Let's trace a spam e-mail making current rounds that plays on one of the seven deadly sins -- vanity, supposedly Uncle Scratch's favorite, if you believe the movie The Devil's Advocate. We tracked down apparent exclusive biography publisher Princeton Premier (though not by the phone number in its spam e-mail). Shockingly, it's not in Princeton, New Jersey, home to the prestigious alma mater of John Stossel. In fact, it seems to be in bucolic but pleasant Astoria, N.Y., home to several excellent Greek restaurants. We're left wondering whether the company is legitimate or if someone's trying to hijack their mailing list -- we couldn't get Princeton Premier to return our calls to confirm. Click the link below and we'll start with the whole spam letter on the next page.

Here's the whole spam:
Subject: (your name here's) Selection Into Princeton Premier
Your name,
It is my pleasure to inform you that you are being considered for inclusion into the 2008-2009 Princeton Premier Business Leaders and Professionals "Honors Edition" section of the Registry.
The 2008-2009 edition of the Registry will include biographies of the world's most accomplished individuals. Recognition of this kind is an honor shared by thousands of executives and professionals throughout the world each year. Inclusion is considered by many as the single highest mark of achievement.
Upon final confirmation, you will be listed among thousands of accomplished individuals in the Princeton Premier Registry.
For accuracy and publication deadlines, please complete your application form and return it to us within five business days.
You may access the application form using the following link:
(link to forms page that harvests some relatively innocuous personal information)
On behalf of the Managing Director, we wish you continued success.
Sincerely,
Jason Harris
Managing Director
Princeton Premier
This email was sent to (your e-mail here), by Princeton Premier
23-35a Steinway Street
Astoria, NY 11105 United States
Powered by ResultsMail (http://www.resultsmail.com/)
ResultsMail Privacy Policy: http://www.resultsmail.com/privacy
ResultsMail Permission Email Policy: http://www.resultsmail.com/permission

So: Clicking on the application form link leads to this page, with no navigation forward or back except for a link that places Princeton Premier in Fresh Meadows, NY. You actually have to search for Princeton Premier via Google or other means to find the Web site. Digging deeper on the site, there is a phone number, and on two separate occasions on March 26, 2008, real human beings answered it. (As of late afternoon Friday, March 28, the phone number has since disappeared). We tried to get more information about how to purchase a biography, but were told to go to the Web site. Jason Harris, Princeton Premier's Managing Director, apparently has an office where we called, and we were assured he would return our call, but so far he hasn't. We left several phone messages as well. By the way, the Princeton Premier phone number in the spam mail, and the one found in directory assistance for Astoria, NY, didn't work when we tried them.
We can't really critique Princeton Premier's business model, because we don't know what it is. Google "Princeton Premier," and the fourth result says the site has been suspended because its domain account expired, but on March 28 we were still able to see it. If you do manage to get past the impressive array of services on offer, you will find a "terms of agreement" link that tells you all you need to know about whether you should pay any money for a Princeton Premier biography:
"Our cancellation policy states there is a non-refundable 20% processing fee which will be automatically retained on any cancellation that occurs within 24 hours of any sale.
All program sales after 48 hours are final and no refunds will be issued for our service and all accompanying personalized products." So if a profile costs $100, you're still going to get stuck for $20 even if you get a case of buyer's remorse. We couldn't find a price list, though.
This isn't the first time we've written about exclusive-sounding professional "directories" that pretty much accept anybody who's willing to pay them money. With apologies to Groucho Marx, would you want to join any club that would have you and everybody else as a member?

Posted by Beau Brendler at 10:42 AM | Permalink | Comments (0)

Next week we'll be distributing our third consumer fact sheet in our "Look Before You Click" initiative that's supported by grants from the New York State Attorney General's office. It's about online auctions, though its purpose is actually auction-friendly, providing tips for consumers to get the most out of them. We'll be following it up with two more fact sheets on auction fraud. Click below to read our tips and offer your comments.

Online auctions consistently top the lists of consumer complaints to New York State and U.S. law enforcement agencies. Yet millions of people around the world buy and sell goods online through auction Web sites such as eBay and UBid without a problem. And many of them find goods that are hard to come by anywhere else, sometimes at a great bargain. Getting the most out of an online auction requires advance preparation. Here are some tips to help you get started.

1. Think of an online auction like a flea market and an auction Web site as the building in which the market takes place. Online auction sites are venues for transactions, and so, the responsibility is on the buyer and the seller to engage in a transaction both are happy with.

2. Winning an auction is something like a contract, binding both buyer and seller with some rules. In a timely fashion, you should receive the merchandise you paid for, and the buyer should receive payment.

3. Take time to learn about the merchandise you are planning to buy. Ask yourself some basic questions before getting involved in an auction: Am I OK with a used leather jacket, or do I want a new one? (Both new and used goods are available on auction sites, from individual sellers to chain retailers).

