The new scam starts with someone writing on your wall something like, “I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video,” followed by a link to some obscure website like TruthAboutCoke.us.

The you think, “Wow. I drink five Cokes a day. I should probably watch this video,” so you click on the link (That’s mistake #1). Then you find yourself on a page where it is asking you to forward the video to all your friends (a common occurrence on Facebook), so you click the little link in the corner that says “Skip This Ad,” (Mistake #2). The you are taken to a page with a poll. But this poll asks for all your personal information like login name and password. Giving the “poll” your login information is mistake #3.

I understand that many Facebook add-ons ask for your login information to connect back to your Facebook page. However, you need to make sure that the URL begins with “https://” instead of just “http://.” That extra “s” tells you the page is secure and no one will steal your information.

When they ask you to forward the video to your friends is when you should question if the link is a scam. A link to a video should take you straight to YouTube or some other video viewing site. Then when they ask for your login information, there needs to be giant red flags popping up in your head! That’s when you need to check the URL, see if it is a secure site, and when it’s not, exit immediately.

If you have already become victim to this scam try following these steps provided by the Facebook Security Team,

“If your account has been taken over and used to send spam, you should follow these steps immediately:

Reset your Facebook password. You can do this by clicking the “Forgot your password?” link on the login page or by going to the Account Settings page once logged in

If you can’t reset your password because the email address you use to log in has changed, or if your account has been disabled, contact us.

Make sure you have up-to-date security software on your computer, run a scan, and remove any malicious files. If you don’t do this, and your computer is infected, your account may be taken over again. If you don’t yet have protection for your computer, you can download a complimentary six-month subscription of McAfee security software. Learn more on the Protect Your PC tab.”

I asked around the office and compiled a list of how to protect yourself and your data while on the Internet. The outline is basic: Install protective software and keep it updated, and avoid malicious tricks.

Get Protective Software:

This is the most fundamental way to protect yourself on the Internet. At home or in the office, anti-virus software is very important to having a smooth Internet experience. Our Web producer, Jeremy Scott, says, “Be proactive and get some anti-spyware and anti-virus software as soon as you get your computer. It’s a lot less work to put precautions in place ahead of time than it is to fix a problem after the fact.”

In the office, be sure to buy business-class software. Retail versions of anti-virus software are not strong enough to cover an entire network at your business. Our experts recommend Trend Micro Worry Free Security Suite for a business. For regular home users, Thomas Campbell suggests, “either Trend Micro Internet Security Pro or Webroot Spysweeper with anti-virus. There are plenty of good anti-virus programs out there but in my opinion these offer the best combination of effectiveness, reliability, and ease of use.”

Keeping your Security software updated is almost just as important as having the software in the first place. If you don’t have the most up-to-date software, there can be holes in your security. Cyberscammers stay updated so why shouldn’t you? If you are not keeping your software up-to-date, you could be susceptible to the latest virus scams.

Avoid their Tricks:

This is an important step as well to keep your online data to yourself. Pay attention and use common sense! One of our IT consultants, Adam Arnold, said:

“Most infections come from some form of social engineering or overall trickery. If a window pops up and says ‘You are infected! Click here!’ Please don’t. Reputable software doesn’t do that… If you are the type of person that gives out very private and personal information to strangers on the street, you will need to hire someone to supervise you on the computer. Otherwise, if you are unsure, call someone to help you.”

Our web producer, Jeremy Scott, gave his input here also and said, “Pay attention. Most people only notice their machine is infected long after they’ve received a lot of malware and spyware.”

Very true, Jeremy. Make wise decisions when you are surfing around on the web. You have too much data at risk when you don’t make smart choices. Clicking on random pop-ups is always the wrong thing to do. Another Keystone IT consultant, Thomas Campbell, says:

“Don’t open attachments if you don’t know who they are from. Remember that people can spoof e-mail addresses (i.e. look like the e-mail is coming from a friend or trusted bank but it is not) so be careful clicking on any links. Be careful where you surf, and even more importantly, what you download… A lot of the malware we see these days install a fake antivirus program on the victim’s machine at the user’s prompting and harasses them to buy the “full version” of their software. Don’t be fooled!”

Overall, the Keystone office agrees that you need to take certain steps on your own to avoid major problems with viruses, malware, identity theft, and more. After reading all these warnings, I hope you will take a few minutes to familiarize yourself with your anti-virus software and update it to the latest version.

I’ll be the first to admit that I have seen all the movies of the Twilight saga thus far and have liked every single one (but that didn’t stop my bosses from making fun of me). With Vampires on the mind, you might be susceptible to viruses or identity theft. Not because they are going to come and bite you and turn you into a vampire, but because there is a new scam targeting Twilight search results on Google.

