Major tech firms including Google, Facebook and Microsoft have teamed together to fight email phishing scams. Members say the partnership will lead to better email security and protect users and tech brands from fraudulent messages.

The group, which calls itself DMARC -- for Domain-based Message Authentication, Reporting & Conformance -- says it wants to help reduce email abuse by standardizing how email receivers perform authentication. Now, email senders will get consistent authentication results for their messages at Gmail, Hotmail, AOL and any other email receiver using DMARC.

Email phishing scams are messages designed to trick recipients into providing personal information by replying or clicking on links. The emails look like they come from a legitimate sender, often featuring brand logos and mimicking the format and language of authentic messages.

With the rise of social media and e-commerce sites, spammers and phishers have "a tremendous financial incentive" to compromise user accounts, leading to theft of passwords, bank account information and credit card numbers, DMARC said.

"Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands," the group said. "Simply inserting the logo of a well-known brand into an email gives it instant legitimacy with many users."

Other companies involved in DMARC include Bank of America, LinkedIn, PayPal and Yahoo.

RELATED:

Shopping tips for protecting personal information

Hackers infiltrated personal Gmail accounts, Google says

New Justice Department unit to fight tech crimes, identity theft

-- Andrea Chang

Image: Screen shot of the companies involved in DMARC. Credit: DMARC

Starting today, each time you click an outbound link on Facebook, San Diego's Websense will visit that site first, checking to see if it poses a security threat before letting you leave the world's largest social network.

The move is one that seeks to improve security measures online for Facebook's more than 800 million users and makes use of technology that has taken more than a year to develop, said Charles Renert, a senior director of security research at Websense.

Once you select a link, Websense's security tools kick into action, visiting the outside website and running a series of scans and tests seeking out botnets, malware, phishing programs, trojans and other viruses.

If Websense identifies any such harmful material on the other side, Facebook then serves up a familiar-looking warning page that reads "Security Alert: This Link May Not Be Safe," which now also features a Websense logo.

The page gives users the option to either return to the previous page they visited or to ignore the warning and continue to the potentially dangerous website. The warning page also offers up a link to more information on why Websense identifies the link as a harmful one.

Websense's technology (which it calls ThreatSeeker Cloud) isn't a Facebook app in the traditional sense and won't have access to a user's name, date of birth, wall, networks, friends list or any other personal or public information shared on the site, Renert said.

"We get no user information from Facebook," he said. "The security transactions between Facebook and Websense are all anonymized and focused specifically on checking out the security of links shared on Facebook."

RELATED:

Privacy groups ask FTC for Facebook inquiry

Lawmakers urge FTC to investigate Facebook for cookies

Spotify unveils "private listening" after Facebook users complain

-- Nathan Olivarez-Giles
Twitter.com/nateog

Googling for news of Heidi Klum can waste a lot of time. It can also ruin your computer.

The German model and reality show host tops the Most Dangerous Celebrities list from computer security firm McAfee Inc. The annual study analyzes which famous names are used by cyber criminals to lure people to websites laced with viruses and other malicious content.

The study found that movie stars and models are far riskier to search for than musicians and sports stars. But searching for any celebrity name "continues to generate risky results," said a statement from Paula Greve, director of Web security research at McAfee.

Fans of the blond, statuesque Klum are especially in danger of a virus or two -- searches for " Heidi Klum and downloads," "Heidi Klum and screensavers," "Heidi Klum and hot pictures" and "Heidi Klum and videos" run a 10% chance of landing on a malicious site "that tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware," the company said.

The top 10 list includes:

1. Heidi Klum -- former Victoria's Secret model; host and producer of "Project Runway""

2. Cameron Diaz -- last year's Most Dangerous Celebrity

3. Piers Morgan -- British host of "Piers Morgan Tonight" is the most dangerous male name to search for

4. Jessica Biel -- formerly at No. 3

5. Katherine Heigl -- former "Grey's Anatomy" star moved into top 10 list for the first time

6. Mila Kunis -- recent roles in "Black Swan" and "Friends With Benefits" propelled her into the top 10.

7. Anna Paquin -- the "True Blood" star moved up from No. 10

8. Adriana Lima -- moved down from No. 6 last year

9. Scarlett Johansson -- has steadily become more "dangerous" as she's grown

10. Emma Stone, Brad Pitt and Rachel McAdams -- a three-way tie

RELATED:

Lost? May Yoda and Darth Vader guide you

'Star Wars' fans: The Stormtrooper helmet battle is over

Ashton Kutcher talks 'Two and a Half Men' and tech investing

-- Shan Li

Photo: Model and host Heidi Klum from television "Project Runway" arrives at the 63rd Primetime Emmy Awards in Los Angeles September 18, 2011. Credit: Danny Moloshok/Reuters

Gannett Government Media -- publisher of a dozen websites for the Army Times, Defense News and other government news websites and newspapers -- has had its Web servers hacked.

