The United Kingdom's Office of Fair Trading released another great report on May 17 - I would have posted this earlier, but I only discovered (and read it) last night. You can download the article from The Office of Fair Trading's web site. However, before I send you off to download that report, I should warn you - it is over 250 pages long and certain parts are rather difficult to read.

Warning aside, good psychology research tends to blend the expected with the unexpected and this report is no exception.  Certain conclusions seem like they should be common sense (brace yourself - scam victims are much less able to regulate the emotions associated with scam attacks).  Whereas other conclusions are so far from expected that they border on being unbelievable.  For example, scam victims tend to have better than expected knowledge about the subject area in which they are scammed.  For example, people who know more than average about investments are more prone to fall victim to investment scams! Have you ever heard of a scam and thought 'wow, those people must not have thought that through?' Well, this study argues that the opposite is true - scam victims actually devote more thought to their scams than non victims!

A new report from McAfee argues that if a computer user navigates to his/her favourite search engine and searches for "MySpace", he/she has up to a 50% chance of visiting a dangerous website. This report, titled "The Web's Most Dangerous Search Terms" (.pdf) sent a chill down my spine and made me want to write this article.

The researchers who wrote this report (Shane Keats and Eipe Koshy) should be commended for how they designed this experiment. To start, the researchers collected a list of extremely popular search terms from services like Google Zeitgeist and Yahoo Buzz. After they collected a list of keywords, they took these terms and plugged them into five major US-based search engines. Then, they looked at the first five pages of the search results and flagged the pages deemed dangerous. And finally, they ranked how dangerous a search was in two different ways. "Average risk" refers to the total number of dangerous sites divided by the total number of sites over the twenty five pages. "Maximum risk" refers to the single page with the highest percentage of dangerous sites.

Dan McCann wrote an article on scareware nearly two months ago. To review, scareware is a particularly evil scam in which a popup appears on your screen and alerts you that you are infected with a virus (or twenty). Then, the popup suggests that you buy another program to fix that virus. The problem is that these viruses do not really exist on your system - these programs are utterly useless.

Yesterday, Avelino Rico Jr and Geok Meng Ong of McAfee released a report about a piece of scareware that recently evolved into ransomware. A new variant of "System Security 2009" has surfaced. This new threat starts off like scareware - it finds many threats and asks you to install a security program to fix those threats. Problem is, after you install "System Security 2009", you cannot open any applications - the software tells you that the files are infected and you have to activate your 'anti virus software' in order to proceed.

Please forgive me for the title of this post - it is ever-so-slightly tongue-in-cheek. The Swine Flu itself cannot actually steal your personal information. However, cyber-criminals are using concern about the Swine Flu to spread an ugly, old problem.

Analysts from Symantec announced today that a document titled "Swine influenza frequently asked questions.pdf" has been circulating around the internet. While the document contains real questions and answers about the Swine Flu, it also contains an ugly piece of malicious software known as an 'infostealer'. An infostealer's sole purpose is to steal your information - it will log your key strokes, capture screen shots and monitor your internet activity.

We all know and hate spam. It doesn't get as much attention today as it used to because we have started to take it for granted, but it isn't going away. The story gets more depressing: McAfee's "The Carbon Footprint of Email Spam Report" says that the energy used to transmit, process and filter spam uses the same energy as 2.4 million US homes and creates the same greenhouse gas emissions as 3.1 million cars using 2 billion gallons of gasoline.

It always strikes me as backwards and ultimately tragic that although we consider ourselves rational beings we go ahead and destroy our environment and ourselves. Science claims to be the most rational form of explaining the Big questions (over religion, spiritualism, magic etc.). Maybe it is, but it is also the most likely to lead us to extinction. How rational is that?

In a small way I'm disappointed. I guess I was a little curious as to what exactly would happen if it took over millions of computers. Curious to see what it wanted to do, if it had a purpose. If the person who came up with it had a master plan; was patient enough to wait years for the payoff like Kevin Spacey in Se7en.

On 60 Minutes last night they reported on Conflicker and other potential internet threats. I thought this story was very well done (it even comes with a surprise ending!). You can watch it here.

What is particularly interesting is that even the guy from Symantec (makers of Norton Antivirus) says antivirus is simply not enough to protect your computer. Norton has to issue an update every 5 minutes in an attempt to keep up! Dan blogged on this last week in "From the Horses Mouth". I was also pleased to see that they illustrated how anyone can be infected by such simple acts as leaving your computer on overnight, visiting a hacked website or getting messages from friends on social networking sites.

Watch out for a new scam where sites or e-mailers claim they can help you qualify for stimulus money for small amounts of money (think $1.99). The idea, of course, is that Obama's stimulus package is handing out money and you could qualify for some of it. Websites are using this as a means of getting your credit card information and using it for fraud. Some are sneakier, just by clicking on links you can have spyware or malware downloaded on your computer. I guess the problem is becoming serious enough that the FTC (Federal Trade Commission) has to get involved. See their site for more details.

It makes sense: in tough economic conditions people are desperate for ways to get their hands on money, and others (also desperate for money) will take advantage of the situation. One good way to cut down on fraud like this is simply spread the word. It always amazes me how fast word spreads on a subject we really need not care about (Jen meets with Brad and Angelina...), but the important ones often go under the radar.