You can help keep your child's gaming experiences safe, age-appropriate, friendly, fun, and even educational.

The key is to educate yourself -- about the gaming community, game ratings, and how to use the privacy and safety tools built into the games.

Also learn the difference between online gaming and gambling, and teach your kids the difference, too.

Here are a few basic tips on how to help protect your children when they play games and compete online

Help kids avoid gambling online

How parents can help

SiteKey sucks

Cyber Security Tips

General information

• Why is Cyber Security a Problem?
• Guidelines for Publishing Information Online
• Understanding Internet Service Providers (ISPs)

General security

• Choosing and Protecting Passwords
• Understanding Anti-Virus Software
• Understanding Firewalls
• Coordinating Virus and Spyware Defense
• Debunking Some Common Myths
• Good Security Habits
• Safeguarding Your Data
• Real-World Warnings Keep You Safe Online
• Keeping Children Safe Online

Attacks and threats

• Dealing with Cyberbullies
• Understanding Hidden Threats: Corrupted Software Files
• Understanding Hidden Threats: Rootkits and Botnets
• Preventing and Responding to Identity Theft
• Recovering from Viruses, Worms, and Trojan Horses
• Recognizing and Avoiding Spyware
• Avoiding Social Engineering and Phishing Attacks
• Understanding Denial-of-Service Attacks
• Identifying Hoaxes and Urban Legends
• Avoiding the Pitfalls of Online Trading

Email and communication

• Understanding Your Computer: Email Clients
• Using Caution with Email Attachments
• Reducing Spam
• Benefits and Risks of Free Email Services
• Benefits of Blind Carbon Copy (BCC)
• Understanding Digital Signatures
• Using Instant Messaging and Chat Rooms Safely
• Staying Safe on Social Network Sites

Mobile devices

• Protecting Portable Devices: Physical Security
• Protecting Portable Devices: Data Security
• Using Caution with USB Drives
• Securing Wireless Networks
• Cybersecurity for Electronic Devices
• Defending Cell Phones and PDAs Against Attack

Privacy

• How Anonymous Are You?
• Protecting Your Privacy
• Understanding Encryption
• Effectively Erasing Files
• Supplementing Passwords

Safe browsing

• Understanding Your Computer: Web Browsers
• Evaluating Your Web Browser's Security Settings
• Shopping Safely Online
• Browsing Safely: Understanding Active Content and Cookies
• Understanding Web Site Certificates
• Understanding Internationalized Domain Names
• Understanding Bluetooth Technology
• Avoiding Copyright Infringement

Software and applications

• Understanding Patches
• Understanding Voice over Internet Protocol (VoIP)
• Risks of File-Sharing Technology
• Reviewing End-User License Agreements
• Understanding Your Computer: Operating Systems

13 Things An Identity Thief Won't Tell You

Interviews by Michelle Crouch

Former identity thieves confess the tactics they use to scam you.

1. Watch your back. In line at the grocery store, I’ll hold my phone like I’m looking at the screen and snap your card as you’re using it. Next thing you know, I’m ordering things online—on your dime.

2. That red flag tells the mail carrier—and me—that you have outgoing mail. And that can mean credit card numbers and checks I can reproduce.

3. Check your bank and credit card balances at least once a week. I can do a lot of damage in the 30 days between statements.

© Comstock/Thinkstock

PLUS: 10 Ways to Protect Yourself Online

4. In Europe, credit cards have an embedded chip and require a PIN, which makes them a lot harder to hack. Here, I can duplicate the magnetic stripe technology with a $50 machine.

5. If a bill doesn’t show up when it’s supposed to, don’t breathe a sigh of relief. Start to wonder if your mail has been stolen.

6. That’s me driving through your neighborhood at 3 a.m. on trash day. I fill my trunk with bags of garbage from different houses, then sort later.

7. You throw away the darnedest things—preapproved credit card applications, old bills, expired credit cards, checking account deposit slips, and crumpled-up job or loan applications with all your personal information.

8. If you see something that looks like it doesn’t belong on the ATM or sticks out from the card slot, walk away. That’s the skimmer I attached to capture your card information and PIN.

9. Why don’t more of you call 888-5-OPTOUT to stop banks from sending you preapproved credit offers? You’re making it way too easy for me.

PLUS: 13 Things Your Financial Adviser Won't Tell You

10. I use your credit cards all the time, and I never get asked for ID. A helpful hint: I’d never use a credit card with a picture on it.

11. I can call the electric company, pose as you, and say, “Hey, I thought I paid this bill. I can’t remember—did I use my Visa or MasterCard? Can you read me back that number?” I have to be in character, but it’s unbelievable what they’ll tell me.

12. Thanks for using your debit card instead of your credit card. Hackers are constantly breaking into retail databases, and debit cards give me direct access to your banking account.

13. Love that new credit card that showed up in your mailbox. If I can’t talk someone at your bank into activating it (and I usually can), I write down the number and put it back. After you’ve activated the card, I start using it.

PLUS: 13 More Things An Identity Thief Won't Tell You

Sources: Former identity thieves in Kentucky, Florida, Indiana, Virginia, and New York.

A couple of years ago, my personal credit card account number was compromised. Did this stop me from continuing online transactions? No way. 

In my case, while an unauthorized party gained my account details, no transactions were made. The bank's fraud department were understandably hesitant in releasing details of the compromise, but they were very quick in taking action. I'm not even sure that the offending party was an online merchant, hacker or traditional retailer.

The media in general have fed the paranoia levels of the online consumer community regarding online transactions. Yes, credit card numbers are stolen and yes, there are victims who suffer financial loss. But submitting your credit card details online is no different to handing your card to a shop assistant that you don't know or a waiter you have never met before. There is very little stopping merchants we carry out transactions with on a face to face basis from gathering detailed lists of account numbers to be sold off on the black market. In fact, according to the 2005 Identity Fraud Survey Report, under 12 percent of ID fraud incidents originate online.

The media have also fed the xenophobic cold war attitudes of years gone by by focusing on certain countries. Credit card number hackers are "Russian", true. They are also American, Australian and English. Every country in the world has a community of identity thieves, scammers and spammers.

If you own a credit card and don't carry out online transactions, it doesn't mean you are safe. We need to remember that most of the world's information systems are now connected somehow to the Internet. All your vital details are now available online; regardless of whether or not you are a Internet user. 

If you have ever collected a welfare payment, taken out an insurance policy or registered a vehicle - congratulations! You are now part of the World Wide Web, like it or not. You can now emerge from your privacy fortress as resistance is futile. That's the reality of our modern lives.

So, now after having blown away your misconceptions of your privacy, and your false security of being safe from identity theft, let's deal with reality!

Identity theft and credit card fraud is not uncommon, such is the nature of an online world. 

How do we as netizens and webmasters protect ourselves and our clients as best as possible? It boils down to a number of simple guidelines.

Password issues

Passwords - Know that little window that pops up and politely asks you if you want your computer to remember certain user names and passwords? Don't tick it! Most passwords are stored in a special file on a Windows 95/98/ME system and every half-baked pimply would-be hacker knows what it is. If you are not using a firewall, it is pretty easy for these people to snatch your password file and then crack it at their leisure using freely available programs.

Password length can also add as extra protection. Those extra few numbers and letters make all the difference. Read the article:

Safety in numbers and letters

Web masters, if you are keeping user information on your web server, ensure it is stored encrypted in the proper directory with the proper permissions. Better still, wherever possible, store minimum client information on your server. 

Even better, ensure that all sensitive details that your visitors may submit occur over an SSL connection. A web server is the equivalent of a 7/11 store - open all hours for valid and non-valid customers. There is NO 100% guaranteed safe system.

