Gary Gentile of Associated Press (AP) reports that MySpace is increasingly becoming a place for identity theft scams, as criminals take advantage of the the trust users have when communicating with “friends” to steal passwords that could lead to identity theft.

For example, MySpace user Kary Rogers expected to see a funny video when a “friend” messaged him a link. First, though, he was directed to a page where he was asked to re-enter his password. Rogers realized that someone was trying to steal his information, and closed the window. If he had fallen for the scam, the crook might have used his information to spam him or even to steal his real-life identity.

MySpace promotes itself as a “place for friends.” However, addressing the risks that come with the massive growth of the site is a major challenge for MySpace, now part of News Corp. media conglomerate. As more and more users join the site, online scammers are increasingly targeting MySpace.

According to Gentile: “One recent scam works this way: A spammer posts a number of phony profiles featuring pictures of cute women, often promising nude photos. A ‘friend request’ with the woman’s photo is sent to hundreds of users. Once the fake profile loads, a blue screen descends, saying the profile is protected by the ‘MySpace Adult Content Viewer.’ Unsuspecting users who try to download the viewer instead get a worm that installs adware on their computers.”

This is one of many scams targeting the social networking site. In response to these scams, MySpace is stepping up security efforts to protect users, said Hemanshu Nigam, its chief security officer. The company is expanding its team of software engineers, lawyers and other experts who look for suspicious activity, educate users on how to prevent attacks and go after the worst offenders.

Robert McMillan of PC Advisor reports that botnet armies are behind many spam, phishing and denial of service attacks. Botnets are remote-controlled PCs that have been taken over without their user’s knowledge. Symantec counted more than 4.5 million of them during the first six months of 2006 and they continue to grow at a rapid pace. Cybercriminals frequently use botnets to boost web advertising billings by automatically clicking on Internet ads, a tactic known as clickfraud.

“Botnets are really where it’s at for serious cyber criminals, because of their concentrated power,” according to Aaron Kornblum, a senior attorney with Microsoft’s Internet Safety Enforcement team. “That power can be used for all sorts of malicious conduct on the internet.”

Botnets are changing the economics of cybercrime, according to Daniel Druker, executive vice president of marketing with Postini. The botnet networks were the biggest source of spam over the past year, giving spammers access to virtually unlimited bandwidth, he said.

Druker estimates that about 50,000 computers are sending spam and malicious content at any given moment. In most cases, these computers will only operate for about 45 minutes, and then go silent, making it hard to identify them.

The Federal Identity Theft Task Force, led by Attorney General Alberto R. Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras, is seeking public comment on ways to improve the effectiveness and efficiency of federal government efforts to reduce identity theft. The public comments will be used in the Task Force’s research and analysis to identify areas where additional recommendations may be needed.

The Task Force was established by an Executive Order on May 10, 2006. It aims to develop a coordinated strategic plan to combat identity theft, and to recommend ways to improve the federal government’s activities in the areas of identity theft awareness, prevention, detection, and prosecution. Eighteen federal agencies are participating in the Task Force.

The solicitation for public comment is available through the Task Force
Web site at: http://www.ftc.gov/bcp/edu/microsites/idtheft/taskforce.htm.
Comments must be filed on or before Friday, Jan. 19, 2007.

As phishing scams become increasingly sophisticated, many phishing websites and fraudulent e-mails appear deceptively authentic. As a result, many industries (especially retail and financial sectors) are finding it more and more difficult to use e-mail as a communication tool without recipients doubting its authenticity.

According to ChosenSecurity, Inc., an identity verification and security services company, companies must be proactive in protecting customer communications from damaging phishing scams. The company finds that while many businesses already protect their employees against phishing, they neglect to tell their customers about the security measures being used. ChosenSecurity advises company to follow these three rules in its customer communications, to help customers decipher whether shared mail traffic is trustworthy:
1. Deploy an e-mail signature as basic protection against phishing attacks.
2. Engender trust with open-ended communication.
3. Allay customer uncertainty with an information campaign.

“Around 94 percent of all phishing e-mails pretend to be from financial institutions, but the creativity of the online counterfeiter is unending,” said Neal Creighton, ChosenSecurity CEO. “Accordingly, all companies should protect their customers’ interests and take effective, coordinated security measures. That’s the only way businesses can maintain their customers’ trust, as well as protect their customers’ identities from being hijacked for criminal activities.”

Joy Viren Murphy owns a small business selling handmade Christmas stockings. Working from the attic of her home, she makes a couple of thousand stockings a year. However, her business is facing a new, high-tech problem, thanks to Microsoft’s new Internet Explorer 7 Web browser.

Riva Richmond of the Wall Street Journal reports that Microsoft’s Internet Explorer 7 Web browser may cause problems for small businesses. IE7 has a security feature that will turn Web-address bars green and show owners’ identities when consumers visit secure sites from businesses that have been deemed legitimate. The color change feature is expected to help reduce fraud, lift trust and boost e-commerce. However, it concerns small businesses and individual entrepreneurs, as consumers may pass their sites by if they don’t have the safe green bar.

Microsoft argues that green should not be considered a seal of approval, but rather a sign that the site owner is a legitimate business. The display of company names in the bar will allow consumers to confirm that they are on the site they intended to visit.