URL Shortening Sites Target Email Weakness

Sites like Tinyurl.com and Bitly.com are the go-to places for Tweeters who do not want long URLs to eat up their typing space. However, shortened URLs have a second, more insidious use. They allow spammers and hackers past the old email filters and into your inbox.

Most email anti-spam engines were created before the use of embedded URLs in emails, not to mention shortened ones. Most anti-spam programs try to trace back the URL to see if the site is dangerous. However, a shortened URL can be used by hackers two ways.

The first way is simple. They plug the site they want you to get directed to into one of the known and trusted URL shortening sites available for free to the public. Because the URL shortening site is trusted, the link is trusted. However, the link does not take you to the URL shortening site; it takes you where it was originally directed.

Secondly, hackers get even more creative. Once the anti-spam filters get around the URL shortening sites, as some have done, hackers create their own URL shortening sites. Essentially, they shorten a site that’s already shortened. So, when you click on the link, you get redirected not once, but twice. The first redirection is safe, the next is a hackers.

This was “yet another example” of cyber-criminals adopting new technology to bypass traditional security measures, said Bradley Anstis, vice-president of technical strategy at M86.

“A lot of the traditional anti-spam engines were developed before Twitter, so they are not geared up to recognize embedded URLs as seen in blended email threats in spam, let alone shortened URLs that link to malicious, or compromised Web pages,” Anstis said.

Some frightening statistics:

In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).
The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April. (From Net-security.org)

So, what can you do to protect yourself? For one, never click on an email link if you do not trust the sender. Two, even if you do trust the sender, try to get to the link organically, meaning follow the normal method. If you are checking on a shipment, go through the main website instead of clicking on the link. These simple tricks will help to keep your computer and information safe from hackers.

Author Bio

This Guest post is by Christine Kane from internet service providers. She is a graduate of Communication and Journalism. She enjoys writing about a wide-variety of subjects for different blogs. She can be reached via email at: Christi.Kane00 @ gmail.com.

Update:

Here’s a super tip from anarchy4ever – “Some people may call me paranoid but I NEVER click on shortened url links. People should use url enlarger sites such as this one:
http://url-enlarger.appspot.com/

Just a personal observation – anarchy4ever is far from being paranoid – sounds like a very sensible solution.

Gmail Scammers Still On The Make

Email spammers/scammers are masters of the well worn “carrot or stick” school of motivation. They seem to bounce from “this is what you’ll get” versus, “this is what you’ll lose” – with some regularity.

Some samples of each motivational technique taken from my spam honeypot Gmail account in the last few days.

The carrot:

Hi
It`s Kerri again. Will you ever contact me?
I made those nude pictures especially for you and I won’t write to you again!
If you wanna see them just drop me a line at – – – – – – –

and the following heavily edited example.

Robert S.Mueller
FBI Director

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire by August 20th you will only need to pay $150 instead of $420 saving you $270 So if you pay before August 20th, 2011 you save $270.

Oh yeah, don’t forget to send us your name/address; sex/age; cell number; and –  a scanned copy of your driver’s license.

Yes, I’ll get right on that  

Both of the above are just too preposterous to be taken seriously. Although, as difficult as it is to believe, there are those who are laughably loony enough to  respond.

The stick is a little different, and a good example of this is the various forms of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

Unaware webmail users are much more likely to respond to the threat of losing their email privileges than you might imagine. If the notice looks convincing enough (and, they often do), some Gmail users are bound to be taken in.

The stick:

If you expand this graphic to its original size, you’ll notice the sender is googleemail.com – close, but no cigar. As well, if you’re a WOT (Web of Trust) user, you’ll see that WOT has cleared the “Sign in” link as being safe.

A rather confusing mixed message. Googlee is not Google, but WOT marks the link as safe.

Unfortunately, this “green light” is a shortcoming in WOT’s reputation assessment since the rating reflects the reputation of the the principal domain, and not a subdomain – which, in this case, the link resolves to.

Sadly, average users are generally unaware that Gmail provides a simple tool to view message headers which contain tracking information for an individual email.

In this case, checking the headers (as shown in the following screen capture) reveals this email actually came from prajim.siaminterhost.com – obviously, not Google.

Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fall for this type of crafty scam, are often redirected to a forged version of Gmail’s login page where they can happily provided the requested information.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

If you have a webmail account other than Gmail, check out this page for instructions on finding headers for your specific provider.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PC Tools Exposes “Harry Potter and the Deathly Hallows Part 2” Cyber Threat

The waiting game is almost over for Harry Potter fans who are hungry to feast their eyes on the much-anticipated final chapter in the Harry Potter franchise – Harry Potter and the Deathly Hallows Part 2.

