The example given below is from the popular circulating email that usually threatens that, 'Yahoo! is shutting down' that I believe almost every Yahoo! account owner has received at least once. Below you will see a screen shot of this scam.

How do you recognize it? By learning as many many tips as possible.

Tips from this email:

1. As mentioned in the previous posts, Yahoo! is not shutting down.
2. Yahoo! is NOT running any random scanning program to verify email addresses for deletion of the unused ones.
   
3. The sender's email address is not an official company's contact address (in the image example below), Yahoo! Company does NOT bear such an email address as it's official contact address.
4. The email asks for personal data such as Username, Password, Date Of Birth and Country or Territory. Such information or details will NEVER be asked by Yahoo! if you already have an account with them, except when you register for a new one.
   
5. Emails coming from official Yahoo! Management will have a security icon (like the one shown below), therefore look for the DomainKeys icon and you'll see a small icon of an envelope and key in the email header. This verifies that it's from the domain it claims to be from.

Other tips:
- The use of puntuation marks excessively like the (!!!) in the From: and Subject: fields.
- Note also that there is no specified address in the To: field, thus an official address to a specified person will not come without your name in the 'To' field or in the introductory not at the beginning of the message (even simple mass mailing subscription services know how to identify their subscribers by their names).

Kadiri siku zinavyosonga, ndivyo na watu wanavyotumia intaneti na kadiri ya matumizi ya intaneti yanavyoongezeka ndivyo na vitendo vya kidanganyifu na wizi wa mitandaoni vinavyoongezeka.

Kujifunza kung'amua mbinu wanazozitumia matapeli katika kufanikisha malengo yao ndicho kiokozi muhimu katika kujilinda wewe binafsi na wale unaowajali dhidi ya upotevu wa fedha na mali.

Kwa bahati mbaya, matapeli kama ilivyo kawaida yao, hawakomi kujaribu kuvumbua mbinu mpya za kuiba pale wanapogundua kuwa watu wengi wameshazifahamu na kuzizoea mbinu zao.

Siku tatu zilizopita nimepokea ujumbe kama unavyosomeka kwenye picha inayoonekana hapo (bofya kuikuza ili kupata ukubwa unaosomeka kirahisi zaidi) na katika ujumbe huo, hakukuwa na maelezo zaidi ya 'respond to the subject matter'.

Nilifungua kiambatanisho hicho na kusoma maelezo hayo.

Yafuatayo ni mambo muhimu ya haraka niliyotumia kung'amua kuwa ujumbe huu ni wa kitapeli.

1. Tarehe iliyopo katika mhuri ni 05.05.10, mbona bado hatujamaliza hata mwezi Aprili?
2. Kuulizia namba yangu binafsi? Ukishaona mtu anaulizia habari binafsi, kuwa makini.
3. Ati wametenga kiasi cha fedha na mikataba kwa kampuni yangu. Najiuliza, 'mbona sina kampuni?
4. Wanaahidi kulipa fedha mwanzoni. Hii inanipa wasiwasi, biashara ya kulipa kabla ya kutoa huduma?
5. Tishio kuwa nisipojibu ndani ya wiki mbili watafuta kampuni nyingine kwa ajili ya kazi hiyo. Najiuliza, Wiki mbili za kuanza kuhesabika tangu lini? Kwa kigezo kipi? Wana uhakika gani kuwa ninasoma barua pepe kila leo? Na kama wana-track kujua nimesoma lini barua pepe, kwa nini wanitishe?
6. Mwisho, ni jina la mmoja wa Wakuu wa nchini Nigeria walilolipachika cheo ambacho kinanipa walakini.

Niliishia kutupa ujumbe huo kapuni na kuwaasa wengine kuwa makini na aina hii mpya ya wizi.

