Two of our clients have come to us within the past few days to ask about bills they got in the mail that looked like invoices for domain name registration renewals. They came from Domain Listing Service, and close inspection shows they are for “Annual Website Search Engine Listing” at a cost of $75.

They promise quarterly submissions to 25 major search engines … which won’t help your rankings in the least. But if any of our clients want that done, Rank Magic will do it for free. (Partly because that’s all it’s worth to you.)

The next questionable approach is a fax that looks very legalese and quotes an extensive excerpt from the United States Legal Code, Title 15. The scary headline says FINAL NOTICE OF DOMAIN EXTENSION and the fax will show your domain name prominently, but with a different extension. I’ve received several, including one listing RANKMAGIC.US for instance.

What they’re offering is to allow you to reserve another version of your domain to prevent some other company taking that domain and causing confusion among your customers. If you think that might be a problem, go ahead and register other domains — with .net, .org, .us, .biz, .tv or whatever other top level domain extensions you want. Typical cost is $25/year apiece, but  if you call the toll free number on this fax, they’ll try to sell it to you for a 10-year term or a 5-year term. If you ask for the 1-year rate, they quote $35.

I plan to toss all of these right into the circular file.

Subscribers to the Windows Secrets Newsletter were asked to scan their computers using the Software Inspector, a service of Secunia.com. The scan reveals versions of Windows and builds of applications that have security flaws for which a vendor patch is available.

1. Adobe Flash Player 9.x
2. Sun Java JRE 1.6.x/6.x
3. Macromedia Flash Player 6.x
4. Macromedia Flash Player 8.x
5. Macromedia Flash Player 7.x
6. Apple QuickTime 7.x
7. Macromedia Flash Player 5.x
8. Mozilla Firefox 2.0.x
9. Macromedia Flash Player 4.x
10. Adobe Reader 7.x

Know why there’s so much spam hitting your in-box? Because there are still people who will buy stuff from those guys. I’ve often wondered, “who would be stupid enough to buy from some sleaze-ball who sends them spam?” Sadly, the answer appears to be “lots of people”.

Pose whatever theory you like as to why, but an AdWords experiment revealed that people will click on just about anything – even if the ad tells them their computer will be infected with a virus if they do. (!) One ad had a headline that said “Get infected here!”. Over 400 people clicked on it.

Here’s the full story. <sigh>

Symantec said in its latest Internet Security Threat Report, for the period of July through December 2006, that the access to essential details about a person’s identity could be had for a low price of $14.

The myriad threats posed by online criminals became worse as they have started to organize in ways that would make the old Mafia proud. Bugsy Siegel had nothing on the crooks working in concert to steal financial information.

<More from SecurityProNews.com>

You may be familiar with the Nigetian scam: Someone from a sub-Saharan African country send you an email claiming to be a surviving family member of some high ranking family, who has millions of dollars to transfer to a US bank in order to save it from confiscation by the new military government. For a percentage of those millions, he needs you to set up a bank account to receive the money, and pay several thousand dollars of “good faith money”.

Well, it’s not just an email scam anymore. This week I received a priority mail letter (through the actual Post Office) from the Netherlands. It was personally addressed to me, and was a classic Nigerian scam. There was no return address; just a yahoo email address to contact the person if I was greedy enough to fall for the pitch.

I found it rather amusing, but the fact that they’re still doing this means there are still people falling for the con game. You can learn more about it here.

Vigilance!

Scientists at Carnegie Mellon University have figured out a way to almost entirely detect and filter out phishing e-mails. These findings have a tremendous potential to reduce identity thefts.

Phishing is the practice of sending emails that look like they come from a familiar financial institution and direct you to confirm your user name, password, or PIN. In fact, these emails direct you to a phoney site that harvests the information you type in in order to steal your identity.

Brian Livingston has an interesting column on the in Datamation.

According to Security Pro News, researchers analyzed results of searches on Google, Yahoo, MSN, AOL, Ask and found that “all of the major search engines returned risky sites in their search results for popular keywords” and that “dangerous sites soared to as much as 72 percent of results for certain popular keywords, such as ‘free screensavers,’ ‘digital music,’ ‘popular software,’ and ‘singers.’

Some sites contain nasty stuff like spyware, viruses and malicious code. In some cases, you’ll get spam if you give them your e-mail address. Increasingly, caution is the watch-word on the web.

Vigilance!

“The only working feature on the fake Google Toolbar saves credit card details, according to Christopher Boyd, the security research manager of Foster City, Calif.-based FaceTime Security Labs.” From a story on eWeek.com.

According to SecurityPipeline.com, a new worm modifies the infected PC so attempts to search using Google are directed to a spoofed site that looks like the real thing, but with different sponsored links to drive traffic to sites the hackers have selected.

Searches run on the spoofed version of Google return results similar to the real Google, but in some cases, the sponsored links — top-of-the-page and right-side links to e-commerce sites that have paid for the placement — are different.