Another thing to remember. Don’t use the same username and passwords for everything. Yes, having everything the same makes it easier for you to remember your password. It also makes it a lot easier for a potential hacker to hack into all of your accounts.

You also want to make sure that you create a password that is harder from people to guess. Adding a combination of letters, numbers and symbols always helps. You can check out a previous post I did on how to create a secure password.

If you have a lot of passwords, you can try organizing them by using a password program like RoboForm if you are a PC user. I use a simple spreadsheet that I store on a thumb drive that I keep locked up. I only take out the thumb drive when I need to remember a password that I’ve forgotten. RoboForm also works on a thumb drive as well.

So, take some time to mix up the passwords to your online accounts. You’ll save yourself some heartache later.

So what’s going on? What these “companies” do is they mail out official looking letters to people who own domain names and all of the letters contain some language about how your domain name is expiring and you need to renew your domain immediately. At best, they’re trying to trick you into switching your domain to a different registrar and usually at a much higher fee. For example, one of these companies would have me paying $30 per year per domain name! I only pay about $9 per year from my domain registrar.

At worst, they’re trying to sell you some type of non-existant service that has nothing to do with renewing your domain name at all. In this instance, the letter will talk about domain name registration, but if you look at the fine print, you’ll see that the “service” you’re signing up for is for “search engine optimization”, getting listed in a web directory, or something along those lines. So if you pay them money, you still haven’t renewed your domain name and you’re out the fee you paid the scammer.

So how do you avoid this scam? Here’s a few tips:

• Keep track of all your records- You should print out and keep any records that pertains to your domain name and your domain name registrar. A lot of people get confused because they don’t keep this information. Plus, know when your domain name is up for renewal and put a reminder for yourself on your calendar.

• Keep your contact information at your registrar up-to-date- In many cases, your registrar will email you when your domain name is up for renewal. Be sure that your contact information at your registrar is up to date so you won’t miss these reminders.

• Opt for automatic renewal- If you’re afraid that you might forget to renew your domain name, opt to have your registrar renew your domain name automatically. When it’s time for your domain name to be renewed, your domain registrar will bill the credit card they have on file for that particular domain name. Also if you know that you’re going to keep your domain name for a while, you can register it for more than a year at a time.

• Read the fine print- If you get one of these letters and you’re not sure if it’s from read the fine print very carefully. If the letter refers to “transferring and renewing” or “transferring your domain name” that means that they’re not your registrar. Throw these letters in the garbage.

• When in doubt, look up your Whois record- If you don’t know who your registrar is, look it up by finding your Whois record. Whois records are like property deeds for domain names. They have information on who owns a domain, what hosting company it resides on, and what domain company it is registered at. If the company name on the letter doesn’t match the registrar name on the Whois record…toss the letter. To check your Whois information go to: http://www.whois.sc/
  This information is free and readily available.

So how do you avoid this version of spam harvesting?

1. Create a unique email address- If you can, try to stay away from some of the more common versions of email addresses such as:

• firstname.lastname@yourdomain
• firstinital.lastname@yourdomain
• firstname_lastname@yourdomain
• firstnamelastname@yourdomain
• firstnamelastinital@yourdomain
• info@yourdomain
• support@yourdomain
• sales@yourdomain

Try to create a email address that’s harder to guess…like an email address that contains a combination of letters and numbers, such as jdp081999@janepotmaker.com.

2. Turn off your “catch-all” email feature- If your hosting service offers what’s called a “catch-all” mail feature, which means that that email that’s addressed to anything ending with your domain name…make sure that it’s turned off. Since anything that’s addressed to your domain will be seen as valid, that means that leaving that feature on is just going to bring an avalanche of spam from spammers using the DHA technique. Turn it off!

One minor update I’m doing to my website is that I’m changing the way that I display my email on my websites. On my old site, I simply have the web address out there with a simple “mailto:” link so that when someone clicks on my email address, they can send me an email straight from my website.

While it was quick and convienient for my visitors, the downside was that I now regularly get anywhere from 50 to 200 pieces of spam email a day at this address. Why? Because email spammers use these really evil little automated programs called “harvesting bots” that do nothing but crawl through web pages, forums, and other public pages on the Internet and gather email addresses that appear on those pages.

So if you post your email address as janepotmaker@janepotmakerdesigns.com on your website, one of those harvesting bots can visit your site, scoop up your email address and boom! Suddenly you’re a target for spammers.

Fortunately, there are several ways to fight this:

Apparently there is a virus going around the Internet that’s passed along via email. The subject line of the email will say that you’ve received a postcard from a family member. It will then include a link to the fake postcard which is actually pointing to a malicious virus.

There are several variations on the subject line including:

• You’ve received a greeting card from a school-mate
• You’ve received a greeting card from a class-mate!
• You’ve received a greeting card from a partner

…and so on.

