Yaari Is NOT Social Networking, It is SPAM (and so are others....)

In this crazed time of social networking - which sites to join can be confusing. Everyone knows the mainstream sites, but reguarly sites are popping up - and people can get emails such as "your friend xyz" wants you to join social networking xxx.  The problem is that the friend is someone you know - but the social networking site is not. What to do?

DON'T JOIN - DON'T CLICK OVER TO THE SITE! Forward the email request on to your friend and ask them if they really sent it to you. Most of the time you will find out it is SPAM!

Yesterday I received just such an email that listed a friend who wanted me to join Yaari. I never join anything without checking it out. I did click over to the website (which I should not have) but I was curious. The site looked very suspicious so I did not enter any personal information. Instead I forwarded on that email back to my friend. He responded today saying he had received it from a friend he trusted and apologized. THIS HAPPENS OFTEN so don't think it can't happen to you.

The bottom line is Yaari = SPAM!

Here is a post from someone who also had a bad experience from Yaari and posted about it (I assume he does not mind if I borrowed his graphic). This post is 2 years old but it seems that the spammers are still in play.

Here is what I do and some links to sites that you can find out more information:
1. I never enter personal information on any site unless it is vetted and trusted. If I receive a friend request from an unknown site I NEVER join - I always send the request back through email to my friend and ask if they sent it. Many times I find that it is spam. Sometimes it is not, but I still don't join. I try to only join one or two MAINSTREAM social networking sites.

2. Even on the social networking sites that I do join, I never load my friends from my email address book or any contact database. I always "deselect" that option and hand choose who I am inviting. That takes more time - but means that I won't give permission for applications to access my address book.

I am not saying that it has not or will not happen to me. I am saying that coming from a computer security background makes me paranoid of many things online. Just this morning I received a DM from someone I am just getting to know on Twitter with a link that I am not going to click over until I get more information. The key is to be paranoid and educated on spam. And once you are, realize it is an ever changing game so always keep up to date on spam education.

IMPORTANT RELATED LINKS:

Stanford & Common Sense Media on Safe Social Networking

I am thrilled to see organizations like Common Sense Media and  Dr BJ Fogg of the Stanford Persuasive Technology Lab provide valuable information on safe social networking for teens including IMPORTANT information on privacy controls. So here are the links, parents take a look and learn:

• Dr. BJ Fogg - Facebook For Parents website and class for parents
• Common Sense on Social Networking and Online Safety and their Family Media Agreements

I hope to go to the Facebook class for Parents at Stanford and will print out the Common Sense Family Media agreements for my kids.  It is important for all parents to be proactive and help themselves and their families learn about/implement proper online safety.

Google Latitude- New Tool For Tracking Family/Friends? Or Privacy Issue?

Google announced today their new application called Google Latitude that allows tracking of locations via cellphone using GPS.  Techmeme today was abuzz about this. VentureBeat added that Google is getting ahead in the social networking game (and I agree). All Things Digital posted with a test run where the blogger (Katherine Boehret ) "stalked her sister, boyfriend and boss".

@momsatwork brought up a good discussion point on Twitter  "New Google tracking software is every teen's nightmare. http://tinyurl.com/dzgtwo".

I responded @techmama "Google Latitude not teen's nightmare. I say parents new tool ( At library? - no you're at mall).."

At that point, I decided it was time to post.

First of all it is important to understand how Google Latitude works (excerpt from Official Google Blog post):

"Latitude is a new feature for Google Maps on your mobile device. It's also an iGoogle gadget on your computer. Once you've opted in to Latitude, you can see the approximate location of your friends and loved ones who have decided to share their location with you."

Continuing on in the post, it mentions the privacy issue:

"Fun aside, we recognize the sensitivity of location data, so we've built fine-grained privacy controls right into the application. Everything about Latitude is opt-in. You not only control exactly who gets to see your location, but you also decide the location that they see."

