and not enough restrictions on their behavior. In addition, of course, was the fact that FISA had been bypassed entirely with this program. The court that was put into place to protect the public against unwarranted communications monitoring had been ignored by the government, and some in the government (of the few NSA, CIA, Congressional, Cabinet and administration officials who knew about the program) questioned the legality of the eavesdropping.

With the program now made public, watchdog groups and privacy advocates were up in arms against it. Americans were being denied civil liberties, they insisted, in the name of national security. While any communications that were wholly domestic (i.e., from once place in the U.S. to another) still required a warrant to monitor, the international communications of thousands of Americans were secretly heard by NSA agents. Critics of the secrecy also pointed out that FISA is more agreeable than one might expect in granting wiretapping warrants… Few requests for such warrants were ever denied, and the permissions were frequently granted in a matter of hours if the situation called for speed. In short, the administration’s actions in circumventing the checks and balances of the government did not sit well with many Americans.

As the investigations into the wiretapping progressed, it became clear that several telecommunications companies had aided the NSA in the snooping. The NSA, after all, needed cooperation from the companies to access the data records of the people they had monitored. Americans began to file civil lawsuits against the telecoms for their part in the program, and as of this week, more than 40 such suits had been filed in U.S. District Court. The U.S. Congress has been working for the past year on legislation that would address the wiretapping issues in this country, and after a bitter struggle, they reached an rather lopsided agreement this week.

This is where the protection for the telecoms comes in this week: The bill that the Senate (and earlier, the House of Representatives) approved on Wednesday overhauls the eavesdropping program but also calls for immunity for the telecoms against the lawsuits. Americans, in short, have no legal recourse against the telecoms for their participation in the questionable wiretapping activities. In fact, the White House had threatened to veto the bill if it DIDN’T protect the telecoms. Amendments that were proposed to weaken the bill or delay the immunity were also defeated. The new bill requires the government to get permission from FISA before monitoring Americans overseas, but it also allows the government to get broad, yearlong permissions that target entire groups of people. It also gives the government the right to monitor communications without permission for a week (in an “emergency” situation) before having to apply for a court order.

Many lawmakers were against the bill, for a variety of reasons. Senator Arlen Specter, R-PA, called the bill “buying a pig in a poke.” Senator Russell Feingold, D-Wis., put it more bluntly: “This president broke the law.” One of the biggest complaints from the lawmakers was that the details of the snooping are still classified and kept private from many of those in Congress, meaning that the Congresspeople were being asked to vote on protecting the telecoms without actually knowing what they did in the first place. The bill dismisses the 46 lawsuits currently pending against the telecoms, but three additional lawsuits against government officials will continue for now.

The ACLU calls the bill “a blatant assault upon civil liberties and the right to privacy,” but supporters of the bill call it a protection of those rights. Senator Christopher Bond, R-Mo., said, “This is the balance we need to protect our civil liberties without handcuffing our terror-fighters.” Whatever the motivation, the decision was reached on a deadline; current wiretapping authorizations will begin to expire in August, and without new legislation, the guidelines would revert to the old FISA rules, which would require many new orders and delays in the wiretapping efforts.

So are NSA officials listening to your phone calls or reading your emails right now? Probably not. Should you worry? Worry less about monitoring on your own lines and more about the broader ramifications of this legislation. What is security worth? The delicate balance of safety and liberty is one that has been brought into stark relief since 9/11, and as Americans move forward, the privacy of our communications will become an increasingly-hot issue. Some say that, if you have nothing to hide, you have nothing to fear from monitoring. But in 1975, as Senator Frank Church, D-Idaho, investigated the NSA, he was troubled enough to say: “That [spying] capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.” Whether you have anything to hide or not. 