TAHADHARI:
Tafadhali usiige tabia ya kufungua viambatanisho vyovyote navyotumiwa ikiwa huna usalama wa anti-virus katika kompyuta unayoitumia. Baadhi ya watu hufungua viambatanisho wasivyotarajia kupokea kwa kuwa wana tamaa ya kujua kilichomo ndani. Matokeo yake ni kufungulia virusi wanaoharibu tarakilishi taratibu au kuisababisha iwe 'misukule' (zombie) kwa ajili ya kutumika kutuma virusi kenye tarakilishi nyingine bila ya wao kufahamu. Mara nyingi viambatanisho (attachments) huwa ni vyanzo vya kusambaza virusi kwenye tarakilishi.

I said it before and I will continue to say it, protect your computer with an anti-virus, a firewall and anti-spyware, also, add Microsoft Security Essentials (MSE) - it's free!

By installing the free Microsoft Security Essentials in your Windows PC, you will protect the system from malware attacks to a certain degree. Initially, Microsoft rolled out this softwared in 17 countries and 8 languages. As I write this post today, this product is already available in 74 countries and 25 languages and probably by the end of 2010 it will be available in 87 countries and 33 languages. The software is small, light and with simple user interface that starts working to clean your system as soon as you finish installing it.

The reason why you need to add an anti-virus to your comptuter on top of this software, is because MSE has a poor protection against keyloggers, rootkits, and scareware.

Click on the images to enlarge for a better view, screen shot photo a courtesy of PCMag.com

Just another reason to love and use Gmail. Reading their official blog today, Gmail is going to roll out yet another security feature enhancement.

Have you ever received those emails from friends requesting money sent to them in a foreign bank account because they had a quick travel and accidentally got robbed or kidnapped and the only way they can be released is if somebody sent them money and all that yada yada yada stuff?

You are lucky if you haven't but most of us have, in fact, I just received one two days ago.

Well, there is a reason to rejoice, for one of the Gmail Engineers, Pavni Diwanji, has just posted an update on the gmail blog saying that, as of today, Gmail is introducing a new feature to notify their users when they detect suspicious login activity on user accounts. This is in addition to the already aexisting remote sign out and information about recent account activity where one could see this information displayed at the bottom of inbox notifying them of the last login activity prior to the current one.

This new warning notice will display the following message, "Warning: We believe your account was last accessed from…" along with the geographic region that they can best associate with the access.

To determine when to display this message, their automated system will match the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. Click on the "Details" link and you'll see the last account activity window along with the most recent access points. If you think your account has been compromised, you can change your password from the same window. If you know it was legitimate access you can click "Dismiss" to remove the message.

Source: Gmail Blog - Gmail Official Blog

Kuna watu wana tabia ya kiherehere, wanaopenda kubofya bofya kila linki wanayopokea hasa pale inapohusu habari za kustua ama gumzo dhidi ya watu maarufu duniani ama zile zinazohusiana na ngono.

Zimeanza kusambaa habari za uongo zinazosema, "an accident that killed U.S. President Barack Obama" ati, "raisi wa Marekani bwana Barack Obama ameuawa katika ajali". Hizo ni habari za uzushi ambazo zinakuja kwa njia ya linki yenye maelekezo kuwa ubofye ili kusoma habari zaidi kuhusiana na tukio hilo. Punde mtu anavyofanya hivyo, basi anakuwa amebofya linki yenye virusi ambavyo vitaingia katika tarakilishi unayotumia na kusababisha uharibifu.

Linki hizi zinajificha katika majina yanayokuelekeza kwenda mitandao maarufu kama vile Facebook au YouTube kuona video au kusoma zaidi, lakini hiyo ni haddaa, si kweli, majina unayoyaona kwa kusoma yameficha linki haribifu. Linki hizi zimesambaa kwenye chat clients kama Windows Live Messenger.

Tafadhali kuwa mwangalifu na zingatia kuwa na anti-virus ambayo utai-update mara kwa mara na usipende tabia ya kubofya bofya linki usizokuwa zenye habari zinazoelekea kuwa za udaku.

