Greetings from SurfSafely.com! If you enjoy reading this newsletter as much as I do writing it, please pass it on to all your friends and family. As always, this newsletter is opt-in only. If you feel you've received it in error, reliable removal instructions are at the bottom. (If you forward it to a friend, be sure to delete the removal link from the bottom else they may remove you without your knowledge.)
In this issue:

1) Opening comments.
2) Newsletter archive updates
3) Tips for MSN Messenger users
4) Ebay fraud alert update
5) Computer virus watch.
Opening comments.

Spring is teasing us here in the Northeast. April started out with heavy snow, followed by cold and rain, then near 80F degree temps and now were back into the 40's. One thing I can say about living here is it's never boring.

I would like to draw your attention to the sponsored message below from SafetySurf.com. Joel Comm, CEO of Infomedia who created and runs SafetySurf and I have an ongoing dialog and agreement in principal to cross promote each others' services to every extent possible. SafetySurf is a great place to shop for online safety related software and publications, many of which I have reviewed and published the results of. Please visit their site and tell them you saw it in the SurfSafely.com newsletter. It means a lot to both of us to know that we're helping.

Back to top.
Newsletter archive updates
As some of you may already know, I've been terribly lax about keeping the the newsletter archive up to date. Those of you familiar with how full my plate is may have sympathy, others may not. Which ever category you belong to, you'll be happy to know it's back online and up to date. It works out very well that the newsletter is now composed in simple html. It presents itself well at the web site and even AOL users can read it without difficulty.

For your reference, the full searchable newsletter archive can always be found at http://surfsafety.com/frameset_news.html. I've even included the quick notes and extra virus warnings I've issued along the way. You just never know when that one little tidbit of information might save someone from tremendous grief.

Back to top.
~-~-~-~ PROTECT YOUR FAMILY ONLINE! ~-~-~-~
SafetySurf.com is the oldest and leading source
of software for parents. Read reviews and
recommendations of parental control and Internet
Monitoring software. Download and install
immediately with complete confidence!
~-~-~-~ Http://www.safetysurf.com ~-~-~-~

Tips for MSN Messenger users


A while back I shared a tip with you regarding a simple way to block access to AIM chatrooms using the PICS filters already bundled with MSIE. Many readers wrote back to thank me for that tip and I'm glad to have been of service. One reader wrote to ask if I had ever found a similar technique for restricting access to MSN Messenger chatrooms as well. Not having been a MSN user I honestly couldn't offer any good advice. What I did reply with was that I would investigate and reveal my findings here. Today I make good on that promise.

MSN Messenger is basically an AIM rip-off. Some things are rearranged to look different but otherwise it's very much the same. MSN chatrooms also work exactly the same way as AIM chatrooms. They're both accessed by URLs with elements common to all of them. It's these common elements that we prohibit which in turn prohibits entry into these Messenger style chatrooms.

Click Start / Settings / Control Panel.
Double click Internet Options.
Click the Contents tab.
Enable Content Advisor.
After choosing your password and Content Advisor is enabled, click the Settings button.
Reenter your password and click OK.

Internet Explorer comes with the RSACi PICS Internet filtering standard preinstalled. You can add others but for our purpose now we'll just use this one. With Content Advisor enabled, the only sites allowed will be those that fall under the rating levels you set here, assuming pages you view are rated. If you don't want to affect your general browsing, slide these 4 bars all the way to the right. Otherwise, set the viewing levels you desire.

Now click the Approved Sites tab. Here you can enter sites to always allow or always block. These take precedence over the ratings set earlier. To block access to MSN public chat rooms, copy this text into the Allow this Web site field:   chat.msn.com.   (FYI: Yahoo! Messenger should also be similar but I haven't found the correct url to block yet. If anyone knows please tell me so I may share it with the others.)

Now click the Never button. This url is now added to the list that will always be blocked. Children can still IM each other through MSN and they can even invite friends into private chat rooms where only they interact. No public chat at all.