4. Consider how you are going to make a purchase. Many sellers accept direct payment via a service such as PayPal (which is owned by online auction giant eBay) or BidPay. Many buyers won’t do business with sellers who do not accept such payment services. If a buyer won’t accept your preferred method of payment, don’t do business with that buyer.

5. Are you buying a big-ticket item? You may be tempted to use an escrow service, a third party which holds on to your money while you and the seller make an arrangement to inspect the goods on offer. The trouble with escrow sites, which have sprung up by the thousands to cater to nervous online buyers of pricy goods such as automobiles, is that the vast majority are fraudulent, according to the U.S. Federal Trade Commission (FTC). In early 2003, about 10 fake escrow sites surfaced each month, while the rate climbed to 25 a month by year’s end. One legitimate service, Escrow.com, says it gets reports of six times that number, many of them with graphics and logos stolen from its own site.

See our other online auction fraud fact sheets for more information about scams before, during and after an auction.

Keep up to date on all types of online fraud, and ways to prevent it. Bookmark Consumer Reports WebWatch: http://www.consumerwebwatch.org

Posted by Beau Brendler at 01:30 PM | Permalink | Comments (0)

Online scam artists can certainly be creative and opportunistic. This year we've got scammers claiming to be from the IRS and playing on two of the most powerful of human emotions, fear and greed. The first is a phishing scheme in which the scammers try to steal key personal information on the pretense of resolving some sort of problem with your taxes. That one's actually been around a while. The second is a phone or e-mail scam taking advantage of the "economic stimulus" checks to be sent out to many of us in early May. You guessed it, the scammers are using the pretense of the payout to wheedle bank account numbers from victims -- "give us your bank account number so we can process your payment," or something similar. Don't buy it.
As with many phishing scams, foreknowledge is forearmament: The IRS doesn't use e-mail to contact people about tax problems. Nor, it says, will it be contacting people by e-mail about the rebate checks. There's more info about the checks, who's going to get them and how much, by the way, at the IRS' Web site.

Posted by Beau Brendler at 10:14 AM | Permalink | Comments (0)

In our continued crowdsourcing efforts to improve our New York state education campaign, please click the link below to read our consumer tips on online auctions -- this is the first in a series of three, so it's not comprehensive about all types of auction rip-offs. Please give us any feedback you have -- it will help us refine and improve these fact sheets prior to our statewide distribution plan shortly.

Consumer Reports WebWatch
Cybercrime Prevention Project
Factsheet #5: Online Auction Rip-Offs

This is the fifth in a series of factsheets published by Consumer Reports WebWatch, with grant support from the New York State Attorney General’s Office, and the first in a series of three fact sheets on online auction fraud.

Millions of people around the world buy and sell goods online through auction Web sites such as eBay and UBid. And most of them transact quite happily. But getting the most out of an online auction requires some advance preparation. Here are some tips to help you get started.

1. Think of an online auction like a flea market and an auction Web site as the building in which the market is taking place. Online auction sites are venues for transactions, and so, the responsibility is on the buyer and the seller to engage in a transaction both are happy with.

2. Winning an auction is something like a contract, binding both buyer and seller with some rules. In a timely fashion, you should receive the merchandise you paid for, and the buyer should receive payment.

3. Take time to learn about the merchandise you are planning to buy. Ask yourself some basic questions before getting involved in an auction: Am I OK with a used leather jacket, or do I want a new one? (Both new and used goods are available on auction sites, from individual sellers to chain retailers).

4. Consider how you are going to make a purchase. Many sellers accept direct payment via a service such as PayPal or BidPay. Many buyers won’t do business with sellers who do not accept such payment services. If a buyer won’t accept your preferred method of payment, don’t do business with that buyer.

5. Are you buying a big-ticket item? You may be tempted to use an escrow service, a third party which holds on to your money while you and the seller make an arrangement to inspect the goods on offer. The trouble with escrow sites, which have sprung up by the thousands to cater to nervous online buyers of big-ticket items such as automobiles, is that the vast majority are fraudulent, according to the U.S. Federal Trade Commission (FTC). In early 2003, about 10 fake escrow sites surfaced each month, while the rate climbed to 25 a month by year’s end. One legitimate service, Escrow.com, says it gets reports of six times that number, many of them with graphics and logos stolen from its own site.

See our other online auction fraud fact sheets for more information about scams before, during and after an auction.

Keep up to date on all types of online fraud, and ways to prevent it. Bookmark Consumer Reports WebWatch: http://www.consumerwebwatch.org

Posted by Beau Brendler at 12:51 PM | Permalink | Comments (0)

Here's the first information sheet in our forthcoming New York state campaign, supported by a grant from the New York State Attorney General's office, to educate consumers about steps to take to avoid online crime. Please let us know if you have any comments or anything you think we should add to this tip sheet. Click below to see the whole page. And thanks to those who helped us improve our page on phishing we posted earlier this week.