There are always those of course who won’t wait – in this case until July 15. You know the type – the buttinskis who push ahead of you in line, or cut you off on the expressway – the ones you’d like to clunk upside the head.

Unfortunately, the obnoxious dimwits who behave in this way, tend to repeat this behavior across a broad range of personal activity, and I suspect, that the niceties of copyright law is well below their personal radar horizon.

The reigning experts in social engineering – cybercriminals (who, in my view, could teach “legitimate social engineering experts” a thing or two), are well aware of the “can’t wait buttinskis”, and in a perfect replay of the old “there’s no honor amongst thieves”, have made available through free torrent downloads –Harry Potter and the Deathly Hallows Part 2, except…

Except – PC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, has discovered that these free torrent downloads are nothing more than a new online malicious scam. Gotta admit – I love Karma payback!

I’m posting the bulletin PC Tools sent me yesterday on this, since it’s very instructive in terms of just how much effort cybercriminals will go through, in order to penetrate a target’s computer.

It’s not often possible to capture an online attack as it occurs, but in this case, PC Tools managed to do just that – see images and links listed below.

Here’s how the malicious scam works:

• First, a user searches torrents for free downloads of the final Harry Potter movie
• Results claiming to offer a free download of the new movie appear
• Once users download the file, .RAR file and password.txt downloads appear
• Users receive a message saying, “This video is password protected to stop automated leeching and detection. To get your password, please visit:
• Here, users are taken through a series of instructions to obtain their password.

One of which is choosing a link for a special offer while the site “verifies” the password

• Once users click on an offer, a new tab and pop-up open, asking users to save what seems to be a legitimate file
• After saving the file, cybercriminals have access to your computer—and the movie, of course, never appears on the screen

Harry Potter Threat  Exposed

Here’s what victims find while searching for the Harry Potter and the Deathly Hallows Part 2 movie or videos:

Users can discover apparently ripped versions of the new Harry Potter movie on file-sharing websites.

It looks like the movie is being downloaded on the victim’s computer.

The victim is instructed to decompress the archive.

RAR and password.txt files suddenly appear.

User is told to visit separate website by password.txt file.

The victim then sees this screenshot, claiming to be MovieYT.com.

User follows 3-step instructions, which takes them to a verification code check.

User clicks on VLC Player and a new tab is opened.

When hovering over the download button, the download executable file looks real.

Once the user clicks on the file, they are prompted to save it – this, of course, contains malware.

While all this is happening, the user is still waiting for the “Verification Check” from MovieYT – but the cybercriminals now have access to the victim’s computer. They have your password and other personal information that they can use to further attack you, your finances, your friends and social networks.

Worth repeating: Consider the trade-offs, and the very real risks involved with Peer to Peer and Torrent applications.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Scareware Is Everywhere – As Mac Users Just Found Out

The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a  porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become  “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

I’ll put it more bluntly – If you get a malware infection; it’s virtually certain it’s your fault. You might think – here’s this smug, cynical guy, sitting in his office, pointing undeserved critical fingers. Don’t believe it.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Kate Middleton Scam – Working Like A Charm!

If you’re a regular reader here, I don’t have to belabor the point and remind you, that significant numbers of Internet users are often unaware of the very real dangers that search engine results hold for their safety, security and identity.    You’re well aware that many are blissfully unaware of the hidden dangers on the Internet, and seem to have a natural tendency to “just click”.

Here’s a perfect example.

Several days ago, I posted an article – Kate Middleton Nude – As If! – knowing full well, that the article would draw scores of careless users to it – all looking for a titillating experience. A perfect opportunity to teach an Internet safety lesson. I wasn’t disappointed, as the following screen shot of search engine stats from this site, illustrates.

Hundreds of additional search terms (too many to show), included – catherine middleton nude, kate middleton revealing pictures, william and kate nude, kate middleton naked, kate middleton naughty photos, a picture of kate meddliston naked, kate middleton sextape ……..”kate middleton” nude or breast or bikini – I think you get the picture.

By the end of the day, yesterday – 2,000+ potential victims visited this post…

and an additional 900+ so far, today.

All of this reminds me of an article I wrote in July 2009 – Hey Sucker – Read This! Michael Jackson’s Not Dead! – which drew 1,000s of visitors. Most of whom were unaware that the events surrounding Jackson’s death were being leveraged by cyber crooks to drop malware on unsuspecting surfers machines.

A similar scenario is being played out here. Cyber crooks are using, as they always have, a provocative and tempting attention grabber as a hook to reel in the unwary and undereducated Internet surfer.