Firewalls 

A personal firewall is now a necessity, not a luxury. The script kiddie problem is increasing. A script kiddie is someone who fancies themselves as a hacker and utilizes freely available programs to compromise your system via the Internet. Script Kiddies have caused major problems over recent years and have been known to post up credit card numbers for all to see. Why? Bragging rights, a great deal of the time. There are over 60 000 points of entry on your PC. You can read more about the issue and gain an overview of personal firewalls by reading the articles: 

Script Kiddies - Vermin of the Internet

Beware of phishing scams

Phishing is a strategy used to fool people into revealing passwords and other sensitive information by posing as a legitimate source. A common example is email sent by a party claiming to be a bank stating that the addressee must take action immediately to prevent problems with their account. The email usually has a link an online form that is branded to like the organization web site. The form will usually ask for sensitive details such as passwords, tax numbers etc.

Phishing scammers are becoming increasingly skilled in mimicking style and language of communications. They use lists of millions of email addresses to send their notes out to, in the hope of snagging even a very small percentage of addressees.

As these scams can be hard to discern from legitimate communications, the rule of thumb is that if the email has a link that leads to an account login page; don't use that link. Go to the site via another means and login, or call the company to verify the authenticity of the email.

Verify

Who are you? - Before you click the submit button for that gadget or service that you really gotta have; how much information are you having to give away? A name and email address should be all that's needed in most cases. Even if you aren't having to submit credit card numbers, you are still giving away information that enables people to build profiles on you which then make it easier for identity theft to occur.

It's amazing how much information you can access just knowing somebody's date of birth. If a service provider is asking you for more than your name and email address; I strongly advise checking them out before submitting.

Web masters; you need to be able to supply freely available details about your organization if you want visitors to sign up for your services. An applied and publicized privacy policy along with an "about us" page will serve to put your visitors minds at rest. You can read more about developing these vital pages here:

Bio Benefits

Reassuring your visitors

Secure connection

In the clear = danger - When you are asked to submit sensitive details such as credit card numbers, check your browser address bar. Does the address begin with https:? If it doesn't, you will be submitting details "in the clear" - unprotected. The https signifies a secure line of communications using inbuilt browser encryption, these days it is about as secure as you can hope for.

Check your accounts regularly

If you have the ability to bank online; it's probably wise to log in every couple of days to review transactions. The major banks, while quick to sniff out fraudulent activities these days, don't always pick up on fraudulent transactions. 

If you do see something that looks suspicious in your transaction history, don't panic, but immediately contact your bank who may freeze your account while they investigate. In the majority of cases, you won't be liable for the invalid transactions. But I will say that having your account compromised is very frustrating as it can take a week or two to reissue cards. And if, like me, you utilize online services frequently you'll find it a time consuming ordeal while contacting your suppliers to tell them of the changes.

More on identity theft

Why steal another persons credit card numbers when you can get your own under an assumed identity? I watched a disturbing report a couple of years ago concerning the head of a security firm; who incidentally refused to have an Internet connection at home, or carry out any personal transactions online. He challenged workers within the organization to see how much information they could collate regarding him; using only the Internet as a tool.

The pile of documentation that was gathered within a couple of weeks was frightening. The file he was presented with was over two inches thick and contained amongst other things a certified copy of his birth certificate. With that type of information, a person could obtain a credit card, a drivers license, etc. etc. and happily build up huge bills under his name. There are many documented cases of identity theft and it has ruined innocent people's lives.

There are many "spy" services out there, that for only a few bucks are quite willing to provide anyone with enough information to begin building a usable personal profile. It's legal to provide this sort of information which includes court records, bankruptcy details, marriage and birth certificates. Even more disturbing is that a number of these services are provided by our Governments.

If you should start receiving strange bills for items you didn't order from companies you have never heard of, don't disregard them as billing mistakes. You may be the victim of identity theft. Contact your bank manager and law enforcement authorities immediately; it's better to be safe than sorry.

Whether netizen or web master, we can't stop credit card fraud or identity theft, but we can minimize it by being aware and taking responsibility for the amount of information we give away or store. 

Michael Bloch
Taming the Beast
http://www.tamingthebeast.net 
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

(AFP) – 1 day ago

SAN FRANCISCO — A US cyber security firm on Wednesday warned that hackers using a sophisticated "Zeus" virus were siphoning cash from online accounts at a British financial institution.

Cyber thieves have made off with more than 675,000 pounds since early July and "the attack is still progressing," California-based M86 Security said in a warning online Wednesday.

The software secretly slipped onto machines, most likely at booby-trapped websites, and is designed to "hijack" online banking sessions, according to M86.

The malicious software gets between customers and their banks, showing people screens of how their accounts should look while actually letting a command-and-control center take control of the transactions, the firm said.

"Customers of one of the biggest financial institutions have fallen victim to a sophisticated attack by cybercriminals using Web-based malware to rob money via the bank's online banking system," M86 reported.

A command-and-control center for the cyber crooks was tracked to Eastern Europe and all the findings have been shared with law enforcement authorities, according to the security firm.

"These criminals continuously seek new, sophisticated ways to steal information and money without detection," M86 said in a paper detailing its findings.

"And it's increasingly difficult for security companies to stay ahead of the proliferation of new, dynamic malware."

Copyright © 2010 AFP. All rights reserved. More »

What You Should Know About Firewalls

It's 2 a.m. Do you know what your PC is doing? If not, you're probably not running a firewall to protect your system from hackers and malcontents.

Michael Desmond, PC World

Scott Rolf knows trouble when he sees it. An IT director for a law firm near Cleveland, Ohio, Rolf was asked by a friend to check out the new Web site the friend had put up on a DSL-connected Web server. Rolf did more than just visit his friend's site; he quickly found that the server lacked any sort of firewall protection. It took less than five minutes for Rolf to exploit a well-known Windows NT vulnerability and e-mail to his friend a complete listing of files and directories from the server's hard disk.

"He called me a few minutes later and said 'Holy cow, what do I do?' He was at work and couldn't turn the server off," Rolf laughs. "I think he went out and bought a Linksys firewall box."

As the name implies, a firewall acts as a barrier between your PC and the Internet. Firewalls not only prevent unauthorized access to your PC or network, they also hide your Internet-connected PC from view.

Firewalls have long been a fixture at large companies, which must secure their networks against determined attackers. But the dangerous surge in e-mail- and Web-borne threats--including viruses, worms, hijacks, and increasingly aggressive spyware--means that home PCs require this protection as well.

Don't believe me? Consider this. According to the Internet Storm Center, a typical unprotected PC will come under attack within 20 minutes of being connected to the Internet. That is not a misprint. In less time than it takes most people to shower and get dressed in the morning, your PC will probably attract some form of unwelcome advance.

Johannes Ullrich, chief technology officer at the Internet Storm Center, says the situation is so bad that a newly connected PC won't have time to download all the Windows patches needed to make it secure before malicious software has found and infected it. The time to attack is even shorter for PCs on high-speed university networks and cable or DSL services. Hackers specifically target these addresses--much the way car thieves target Honda Accords--for their high bandwidth and always-on nature. It's a digital catch-22. The better your connection, the bigger your risk.

Fired Up

Alas, it seems that too few people have well-meaning--if overly inquisitive--friends like Rolf. Alan Paller, director of research for The SANS Institute, an organization dedicated to Internet security issues, says most home users don't have any firewall protection in place. That leaves connected PCs exposed to all manner of intrusion and attack.