Consumer Reports WebWatch
Cybercrime Prevention Project
Factsheet #1: Ten General Tips to Stay Safe

This is the first in a series of factsheets published by Consumer Reports WebWatch, with grant support from the New York State Attorney General’s Office.

If you have a computer at home, whether it’s a laptop or desktop, you should follow these steps. Remember, a broadband (high-speed with no phone dialing) connection to the Internet is like another door into your house. Take the same kinds of security precautions with your home computers that you take when you leave your house.

1. Activate protection. If your operating system (for instance, Microsoft Windows, either XP or Vista) has a firewall, spam blocker, or other built-in security application, make sure it's turned on. The firewall included with Windows Vista is adequate. Those for Macintosh computers are not so good, but Mac operating systems are less easily targeted. ZoneAlarm 7.0 is a free firewall for Windows XP if you have not downloaded XP service pack 2.

2. Update and renew. Set your operating system and security software to update automatically. Spam, spyware, and virus-detection programs incorporate "rules" or "definition" files that need to be current to catch the latest threats. When your software warns you to renew your service, be sure to do so, ensuring protection doesn't lapse. If you are having trouble downloading updates online, ask your operating system’s publisher to send them to you on a CD-ROM.

3. Upgrade your operating system and browser. If you're running Windows XP or earlier Windows versions, consider the more secure Windows Vista. Though the software has some problems, Vista lets you surf in a protected environment that prevents online threats from damaging your operating system and contains a two-way firewall that blocks both incoming and outgoing threats. Consider using the Firefox browser, which will notify you if you are on a troublesome site.

4. Take advantage of security features offered by Internet service providers (ISPs) and others. The EarthLink Toolbar (www.earthlink.net/software/free/toolbar), for example, incorporates a scam and popup blocker, spyware scan, and home page protection. The Netcraft antiphishing toolbar (www.toolbar.netcraft.com) warns about known phished sites. McAfee Site Advisor (www.siteadvisor.com), lets you know whether McAfee tested it and, if so, what it found, including viruses, spyware, spam, pop-ups, phishing, and consumer scams. It even overlays site reports on Web search results and automatically blocks access to sites that exploit browser weaknesses.

5. Shut off your computer. This can reduce the chance a malicious remote computer will penetrate your operating system security and access it. And you'll save energy.

6. Guard personal information. Never respond to e-mail requesting your passwords, user names, Social Security number, or other personal information, no matter how official it looks. If you're asked to call a telephone number, verify it independently.

7. Consider a Mac. Although Mac owners face the same problems with spam and phishing as Windows users, they have far less to fear from viruses and spyware. Because Apples are less prevalent than Windows-based machines, online criminals get less of a return on their investment when targeting Macs.

8. Watch what you download. The myriad of free utilities, games, and other software on the Internet can be useful, but many are laden with viruses and spyware. Try to download only from well-known manufacturers or trusted sites such as those at www.download.com , www.snapfiles.com, and www.tucows.com. If you are unsure, go to StopBadware.org.

9. Download Avast! Antivirus software for free. If you’re having difficulty using the antivirus software that came with your machine, try Alwil’s Avast!, free for home and non-commercial use at www.avast.com. If not Avast, make sure you run antivirus software and do regular scans.

10. Run two antispyware programs. Spyware is so insidious, and sometimes difficult to detect, that it warrants double protection. Set the better of the two programs to block spyware in real time. Use the other to scan whenever you suspect something might have escaped the first program. One recommendation is Spybot Search & Destroy (http://www.safer-networking.org/index2.html), which is free, but consider making a donation.

For more information, and to keep up to date on ways to keep your home computers safe from unwanted invaders, bookmark Consumer Reports WebWatch: http://www.consumerwebwatch.org

Posted by Beau Brendler at 12:44 PM | Permalink | Comments (0)

Note correction of the spelling of Kieren McCarthy's name in our post below on the Commerce Department's Joint Project Agreement with ICANN -- sorry we can't correct it in the document now in DOC's possession. And take a read of ICANN's blog .

Posted by Beau Brendler at 03:22 PM | Permalink | Comments (0)

As part of a grant from the New York State Attorney General's office, we want to make consumers more aware of cybercrime. We've created some tips to prevent phishing and would like to get your comments on them. Click the link below and feel free to copy it and send it to a friend. We'll be posting it in Spanish shortly as well.
Thanks to Max Weinstein of Harvard's Berkman Center (and StopBadware.org's chief) for feedback.