UPDATE
Kuna watu wanapenda kubisha tu alimradi wamebisha, basi hiyo ndiyo furaha yao. Hapa naambatanisha maelezo na linki, mwenye kuchukua hatua atachukua, asiyetaka, hajalazimishwa, endelea kubofya bofya tu.
Kuna linki mwisho wa maelezo ukibofya waweza kuona screen-capture ya IM ina URL yenye virus (circled).

“Obama Accident” Instant Messages Used to Spread Malware 2:56 am (UTC-7)   |   by Jonathan Leopando (Technical Communications)
A new attack spreading BUZUS malware via Windows Live Messenger has been spotted. Trend Micro researcher Loucif Kharouni spotted the messages spreading via the popular instant-messaging (IM) application, samples of which can be seen below.

The text before the links are in French and tells users to click the link that follows. Some of these links made users believe that they were viewing a photo related to an accident that supposedly killed U.S. President Barack Obama. Others used domain names similar to legitimate sites like Facebook and YouTube.

In reality, however, the links lead to malicious BUZUS variants detected by Trend Micro as TROJ_BUZUS.BTA and TROJ_BUZUS.BTB.

Malware attacks using Barack Obama as social-engineering bait date back to his 2008 campaign for the U.S. presidency. Previous attacks were seen both around his election (both for pharmaceutical spam and spreading malware) as well as around his inauguration.

Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious websites that host the malicious files. It also detects and prevents the download of TROJ_BUZUS.BTA and TROJ_BUZUS.BTB via the file reputation service.

Source & Credit: http://blog.trendmicro.com/obama-accident-instant-messages-used-to-spread-malware

Pengine utaniuliza, 'oyaa, unazungumzia nini? Hiyo 'misukule' microsoft inayofunga ndo kitu gani tena?'
N'takujibu hivi, 'misukule' hii kitaalamu inaitwa 'botnet' na jina hili limetokana na muunganiko wa maneno mawili ya kiingereza, "robot" na "network".

Utasema tena, 'kwa hiyo?, mbona bado sikuelewi?'
Sasa sikiza...
Ikiwa una anwani pepe, huenda hutakuwa mgeni wa barua mazagazaga (spam na junk mails) yanazokuja kwenye inbox yako bila wewe kujua yametoka wapi na hao waliotuma mbona huwafahamu na isitoshe, wamejuaje anwani yako? Mara nyingi emails hizi huwa zinachujwa na kufichwa kwenye 'junk' au 'spam' folder' na kisha kutupwa ikiwa hutazishughulikia ndani ya siku kadhaa.

Sasa kuhusu uhusiano wa botnet na tarakilishi (computer) na mazagazaga (junk/spam) uko hivi.
Baadhi ya tarakilishi zinaweza kugeuzwa kuwa 'msukule' au 'zezeta' na hivyo kufanyishwa kazi kinyemela (remotely) na mtu aliyeko mahali fulani popote duniani. Tarakilishi inaweza kugeuzwa msukule ikiwa utapakua virusi kutoka kwenye barua pepe au tovuti fulani ulizotembelea na kupakua virusi kwa kutokujua. Punde virusi huyo anapoingia kwenye tarakilishi yako, si rahisi ufahamu kwani huwa haifanyi lolote zaidi tu ya kujishikiza kama kupe na kutoa taarifa kwa yule aliyeko kwenye 'control room' na kusubiri tu kupewa amri ya kuanza kusambaza virusi/trojan/linki za matangazo feki ya dawa za viagra nk. Punde tarakilisho yako inapoanza kufanya kazi hiyo, ndipo inapoitwa 'zezeta' aka msukule alias 'botnet'.

Ukitaka kuelewa kwa njia ya picha, tafadhali bofya picha ifuatayo na kuikuza ili kusoma.