The good news is that the service is completely "opt-in" and can be disabled at any time. Here is the video about Google Latitude privacy (IMPORTANT FOR PARENTS especially to share with teens to ensure they UNDERSTAND the privacy settings):

So looking back on the Twitter conversation, yes - it may be teenager's who lie to their parents worse nightmare. For example, if a parent set up Latitude PRIVACY settings to only allow parents to track their teen's cellphone - then if their teenager said they are at the library studying when really they are at the mall shopping - they would be caught. 

On the cool side, isn't some of being a teenager sneaking off with friends? On the non-cool side - maybe it is easier to be honest with parents to show responsibility (which teens need to have a phone in the first place). On the other hand, it may not be appropriate for parents to be online all day tracking where their teens are. Also, teenagers could always work around or disable the settings.

Well then, what is the middle ground?

My suggestion for any parent whose teen has a cell phone is to SPEND THE TIME TO UNDERSTAND GOOGLE LATITUDE'S PRIVACY SETTINGS.

Dear Phisher: You Are A SCAT and NOT Wells Fargo

Here I am - an innocent mom blogging on her netbook, waiting for her son to finish his appointment. I then decided to check my email - when what did I see? A (bad name I can't publish) phisher sending me a lame email. This is a SCAM by the way (called Phishing). I discussed phishing already in an prior post. But here again, those (bad name I can't publish) phishers are sending out an email trying to get me and many other "innocents" to give away private financial information on a FAKE website.  So if anyone gets an email like this  DON'T RESPOND! Delete it or put it into your "spam" email folder.

----- Forwarded Message ----
From: WellsFargo Online Banking <reviews.alert@wellsfargo.com>
To: email address (how dare they use my email for that..)
Sent: Tuesday, January 27, 2009 2:28:39 PM
Subject: Important Update From WellsFargo Online Banking

As a valued Wellsfargo Bank Customer, the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Wellsfargo access.

Click logon to confirm your identity.

LOGON

(note from TechMama - DON'T LOGON!!!) THE LOGON IS FAKE $#&!@ "PHISHING URL" , THE SIGNON  REALLY GOES TO:

'http://scatdealer.com/avatars/.w/online.wellsfargo.com.signon/

So just looking at the URL shows that the email is a phisher - scatdealer.com is not Wells Fargo.com... Infact, anything that starts with "scat" is probably not a website you want to go to. By just running my pointer over the word "logon" I saw the URL without clicking...

Here is the last line of the email:

FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !

(note from TechMama - You are vulnerable if you log on and fall for the scam..)

Happy Holidays, Here is Some Malware

I received a couple of emails from people that had malware attack their computer recently so I decided to look into ways that malware creeps into computers. Here are some interesting techie tidbits:

• Twitter can be used to distribute malware. One example is reported by ZDNet that is a fake profile that requests the user to download a fake version of Adobe Flash that is really malware. ZDNet also has a fake Flash download warning from Adobe.
• Charlene Li posted about the recent Facebook virus.
• CNET has a section on their website called "Living with Technology: Security Yourself" that has useful information on keeping your identify safe offline and online. CNET also has a  spyware, virus and security forum with relevant information on numerous malware issues. One forum item discussed malware in a Twitter clone.
• An infoworld article reported on fake spyware that is really malware.
• The Ars Technica blog has a section on security.
• Yahoo Tech reported that more criminals are switching from phishing to malware. The Yahoo Security Center also has instructions on how to secure PC's.
• Adaware, from Lavasoft, is a program that is used to control of confidential information and protection against malware attacks. Their Security Center has information about the different types of PC security, including using digital locks to protect private data with strong encryption technology. The Lavasoft website also has a section of Spyware statistics that shows the types of crimes.
• The Norton Symantec website has a section on Viruses and Risks along with security software for PC's.
• TechMamas has two posts on Phishing ( one Phishing and the second is an update, part deux), SCADS (bait and switch ads),

Overall, I try not to open any email attachment from someone I don't know (or looks suspicious) and download any program unless it is from the original source. I do run spyware and keep up to date with updates. I never answer any email from ANY financial institution. I reguarly clear private data and cookies. And always stay paranoid!

What is your malware prevention strategy?

Companies Using Fake Facebook Groups to Market to Students?