Since this site has a high Google Page Rank rating, the search string “kate middleton nude”, is in second place in Google search results out of 3 Million plus. I’d like to think, that those lucky few, who clicked on – Kate Middleton Nude – As If! – have a developed a heightened sense of awareness of cyber criminal manipulation of current events.

I’d like to think that – but, I doubt it. I’m convinced that the potential victims who clicked on this article, went on clicking elsewhere in their hunt for the non-existent. Without a doubt, some are now dealing with malware infections.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Kate Middleton Nude – As If!

I’m an easy mark when it comes to pomp and circumstance, so like millions worldwide, I just finished watching the Royal Wedding. An impressive occasion, to say the least. Now, I need to relax and get over my Royal Wedding media hangover.

The media frenzy surrounding the wedding is likely to remain at a fever pitch far into the future however, as will the level of cyber criminal activity hooked on to Prince William and Kate Middleton. Hardly surprising, when one considers the size of the “market”. Scoping out  “the royal wedding” on Google returns an amazing 53 Million search results – and cyber crooks love a big market.

Cyber crooks don’t miss a trick when it comes to leveraging events surrounding popular personalities, and along with the usual schemes – inbox spam, phony search results, Twitter and Facebook misdirection …….., – Kate Middleton comment spam, as illustrated by the following examples posted here in the last few days, has not been neglected by these parasites.

The first:

kate middleton naked
easy-share.com/1914927081/Kate_Middleton_-_Nude_P…
Givliani@gmail.com
184.82.196.132 – Submitted on 2011/04/27 at 12:19 am

Clicking on the link leads to a 90 MB compressed download hosted at Easy Share. I have no doubt that downloading this file would lead to a very painful experience.

The second:

This is actually my personal complete nude and semi-nude picture collection of Kate Middleton I collected over the last 10 weeks. http://www.megaupload.com/?d=8KKIJIWT Caution: Don’t leak this pack outside of this website or I will eliminate this comment and also chase you down to hell!

Clicking on this link leads to a similar 90 MB compressed download.

The third:

prince william wedding
netload.in/dateimQ5jcAXATn/Kate_Middleton_-_Nude_…
Kingwood@yahoo.com
69.162.162.130 – Submitted on 2011/04/27 at 12:19 am

Download and view this entire pic series of Kate Middleton along with pretty much all the unclothed as well as naughty images one can locate on the world wide web. http://www.fileserve.com/file/xnj2k2Q Caution: Don’t leak this pack outside of this site or I will delete this post and hunt you down to hell!

A similar set up – clicking on the link leads to a 90 MB compressed download.

If you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, as illustrated, can be extremely dangerous.

The amount of time required to effectively control comment spam is not insignificant. For example, since I first setup this site, I’ve dealt with over 55,000 spam comments.

Conservatively, it takes 10 seconds to check each spam comment (spam filters are not perfect) – that amounts to 152 hours, or 4 plus weeks, of wasted time. Needless to say – I consider comment spammers to be far down on the human evolutionary scale.

Same old – same old:

Be cautious when following links contained in comments on any web site.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Be cautious following links on web forums. Forums can often be a source of dangerous links.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Government of Nigeria “tortures” 419 Scammers – If Only!

I’m not advocating the torture of cyber criminals and spam scam artists, although ….

This morning, when I received an email (ostensibly), from The Federal Government of Nigeria (The Advance Fee Fraud section), in which it was made clear that – “some scam Syndicates were apprehended in Lagos, Nigeria few days ago and after several interrogations and tortures, (my) details were among those mentioned by some of the scam Syndicates as one of the victims of their operations” , it momentarily entered my mind that torture might be an appropriate penalty. Especially for those involved in this latest “wolf in sheep’s clothing” scam.

I’ve covered the wolf in sheep’s clothing scam here a number of times, including

1051 Site Dr. Brea, CA – Not An Address You Want To Go To!

A Helpful Spam Scammer – A Wolf in Sheep’s Clothing

This particular spam scam is highly instructive, and it illustrates the lengths to which these crooks will go to entrap the unwary and gullible. Unfortunately, the description “unwary and gullible”, is easily applied to substantial numbers of Internet users.

As an experienced and cautious Internet user, it’s safe to say that you will not be deceived by this type of clumsy attempt to defraud but, you might be surprised how often reasonably intelligent people are. So, be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

For reference, I’ve included the full text of this “torturous” email, which contains the usual spelling, grammar, punctuation, and layout errors.

