Due to widespread concerns about its thoughts on users' privacy, Facebook has been under all sorts of fire lately, facing criticism from U.S. senators, European data protection authorities, and many tech experts. Now, yet another problem's cropped up, as Facebook's been called a top target of phishers.

Facebook Becomes A Favorite Target Of Phishers

The Securelist division of Kaspersky Labs issued a report yesterday, and the identities of the top three organizations that have been targeted by phishers may not come as a surprise to anyone; they're PayPal (with 52.2 percent of all attacks aimed at it), eBay (with 13.3 percent), and HSBC (with 7.8 percent).

The report, which covered the period between January and March of this year, next stated, though, "Facebook popped up unexpectedly in fourth place. This was the first time since we started monitoring that attacks on a social networking site have been so prolific."

By way of explanation, the report then continued, "Having stolen users' accounts, the fraudsters can then use them to distribute spam, sending bulk emails to the account owners and their friends in the network. This method of distributing spam allows huge audiences to be reached. Additionally, it lets the fraudsters take advantage of the social networking sites' additional options, like being able to send different requests, links to photo's and invitations, all with the advertisement attached, both within the network and to users' inboxes."

Obviously, this isn't good news for Facebook's users or the security community as a whole. Facebook acts as a sort of point of entry to information about a whole lot of people (the social network had 400 million users in early February).

This isn't good news for Facebook, either, though - nothing that makes its users uncomfortable or unhappy, and therefore likely to leave, is - so perhaps we'll at least see the company make some attempt(s) to address this problem.

Anyway, if you're curious, the list of phishers' targets picked up after Facebook with Google, the IRS, Rapidshare, Bank of America, UBI, and Bradesco.

As huge corporations go, Google's a pretty cuddly one, but according to the search giant itself, everyone should be careful about offers of employment or wealth that involve its name. "Google Money" scammers represent a growing problem that the company is trying to combat.

Google Goes After Impersonator Scammers

A post on the Official Google Blog announced today, "[D]espite hundreds of consumer complaints and our own efforts to keep these sites from tricking people, some scams continue. To fight back, we're working to stop various fraudulent 'Google Money' schemes, and this week filed suit against Pacific WebWorks and several other unnamed defendants."

The post then added, "[W]e're still working constantly to remove scammy URLs from our index, and we'll permanently disable AdWords accounts that provide a poor or harmful user experience, whether or not they use Google's trademarks illegally."

The problem continues to exist, though.

So fair warning: The scams are known to operate under names like the Earn Google Cash Kit, Google Adwork, Google ATM, Google Biz Kit, Google Cash, Google Fortune, Google Marketing Kit, Google Profits, Google StartUp Kit, Google Works, and the Home Business Kit for Google. From there, they tend to be fairly standard make-money-from home affairs.

As always, stay sharp.

A report issued by a U.S. Senate committee only uses the word "scam" when quoting different consumers; the report's title employs the phrase "aggressive sales tactics," instead. Still, it looks like a number of big online companies have been caught profiting off people's confusion.

Senate Uncovers Online Credit Card Tricks

An investigation ordered by Senate Commerce Committee Chairman John D. Rockefeller IV discovered that Affinion, Vertrue, and Webloyalty "gain access to online consumers by entering into financial agreements with reputable online websites and retailers," according to the official report.

Then, "[T]he three companies insert their sales offers into the 'post-transaction' phase of an online purchase, after consumers have made a purchase but before they have completed the sale confirmation process. These offers generally promise cash back rewards and appear to be related to the transaction the consumer is in the process of completing. Misleading 'Yes' and 'Continue' buttons cause consumers to reasonably think they are completing the original transaction, rather than entering into a new, ongoing financial relationship with a membership club operated by Affinion, Vertrue, or Webloyalty."

So individuals wind up paying $9 a month, and companies make millions. Millions upon millions, really. 1-800-Flowers.com, Buy.com, Priceline, and US Airways (among many others) were all given more than $10 million by Affinion, Vertrue, and Webloyalty. Barnes & Noble, eHarmony, and Pizza Hut received between $1 million and $10 million.

It's a bit scary to see this sort of trickery employed by such mainstream organizations. Hopefully the committee's report will force them to clean up their act.