The cyberscammers will create a fake webpage on Eclipse (or whatever other trendy subject they prefer) that will show up in the top Google results for your search query. After you click on the site, a fake warning will pop up saying you’re in danger of being infected by some virus. Then you will be convinced to buy some obscure anti-virus software from the warning window. After you’ve bought it, you will not have any anti-virus software, and the bad guys will have all your money.

Byron Acohido of USA Today writes,

“If you see a suspicious scareware alert, the worst thing you can do is click on anything in the alert, even a ‘cancel’ button. That’s because clicking on anything the bad guys present to you usually advances the scam. Instead, do a force quit: type ‘cntl-alt-delete’ to navigate to your task manager. Locate the application running the fake alert and force-quit it by clicking ‘end task.’”

Also, be sure to keep your virus protection software up-to-date. It may be inconvenient today, but you’ll be less inconvenienced tomorrow when you don’t have any viruses to clean.

But even following that rule is far from any sort of guarantee that your reputation won’t be damaged.  In fact, if you have an ex-customer (or ex-girlfriend for that matter) who wishes to make you look bad, there are now a variety of web services that will allow them to do just that… usually anonymously.

One popular web service for consumers to complain about mistreatment is called the Rip Off Report.  It’s billed as a place to tell stories about how you were wronged as a customer–report your having been ripped off.  One huge thing to be aware of with this site:  they never take down reports.  Their terms of service state that users can only publish true stories, and they use this as legal defense against charges of libel.  So if you’re a business, and someone rips on your company on Rip Off Report–you’re mostly out of luck.  You can file a rebuttal against the original complaint, but that’s all… the complaint itself, no matter how inaccurate, will never come down.

Another site with growing buzz is Yelp, a place for customers to review businesses they frequent a lot.  It has come under fire lately for charges that Yelp is some kind of extortion ring–where businesses are asked to pay for premium services to have negative reviews removed.

Now there’s a new service launching in a matter of days that allows people to review other people… anonymously.

It’s going to be harder and harder to maintain an impeccable online reputation.  Simply annoying your neighbor could result in an insult being posted about you online that lasts forever.  And you’ll have little that you can do to repair it.

If there’s a silver lining, it’s that all businesses and individuals are facing this same scary future.  And sooner or later, we’ll all have enough anonymous complaints leveled against us online that it’s simply not as big a deal as it is now.

But there are some things that you can do actively to help protect your reputation (at least partially):

1. Monitor your reputation.  If you don’t know what’s being said, you can’t react to it or respond in any way.  Set up Google Alerts for your business name or your own personal name.  Search for your company in Google News or Blog search.  In other words, be proactive.  You can’t fix what you don’t know about. You can’t respond, until you know there’s something out there that warrants a response.
2. Get the positive word out.  Again, be proactive.  Publish customer testimonials on your website–change them out with new ones frequently.  Get your business on Twitter, Facebook, MySpace, and more–flood the web with positive or neutral mentions of your company and it becomes that much harder for negative comments to ever be found in the first place.
3. Beware cold calls.  I read this article yesterday, and it scared me a little.  While I have no knowledge of the situation outside of what I can read, it sounds like there may be companies out there selling “reputation management services” that are actually a scam.  As the author of that article states:  trustworthy reputation management companies don’t need to cold call.  So be careful what you believe when someone calls you out of the blue offering to fix your online reputation–it’s entirely possible they were the ones that posted the criticism in the first place.
4. Be an honest business person.  I know it’s going to sound trite and over-simplified, but the single best way to avoid having negative things written about your business online is to never make your customers angry.  Sure, there’s always going to be that one person who simply will not allow themselves to be happy–there are some chronic complainers out there in the world, and it can be hard to change the mind of a person like that.  But through careful client selection, and a dedication to superior service… the majority of small businesses will be able to navigate the waters of online reputation management without hitting any icebergs.

As I was putting different widget applications on my new Netvibes account (which I highly recommend to anyone who does not already have one), I found an article about a phishing scam on Facebook that is spreading through messages.  Its aim is to trick you into visiting a harmful site that looks like Facebook, so they can steal your login information.

I thought it sounded interesting-probably because I’m on Facebook roughly 25 hours a day-so I looked into it a little more and discovered that I have received not only one, but TWO of these messages just a week ago!

The message sent to you is usually from a friend and has a subject line with something simple like, “Hello”, or something more urgent like, “Do it now!” and “Help!” which were the subjects of the two I received. The body of the message says something like “151.im” or, in my case, “Funny fulldig.im.”

