The U.S. Federal Trade Commission (FTC) issued an alert this week about an uptick in phishing attacks preying on people whose banks have recently failed or been purchased:

Phishers (pronounced “fishers’) may send attention-getting emails that look like they’re coming from the financial institution that recently acquired your bank, savings and loan, or mortgage. Their intent is to collect or capture your personal information, like your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Their messages may ask you to “update,” “validate,” or “confirm” your account information.

The alert contains a bit more information, along with a number of tips to help users avoid these attacks.

Dancho Danchev at the Zero Day ZDNet blog reports that Asus has accidentally shipped new desktop PCs with malware on the hard drives:

Asus has confirmed and apologized to customers (press release in Japanese; translated version) for shipping malware on the recently introduced Eee Box desktop computer.

As Dancho notes, this is not the first time that a mass-market hardware product has been sold with malware pre-installed:

In addition to last month’s Asus fiasco when they accidentally shipped cracking tools and confidential documents on recovery DVDs, the company is among the increasing number of companies that have shipped malware on their products during the last couple of years – Apple (2006), TomTom (2007), Seagate (2007), and HP (2008).

Fortunately, these are still relatively small-volume, isolated incidents, not a mass threat. Web and e-mail are still much easier and more widespread attack vectors for malware distributors.

The National Cyber Security Alliance, which is coordinating the effort designating October as National Cyber Security Awareness Month, has a list of the "Top 8 Cyber Security Practices." This list, although not new to many in the StopBadware community, is a great resource for educating users about the key concepts for staying safe online.

Here’s the list:

1. Protect your personal information. It’s valuable.
2. Know who you’re dealing with online.
3. Use anti-virus software, a firewall, and anti-spyware software to help keep your computer safe and secure.
4. Be sure to set up your operating system and web browser software properly, and update them regularly.
5. Use strong passwords or strong authentication technology to help protect your personal information.
6. Back up important files.
7. Learn what to do if something goes wrong.
8. Protect your children online.

Later this month, StopBadware will be giving a webinar on website & computer security for nonprofits, hosted by NTEN – the Nonprofit Technology Education Network. If you’re involved in technology for a nonprofit, and want to learn more about security, find out more about the webinar and register here.