The good news for cable and DSL customers is that firewalls are cheaper to buy and easier to use than ever. And adoption is picking up, according to forecasts by In-Stat/MDR, a market research firm. Sales of consumer firewalls are expected to rise from $455 million in 2003 to $1.8 billion in 2007, in part because firewall functions are being built into all sorts of consumer network gear.

"I don't even think there are any routers that don't have basic firewall protection," says Ullrich.

Firewalls actually come in two distinct flavors: software applications that run in the background, and hardware devices that plug in between your modem and one or more PCs. Both types hide your PC's presence from other systems, prevent unauthorized access from external sources, and keep tabs on network traffic across the firewall.

While software applications can be less expensive--Microsoft has improved the firewall software in Windows XP Service Pack 2, and both ZoneAlarm and Sygate Personal Firewall are free for download--a hardware firewall usually does a better job for broadband users. (For more on software firewalls, see the accompanying story "Internal Defense.")

"Users really like them because they are simpler to use than software firewalls, and they don't have any [performance] impact on their computer," Ullrich says. "The other advantage of a hardware firewall is if you happen to install some sort of malware on your system, it cannot take out your firewall. However, malware frequently disables antivirus checkers and software firewalls."

If you're networked, you probably haven't bought a separate hardware firewall box. Rather, your wireless access point or network router that links multiple PCs can have firewall capability conveniently included. The $85 Netgear WGT624 108Mbps Wireless Firewall Router is a high-speed 802.11g Wi-Fi access point, router, and firewall that offers excellent protection against and tracking of external threats. Similar Wi-Fi products include the $85 D-Link DI-624 and the $70 to $80 Linksys WRT54G.

In the wired arena, firewall-capable routers include the Netgear FVS318NA VPN Firewall router with eight-port switch, about $100, and the Linksys BEFSX41 Instant Broadband EtherFast Cable/DSL Firewall Router, about $70, which provides four ethernet ports.

Matt Neely, a computer security expert for a major financial firm, says you can find bare-bones firewall devices for even less. "You can get a decent one on sale for 10 or 20 bucks," says Neely. "They make a great gift. I give them out like candy on the holidays."

What They Do, What They Don't

Don't make the mistake of buying a firewall and thinking your security problems are solved. Firewalls may be great at stopping unwanted intrusions, but they often do little or nothing to detect virus-laden e-mails or stop intrusive adware and spyware. You'll want separate antivirus and spyware checkers to stymie these threats. What's more, hardware firewalls usually won't manage outbound traffic, which means a piece of spyware can freely send data from your PC to a server on the Internet.

So what do hardware firewalls do exactly? More than anything, they stymie inquisitive software that pings, sniffs, and queries IP addresses in the hopes of finding a wide-open system. To do this, hardware firewalls employ numerous functions. Among them:

Network address translation: Every system on the Internet needs an IP address--like a phone number for computers--which is used to forge links with other systems across the network. NAT foils unauthorized connections by giving PCs behind the firewall a set of private addresses, while presenting to the world a single, public address. The switcheroo makes it difficult for others to reach through the firewall to an individual PC.

Port management: By default, most hardware firewalls close unsolicited access to all ports (akin to doors in a hallway) on your connected PC. So if a piece of software locks onto your IP address and tries to form a connection with TCP port 80 (used for Web connections) or TCP port 25 (used for outbound e-mail), the firewall would ignore the request. As far as the inquiring software can tell, there is simply nothing there. By the same token, firewalls can let you open specific ports (an action known as port forwarding), so a multiplayer game can link up with other systems across the Internet or a Web camera can send a video stream to view on the Internet.

Stateful packet inspection: An important security feature, SPI digs deep into the packets used to encapsulate data traversing the network. The result: A firewall can do more than simply prohibit packets from a specific source and take action based on the content or behavior of packets. For instance, an SPI firewall can tell if an incoming packet was unsolicited (and therefore, unwanted) or if it arrived in response to a request from the local network (in which case it would be allowed through).

Virtual private networking: A method for establishing encrypted, point-to-point connections across the Internet, VPNs are widely used among businesses for giving remote employees access to local networks. The problem is, a good firewall will block the encrypted connection between the remote device and the local VPN software. Firewalls with VPN support can pass through these encrypted links.

Activity logging and alerts: One area where hardware firewalls can vary greatly is in their ability to track, record, and report the activity fielded by the device. If you need finely detailed information about network activity, make sure to check reviews for products that offer the most comprehensive and useable activity logging and alerting features.

Content and URL filtering: Firewalls can also offer higher-level features--for instance, blocking access to URLs with a specified string of letters in their URL (think "XXX") or to any sites that fall outside of a list of accepted Web domain names.

PC security expert Neely suggests pairing a hardware firewall with a free software firewall application, such as ZoneLabs' ZoneAlarm. Software firewalls can detect which applications are trying to send data over the Internet and prompt users to allow or disallow the activity. So when a previously unknown program asks for Internet access, you can dig down and see if that application might actually be spyware. Adjustable alert levels mean you can flag every access for review or simply allow all traffic through by default. Also, hardware firewalls can't plug into analog modems, which means a software firewall is the best option for most dial-up Internet users.

The good news is, firewalls really work. I tested my setup (a D-Link DI-624 wireless router) using the ShieldsUp port test service at Steve Gibson's Web site. I clicked the All Service Ports button, and the remote server performed a comprehensive scan of all the ports at my IP address. The scan took just over a minute and revealed that all of my ports--with one exception--had been stealthed. That is, my firewall had rendered them invisible, so that any computer trying to open ports on my machine's IP address would get no reply. Port 113 on my system was marked as closed, meaning a remote machine would know a live system is out there, but it would be unable to gain entry.

So will all users someday have PCs protected by firewalls? If Scott Rolf has his way, absolutely.

"I preach it so loudly that most of them already have a firewall, and if they don't I've given them ZoneAlarm."

Quick Facts

Phishing is a scam where internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:

• Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
• Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
• Don't email personal or financial information.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
• If you've been scammed, visit the Federal Trade Commission's Identity Theft website at ftc.gov/idtheft.

How Not To Get Hooked by a "Phishing" Scam

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

Have you received email with a similar message? It's a scam called "phishing" — and it involves internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

According to OnGuard Online, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

OnGuard Online suggests these tips to help you avoid getting hooked by a phishing scam:

• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
• Area codes can mislead. Some scammers send emails that appear to be from a legitimate business and ask you to call a phone number to update your account or access a "refund." Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. And delete any emails that ask you to confirm or divulge your financial information.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the internet without your knowledge.
  Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
  A firewall helps make you invisible on the internet and blocks all communications from unauthorized sources. It's especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit.
• Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
• Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
• If you believe you've been scammed, file a complaint with the Federal Trade Commission at https://www.ftccomplaintassistant.gov/, and then visit the FTC's identity theft website at ftc.gov/idtheft.Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit reporting companies. See www.annualcreditreport.com for details on ordering a free annual credit report.

Learn other ways to avoid email scams and deal with deceptive spam at ftc.gov/spam.

How to Report a Phishing Scam

If you've received spam that is phishing for information:

• Forward it to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

If you believe you've been scammed:

• File a report with the Federal Trade Commission at www.ftc.gov/complaint.
• Report it to your state Attorney General, using contact information at naag.org.
• Then visit the FTC's identity theft website at ftc.gov/idtheft. While you can't completely control whether you will become a victim of identity theft, you can take some steps to minimize your risk.
• You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement

If today's economy has left you in need of more cash, consider this emerging trend: Millions are using the Internet -- and a minimal amount of time -- to bring home extra bacon.

Whether delving into e-commerce or selling ad space on a blog, Internet sellers often benefit from a rock-bottom initial investment, the convenience of working wherever and whenever they please, and the freedom of being their own boss.