In the Facebook message itself, the domain does not show up as a hyperlink so there is no harm in clicking on it. However, if you are a person who doesn’t get on Facebook often and you just check your notification e-mails for updates, then you do have the opportunity to click on it. Most e-mail clients, like Gmail in my case, automatically enable the domain to be a hyperlink within the notification e-mail. So don’t click on it in your real e-mail inbox nor should you copy the domain into your browser. Clicking on the message in your Facebook inbox simply to open it won’t affect you. However, if you have clicked on the link in an e-mail all you have to do is change the password to your Facebook account.

Facebook is aware of the problem and said in regards to it:

“We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago.”

They also said that they are taking steps in cleaning up this mess and posted about those steps in their recent blog post.  Check back for more information as it becomes available.

The first scam is similar to the Chinese scam. They play upon the fear that your “intellectual property rights” are going to be infringed upon. They use big words and reference the “United States Legal Code” regarding “False descriptions and dilution of Trademarks and the Uniform Domain Name Dispute Resolution Policy.”

In other words, they’re trying to sell you a bunch of domain names you don’t now own and very likely don’t want to own. Even if you DID want to own those names, you certainly don’t want to purchase them through sneaky scumbags like the company so low-down that they don’t even have the guts to tell you their name.

The second scam is just as bad. The Domain Registry of America (located in Ontario) sends you notification that your domain name is about to expire and you should pay them to “renew” it. What they don’t tell you is that they’re going to transfer the name from your current provider (likely someone you trust) to Domain Registry of America. Domain Registry of America has even been the defendant of an FTC lawsuit because of their deceptive practices: http://www.ftc.gov/os/2003/12/031219compdomainreg.pdf

So how should you deal with these people?

• Step 1. Open the letter from the deceptive jerks.
• Step 2. Use your hands to crumple their notice up into a small wad.
• Step 3. Place the wad of paper in your wastebasket and go back to what you were doing.

Problem solved! (Note: If you get an email notice about your domain name and you’re not sure if it’s a scam, you can always call your friendly neighborhood technology solutions provider–Keystone–and double-check… but it’s probably a scam).

Chinese Domain Spam Hopes To Wrestle Your Domain Away From You

If you have a domain name or website, you’ve likely received a message from “Margaret” or “Tina” in the “Checking Department.” Margaret (or Tina) will explain to you in her email that “Mr. John Zhou has attempted to register a domain name similar to yours!”  This is a common trick in the sketchy and shady domain name business.

The trick is:

1. Scare the potential…uh…sucker by making them think someone is trying to steal from them.
2. Use language in the message that makes it appear something is already underway.
3. Reassure them that their glorious and helpful organization will stop this evil enterprise and help you acquire the “Internet Brand” that is rightfully yours.

So a few things to remember regarding this and other potential scams:

1. Mr. John Zhou doesn’t exist. He probably didn’t submit a formal application for the rights to “HendersonvilleRotary.com.cn.”
2. As far as I can tell, my local Rotary Club has no interest in expanding to China. Nothing against China, mind you…I just don’t see myself or any of my colleagues flying to China for breakfast, coffee and “buddy check.”
3. If you ARE interested in doing business in China, there are many organizations that can help you do this. The Tennessee Chinese Chamber of Commerce, headed by Dr. Ming Wang, is dedicated to developing increased U.S.-China trade. Don’t get me wrong…I’m 100% in favor of American businesses expanding and selling their products and services in China. Buying a domain name in support of your new export venture is great. But something tells me you’ve got a lot more work to do before you start selling product or services in Beijing.
4. They want your credit card. You can guess what happens next.

So, if you’re interested in registering insert-your-domain-here.com.cn, call or email us. We’d be happy to do it and we’ll even let Margaret (or Tina) know that you are ready to expand into Asia.

Here’s an example of a message you might see:

To whom it may concern               2009-3-11
We are a domain name registration service company in Asia,

Last week we received a formal application submited by Mr. John Zhou who wanted to use the keyword  “hendersonvillerotary.org” to  register the Internet Brand and with suffix such as .cn /.com.cn /.net.cn/.hk/ .asia/ domain names.

After our initial examination, we found that these domain names to be applied for registration  are same as your  domain name and trademark. We aren’t sure whether you have any relation with him. Because these domain names would produce possible dispute, now we have hold down his registration, but if we do not get your company’s an reply in the next 5 working days, we will approve his application

As authorized anti-cybersquatting organization we hereby suspect Mr.John Zhou is a domain investor. so we need you to attach importance to this issue.

In order to handle this issue better, Please contact us by Fax ,Telephone or Email as soon as possible.

Yours sincerely

Margaret (or Tina…or some other American-sounding name)
Checking Department
Tel:   86 513 8562 2060
Fax:  86 513 8532 2065
Email:margaret@ntwifinetwork.com
Website: www.ntwifinetwork.com
Mail No.:756516