Sasa iweje watu wanaotumia bidhaa za Microsoft wafurahie?
Ni kwamba, kutakuwepo na punguzo la junk emails zinazozalishwa kuniani kwa siku kwani kampuni ya Microsoft imepewa ruhusa ya muda kutoka kwenye mahakama moja ya Marekani katika jimbo la Virginia Mashariki inayoipa ruhusa Kampuni hiyo kubwa kabisa ya tarakilishi, kuweza kufungia majina ya intaneti yapatayo 277 ambayo yamethibitika kuwa kitovu cha msukule wa Waledac. Msukule huo unaaminika kusambaza virusi bilioni moja (1,000,000,000) kwa siku moja tu duniani kote. Bofya picha yenye ramani hapo chini ili kujionea makaridio ya tarakilishi ambazo zimeshambuliwa na 'misukule' kote duniani. Kwa maelezo zaidi kuhusu habari hii, soma tovuti ya Microsoft.

Vile vile unaweza kubofya hapa ili kutizama video kusikia maelezo mafupi kuhusiana na suala hili.

Several security websites are reporting a flaw in one telephone company that is transiting malware via HTC phone's USB port port when connected to computers.

A person recently bought an HTC Magic (Android) phone and when she connected it to her PC over USB, the antivirus (Panda) software went off.  The say that the phone had malicious autorun and other files identified as a "Mariposa" bot tied to a botnet run by a Spanish hacker. There was also Conficker and a Lineage password stealer.

Other smart phone users need to be aware of this threat in order to prevent their phones and computers from getting these malicious files that could severely affect their documents.

Click here to read and see screen capture of the  Vodafone HTC malware issue.

Katika posti iliyopita, tulizungumzia kuhusu namna ya kutambua na kujikinga na wizi wa mtandaoni. Leo tutizame kanuni za utengenezaji nywila imara na madhubuti na na hivyo kuepuka kutengeneza nywila nyepesi, legevu, nyong'onyevu, jinga kabisa na ambazo ni rahisi kubambwa.

1. Usitumie tarakimu au herufi zinazofuatana. (Do Not use similar or sequentials). 
   Mfano: "12345678," "88888888," "abcdefg," au herufi zinazofuatana juu na chini ya kibodi kama vile yhbujnikm ama xswcdevfr
2. Usitumie alama ambazo ni rahisi kufahamika kuwa zimetumika badala ya herufi. (Do Not easy to identify reversed letters or numbers).  Mfano: '1' badala ya 'i' au '@' badala ya 'a'  au '0' badala ya 'O' au 'E' badala ya '3' au "P@ssw0rd" nk.
3. Usitumie jina lako la login au username wala sehemu ya majina yako rasmi au tarehe ya kuzaliwa au namba ya TIN au SSN au sanduku la posta au namba ya simu au namba ya nyumba unamoishi n.k. kutengenezea nywila. (Do Not use your official names, date or birth, SSN, TIN, postal office box number, zip code, post code, phone number, house number etc to create a password). 
   Unaweza kushangaa, 'wezi wanawezaje kupata taarifa hizi zote?', ni rahisi. Wezi hutafuta habari zako kwa kina kupitia vielelezo vyako kwenye mitandao jamii kama vile Facebook, Twitter, Hi5, LinkedIn, nk. vile vile katika Wasifu wako wa CV au Resume, na kwenye tovuti yoyote ile ambamo umeacha taarifa zako na ikawa rahisi kuzipata kwa njia mitandao ya utafutaji (search engines) kama vile google, yahoo, ask nk.
4. Usitumie meneno ya kwenye kamusi ya lugha yoyote. (Do Not use words from a dictionary to create a password).
   Utawakuta baadhi ya watu hutengeneza nyila kwa kutumia maneno ya kamusi na kuyageuza kinyumenyume au kuandika maneno ya kutusi nk. Hii ni rahisi kwa wezi kutumia software ya word-scramble na kupata aina mbalimbali ya maneno yanayoweza kutengenezwa kutoka katika neno hilo, hasa pale wanapokuwa wameshapata 'hint'. Kumbuka kuwa wapo watu wanaolipwa kwa kufanya kazi ya kuiba nywila, hivyo ni ajira na huwza kuifanya kazi hii kwa saa hata kumi mfululizo ikiwa wameahidiwa donge nono na hasa kama walishawahi kufanikiwa kung'amua nywila nyingine. 
5. Acha tabia ya kutumia nywila moja kwa akaunti zako zote. (Do Not use only one password for all your accounts).
   Wapo baadhi ya watu ambao hupenda kujifanyia urahisi kwa kutumia nywila moja kwa ajili ya akaunti zao mbalimbali, kwa mfano, mtu anatumia nywila ya Facebook kufungulia Twitter au LinkedIn. Hii ni makosa kabisa. Ukitumia nywila moja kwa akaunti zako zote, siku mwizi atakapofanikiwa kuibamba moja, basi utakuwa umewarahisihia kazi ya kujaribu akaunti zako zote kukamilisha ujangili wao. 
6. Kuwa mwangalifu unapotengeneza neno la siri la kukumbushia anwani yako pale utakapoipoteza. (Be careful with password recovery questions).
   Mara nyingi unaposahau anwani yako, huwa unatakiwa kubofya neno, 'I forgot my password' na hapo huanza utaratibu wa kukuuliza neno la siri kabla ya kukurekebishia nywila yako. Kuwa mwangalifu na swali la siri pamoja na jibu lake. Mara nyingi kampuni au huduma husika watakupa maswali yaliyoandaliwa ambapo utatakiwa kuchagua mojawapo na kulitolea jibu. Kwa bahati mbaya au nzuri, maswali haya ni rahisi kwa mtu kuyakisia. Mfano, Shule yako ya msingi inaitwaje? Swali kama hili ni rahisi kwa mtu anayekufahamu kulijua hasa kama mlisoma pamoja shule ya msingi au ni jirani yako au alisoma nawe shule ya Sekondari au Chuo au anafanya kazi nawe au ndugu, jamaa na rafiki mnayefahamiana akawahi kutamka kuwa mmesoma pamoja, huyu anaweza kupata urahisi wa kuiba nywila yako.
7. Jiepushe na matumizi ya stoo za mtandaoni (Do Not trust any online storage).
   Mwizi atakapoweza kuiba online storage yako,  ni rahisi sana kuiba nywila na taarifa zako ikiwa umezihifadhi humo