More from Bankrate.com: • Winners & Losers of Finance Reform • 4 Ways to Get Cash For Your Clutter • 5 Great Second Jobs For Extra cash

However, before you quit your day job, it's important to consider the potential pitfalls of selling on the Internet. These include startup time, extenuating costs and stiff competition.

"There are a lot of people trying to do the same thing," says Robert Spector, author of the book "Amazon.com: Get Big Fast," a book covering the history and development of the Web giant.

"What's going to differentiate the book I get from you versus the book I get from your competitor?"

Following are four ideas for turning the Internet into your own personal cash cow, and suggestions for staying ahead of the competition.

1. Blogging

Web logs -- now almost universally know as "blogs" -- were once the sardonic voice of dissent on the Web. Now, everyone seems to have a space on the Internet where they offer opinions or other reflections.

If your blog captures the imagination of the public, you could earn money while you entertain.

More from Yahoo! Finance: • Jobs With Low Stress, Decent Pay • Where the Job Openings Are Now • Employers Low-Balling New Hires on Salaries Visit the Career and Work Center

Eden Kennedy of Santa Barbara, Calif., started Fussy.org when her son was 3 months old. She's been blogging about parenting, marriage and the hilarity of daily life for eight years now.

Kennedy says she built a readership by reading, commenting on and showing interest in the blogs of others.

Eventually, Kennedy had enough of a following to sell advertising space on her blog.

She works with several different advertising networks, each of which compensates her with anywhere from $1 per month to several hundred dollars per month.

One day, Kennedy had another flash of entrepreneurial insight: She decided to sell T-shirts to her readers.

She had shirts printed up with the phrase "Writing well is the best revenge" and watched the orders roll in.

"Just that phrase, it hits people pretty well," Kennedy says. "Actually, a lot of academics buy the T-shirt."

Kennedy now earns roughly $200 a month selling T-shirts. That income is in addition to the advertising dollars she rakes in.

Kennedy says her online pursuits have been more fruitful and less time-consuming than her former "real world" job working in a bookstore.

"Usually a post, no matter how long it is, takes me about an hour to write, and lately I haven't been updating more than twice a week," says Kennedy, who adds that designing her blog and dealing with advertisers takes an additional five hours per week.

How much is Kennedy earning from her blogging?

"It still adds up to more than I made selling books for 40 hours a week," she says.

Not every blogger is guaranteed to make good money. However, bloggers who truly love what they do are the ones who flourish, Kennedy says.

"I think the people who really succeed and last in this just really enjoy writing and taking pictures," she says.

If you'd like to try your hand at blogging, the Web sites Blogger, WordPress and LiveJournal offer free blog templates.

If you'd like to sell ad space on your blog, check out sites such as Google AdSense, Text Link Ads and the BlogHerAds network (for women only).

2. Selling Books, Music and Other Products

Amazon.com and eBay revolutionized e-commerce in the 1990s. Since then, countless individuals have made money selling books, movies, clothes and every other commodity under the sun.

E-commerce is becoming easier than ever, and the complications of arranging payment over the Internet are disappearing fast, Spector says.

"A lot of the uncertainty is taken out of the equation thanks to the technology," he says. "You're going to get paid before you send out the product."

Spector, author of the book on Amazon.com, says sites like Amazon can help small-volume sellers reach a wider audience.

"(Amazon) makes it easier and more beneficial for small book collectors who obviously have either rare or out-of-print books to do business ... it's worth it for them to give Amazon a little piece of that business in order to be in a very high-profile space," he says.

Mick McClain has been selling music on the Internet for 10 years. He sells everything from rare and out-of-print compact discs to new releases and used albums.

McClain uses eBay and Amazon.com to market his products. He also operates a Web site where potential customers can peruse his collection.

The San Diego resident says his startup costs were minimal. He had to spend to buy a "little bit better computer" and to build up his inventory, 90 percent of which comes from brick-and-mortar stores.

For newcomers to e-commerce, McClain recommends sticking to something you know.

"Your mind has to be a database," he says. "That's why I have never gotten into anything other than music because I would get eaten alive by the people who were the authorities on (other products)."

Spector offers two tips to aspiring e-merchants.

"First of all, have a unique product," he says. "There needs to be something separating you from your competitors."

Spector's second tip is to make sure you can deliver on your product promises.

"Live up to what you promise," he says. "If you promise a book,...in a particular condition, at a particular price, and guarantee it to arrive on a particular day, then do that."

3. Marketing Your Hobbies

Crafters, photographers and artists also are tapping into the Web's potential as a marketplace for their goods.

Notley Hawkins, a fine art photographer from Columbia, Mo., started selling online by uploading his photographs onto Flickr, a popular digital photograph storage Web site.

Flickr subsequently partnered with Imagekind, a Web site that specializes in selling fine art prints. Since then, Hawkins has sold about 50 of his prints through Imagekind.

Hawkins has found that having a Web site and selling photos online helped to enhance his reputation offline. He says his online presence helped him gain credibility with area travel magazines, for which he does freelance work.

"It's helped my career in many ways," Hawkins says of Imagekind. "It's helped me make some money, which is very important."

Hawkins urges budding photographers to start gradually by posting their photos to a site like Flickr.

"Try to establish a reputation online by publishing online," he says.

In the crafting world, Web sites such as Etsy offer merchants of handmade goods a way to expand their customer base while conveniently selling their products. Sellers who use Etsy can use the service to take payments via PayPal or money orders.

Other craft-selling Web sites include FreeCraftFair.com and Handmade Catalog.

Adam Brown, spokesman for Etsy, says handmade jewelry and craft-making supplies are two of the site's most popular categories.

To make money online, Brown says sellers must pay particular attention to posting good photos of their products and writing eye-catching descriptions. These skills are important, since the Web page has to substitute for a tangible product.

Brown also recommends the age-old suggestion of good customer service.

"When people contact you, you should always respond quickly," he says.

He says other smart marketing moves -- such as throwing in freebie extras when a customer orders something -- can build customer loyalty.

"Adding a personal touch really helps," he says.

4. Contributing to a Web Site

All over the Web, passionate fans are providing their expertise in music, movies and sports to niche Web sites. Many are earning sizable amounts of cash for doing things they love.

Brian Swaw of Chicago hires seven staff writers for his content fantasy football Web site, GameTimeDecisions.net.

Swaw's writers get paid roughly $100 per month, and in return, each writes one to two articles about football players and fantasy draft picks every week.

Want to pen about your passion for a Web site? Swaw recommends volunteering to start.

"That's how I did," he says. "There's a ton of sports Web sites out there that are looking for volunteers and it's a good way to get your name out there."

On the Internet, there are sites indulging just about every hobby, so opportunities abound.

EHow is an informational Web site where you can get paid writing "how-to" instructions on just about anything.

If you're into video games, you might try GameZone and GameFAQs. For movie reviews, check out Badmovies.org and the All Movie Guide.

If you have a green thumb or a sweet tooth, try gardening sites such as The Growing Edge, or cooking sites such as Cooking For Engineers that pay small wages to contributors.

Music geeks should try the All Music Guide, a popular music review site that pays its contributors. Music Emissions is an alternative music Web site that accepts reviews from all members and will promote you to their editorial team if they like your stuff.

Finally, most major cities have a slew of entertainment Web sites, some of which pay reviewers. CenterstageChicago.com, for instance, proffers clear and simple instructions on how to contribute to the site and get paid.

Check your city's entertainment Web sites, and don't be discouraged if there aren't instructions for reviewers -- try e-mailing the editor.

All That Glitters...