EFCC FRAUD UNIT

Attention,
The Federal Government of Nigeria through provisions in Section 419 of the
Criminal Code came up with punitive measures to deter and punish
offenders.The Advance Fee Fraud section deal mainly with cases of advance
fee fraud(commonly called 419) such as obtaining by false pretence through
different fraudulent schemes e.g. contract scam, credit card scam,
inheritance scam, job scam, loan scam, lottery scam, “wash wash” scam (money
washing scam), marriage scam. Immigration scam, counterfeiting and religious
scam. It also investigates cyber crime cases.
This is to officially announce to you that some scam Syndicates were
apprehended in Lagos, Nigeria few days ago and after several interrogations
and tortures your details were among those mentioned by some of the scam
Syndicates as one of the victims of their operations.
After proper investigations and research at Western Union Money Transfer and
Money Gram office to know if you have truly sent money to the scam
Syndicates through Western Union Money Transfer or Money Gram, your name was
found in Western Union Money Transfer database amongst those that have sent
money through Western Union Money Transfer to Nigeria and this proves that
you have truly been swindled by those unscrupulous persons by sending money
to them in the course of getting one fund or the other that is not real,
right now we are working hand in hand with Western Union and Interpol to
track every fraudsters down, do not respond to their e-mails, letters and
phone calls any longer they are scammers and you should be very careful to
avoid being a victim to fraudsters any longer because they have nothing to
offer you but to rip-off what you have worked hard to earn.
In this regard a meeting was held between the Board of Directors of The
Economic and Financial Crimes Commission (EFCC) and as a consequence of our
investigations it was agreed that the sum of Two hundred thousand US Dollars
(US$200,000) should be transferred to you out of the funds that Federal
Government of Nigeria has set aside as a compensation to everyone who have
by one way or the other sent money to fraudsters in Nigeria.
We have deposited your fund at Western Union Money Transfer agent location
EMS Post office Lagos, Nigeria. We have submitted your details to them so
that your fund can be transferred to you.
Contact the Western Union agent office through the email address stated
below inform them about this notification letter and the transfer of your
fund;
Email:wu_payingdept@qatar.io
Yours sincerely,
Sarah White (Miss)
Assistant Investigation Officer.
The Economic and Financial Crimes Commission (EFCC)
15A Awolowo Road, Ikoyi, Lagos.
Nigeria
http://www.efccnigeria.org
******************************************************************

Please note that some fraudsters are claiming to be Directors or staff of
The Ecomomic and Financial Crimes Commission have recently been sending
phony e-mails/letters and also calling unsuspecting persons, with intent to
defraud them. It is important to note that these fraudsters are criminals
engaged in Advanced Fee Fraud known in Nigeria as 419. Every day, people
throughout the world are falling victim to scams of one kind or another. But
remember – if it sounds too good to be true, it is probably a scam. In the
circumstance, we unreservedly advice you to dissociate yourselve from all
correspondence and transactions entered into based on evidently fraudulent
and fictitious claims.
********************************************************************

“This e-Mail may contain proprietary and confidential information and is sent for the
intended recipient(s) only. If, by an addressing or transmission error, this mail has been
misdirected to you, you are requested to delete this mail immediately. You are also
hereby notified that any use, any form of reproduction, dissemination, copying,
disclosure, modification, distribution and/or publication of this e-mail message, contents
or its attachment(s), other than by its intended recipient(s), is strictly prohibited. Any
opinions expressed in this email are those of the individual and not necessarily of the
organization. Before opening attachment(s), please scan for viruses.”
All business handled under Standard Trading Conditions. Copy available on request.
********************************************************************

Just to be clear, as a strong supporter of Amnesty International, any references I made to torture were for effect, only.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1051 Site Dr. Brea, CA – Not An Address You Want To Go To!

Back in July 2009, I wrote an article “A Helpful Spam Scammer – A Wolf in Sheep’s Clothing”, which discussed how scammers rely on an apparent “truth” to convince unwary, or unsophisticated surfers, to buy into a scam designed to entrap victims of previous scams.

You would think the principal of “once burned – twice shy” might have impact; but apparently not. The World, it seems, is full of people who are ready to be shorn, not once – but, twice or more.

I have a hard time getting my head around the idea, that people can act so irrationally, they can be convinced to part with their money a second time, in what amounts to a slightly off kilter version of the same scam.

Scammers are not fools, by any stretch of the imagination, and they pursue time proven cyber-crime methods. And so, the following scam email, plucked from one of my inboxes this morning, is representative of the “we’re gonna screw you twice” emails, currently flooding the Internet. Just like most of these type of emails, this one contains the usual spelling, grammatical, and punctuation errors.

Dear Friend,

I am Mrs. Alice Hall. I am a US citizen and i am 48 years Old. I reside
here in 1051 Site Dr.Brea, CA 92821 USA. and i am thinking of
relocating since I am now rich.