Ukitaka kusoma vidokezo vya namna ya matumizi mazuri na angalifu ya emails, tafadhali peruzi kwenye lebo katika 'Computer Or Email Tips & Tricks'. (To read previous email tips, use the search box located above the page or click through 'Computer Or Email Tips & Tricks' under the labels).

Scam or phishing is a method of sending email messages to other people with the purpose of stealing their sensitive and personal data and/or financial information for a wrongful use in the future.

While this could be an easy task for someone, it can be a hard task to others. In order to be able to differentiate between the two, build a habit of reading as many tips as you can regarding internet scams. No one can say they have qualified in this subject as phishing tactics change almost every day. Keeping yourself abreast of these new ways will save you out of a lot of troubles.

1. Do not reply to any message coming from a person unknown to you. Do not reply even to a person you know if you are suspicious that the contents of their message seem unrelated. It is sound too good to be true, it probably is.
2. Do not provide any personal information such as your date of birth, place of birth, nationality, bank account number, password(s), telephone number, social security number (SSN or SS#), TIN, passport ID # etc. There is no legitimate business that will just ask you for this information especially when you have already provided it in the past during registration. Be sure by calling them and asking if they wanted your information. When calling, do not use the number in the email which says call this # instead, go to the bank or company's OFFICIAL website and get the customer service number from there. Sometimes, spammers could give you a number to call and they will pick and give you wrong answers, their goal being to mislead you so that you give them your information.
   
3. Do not click on any URL address link inside an email message, instead, point your mouse on it, then read the words which shows up at the bottom, left corner of your browser. This will help you see if the URL is pointing to what is being talked about. Even when the URL is correct, the best way to access it is by copying the URL and pasting it on your browser's address location bar. Sometimes, pasting the URL link address on search engines may give you results for genuine and false links.
   