Sellers, writers and others who are clever and persistent often make a profit through their online activities. However, not everybody makes money, and there are many potential obstacles to success.

Some ventures, such as craft sales and blogs, can take a long time to get started. You may find yourself investing a lot of time and effort -- and even some money -- before you begin to see a return.

Brown says it's all too easy for craft sellers to take dismal sales personally and start doubting the quality of their artistry.

"People tend to get discouraged very easily," he says.

Another downside of e-commerce is that Web sites often charge fees to sellers.

For example, while eBay and Amazon.com offer a window into a world marketplace, some say there's a steep price for prime access.

"When I first started selling on eBay, the fees were very low," McClain says. "As with anything else, when a corporation smells blood in the water, they put out more chum and the fees go up dramatically."

McClain says he also has noticed increased postage prices for mailing packages to customers.

In addition to rising rates, e-venders must also contend with the stiff competition that manifests itself in a massive online market.

"The inherent problem is (that) everybody that you're competing with is selling at the same place," says McClain. "When you're selling on the Internet, you're competing with every single person that has the same product line and interest in the world."

In addition, some people find it difficult to find an outlet for their interests that will also generate revenues.

Freelance music writer Philip Sherburne said he has a hard time getting paid to write about the music he likes.

"I'd say the biggest struggle is simply finding outlets that share my musical interests, since I've always specialized in electronic and experimental music," says Sherburne, an American expatriate now living in Spain.

Pop and indie rock are music genres with a broader online following than electronic and experimental music. However, those types of music don't interest Sherburne as much.

"I'm rapidly losing any kind of grounding in the worlds of pop or indie rock," Sherburne says.

Despite such challenges, determined sellers continue to find success. If you're interested in making money on the Internet, a little perseverance and luck will go a long way.

"If you go on our blog there's a 'quit your day job' series; we actually have people who have really awesome stuff and they...quit their day job," Brown says. "Now, they support themselves by what they make."

The Internet can be a dangerous place for you, your computer and your children. An unsuspecting individual could lose their identity to a Phishing scam or a Spyware program embedded in the computer. A computer could be reduced to a paperweight by a malicious virus. Perhaps the scariest Internet safety concern is what could happen to an unprotected child doing battle with an Internet predator alone in cyberspace. The kids do not have a chance against some of the grooming processes these predators use.

Kids Internet safety should be a major concern for any parent whose child has access to a computer. A person can fix their identity, a computer can also be fixed, but the damage that could be done to a child from an Internet predator could very well be irreversible. The Internet can be a safe place with a little understanding about some of the dangers. Just as you would watch your kids in a playground or park, they also need monitoring when they are playing on the Internet.

Think of the Internet as a little place around the corner.

There is a shady looking character standing on a street corner handing out pornography to anyone that passes him by. Not just handing the stuff out either, he is literally shoving it in their faces. It does not matter who passes by either, kids, male, female, adults, employees, anyone who views a computer screen can be subject to indecent material.

On another corner, there is a predator in the bushes trying to get some children to climb behind the bushes and join him for a little unsupervised chat, if you know what I mean.

There is help if you want to keep your teenagers safe on the Internet.  A computer monitoring solution lets you know if they are being cyber-bullied or groomed by an Internet predator as it happens.  Here are some of the best computer monitoring programs available.

• WebWatcher
• Mobile-Spy
• Spector Pro
• PC Pandora
• Safe Eyes

It is your responsibility as a parent to know what your kids are doing online.  Of course, you can’t stand over their shoulder and see everything your teenager is doing on the Internet.  WebWatcher allows you to see what they are doing at all times and you can see what they are doing from anywhere that you have an Internet connection.  WebWatcher is a remote computer monitoring service that allows you to protect your kids from the dangers of the Internet even if you cannot be there to supervise their Internet activity all of the time.  While chat rooms are an integral part of today’s society, they can also be a very dangerous place for an unsupervised child.  Let WebWatcher monitor their Online Activities to help keep them safe from the abundant Internet dangers your kids may face.  Download a 7-Day Free Trial of WebWatcher Computer Monitoring Software here.

It is not only the computer that needs monitoring these days.  As a parent, you now need to be concerned with what they do on their mobile phone.  Internet chat room conversations quickly evolve into cell phone conversations.  Cell phones are now the newest teenage craze called sexting that is getting a lot of kids in trouble.  See some of the sexting news stories here.  Internet capable smart phones can be monitored with the use of a program like Mobile-Spy.  Cell phone monitoring can protect you child from not only Internet predators but from themselves also.  Sexting can get them in a lot of trouble.  See our review of Mobile-Spy Here. 

If you want to know what your teenager is doing online, whether you are curious about their MySpace or FaceBook activity or wondering what they are chatting about on any of the other chat venues available, Spector Pro can tell you everything your kids are doing on the Internet.  A day seldom goes by without hearing about kids getting cyber-bullied or groomed by an Internet predator.  Maybe you think your teenager tells you everything but think back, did you tell your parents everything that went on in your younger years.  Times have changed and there are too many dangers facing your child to ignore the potential dangers they face while they are exposing their personalities on the Internet.  Let Spector Pro let you know what your teenagers are doing on the Computer.

PC Pandora 6 is an excellent computer monitoring program that allows you to protect your children from Internet dangers by monitoring their Internet use.  The Pandora monitoring program monitors everything that happens on the computer and emails you what they are doing at any interval you desire.  Now you can see exactly what they are doing on the computer after school.  If you think they are doing homework, you may be in for a surprise!  You will know if they are playing games or browsing the Internet for indecent sites.  You will also know if they are being groomed by an Internet predator so you can take action and save your child from a meeting that they may never forget.  If you are thinking “Not My Kid”, read some of the Internet Predators in the news and then get more information about PC Pandora. Check out our full review of the PC Pandora computer monitoring program

Safe Eyes Parental Controls falls into the content screening, blocking and filtering category.  Safe Eyes categorizes, screens and blocks virtually any type of undesired content, in any Internet application in real time using a state-of-the-art artificial intelligence algorithm.  Children are spending too many of their waking hours online.  If you are a concerned parent that want to keep your kids safe from the “bad” content  that is available online, Safe Eyes PC filtering software is just the product you need to help you keep your kids safe online. 

Across the street from the man in the bushes is a young woman that is going through every passerby's wallet and purse without them even knowing it, Phishing, sometimes taking money and other times just their information to use at another time. What kind of information do they carry in their purse or wallet? Credit cards, Social Security numbers, addresses, P.I.N numbers, etc. What will this young woman do with all of this information? You do not want to find out the hard way.

Then there are the Spammers. They are invisible little creatures that roam around filling up peoples mailboxes with junk mail. Mail that was never subscribed to, mail that nobody wants or needs. They are fast and sneaky too because the mail never stops piling up in the mailboxes. They are devious little creatures, relentless.

In the middle of every street are the watchers. They are just gathering information from peoples habits; what they buy, what they throw away, who they visit. This information will be sold so that the next time they go shopping, there will be someone following them around popping signs in front of their face telling them that there is a sale on every item that they've ever liked or bought in the past ten years.

Hiding everywhere in the neighborhood are the virus ridden rotten creatures hanging around just looking for an unprotected, unsuspecting person to spread their viruses to. They are constantly mutating their diseases to try to catch people off guard. Sometimes it works and the virus spreads like wild fire and people get so sick that it takes them days to recover from the illness. Other times it is just a slight illness that is spread, something like a mild headache, it does not do any damage but it is annoying just the same. These creatures are out there and they could be coming for your computer if you do not keep it protected.