Now click the General tab. Here's where we can have a little fun, especially if SurfSafely.com is your web directory of choice. If you uncheck the box next to Users can see sites that have no rating, users will not be able to view unrated sites unless you have added then to the approved list on the previous tab. For users of SurfSafely.com, this is no problem because all sites in the directory must be rated!   If you don't want to be limited to our directory, then you browse the web at large where only about 0.1% are labeled. In this case, check the box so unrated sites can be viewed.

Finish by clicking OK, then OK again to accept Content Advisor settings. Your kids still get to IM their other friends. Just no public chat.



Back to top.


Ebay fraud alert update.
Apparently the EBAY fraud alert I issued the other day is nothing new. It's actually been around for about a year now. Some of my readers wrote with links to previous articles on the topic which I will share with you below. However, others like myself had never seen it before. The reason I had never seen it before is because scams of this nature "stick out like a sore thumb" when reviewing email with my favorite spam buster, MailWasher. I was deleting and bouncing them all before ever downloading them from the email server because they were all just so obvious. Then it occurred to me "What if my readers don't find it as obvious as I do?" So, I decided to take a look. What I saw of this one astounded me!

There are some basic rules of online behavior than common sense dictate. One of them is never send sensitive personal information via email, not even to parties you may know or already do business with unless you know how to send it securely using products such as PGP to encrypt it in transit. But this ebay scam was different. Instead of asking for information via email, they provided a link to a web page that looked almost EXACTLY like it was hosted by ebay. The operative word here is 'almost.' But it was good enough that even I almost fell for it.

I do trade on ebay and I do have an account with them. The email stated ebay needed to "verify" my account information with them. The page on which the information was to be submitted looked surprisingly authentic. Here were the danger signals that tipped me off to the scam.

  1. The address to which the email was sent was not the address I used to establish my account with ebay.
  2. The source of the email had already been identified as spam by SpamCop and flagged as spam in MailWasher before downloading it.
  3. The web page link, while it contained elements that looked like a valid ebay URL, ended with .20m.com/somepage.html.   20m.com was the actual host for the page linked to which is in no way connected with ebay.
  4. Lastly, the creator of the page was asking for WAY too much information. Passwords for banking and ATM access. Get real! Ebay didn't need that information to open the account. Why would they ask for it now?

All the same, the page was so authentic looking, I am certain many did fall for it and reveal sensitive private information to an unknown entity who likely sold it to the highest bidder and vanished. Unless calling their banks and credit card companies to cancel and change accounts, anyone falling for this type of scam places themselves in serious financial jeopardy. Anyone with possession of the information revealed can then charge those cards to the max and the drain banks accounts.

It happens. Please don't let it happen to you.

Here are the links I promised you. Thanks to James Shaw of OurLittle.net for these.
http://www.auctionbytes.com/pages/abn/y02/m02/i12/s01
http://archives.neohapsis.com/archives/incidents/2002-12/0050.html

Back to top.


Computer virus watch.
The Nigerian money laundering scam continues to fill email inboxes. I mean SERIOUSLY!, does anyone NOT recognize this as a scam anymore?

KLEZ email virus strains with their crafty opening messages, enticing users to click on a certain link or run this "funny" program still seems to fool many. I have to wonder, what percentage of these viruses are being propagated by children who haven't been taught the simple do's and don'ts of email?

A couple of others we're watching are W32/Nicehello@MM, W32/CodeRed.f and W32/Deloder.worm. All are classified as Low Risk worms. I often wonder what makes an email virus low risk. As far as I'm concerned, they're all high risk if my computer becomes infected and gives out information I'd rather keep private. Read more about these viruses at http://www.mcafee.com/anti-virus/.

Don't forget to keep your antivirus software up to date. Get your latest virus updates here:
Microsoft Internet Explorer 5.x patch
Mcafee updates
Norton updates
F-Secure updates

Back to top.

That's news for now.

Be informed,
Be involved,
Be well.

Sincerely,
Mark Brasche
Founder and CEO,
SurfSafely.com

Come visit our growing family of web sites and services
=======================================================
http://surfsafely.com/ Our web directory/portal
http://surfsafely.net/ Our pre-filtered Internet service
http://surfsafety.com/ Our online safety community site
=======================================================