The company announced the security breach in a notice online on June 7, when the government-serving division of mega-publisher Gannett says it first learned of the hack. But on Tuesday morning, the details of the Web attack were disclosed by the company to its readers in an email:

We discovered that the Gannett Government Media family of websites suffered a cyber attack resulting in unauthorized access to files containing information of some of our users.

The information in those files included your first and last name, userID, password, email address, the internal number we assigned to your account, and if you provided the information, your ZIP code, duty status, paygrade, and branch  of service. We want to assure you that no financial (e.g. credit or debit card) information was compromised. Financial information is stored on a completely different system.

The websites affected include Defense News, Defense News TV, the Armed Forces Journal, the Federal Times, Military Times, Military Times Edge, Army Times, Navy Times, Air Force Times, Marine Corps Times, the C4ISR Journal, and the Training and Simulation Journal.

In the email, which was also posted in shorter form on Gannett's government news sites, the media giant said it hired an "outside computer forensics company to help us investigate and strengthen our controls to safeguard against future breaches" shortly after learning about the hacking.

The media company said its readers should "be on the lookout" for emails that look legitimate but are asking people to provide credit card or bank account numbers, Social Security numbers and other private information.

Gannett warned against clicking on links in the body of the message "that lead to websites asking you to login or to enter your personal information" and also advised against downloading or opening attachments in the emails as they may contain malware, viruses or spyware.

"Gannett Government Media Corporation or Defense News will never send you emails asking for your credit card number, social security number or other personally identifiable information," the email said.

The company also suggested that users "reset or strengthen your passwords on your Gannett Government Media Corporation or Defense News accounts and any of your other online accounts, particularly those that use the same email address you use for your Gannett Government Media Corporation or Defense News account as a user name or account identifier."

RELATED:

LulzSec calls it quits after 50 days

Hacker group the A-Team publishes list of alleged LulzSec members

Facebook hires George Hotz, famed PlayStation 3 hacker known as Geohot

-- Nathan Olivarez-Giles

twitter.com/nateog

Image: A screenshot of Gannett Government Media's website. Credit: Gannett Government Media Corp.

LulzSec, a group of hackers who recently posted fake stories reporting dead rappers Tupac and Biggie Smalls were alive and living in New Zealand on PBS' website, have a new target -- Sony.

From its Twitter account, @LulzSec, the group sent out a few tweets stating that it had already taken some information from Sony servers and was planning to attack the company further.

"Hey @Sony, you know we're making off with a bunch of your internal stuff right now and you haven't even noticed? Slow and steady, guys," LulzSec tweeted on Tuesday.

Sony has been facing a myriad of security troubles going back as far as April 20, which resulted in the temporary shutdown of its PlayStation Network and Qriocity, and the possible data leak of more than 90 million user accounts.

Last month, Sony's Thai website was hacked in an alleged credit card phishing scheme.

LulzSec said on Twitter that, so far, it hasn't attacked the Sony PlayStation Network, writing "you Sony morons realize we've never attacked any of your precious gaming, right? Do you know Sony does this thing called 'music' too?"

The group also said it's looking to attack Sony further, tweeting on Wednesday, "Our recent attention surge has prompted us to make the next Sony operation more classy."

On Wednesday, Sony officials were unavailable for comment on LulzSec's threats.

RELATED:

LulzSec hacks, defaces PBS website

Hackers infiltrated personal Gmail accounts, Google says

Sony server said to have been hacked to host credit-card phishing site

-- Nathan Olivarez-Giles

twitter.com/nateog

Image: A screenshot of a tweet from the LulzSec hacking group claiming responsibility for a Web attack against Sony. Credit: LulzBoat/Twitter

Apple is working on a software update to its Mac OS X operating system to combat a malware going around known as Mac Defender.

"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus," Apple said in a statement on its support website. "The user is then offered Mac Defender 'anti-virus' software to solve the issue."

But Mac Defender isn't anti-virus software, it's malicious software, Apple said.

"Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes," the Cupertino tech titan said. "The most common names for this malware are MacDefender, MacProtector and MacSecurity."

Apple said it will release a Mac OS X update in a few days "that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware."

In the meantime, the Mac OS X support page instructs Mac owners to force quit their web browser if notifications about viruses or security programs pop-up.

"In some cases, your browser may automatically download and launch the installer for this malicious software," Apple said. "If this happens, cancel the installation process; do not enter your administrator password. Delete the installer" and empty it from the Mac's Trash bin.

RELATED:

Apple's new Final Cut Pro X to hit the Mac App Store

Bertrand Serlet, often called 'the father of Mac OS X,' leaves Apple

Apple's Worldwide Developers Conference to 'unveil the future' of iOS and Mac OS X

-- Nathan Olivarez-Giles

twitter.com/nateog

Photo: A person types on a MacBook Pro laptop at an Apple Store in San Francisco. Credit: Justin Sullivan/Getty Images

A Sony server has been hacked to host a website for an alleged phishing scam targeting an Italian credit card company and its users, according to the web security firm F-Secure.

"We know you're not supposed to kick somebody when they're already down ... but we just found a live phishing site running on one of Sony's servers," F-Secure wrote in a blog post on the hack.

The security breach appears to be unrelated to the attacks that took down Sony's PlayStation Network and Qriocity music service, the San Jose-based security company said.

However, it is yet another example of how the Japanese tech giant is struggling with security.

The attacks on Sony's online services that affected PlayStation and Qriocity users resulted in exposure and possible theft of personal data for more than 90 million customers.

Sony Chief Executive Howard Stringer apologized for the attacks, which resulted in the PlayStation Network and Qriocity being shut down on April 20, with a partial return on May 14 -- though many parts of the PlayStation Network, such as the PlayStation Store, still aren't fully up and running as they were before.

The Web server used to host the phishing site is normally used to host Sony's Thai site, F-Secure said, adding that it believes that the hack only affected a server that has no access to Sony customer's personal information.

F-Secure said it has notified Sony of the attack, later blocking the URL for the phishing site. Sony officials were unavailable for comment on the matter on Friday morning.

RELATED:

Sony flips the switch back on for PlayStation Network

Sony CEO apologizes for PSN hacks, offers ID-theft insurance

Sony says hacker may have stolen information from more than 90 million user accounts

-- Nathan Olivarez-Giles

twitter.com/nateog

Image: A screenshot of an alleged phishing site placed on a Sony server by hackers. Credit: F-Secure

Google Inc. said today that its Gmail e-mail service has been attacked in an industrywide phishing scheme in which hackers obtained user names and passwords to gather personal information such as credit card and bank account numbers.

"This was not a Gmail security breach," said Google spokesman Andrew Kovacs. "As soon as we became aware of the issue, we reset the passwords on the small number of affected accounts."

He did not say how many e-mail accounts were compromised. He advised customers to enter their e-mail credentials only to web addresses starting with https://www.google.com/accounts and to examine carefully certificate warnings.

In all, about 30,000 people using Hotmail, Yahoo, AOL, Gmail and other e-mail service providers have been victims of recent phishing schemes, according to BBC News.

-- Melissa Rohlin

The Google Chat phishing scam at ViddyHo.com.

It was a rough day for Gmail.

First, Google's e-mail service experienced an outage that lasted several hours in the early morning. Then, a phishing scam made its way around Google Talk, the chat protocol embedded within the Gmail Web interface.

For the former, Google issued an apology and an explanation via its Gmail Blog. For the latter, Google added the apparent perpetrator of the the phishing attack, a website called ViddyHo.com, to its blacklist.

The users transmitting the links have been blocked, the website marked as malicious in Google search results and the domain indicated as a phishing website to people using the Firefox, Safari and Chrome browsers, a Google spokesperson said in an e-mail. Basically, the action meant that if the ViddyHo.com domain was ever worth anything to anyone, it's not anymore. The website also appears to have been taken offline.

People targeted by the scam received a message from what appeared to be a friend's user name. The message contained a link, which led to a Web page asking for the user's Google log-in name and password. Those who did that had their accounts used to send similar messages to their online contacts.

Google is urging those scammed to change their passwords immediately. The company hasn't received any reports of suspicious activity on targeted accounts, aside from using them to spread the scam, the spokesperson said, adding that the outage and the phishing outbreak were unrelated.

-- Mark Milian