Although this neighborhood may seem a bit unreal, it does exist, and it has called the Internet and the Internet can be a very dangerous place. The good news is that protection is available but you need to protect yourself. It is not easy sometimes but there are many ways to protect yourself and your children from these Internet safety concerns. The Internet is full of Viruses, Spam, unmonitored Chat rooms where Internet predators lurk, and Instant Messaging programs, Pornography, and Identity Theft but it does not have to be a nightmare.

The Internet can also be a lot of fun and a great resource of information so simply not connecting to it is not a viable option in this age of technology. So what can we do to protect ourselves? How do we ensure that our kids are safe on the Internet? Let us take a walk through this little neighborhood and find out, follow along.

Credit Card Scams

by Peter Jon White

Having had a web business since 1997, I've gotten used to scam artists trying to extract cash or free products from me. Most of these scammers are from Nigeria and Indonesia, where credit card fraud is considered a sport, much like soccer, only the participants get paid better. Their most common ploy is to place a large order for bike parts. One guy ordered 14 sets of Mavic wheels from us. He sent me three credit card numbers and asked me to split the charge amongst the three cards. All three cards had the same first 12 numbers. Only the last 4 numbers were different. Of course the cards were not his.

What he does is start with a Visa number that he knows is good and then finds a Visa/Mastercard vender who will cooperate with him. He has the vender try a series of numbers and expiration dates starting from the good number that he already has. So if the good card has 6335 as the last 4 numbers, he tries to run a small charge using 6336 as the last four numbers. He also has to try many expiration dates. It's a time consuming process, but potentially very profitable. If that works, he just voids that charge and he knows he can use that credit card number for a scam. He just keeps repeating the process until he has a whole pile of CC numbers that he knows is good.

Next, he needs to find a sucker to take his order and ship it. Since the card numbers are good, a vender in the US might just run the charges, (let's say it's a $12,000 purchase spread over 4 cards) and ship the goods via Fedex or UPS. It could be three weeks before the US vender gets a notice from his bank that the charges have been disputed by the rightful card owner, who, it turns out lives in Illinois, not Nigeria. But by then the goods have arrived in Nigeria, and there's simply no way to get them back. The vender is out not only the cost of the goods, but the shipping charges as well. And the rightful owner of the card is out some $50 or so, plus a lot of time dealing with the issue and getting a new account number.

What this means to the average consumer, is that in order to have a crook use your credit card number, the crook never has to actually see your card. The crook doesn't even have to know who you are or where you live. He doesn't care. He doesn't need to care, because lots of venders just type in the credit card number given by a customer and never check that the customer's address is correct, or ask for the "V" or "VCC" code on the back of the card (the last three numbers in the signature box on the back). So anybody with a credit card can become the victim of a scam, even if you never even use the card.

My advice is to regularly check your credit card balance online to see if there are any charges that you didn't make. And if you accept credit cards in your business, I recommend that you never ship outside the USA to any address other than the billing address of the credit card. Confirm with your CC provider that the address the customer gives you is correct, and be sure to get the "V" code from the back of the card. And, never, ever, ship to Nigeria or Indonesia without first being paid in full via Western Union. Don't ship until you have the cold cash in your warm hand! Don't accept foreign cashier's checks either, they can be forged easily, and it will be weeks after you have deposited the cashier's check before you find out that it is no good. You can take a Western Union money order and once you cash it, if it's bogus, it's Western Union's problem. They're pretty good at knowing if their own money orders are OK.

The risk of dealing with people from Nigeria and Indonesia is very high simply because the governments there are so corrupt. If you were able to contact the police in either country, chances are they know the scammer already. The scammer may well be related to the local police chief. So don't waste your time trying to contact the government to report the problem. I've sent faxes to local police depts in both countries detailing the activities of credit card scammers in their towns. I've never heard back. And be careful about other countries as well. I've had a scammer tell me he was in Singapore, but when I tracked down the address he gave me, it was in Indonesia, not Singapore. I'm now getting lots of these scams claiming to be from Singapore.

But you can have some fun with these jerks, if you have time to kill. The first time this happened to me I called the issuing bank and reported the card numbers. Then after a few hours, I emailed the scammer back, saying that one or more of the card numbers he gave me were declined by the bank. Within a few hours I received another email from the crook, giving me several more credit card numbers, all with the same first 12 digits. I called the bank and give them those numbers as well. Of course, as soon as I called the numbers in to the bank, the accounts were closed and the true card owners notified.

Then I emailed the scammer again and said that the new card numbers had also been declined. What would he like me to do? Would he like to pay via Western Union, or a cashier's check? Or does he have another credit card he would like to use?

Well, another email came in with several more card numbers and the process went on. Eventually, I told the crook that everything is now fine and the order has shipped. He got very excited and wanted to know the tracking number for the order. Emails arrived every hour or so asking for the tracking number. If I replied, it was to say that the computer we use for shipping is out of order at the moment so I can't give him the number, but perhaps if he calls me later in the day I can give it to him.

A few hours later the phone rang. It's the scammer, wanting the tracking number. But the line seems bad and gosh but I can't hear him very well. Could he perhaps call back? He calls again. I repeated several times until I get bored and asked him for some more credit card numbers so I can call the bank and have those accounts closed, like I did with all of the other numbers he sent previously.

Click.

As of June 2005, these scams are so common I'm getting 3 or 4 large orders a day from these creeps. As you can well imagine, I don't have time to spend wasting their time. I just delete every email that comes in. I've also been getting emails from people who have either been scammed, or been targeted by scammers. And I've learned about a few more scams. One that is slowly catching on is the wire transfer scam. A Nigerian will place a large order and ask to pay via wire transfer. You might think this is pretty safe, since nobody but you can do a transfer from your account to another. But the internet is making life very easy for thieves these days. You know how you can set up with your fitness center or whatever to have them automatically get their monthly fee transferred from your bank account to theirs? Somehow these scammers can set up with your bank to do the same thing, or at least something similar, as long as they have your account number and the identification number of your bank. What happens is, you give the scammer your bank account number and any other info that he would need to wire you money. And then he can go to this web site, http://www.qchex.com. From there he pretends to be you. He creates an account with QCHEX and places an order with some other vender promising to pay with a QCHEX check. The unsuspecting vendor receives the QCHEX check, and ships the order. You never see a wire transfer to your account from the Nigerian. What you do see is a QCHEZ check drawn on your account. You call your bank and say, "What's this?". The bank explains it to you. You tell them you have never heard of QCHEX. The bank returns the QCHEX check to the unsuspecting vendor, who is out the value of the check since he has already shipped the goods to Nigeria.

Bottom line. Never give your bank details to anyone you are not absolutely sure is a legitimate business.

Lastly, I am not a clearing house for internet scams. Nor am I here to give you advice on what to do if someone attempts to scam you. I can't respond to emails about this subject. I offer this article simply to help others. It's all I can do. Deleting these email scams takes up all my time! ;-)

Peter White

A computer worm is a software program that is designed to copy itself from one computer to another, without human interaction. Unlike a computer virus, a worm can copy itself automatically.

Worms can replicate in great volume. For example, a worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts your contact's e-mail address books.

Some worms spread very quickly. They clog networks and can cause long waits for you (and everyone else) to view Web pages on the Internet.

You might have heard of specific computer worms, including the Sasser worm, the Blaster worm, and the Conficker worm.

To help prevent infections by and to get rid of computer worms:

For more basic information about computer worms, see How to prevent computer worms and How to remove computer worms.

For more advanced information, see Protect yourself from the Conficker computer worm.

Tips for Safe and Secure Shopping

Follow our simple tips to help ensure your online shopping experience will be safe and sound.