4. Do not trust all shortened URL. Use websites such as www.untiny.me or sucuri.net which can uncover the URL and show where it really points.
5. Do not call any telephone number in order  to provide your information over the phone. Some scammers can mask their numbers so that it is impossible to tell where the call is being routed.
6. Do not open any attachment you receive, even if it is coming form a person you know but you didn't expect. Call them (if possible) and ask for details or keep quiet and if it is important, they will send again the attachment or call you to ask whether you received the attachment or not and what it was in it.
7. If you live in a country where their mode of transaction is through credit or debit card, make sure you review your account statements regularly to ascertain bank activities. If you see even a single cent deducted from your account without clear clarification, call or visit your bank to report and ask for clarification.
8. Make sure you are using secure and encrypted website whenever necessary especially when providing sensitive information. The way to know if a site is encrypted or not is by looking at the browser's address to see if the prefix http has an 's' at the end of it, i.e https and not just regular http. The 's' denotes 'security' or 'secure' feature.
   

Test yourself, try these tests and see if you can spot a scam
It is reported that, people who spent at least 15 minutes playing the Anti-Phishing Phil game were better able to identify fraudulent websites than people who spent the same amount of time reading traditional anti-phishing tutorials.

• Follow this link: wombatsecurity.com/antiphishing_phil and click on the words saying ‘Play!’
• Click on this: SonicWALL Phishing IQ Test and test yourself. When you have completed the test you’ll get a score along with a chance to see “why” a question was a phish or legitimate.

Better still, learn some tips from:

• Microsoft - office.microsoft.com/en-us/help/HA012300411033.aspx
• USA Government FTC - ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
• USA Government OnGuard Online  - onguardonline.gov/index.html
• SANS Institute, Security Awareness tip -sans.org/tip_of_the_day.php?utm_source=web-sans

A friend sent some pictures of manufactured eggs which are believed to have come from one Eastern Country. A little search on the internet showed some results that man made eggs have been in existence for quite some times now; in fact, one country issued a warning against fake eggs urging residents to be extra cautious; imposing fines to anybody who will be caught in this kind of business.

Unfortunately these fake eggs have found their way into the market, and because of the cheap price, majority of the poor will fall victim of fake products once again. Apparently, eggs are not the only food products being manufactured artificially, but also fruits such as grapes. You can click here to see a video clip showing a person explaining how these fake eggs and other food stuffs are made.

It is with no doubt that fake products have very many detrimental effect in the general health of a human being. For example, fake eggs contains calcium carbonate, starch, resin, gelatin, alum and some other chemicals. One scientist goes far to the truth by saying that, the ingredients used to make fake eggs could even result in dementia (forgetfulness). It's these effects that continue to lengthen the chain of the cycle of poverty. One wonders, will this ever come to an end? Are we becoming more of a lesser human?

How will you be able to tell a fake egg apart from the real one?

1. The shell. The shell of fake eggs are a little shinier than the real ones. You have to be careful to see otherwise, they are hard to tell apart.
2. Feel. Touch the egg by hand and you will notice that the fake ones feels a little rougher than the real ones which are a bit smooth.
3. Shake. When shaking the eggs, the fake ones will make some noises because of the liquid overflowing around the solid material.
4. Odor. Notice that real eggs smells a little like raw meat.
5. Tap the egg lightly. Real eggs make a more crisp sound than the fake ones.
6. Break it. Shortly after opening the eggs, the egg yolk and egg white of a fake egg will melt together since the yolk and egg white are made of the same raw materials.
7. Cook. If you deep fry eggs, real egg yolk remains intact when untouched but fake ones will spread throughout since they are made of artificial materials.
8. If you eat in a restaurant, be careful with how you want the eggs made, if possible skip egg meals, you won't loose much ( besides, you can easily prepare them at the comfort of your house to know exactly what you eat).

Remember, 'cheap is expensive', protect yourself, monitor what you eat.