It might not be long before we return to the days of schoolchildren diving under their desks in warfare preparedness drills. Only now, instead of hiding from nukes, the kiddos may be unplugging their computers, since McAfee has indicated that a cyberarms race is taking place.

McAfee: Cyberwarfare A Big Threat

Dave DeWalt, the president and CEO of McAfee, said in a statement, "[S]everal nations around the world are actively engaged in cyberwar-like preparations and attacks." These include China, France, Israel, Russia, and the U.S., and it's no secret that the members of this group aren't all on great terms.

What's more, cyberwarfare's barrier to entry is so low in comparison to traditional hostilities (a roomful of computers vs. thousands of men, tanks, and airplanes) that lots of other countries are almost sure to pursue the idea.

Then, if and when the virtual bullets start flying, things could get really nasty. McAfee reported, "Attackers are not only building their cyberdefenses, but cyberoffenses, targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies, because damage can be done quickly and with little effort."

At least this state of affairs would create a good job market for security professionals. Everybody else might benefit in a physical manner from the dive-and-unplug exercises, too.

It's sometimes fun to be an early adopter, as the long lines and waitlists for things like iPhones and the new Camaro have proven. But where security products are concerned, do yourself a favor and let other folks go first, since a fresh report indicates that it can take more than a single try to get things right.

ICSA Labs Finds Flaws In New Security Products

ICSA Labs, which is based in Pennsylvania and has been around for 20 years, tests and sometimes certifies products. Emphasis on "sometimes."

An ICSA Labs Product Assurance Report indicated that just 4 percent of security products attain certification following a first round of testing. Most have to try again between one and three times before making the cut.

And it's not guaranteed that a product will ever meet the necessary standards, either. According to ICSA Labs, only about 82 percent of products attain certification in the end, meaning about one-fifth of all applicants (and perhaps a much larger percentage of products) aren't up to snuff.

So leave the shakedown cruises to less cautious individuals. Just repeat "patience is a virtue" a few times and read reviews while you're waiting, and remember that things will be less likely to blow up in your face when you finally get onboard.

No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.

Nigeria Announces Early Results Of Anti-Scammer Initiative

Nigeria's Economic and Financial Crimes Commission is the force behind Project Eagle Claw, and with Microsoft's help, has just started ramping it up. Waziri explained in a statement, "We expect that Eagle Claw as conceived will be 100% operational within six months and at full capacity, it will take Nigeria out of the top 10 list of countries with the highest incidence of fraudulent e-mails."

She then gave some very interesting details, continuing, "[U]pon full deployment, the capacity to take down fraudulent e-mails will increase to 5,000 monthly. Further it is projected that advisory mails to be sent to victims and potential victims will be about 230,000 monthly."

Anything Nigeria can do to address the problem of scammers operating from within its borders will of course be good for the country's image. More than that, it might help honest Nigerians become part of the online world (since some entities have just taken to blocking troubled regions as a whole).

Then there will be the benefit to the rest of the world, with maybe millions of dollars not getting lost. For that reason, Project Eagle Claw is likely to gain a lot of fans.

When considering where to live, it's wise to look up stats about an area's climate, the cost of living, and its proximity to other important stuff in your life. Symantec's MessageLabs recently supplied some information about your odds of getting spammed, too.

MessageLabs Names Most- (And Least-) Spammed States

Somewhat surprisingly, the states you might imagine as being the "most wired" - California, New York, Washington - weren't at the top of the list. Instead, the state in which spam represents the highest percentage of all emails received is Idaho, with 93.8 percent.

In an email to SecurityProNews, a Symantec/MessageLabs representative then listed the other top states (in order) as Kentucky, New Jersey, Alabama, Illinois, Indiana, Massachusetts, Pennsylvania, Arizona, and Maryland.

The U.S. territory of Puerto Rico wound up on the opposite end of the list, followed by Montana, Alaska, Kansas, South Dakota, Tennessee, Vermont, Rhode Island, Wisconsin, and Florida.

We're not quite sure what to make of these findings; the states don't appear to be ordered according to Internet penetration rates, GDP per capita, overall population, physical size, or anything else. Still, if you're looking to move, now you have a better idea of how to decrease the odds of getting bombarded with spam at your new home.