Basic Tips

When browsing through virtual shopping aisles, be sure to use:

• A secure password. When setting up an account at an online store, don't pick everyday words, family member names, or birthdates. Instead, use combinations of uppercase and lowercase letters, numbers, and symbols. Also, keep passwords unique from account to account.
• A secure checkout and payment process. Make sure the online store uses Secure Sockets Layer (SSL), which encrypts sensitive information. Look for the locked padlock icon at the bottom of your browser window to see if you're protected.

Seller Reputation

A little research goes a long way. Take the time to get to know the merchant or seller.

• Learn about merchants. Look for reviews from other shoppers. Many e-commerce sites, including eBay, have feedback systems that feature comments and ratings from other buyers.
• Ask questions. Get answers for an item from merchants before you make a purchase or offer. Good communications help ensure a smooth transaction.
• Look for a refund or return policy. If a policy is not posted, ask the merchant if there is a time-limit to return an item and whether a full refund or merchandise credit is offered.
• PayPal Verified Sellers. Check for membership status and look for Verified members who have been active for at least 60 days. Find out more with our Verification FAQ.

Item Specifics

When you're considering a particular product, make sure you follow these cautions.

• High demand/value items. Products that are hard to find or expensive – such as computers, jewelry, and electronics – require extra caution. Do additional checks and double-checks before making your purchase. This is especially important during the holidays.
• Confirm authenticity. For collectibles, such as sports memorabilia, take steps to confirm that the item is authentic.

Common Warning Signs

Indicators that should immediately raise a red flag.

• Delayed shipping. Do not overlook the advised delivery date.
• Unsolicited offers. Receiving an unsolicited email from a seller with a similar product that you made an offer on could indicate possible fraud.
• Too good to be true. If it sounds too good to be true, it probably is. This includes sellers offering very low prices or large quantities of impossible-to-find items.

Find out more.

• To learn more about how we protect buyers, go to Buying Safely.
• For more information about our powerful fraud-fighting tips, tools, and technology, go to the Security Center.

ATM/Debit Cards: What consumers need to know about greater fraud risk, card blocking, and debit card fees.

1. Debit card liability could cost you a lot -- while credit card liability only $50, by law.
2. Debit cards used with signatures make banks a lot of money.
3. Debit card blocking a problem.

SUMMARY: A debit card is an ATM card with a VISA or Mastercard logo on it. [VISA calls them "Checkcards" and Mastercard calls them "Mastermoney" cards.]

The difference? Debit cards are riskier than password protected (PIN-only) old-fashioned ATM cards because debit card can be used with a PIN OR can also be used with only a signature, without a secret PIN or password, just like a credit card, over the phone or in a store.

Debit Cards: Much greater liability risk than credit cards:

-- Legally, your ultimate liability for fraudulent use of a credit card is generally only $50. And, when a credit card is fraudulently used, you are also only disputing whether you owe the bank money.

-- Unlike a credit card, if your debit card is used fraudulently, the thief robs your checking account. Potentially, all your money is drained out of your checking account. It could take the bank 10 days or more to investigate and refund your money. In the meantime--you could bounce checks to your landlord, credit card company, or mortgage company.

-- Worse, unlike a credit card, under the law, your debit card liability could be as much as $500, if you notify the bank more than 48 hours after you learn of the problem or even up to all the money in your checking account plus your maximum overdraft line of credit if you fail to notify the bank within 60 days (See Fed excerpt below). Under pressure from the state PIRGs, banks claim to have voluntarily limited debit card liability to $50. PIRG has received complaints from consumers whose banks have not honored the well-publicized alleged voluntary $50 limit. Let us know (uspirg@pirg.org) if you have lost more than $50 in a debit card dispute with a bank, savings and loan or credit union.

Even the Federal Reserve recognizes the difference in liability rules. The following is excerpted from the Fed's website-- the Fed calls debit cards EFT or (Electronic Fund Transfer) cards:

What about Loss or Theft? It’s important to be aware of the potential risk in using an EFT card, which differs from the risk on a credit card.

On lost or stolen credit cards, your loss is limited to $50 per card (see Lost or Stolen Credit Cards). On an EFT card, your liability for an unauthorized withdrawal can vary: Your loss is limited to $50 if you notify the financial institution within two business days after learning of loss or theft of your card or code.

But you could lose as much as $500 if you do not tell the card issuer within two business days after learning of loss or theft.

If you do not report an unauthorized transfer that appears on your statement within 60 days after the statement is mailed to you, you risk unlimited loss on transfers made after the 60-day period. That means you could lose all the money in your account plus your maximum overdraft line of credit, if any. (end of Fed excerpt.)

Even worse, you are fighting to recover your own money back into your own checking account. It is true that some banks may eventually honor the voluntary $50 limit, but consumers face horrific problems because while the bank is conducting its internal investigation, consumers are dealing with other checks that may bounce, and consumers face enormous hassles explaining what happened to the bounced checks they wrote to their other creditors, since the fraudster drained their account. In 2001, the chief national bank regulator, the Office of the Comptroller of the Currency, which regulates all banks with national in their name, warned banks that the burden of proof in a reinvestigation is on the bank to show that a transaction was authorized (in other words, the bank isn't supposed to presume the consumer is guilty, but innoncent, when the consumer claims fraud). Excerpt:

...The OCC is concerned that some banks may be rejecting claims of unauthorized transactions solely because the customer's Automated Teller Machine (ATM) card or debit card and personal identification number (PIN) were used in the transaction, and the customer supplied no information indicating that the card or PIN was misappropriated. These facts alone may be insufficient to establish that a transaction was authorized because fraudulent means may have been used to obtain the customer's account number, card, or PIN. For instance, the customer may have been a victim of "shoulder surfing," a practice used by criminals to obtain account or card numbers or PINs by observing customer transactions. Therefore, banks cannot assume that they have satisfied their duty to investigate simply by concluding that the customer's debit card and PIN were used in the transaction at issue.... OCC, 7 Sept 2001

Always send copies of your complaint letters to your bank to the OCC. You can reach one of the Office of the Comptroller of the Currency's customer assistance specialists by: Telephoning 1-800-613-6743, toll-free (Monday-Thursday 9:00a.m. to 4:00p.m.CST) E-mailing - E-mail to Customer.Assistance@occ.treas.gov;
Fax - Faxing to - 1-713-336-4301 or; Sending mail to -
Customer Assistance Group
1301 McKinney Street
Suite 3710
Houston, TX 77010

-- Debit cards may offer some convenience. But debit cards have more risks than PIN-based ATM cards. Since the risk of credit card fraud on the Internet is so high, we urge consumers to ONLY use credit cards on the Internet-- never use debit cards. In addition to this greater legal liability protection with a credit card, you have greater legal protection if goods are defective or don't arrive, under the Fair Credit Billing Act, which applies to credit cards.

-- Debit cards make banks a lot of money. When you use the card like a credit card (with a signature, but not with a PIN), banks take a hefty fee from the merchant. When you use it with a PIN, like an ATM card, more and more banks are charging you a transaction fee (called a POS fee) of $0.25-$1. Other banks are charging a monthly card rental fee (even if you do not use it at all) of $1-2/month. That adds up to $12-24/year, plus transaction fees. Of course, banks are hitting you with a POs fee in hopes you use the card with a signature-- so they can make more money from the merchant.

