The Washington Post’s Brian Krebs:

An investigative series I’ve been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud.

The simplest, most cost-effective answer I know of? Don’t use Microsoft Windows when accessing your bank account online.

You should read the whole article.

Must be the season for social-engineering spam, because if you thought this was bad, get a load of what just showed up in my inbox:

This is a well-done ploy on many counts: it appears to be from the IRS, implicates my employer, looks official, and logically follows tax season. The attachment, a Word DOC, was opened without incident on my Mac, but the document showed an embedded object foreign to my operating system (OSX Leopard), so there was no issue.

Deeper research shows that it quite possibly might be a trojan horse that installs a virus; if you read the comments in the previous link, you’ll see different delivery mechanisms. Some are PDFs, some ZIP files, some DOCs. Regardless, it seems as if the object, regardless of its wrapper, installs some sort of malicious payload.

Be careful. This ploy was clever enough to get past SpamAssassin, so I’d guess most antispam definitions don’t have this one in their tables yet.

If you’ve received anything like this, post it below so others can understand what’s floating around out there.