Sources for this article: www.breitbart.com, The New York Times, www.cbs11tv.com, ap.google.com

The scam artist sends an email that appears to be from a bank, online auction site, or other online merchant. The email says that the recipient’s account information has been compromised (or needs to be confirmed or verified), and that the recipient must click a link and enter all of his or her account information to update the records. The email might suggest that an account will be disabled or frozen if the recipient doesn’t respond. The email appears to be legitimate and official (complete with artwork and logos from the company’s actual site), and if the recipient clicks the link, the account information page appears to be legit, as well. The well-known logos or brands lend credibility to the email. The problem is, the page is a fake, and any information entered into the system becomes a way for someone to steal the recipient’s identity.

Phishing scams have been around long enough for many people to recognize them when they show up in an email inbox. The scammers are becoming increasingly sophisticated, though, and as new users (many of whom are elderly or unfamiliar with the pitfalls of the web) sign up for internet service, the potential continues for the scams to work on at least a few hapless individuals. It is important to know what to look for in scam emails and how to protect oneself from phishing attempts. 

Microsoft offers some examples of phrases that suggest an email is fraudulent:

“Verify your account.” – Banks and businesses don’t ask for this information by email.

“If you don’t respond within 48 hours, your account wil be closed.” – This statement sounds urgent, which makes people click on it without questioning it.

“Dear Valued Customer” – The lack of a name means the email was sent in bulk, not specifically to the recipient.

“Click the link below to access your account” – Links don’t always lead where they appear to lead. Consider the link that looks like this: Click here to visit Wells Fargo but actually leads elsewhere (if you click this link, it leads to Google, not Wells Fargo). This is called “masking” the link. Resting (but not clicking) the cursor over the link will show where the link ACTUALLY goes. Sometimes, the scammers will use URLs that look similar to the real thing, but are just a tiny bit off. For example, a link that claims to go to bankofamerica.com might actually go to “bankoffamerica.com” or “account-bankofamerica.com,” neither of which is an authentic banking site.

The criminals conducting phishing scams are prolific; the antiphishing.org website notes that in January 2008, 29,284 unique phishing reports were made, with 131 brands hijacked by phishing scams in that month alone. You might receive the next phishing scam in your inbox, or your brand may be the next one hijacked. 

The Federal Trade Commission (FTC) recommends these steps to protect yourself from a phishing scam:

1. Do not reply to emails that ask for personal or financial information. Legit companies will never ask for this information via email. Don’t click on links in these emails, either. Call a genuine customer service number if you are concerned about your account.

2. Don’t call numbers that are in these questionable emails, since area codes can be misleading, and the helpful service rep you reach might be a scammer. Call the number on the back of your financial statement instead.

3. Use anti-virus and anti-spyware software and a firewall, and keep them updated.

4. Don’t send personal or financial information via email, even if you’re sending it somewhere legitimate. Email is not a secure method of sending information, and emails can be intercepted by criminals.

5. Review your credit card and bank statements as soon as you receive them. Check for any unauthorized charges.

6. Be careful about opening email attachments or downloading files from emails, and NEVER open attachments from a sender you don’t recognize.

7. Forward phishing emails to spam@uce.gov and report the scam to the company being impersonated, if possible (some companies have a means to report scams on their websites).

8. Check your credit report periodically to see if anyone is opening new lines of credit in your name.

Please be sure to share these tips with any friends or family members who may fall victim to phishing, especially anyone who is new to email. If you think you’ve been scammed, the FTC recommends filing a complaint at ftc.gov, then visiting their identity theft website at www.consumer.gov/idtheft.

If you have a business and you are concerned that your pages and logos could be “spoofed” in a phishing scam, be prepared. Create a page on your site where customers can report phishing scams that involve your company, and pass along any reports you receive to the FTC. Request details from customers such as copies of the text from the phishing email and links to the spoof sites. Be understanding and supportive when speaking with customers who have fallen victim to this scam, as they will probably be extremely frustrated and angry. Maintain the highest possible level of security with your own website so that the sensitive data you hold will remain safe and customers will be confident in that safety.

Sources: www.ftc.gov, www.antiphishing.org, www.microsoft.com