Today’s post in the Art Biz blog pointed me to some information about a security flaw in Adobe Acrobat Reader. As you probably already know, Acrobat Reader is the free program that allows you to open and read PDF documents. PDF files are pretty widespread on the internet as web sites use them to distribute documents, catalogs, application forms, and all manner of different things. Some artists I know use PDFs in order to distribute their portfolio or product catalogs and lots of art organizations put their applications and prospectuses in PDF format.

Well, apparently some pretty malicious people can use the security hole in Acrobat Reader in order to access your machine to open files, delete files, and even execute programs. What’s worse is that even if the PDF that you create to send for download from your web site is safe, hackers can still create havoc by attaching code to the PDF download link. You can check out the security bulletin from Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-01.html

Fortunately, you can easily protect yourself by upgrading to Acrobat Reader 8, which is the newest version of the program. Adobe released the new version a couple of months ago to include the security fix. If your computer’s operating system can’t handle Acrobat Reader 8, you can download Version 7.0.9, which also contains the security fix. And yes, this security fix also applies to Mac users too!

If you provide PDFs for visitors of your site, there are some steps you can take to help protect them. The security advisory provided by Adobe gives instructions on how to do this:
http://www.adobe.com/support/security/advisories/apsa07-02.html

There are also some less “geeky” instructions here:
http://blogbusteraudio.blogspot.com/2007/02/when-pdfs-attack.html

If you want a more detailed explanation of this security risk, check out this article on ZDnet:
http://news.zdnet.com/2100-1009_22-6147428.html?tag=nl.e539

Thanks to the Art Biz blog for the heads up!

This morning as I was sorting out my emails I ran across this message.

Supposedly, this is an email from Ebay claiming that someone had filed a complaint against me saying that I won an item and had not paid for it. In order to dispute this claim, I need to click on the link in the email and find out how to dispute the claim. As fearsome as this email sounds, I’m not a bit worried because I’ve already gotten this email at least 3 or four times this week and they’ve all come through different email address…none of which I use for Ebay. What we have here is a phising scam.

If you’ve been on the Internet for any amount of time, you probably would have heard of this type of scam. “Phising” is when scammers try to trick you into providing information that will allow them to steal bank account numbers, credit card number, or other sensitive information. The way phising scams work is to send out email that looks like it’s from a source that everyone has heard of or one that everyone trusts, like Ebay, Amazon, or Bank of America. The message in the email tells you that something’s wrong with your account, or that someone has attempted to hack into your account, and that you need to click on a link in the email in order to fix the problem or provide information. In most cases, these links will take you to a web page that looks like it’s from the web site that claims to have a problem with your account. When I click on the link in the email above, I was sent to this page.

It looks an awful lot like a page from Ebay, until you check the address bar in the browser:

If you type in your username and account to sign into this fake page, you’re providing the scammers access to your Ebay account. Sometimes the scammers will ask you to provide bank account information, credit card information, or your social security number. Once they get this information, they make charges on your credit card, steal money from your bank account or even steal your identity.

Phising scams aren’t new, but the scammers seem to be getting better and better at fooling people into giving out sensitive information about themselves. Even those experienced in using the Internet needs to continue to be on the look out. Here are some ways to avoid being caught by these scams:

1. Treat any email that claims that there is a problem with an account or requests sensitive information with suspicion.
2. Check the links in the email, if the links don’t match the website or the link includes the @ symbol in the address, the email is a phising attempt.
3. Don’t click on any links in the email. If you want to see if there really is a problem, go directly to the web site yourself and contact customer service or support. If the email claims to be from a bank, find the phone number and call the bank yourself. Don’t trust any links or phone numbers provided in the email
4. Never give out your social security number, any kind of passwords, bank account numbers, or credit card numbers over email. Banks and other reputable web sites will never ask for this type of information over email.
5. If you’ve come across something that looks like a phising attempt, contact the web site or the company that’s being spoofed and let them know about it.
6. Keep up to date on the latest scams. The web site Scambusters.org has a good article about phising with actual examples of real phising emails now being circulated on the Internet. Scambusters also has information on other types of Internet scams.