I just took a quick read at one of my favorite aggregators (TechMeme) to see a powerful discussion going on about a company using fake Facebook Groups to market to students:

There is something going down on Facebook, Pay Attention

It seems that there may be a marketing company that is setting up Facebook groups for incoming students of 2013. The blog SquaredPeg.com wrote the original post that set off the discussion. Posts in other blogs such as Chronicle of Higher Education are also dicussing this.

So lesson learned is that college students (and their parents) need to make sure that any college related Facebook group is actually administered by a college representative. Next, EVERYONE NEEDS TO SET THEIR FACEBOOK PRIVACY SETTINGS and only "friend" people you know.

Related:

Inside Facebook Blog: Facebook Marketing: College Prowler Caught Using Fake Accounts and Facebook Groups to Build List

Safe Teen Online Social Networking: ConnectSafely.org

I get lots of press releases each day, but this one was not only relevant but important to share with my readers:

On Wednesday, washingtonpost.com will host a live discussion for parents to talk about online predators, cyberbullying and how to help kids keep the Internet a constructive, safe place.

Anne Collier and Larry Magid, co-directors of ConnectSafely.org, will host the discussion. ConnectSafely.org provides information to parents and teens on the safe use of social media. Collier and Magid are also co-authors of "MySpace Unraveled: A Parents' Guide to Teen Social Networking."

The discussion will take place on Wednesday, December 17th from 3 – 4 pm ET at the following link:

http://discuss.washingtonpost.com/wp-srv/zforum/05/trendmicro.htm

Watch Out For Bait & Switch Ads This Holiday (or SCADS)

I received an email to TechMamas from the Alliance Against BAIT & CLICK.  I had heard about Bait and Click before, but as always I had to check out the website first to see if they were for real. The site does have a valid URL - and some interested information. I also found an article about them in USA Today titled: Watch Out for "bait and click' ads.

Here is what the Alliance Against BAIT & CLICK explained a SCAD is:

• Sponsored search results are advertisements that appear on search engines. Once you've run a query, they usually appear at the top and along the side of the page.
• Deceptive sponsored search results (scam ads or scads) result when advertisers misrepresent themselves by using brand names they aren't affiliated with or authorized to use.
• Scads lure consumers to their sites under false pretenses... bait & click!

Here is the information about How to Spot SCADS

I know there is added pressure this holiday season to find reasonable rates and fares - but beware of SCADS!  I get tons of emails every day, but this one I thought it was important enough to reprint on the blog. Click "continue reading" to see the email the alliance sent me with more information about SCADS.

Online Safety for Kids

A fellow Silicon Valley Moms Group blogger posted about the dangers of social networking and one of the commenters linked to a page on Oprah.com that discusses online safety:

Oprah.com - Online Safety Rules for Kids

Those rules are something EVERY parent should not only read themselves but share with their kids. Here are a few other sites with valuable resources for Online Safety:

• Common Sense Media Internet Safety Guide For Kids
• NetSmartz.org
• FEMA.gov Online Safety Rules For Kids
• FBI Parent's Guide to Online Safety
• Milstein Child Safety Center
• GetNetWise - Online Safety Guide by Age
• Yahoo! Kids Online Safety

Security Warning: Malicious Software Can Be a Click Away

Here is an example of a website that has a malicious program. I have "Silicon Valley Moms Blog" on my Google Alerts. For some reason, this website came up in my Google Alert email. I saw Mashable and thought of one of my favorite Techie sites called Mashable

http://informxyzzz.blogspot.com/2008/09/mashable_21.html" (name was changed...)

When I clicked on that link, I got this warning on my screen from Google:

Reported Attack Site!      
This web site at inforxxy.blogspot.com has been reported as an attack site and has been blocked based on your security preferences. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

I was thrilled that Google had already vetted that site because I should not have clicked over on that link anyway. If I would taken a second I would of realized that this is the correct url for Mashable:

http://mashable.com/

So it was suspicious to start. I did click on the warning page for more information. The next page details are listed below, looks like Google not only searches pages for keywords - but it also searches for malicious sites.

This is a good lesson to think before you click!

I found more info on Spyware and Adware on the Google Site (with the real Google URL).