Category Archives: email scams

Valentine’s Day – Malware Love Is Coming Your Way

From the – here we go again files. Love in your inbox – malware on your computer.

imageLike clockwork, spammers and cybercrooks ramp up the volume of Valentine’s spam emails aimed at unsuspecting users – every yearstarting just about now.

You know the ones –  “Falling in love with you”, “Sending you my love”, “Memories of you”, “I Love You Soo Much” …………. (saccharin sells I guess  Smile  ). Since cyber crooks are opportunity driven, you can expect much more of this type of cybercriminal activity again this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. You get them so often, that you just automatically click on the email attachment without thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting emotions. The fact is, we’re all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, many of us find it difficult, if not irresistible, to not peek at love notes received via *email.

The reality.

The truth is, these emails often contain links that deliver advertisements – or worse, redirect the victim to an unsafe site where malware can be installed on the soon to be victim’s computer.

Would you be fooled?

A couple of years back, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. Clicking on the link led him to a site which had a graphic of hearts and puppies – and of course,  the teaser.

image

Luckily, common sense prevailed and he backed out of this site. If he had clicked on the teaser, he would have begun the process of infecting his machine with a Trojan. A Trojan designed to connect to a remote command and control center.

Unfortunately, being smart is often NOT enough to protect yourself. At a minimum – make sure you have an effective security solution installed; capable of detecting both known and new malware strains.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them – they could take you to a web site designed to download malware onto your computer.

* Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc..

Advertisements

6 Comments

Filed under Don't Get Scammed, Don't Get Hacked, email scams, Malware Alert

Am I Dead? Investigation.org Wants to Know

imageI woke up this morning to find that I wasn’t dead. That’s kind of a bonus, since there have been mornings when I wasn’t entirely convinced –  if you know what I mean. But, I’m getting ahead of myself.

Assuming, one is still alive – I suspect that there might be a certain sense of urgency in refuting a rumor that one has passed on to bigger and better things (hopefully, bigger and better things, but……).

In the latest craziness on the spamming scene – Investigation.org (now there’s a catchy name), has crafted a phishing email – loaded with power words – in an effort to provoke the need to act.

First, to prove you’re not DEAD – and subconsciously, who doesn’t have a need to do that? Second, in the happy event you’re not DEAD – the good news is – you’re in line to “receive and confirm your funds without any more stress”. Good news – no?

In an attempt to show the proper degree of sincerity (just in case you’re DEAD, as you read the email), Investigation.org goes that extra mile – “MAY YOUR SOUL REST IN PERFECT PEACE – YOUR JOY AND SUCCESS REMAINS OUR GOAL.”

Text of this unintentionally hilarious email –

URGENT CONFIRMATION NEEDED TODAY/CALL FOR DETAILS

Investigation Bureau office@investigation.org

8:48 AM (5 hours ago)

Attn: Sir/Madame (don’t know if I’m a man or a woman – what gives?)

We are writhing to know if it’s true that you are DEAD? Because we received a notification from one MR. GERSHON SHAPIRO of USA stating that you are DEAD and that you have giving him the right to claim your funds.

He stated you died in a CAR accident. He has been calling us regarding this issue, but we cannot proceed with him until we confirm this within after 7 days of no respond.

Be advised that we have made all arrangements for you to receive and confirm your funds without any more stress, and without any further delay.

All we need to confirm now is you been DEAD Or still Alive. Because this MAN’S message brought shock to our minds. And we just can’t proceed with him until we confirm if this is a reality OR not.

But if it happened we did not hear from you after 7 days, then we say: “MAY YOUR SOUL REST IN PERFECT PEACE” YOUR JOY AND SUCCESS REMAINS OUR GOAL. May the peace of the Lord be with you wherever you may be now.

Your Faithfully,
Mrs. Vivian Martins
Tel: +123-806-731-6969

Email: investigation_departtt1@hotmail.com

OK, I will admit, that to be taken in by a scam email like this, or any scam email for that matter, one would have to be the type of person whose antenna doesn’t pick up all the channels.

Still, when you consider that 90% of all emails are spam – and scams are a big part of that percentage – it’s fair to say – more than a few unlucky souls who’ve lost contact with the mother ship, will fall for this type of scam email.

What a sad reflection on the state of the Internet.

24 Comments

Filed under Cyber Crime, Don't Get Scammed, email scams

Online Paperless Billing – The New Attack Vector For Cyber Crime

imageI’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

Enbridge 1

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

Enbridge 2

A couple of extra clicks to reach my online banking and, the bill is paid.

image

No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.

image

Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “att.com link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.

12 Comments

Filed under Cyber Crime, email scams, Malware Alert

OMG! Mark Zuckerberg Sent ME An Email!