Consumer Reports WebWatch
Cybercrime Prevention Project
Factsheet #3: Don’t Get Phished

This is the third in a series of factsheets published by Consumer Reports WebWatch, with grant support from the New York State Attorney General’s Office.

Has this ever happened to you? You get an e-mail that looks like it’s from eBay, PayPal or Citibank, asking you to update your account. But don’t click on that link! You may wind up on a Web site built by scam artists that downloads a keystroke logger to your home computer that records all your passwords and sends the information to a stranger overseas. Millions of people have fallen for scams like this – even if they don’t do business with the company sending the e-mail. Phishing e-mails usually pretend to originate from financial services companies, Internet service providers or retailers, though some entrepreneurial phishing scammers once even hijacked the name of the U.S. Federal Trade Commission, responsible for prosecuting e-mail fraud.

Depending whom you talk to, the boom in phishing scams has stabilized a bit, but scammers' phishing techniques are improving. Popular social-engineering techniques that entrap consumers include: Associating the mail with a holiday or event, such as the World Cup; spear-phishing, when the sender appears to be someone inside the company you work for; or an e-mail telling you your bank account has been compromised, urging you to enter personal information into a fake site that looks like the bank's.

Here are six tips to help you avoid being phished:

1. Be skeptical of any e-mail, and avoid using hyperlinks in e-mail. They may show one address, but take you to another. Delete any e-mails that seek to send you to a Web page via a link in the e-mail’s text. Legitimate e-mails will ask you to go to a specific Web site. Type the address into your browser and make sure what you are typing is the correct address. For instance, Citibank's main site is citi.com, so if an e-mail asks you to type, say, citi.bankloans.com, be skeptical. Make sure your typing is accurate, since cybersquatters buy misspelled domains -- for example, "cittibank.com." Financial institutions are beefing up security against phishing techniques. Bank of America and Vanguard now ask customers to select a personalized image or phrase to appear whenever they access the site to let them know it’s the real thing.

2. Make a point to bookmark the pages of the sites you do business with. Use those bookmarks for transactions.

3. On Web pages, mouse over the URL and see whether the address that appears at the bottom of your browser looks related to a page or site you expect to visit. When you arrive at the site, verify that the URL shown in your browser's address bar is the correct one. Pay attention to the part of the URL between "http:// " (or https:// ) and the next slash. Look for tricks such as the use of a zero where the letter O should be. Verify the address, then type it into your browser. Or use a favorite or bookmark.

4. Watch carefully for misspellings and poor grammar, one of the surest signs of a phishing scam.

5. Use a Web browser with site verification tools, such as Firefox (http://www.mozilla.com/en-US/firefox/), or software such as McAfee’s Site Advisor (http://www.siteadvisor.com/), which tests sites and tells users the results via a free download.

6. Report phishing. If you receive a phishing e-mail, forward it to the Anti-Phishing Working Group (reportphishing@antiphishing.org), the Federal Trade Commission (spam@uce.gov), and the company or organization being impersonated. You also can file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov

For more information, and to keep up to date on the latest phishing scams and resources for consumers, bookmark Consumer Reports WebWatch: http://www.consumerwebwatch.org

Posted by Beau Brendler at 01:22 PM | Permalink | Comments (0)

If you've been online since the mid-90s, chances are your first glimpse of a Web page was via the Netscape Navigator.

In its heyday, the Navigator enjoyed a commanding 90% share of the browser market, which helped turn Netscape into the Google with of its day, an Internet 1.0 darling whose astronomical 1995 IPO helped launch the (first) Internet bubble.

Netscape’s success didn’t go unnoticed by Microsoft, which had been slow to realize the potential of the Internet—not to mention the threat to its bottom line. The software giant waged a brutal and successful campaign to supplant the Navigator with its Internet Explorer by bundling it as part of its ubiquitous Windows operating system. Netscape's Navigator simply couldn’t compete with a free browser installed on 90% of all PCs, and by 1998, lost the so-called browser war and surrendered the top spot to the Internet Explorer.

Although a federal judge ruled in 2000 that Microsoft abused its monopoly power to crush Netscape, for which it subsequently agreed to pay AOL (which acquired Netscape in 1999) $750 million, the damage was done. Last week AOL announced it would no longer support the Navigator after March 1.

But the spirit of Netscape lives on in the open-source Firefox browser, which is coordinated by the Mozilla Foundation, which was formed in 2003 by ex-Netscape employees laid off by AOL.

Since its first release in 2004, Firefox has grow in popularity—due in no small measure to those seeking an alternative to the Internet Explorer—and is now the second most popular browser, with some 15% of the market. Lots of ex-Netscape users, like this one, swear by Firefox for its ease of use, security and customizable options. If you've never tried it, give it a whirl.

Posted by Jorgen Wouters at 03:23 PM | Permalink | Comments (0)