-- "Blocking" is also a problem with debit cards. Some firms (hotels, gas stations and rent-a-car companies) routinely block a card in advance for the estimated cost of a transaction that may not be completed for several days. It isn't a problem for most credit card customers, unless they are near their account limits. But if you buy ten dollars worth of gas with your debit card, you may not know that the station may routinely block all transactions for $50-75, then doesn't "un-block" as you drive away -- it waits until that evening, or worse, every few days to conduct a "batch" transaction. If you are close to your checking account limit -- much more common than being close to a credit card limit -- you could end up bouncing checks or be refused transactions by other merchants due to faulty blocks. Most banks do a poor job of informing consumers that they may bounce transactions due to overdrafts created by blocks. Of course, virtually no gas station explains their blocking policy, which presumes everyone drives an RV or tractor trailer truck, and is filling it up.

-- Finally, most banks don't ask for consumer consent. When ATM cards expire, they replace them with risky debit cards. And, we are unaware of any bank that adequately explains the risks of debit cards.

WHAT CAN CONSUMERS DO TO LOWER DEBIT CARD RISK?

(1) If you don't want a debit card, demand a plain old ATM card.

(2) If you do want the convenience of a debit card, lower the risks:

-- Never use a risky debit card on the Internet. Only use a credit card for Internet transactions. In addition to greater legal liability protection with a credit card, you have greater legal protection if goods are defective or don't arrive.

-- Use a debit card only with merchants you trust. It is also a good idea never to let it leave your sight-- it's one thing to watch a clerk "swipe" it right in front of you at the cash register and hand it back to you. It's another story when you hand it off to a potentially unscrupulous waiter or waitress who could have an illegal card "skimmer" (the size of a pack of cards) in their pocket and copy your information after they walk away with it.

-- Just as you wouldn't use it on the Internet, don't use it to call info-mercial 800#s off the television. If you have a dispute over double-billing or products that don't arrive from a sleazy info-merchant, remember-- you'll be fighting to get your own money back, and that could take ten days or more of arguing with your bank.

(3) Complain to Congress! Urge Congress to enact legislation to change the Electronic Funds Transfer Act law so that debit card liability is legally the same as credit card liability. Not surprisingly, the banks oppose it. No matter what card you use, you should be equally protected.

(4) Send comments of any complaints about unfair treatment by your bank of your debit card dispute to uspirg@pirg.org.

This article looks at several of the issues regarding security aspects of online based games and virtual worlds.

Introduction

As online gaming becomes a billion dollar industry and game companies are making revenue from subscription charges, new problems emerge which need to be taken very seriously. Online games containing graphical glitches, sound defects and poor performance will not be very popular. However, an online game with security flaws and mass-cheating will simply fail.

Several security issues related to online gaming are shared with other network applications, however online gaming has a unique set of problems that need to be dealt with. The aim of creating a secure game is not only to ensure customers credit card numbers are protected, but to ensure that all players receive a fair and entertaining experience. Otherwise, they won’t play.

This rest of this article looks at some of the security related issues in online gaming. Note that not all of the issues will apply to all types of games.

Copy Protection

This has traditionally been the most important aspect of security in computer games. There are many different technologies that provide copy protection, but nearly all of them can be overcome. However, piracy is not so relevant to online games, as the game companies make money from subscriptions. Money can be made from selling boxed-versions of online games by giving added-value content such as manuals, maps, and the box itself.

Hacking the Client

Many online games store game logic and player data on the server, and store graphics and sound on the client. This makes it difficult for hackers to cheat by altering statistics such as health or ammunition; however it gives them full ability to change the graphics in a game. For many gamers, the ability to make modifications (known as mods) to games is almost as important as playing the game itself. However, imagine if one player modifies the game so that he can see through walls, and plays against somebody who can’t. You can guess who will win. A simple solution to this problem is by ensuring all players are using the same modifications.

Packet Sniffing

There are many programs available that let users examine, modify, send or block packets that are being transmitted to and from their computer. This causes several problems for online games such as blocking packets that may have a negative effect on a player, or replaying packets that shoot an enemy player, even though you have no ammunition left. Such situations can be avoided by keeping important variables on the server, and by encrypting packets. Even encrypted packets can be repeated though; therefore a sequence number system should be used so that the server can verify the packets.

Area of Interest Management should also be used to minimize the data that the client has to receive. If a tree falls in a forest and no one is around to hear it fall, does it make a sound? In a virtual world using AoIM algorithms, the answer is no. AoIM algorithms limit network traffic in a virtual world to only what is necessary for each player. In a large virtual world, there could be thousands of players, with millions of variables that are constantly changing. If the client were to be kept updated with all variables, it could easily use up more bandwidth than available, causing network congestion and increasing latency. To put very simply, AoIM solves this problem by dividing the world into different geographical zones, and then only sending data regarding the zone that is directly related to each player.

Social Abuse

Players in virtual worlds can have a lot of freedom to do as they please. This could include running around causing sexual and racial abuse. Such abuse reduces and spoils the fun and can damage the popularity of the game. There are two ways around this problem; first of all by allowing other players to report such abuse. This requires adequate logging facilities so any allegations can be proved and then the offending player can be dealt with accordingly. Another solution to limit the damage in the first place is to give players the option of censorship. This relies on intelligent game software detecting offensive behavior and hiding it from players who wish to be protected. Another form of social abuse could be using a game for commercial or advertising purposes, or tricking people into giving out credit card numbers etc. This can be prevented again by reporting such abuse, and by educating users.

Hacking Accounts

Since a password is the key to accessing account information and the player’s character, it is important that the same password protection techniques are used as in other sensitive applications. These can include encryption when transmitting sensitive data, and educating players not to use obvious passwords or inadvertently giving them out. In some situations, server authentication may also be necessary to ensure hackers have not setup bogus servers that can be used to collect a user’s password.

Denial of Service

Such attacks can be used to reduce the responsiveness of other players. This is hard to avoid when using a peer-to-peer topology, however in client-server based games, simply not distributing other players IP addresses will avoid this problem. Attacks on game servers are also possible. This is unlikely to give any specific player an advantage, but it is likely to make the game unplayable for everybody. Using server software that drops non-game packets and technology such as XenoService will help to reduce the effects of such attacks.

Internal Misuse

This could be either accidental or deliberate. System administrators responsible for the virtual world are probably enthusiastic players in the game itself. But can they be trusted not to abuse their god-like position? Or perhaps a system administrator decides to make a few changes to the game world without fully considering possible implications. Therefore powers should be restricted where possible, monitoring is necessary, and procedures must be set in place and followed.

Backup

Due to the complexity and nature of virtual worlds, it is essential to keep several versions of backups from different time periods. For example, if a serious bug is found after many players have taken advantage of it, this could cause a major unbalance in the economics of the world. It is often better to restore the game from a time before the bug was taken advantage of, than letting play carry on as is – even if it means losing several days worth of play. Most players would prefer this than having to start again from scratch.

Cheat Detection

By logging access to game servers, recording important events (e.g. player advancement), and keeping track of key quantities such as the number of rare items in the game, game administrators can identify or verify where cheating is taking place.

Disconnecting

A player may disconnect from a game seconds before being killed, perhaps then reconnecting with another character and finishing off the battle. Although two can play at that, nobody will die, the game becomes boring and good players will stop playing. This can be solved by game design, for example by making a character go into an auto-pilot mode for a period of time after disconnection.

Disciplinary Measures

Games should include a comprehensive list of terms and conditions that will allow termination of players who break the rules. However, it is essential mistakes are not made, as one wrongly banned customer could cause an uproar. Also, it could be difficult to stop banned users from signing up again, especially from free systems that do not require credit cards numbers.

Conclusion

It is probably impossible to make a perfectly secure online game; however it is certainly possible and desirable to reduce and limit misuse, allowing customers a good experience in a virtual world. Good design and programming, increased user awareness, ongoing maintenance and supervision will help to achieve this.