What a rush! Mark Zuckerberg knows I exist and, even better than that – he just gave me $200. Yes! $200! Thanks Mark; I’ll get right on that.   Smile

You don’t believe me I hear you saying – then, take a peek at this email from my Gmail spam box. Oops, I’ve just given myself away – haven’t I? The email is in my SPAM box. With good reason, of course.

While it’s true, that in this particular case, spam filters have isolated this email as both spam and a probable fraud – do not rely on filters as the ultimate safeguard. That’s your job – you are your own best protection.

image

Click to expand.

As an experience and educated surfer, you’re quite use to navigating over the rough trails of the “Wild West” Internet. You know, that this email is just too preposterous to be taken seriously. Although, as difficult as it is to believe, there are those who are gullible enough to  respond.

If you’re a regular reader here, please forgive me for repeating the following same old – same old – advice.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this type of scam on the Internet. In doing so, you help raise the level of protection for all of us.

A technical approach to protecting yourself against fraudsters:

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

How gullible can people be? When Michael Jackson passed, I wrote a piece entitled “Hey Sucker – Read This! Michael Jackson’s Not Dead!”, simply as a test of “curiosity exploitation”.

The results that followed were astonishing – within days, this article was getting thousands of daily hits. Even today, this article continues to get hits. Talk about gullible people!

14 Comments

Filed under Cyber Crime, cybercrime, Email, email scams, FaceBook

3..2..1 – UPS Malware Blasts Off!

imageMy friends over at Commtouch, got me on the horn to advise me that the UPS email scam (with malware attached), has bounced up significantly. From what I can see, the malware is a Fake Alert Tojan which installs a rogue security application. So, be on your guard.

I’m on vacation this week, so I’ll post the Commtouch Café blog article verbatim.

A wild malware rollercoaster – over 500% increase

The UPS name is once again being used to spread vast amounts of email-attached malware.   The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.  The attack closely resembles the large outbreak reported on at the end of March.  The graph below illustrates the increase:

image

There are numerous versions of the email text – some examples:

Good afternoon!

Dear Client , Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

Good afternoon!

Dear User , Delivery Confirmation: FAILED

Please print out the invoice copy attached and collect the package at our department

With respect to you , Your UPS Services

GOOD AFTERNOON!

Dear Client , We were not able to delivery the postal package

Please fill in attached file with right address and resend to your personal manager

With Respect , Your UPS .COM

ATTENTION!

DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT

With best wishes , Your USPS .us Customer Services

These emails also come with a range of subjects such as:

  • USPS Attention 060532
  • USPS: DELIVER CONFIRMATION – FAILED 17592718
  • USPS id. 182407
  • USPS DELIVERY CONFIRMATION 7264145
  • From USPS 4009717
  • Your USPS id. 44531036
  • USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

  • “ups_NR9Yl2673.zip”
  • “Ups_NR5pY500268590.zip”
  • “UPS_NR5Da3052.zip”
  • “MyUps_NR9hN8574.zip”
  • “MYUPS_NR5gX736615890.zip”

Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Cyber Crime, Don't Get Scammed, Don't Get Hacked, email scams, Malware Advisories

Don Gunshot – The Hitman With A Heart e-Blackmail

imageI sometimes wonder if it isn’t a prerequisite that Nigerian scammer wannabes are required to graduate “comedy school”, before they get their scammers license and are set free to practice their newfound skills on the marginally intelligent.

In a new twist on an old theme (the infamous 419 scam), Nigerian scammers have upped the ante in a variant of their usual email scam nonsense – the hitman, “I’m gonna kill you” email. These fear-provoking emails (at least they’re intended to be scary), contain a threat that the recipient will be murdered by – are you ready for this – “Don Gunshot”.

But, Don is not your ordinary run-of-the-mill “I’m gonna blast ya out of your shoes” hitman. No, Don it seems, has a big heart. For a measly $5000, Don will take you off the list of his current projects. Just in case you might think that Don is no gentleman, he’s gone the extra mile and politely signed off on the email, with a kindly – Regard(s). Too funny!

Hitman emails are not a new threat – they’ve  been circulating on the Internet since at least early in 2007. They come; they go, and come and go again.

So it’s hardly surprising to see that Symantec has just identified a new wave of hitman emails currently making the rounds. Although there are many variations of this email, here’s one example:

Click graphic to expand to original size.

image

Graphic courtesy of Symantec.

On a more serious note:

Don’t act fast as Don suggests. Don’t send $5000. Do contact the Police – this an attempt at extortion.

This scam illustrates the lengths to which these crooks will go to entrap the unwary and gullible. Unfortunately, the description “unwary and gullible”, is easily applied to substantial numbers of Internet users.

As an experienced and cautious Internet user, it’s safe to say that you will not be deceived by this type of clumsy attempt to defraud but, you might be surprised how often reasonably intelligent people are.

So, be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of 419 scams on the Internet. In doing so, you help raise the level of protection for all of us.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, email scams, Humor, Internet Security Alerts, Online Safety, Symantec, Windows Tips and Tools