Find out more about this virus on the Urban Legends Reference Pages at:
http://www.snopes.com/computer/virus/postcard.asp

Plus, if you want to brush up on email safety, read my past post Avoiding Phising Scams for some basic email security tips

So I found this post at the Productivity501 Blog, 10 Tips for Creating Secure Passwords to be quite useful. One of my favorite password creation tips was number 6:

6. Ideas for Passwords – Sometimes coming up with a password can be pretty difficult. Keep in mind you need to choose terms that you won’t often talk about. Here are a list of ideas to help come up with words:

1. Choose two objects from a picture that you’ll always remember. For example: a drawing at your grand parents house, the illustration from a children’s book, a painting at an art museum, etc.
2. Choose two terms from a memorable purchase. For example: bluev6 (first car), thinibm (first computer), gold3crt (engagement ring), 7ftgrand (piano), pinedoor (first house), sunshore (honeymoon destination).
3. Look through a catalog and choose terms based on something you see.
4. Lookup a random article on Wikipedia and choose a word found or related to a word you find in the article.

Being an artist, this is a very effective tip for me since most artists are visual people. So check out this article here the next time you need to come up with a new password…

…Now if you’ll excuse me, my sixty days are up…gotta go change a password!

Photo of the lock in this post is a cast resin keychain from Harry Allen’s REALITY series

If you have downloaded version 2.1.1, you should upgrade to the new version immediately. Also, if you know of anyone who is also running WordPress on their web server you should pass this information along to them.

Well, apparently some pretty malicious people can use the security hole in Acrobat Reader in order to access your machine to open files, delete files, and even execute programs. What’s worse is that even if the PDF that you create to send for download from your web site is safe, hackers can still create havoc by attaching code to the PDF download link. You can check out the security bulletin from Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-01.html

Fortunately, you can easily protect yourself by upgrading to Acrobat Reader 8, which is the newest version of the program. Adobe released the new version a couple of months ago to include the security fix. If your computer’s operating system can’t handle Acrobat Reader 8, you can download Version 7.0.9, which also contains the security fix. And yes, this security fix also applies to Mac users too!

If you provide PDFs for visitors of your site, there are some steps you can take to help protect them. The security advisory provided by Adobe gives instructions on how to do this:
http://www.adobe.com/support/security/advisories/apsa07-02.html

There are also some less “geeky” instructions here:
http://blogbusteraudio.blogspot.com/2007/02/when-pdfs-attack.html

If you want a more detailed explanation of this security risk, check out this article on ZDnet:
http://news.zdnet.com/2100-1009_22-6147428.html?tag=nl.e539

Thanks to the Art Biz blog for the heads up!

Supposedly, this is an email from Ebay claiming that someone had filed a complaint against me saying that I won an item and had not paid for it. In order to dispute this claim, I need to click on the link in the email and find out how to dispute the claim. As fearsome as this email sounds, I’m not a bit worried because I’ve already gotten this email at least 3 or four times this week and they’ve all come through different email address…none of which I use for Ebay. What we have here is a phising scam.

If you’ve been on the Internet for any amount of time, you probably would have heard of this type of scam. “Phising” is when scammers try to trick you into providing information that will allow them to steal bank account numbers, credit card number, or other sensitive information. The way phising scams work is to send out email that looks like it’s from a source that everyone has heard of or one that everyone trusts, like Ebay, Amazon, or Bank of America. The message in the email tells you that something’s wrong with your account, or that someone has attempted to hack into your account, and that you need to click on a link in the email in order to fix the problem or provide information. In most cases, these links will take you to a web page that looks like it’s from the web site that claims to have a problem with your account. When I click on the link in the email above, I was sent to this page.

It looks an awful lot like a page from Ebay, until you check the address bar in the browser:

If you type in your username and account to sign into this fake page, you’re providing the scammers access to your Ebay account. Sometimes the scammers will ask you to provide bank account information, credit card information, or your social security number. Once they get this information, they make charges on your credit card, steal money from your bank account or even steal your identity.

Phising scams aren’t new, but the scammers seem to be getting better and better at fooling people into giving out sensitive information about themselves. Even those experienced in using the Internet needs to continue to be on the look out. Here are some ways to avoid being caught by these scams:

1. Treat any email that claims that there is a problem with an account or requests sensitive information with suspicion.
2. Check the links in the email, if the links don’t match the website or the link includes the @ symbol in the address, the email is a phising attempt.
3. Don’t click on any links in the email. If you want to see if there really is a problem, go directly to the web site yourself and contact customer service or support. If the email claims to be from a bank, find the phone number and call the bank yourself. Don’t trust any links or phone numbers provided in the email
4. Never give out your social security number, any kind of passwords, bank account numbers, or credit card numbers over email. Banks and other reputable web sites will never ask for this type of information over email.
5. If you’ve come across something that looks like a phising attempt, contact the web site or the company that’s being spoofed and let them know about it.
6. Keep up to date on the latest scams. The web site Scambusters.org has a good article about phising with actual examples of real phising emails now being circulated on the Internet. Scambusters also has information on other types of Internet scams.