I am one of those that took part in the United Nations Compensation
program in Nigeria many years ago and they refused to pay me. I had
paid over $20,000 while in the US, trying to get my payment but all
was to no avail.

So I decided to travel down to Nigeria with all my compensation
documents, And I was directed to meet Barrister Richard Anderson, who is
the member of COMPENSATION AWARD AUTHORITY and a Human Rights Activist (Lawyer), and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

Right now, I am the happiest woman on earth because I have received my
compensation funds of $850,000.00. Moreover, Barrister Richard Anderson
showed me the full information of those that are yet to receive their
payments and I saw your email as one of the beneficiaries who have not
yet received the payment under CASE FILE 54AC003 and that is why I decided to email you to stop dealing with those people which never fulfill their
promises of helping you. They are not with your fund, they are only
making money off you.

Therefore, I would advise you to contact Barrister Richard Anderson for
his assistance and inform him that your CASE FILE is 54AC003. Contact him
directly via the information below.

Name : Barrister Richard Anderson
Email:barrister.mike.edward009@gmail.com
Telephone: +234-8131387018

You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing.

The only money I paid after I met Barrister Richard Anderson was just $350 for the paper works, take note of that.

Thank You and Be Blessed.
Mrs. Alice Hall
Trustee/Treasurer, Triad Foundation Inc.
1051 Site Dr.Brea, CA 92821 USA
Education: BS, Business Administration

As unbelievable as it may sound – there are some people, somewhere, who will believe this nonsense. After all, we don’t normally expect to be deceived by someone who gives us fair warning. You might be surprised, just how often reasonably intelligent people are deceived by this type of clumsy attempt to defraud.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

Ask your friends, relatives, and associates to keep the following tips in mind  while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you’re wondering why I’d even bother writing an article on a scheme that sounds so ludicrous – here’s why. The previous article on this topic continues to get substantial daily reads, most of which are as a direct result of Google searches. So, if surfers are searching, then there’s some degree of interest in responding to this type of email – crazy as that may be.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Twitter, Tweets, Cyber-Criminals And You

I like the idea that technology makes it easier to stay “connected”, but Facebook , Twitter and the like, take that connected feeling well past my comfort zone. While I do have several Twitter accounts, those accounts are dedicated to professional tweets only.

Despite my personal reluctance to be “hard connected”, I can certainly understand the attraction of social networking – particularly for the “wired” generation. I have no problem accepting that the social relevancy of Twitter and Facebook, is substantial.

Although, I must admit, I fail to see the social relevancy of the inane “look at me” tweets, posted to Twitter by celebrities like Demi Moore, or Ashton Kutcher. I’m just not driven by the paparazzi mentality, I guess.

Despite the obvious benefits of social networking, these sites are not without risk. Twitter, Facebook and other social networking sites, are now a veritable snake pit of nasty socially engineered malware attacks.

The “wired” generation, who are anything but “wired”, in my view, when it comes to good security practices, have taken their inadequate security habits over to Twitter, Facebook, and elsewhere. As a result, social networking sites have proven to be a gold mine for cyber-criminals.

Not a day goes by, where I don’t report in my Tech Net News column, on another virus, worm, or Trojan, targeting Twitter and Facebook users. Despite constant warnings NOT to click on embedded links, or respond to social network generated emails, a considerable number of users blithely ignore this critical advice. Go figure!

On balance, social networking is a good thing – it’s opened new doorways of opportunity to stay connected. But, with those positive opportunities, comes a new set of opportunities for cyber-criminals. Now, more than ever, if you are a social network aficionado, you need to be aware of the risks.

Minimum social networking safe practices:

Don’t let your guard down – assume every link in Twitter is potentially unsafe – including links from friends.

Be particularly cautious of shortened URLs.

Don’t trust social network e-mails – including emails that are purportedly from Twitter support.

Be aware that a single wrong click can lead to a drive-by-download infection.

It should go without saying that you must keep all applications (including your operating system) patched.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Hard Drive Kidnapping – GpCode Ransomware On The Attack Again!

When we think of kidnapping, extortion, or blackmail, I think it’s safe to say, not many of us would consider our computer files being a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a particular vicious form of malware – malware that encrypts the victim’s files, and then demands a monetary ransom to decrypt those kidnapped files.

Once again the Ransomware Trojan Gpcode, first encountered some years back by Kaspersky Lab, is on the loose. This is the fourth release of GpCode that we’ve covered here in the last few years, and as expected, this version continues to use RSA-1024 and AES-256 encryption.

As opposed to past variants though, this time around GpCode doesn’t delete files after encryption. Instead, to make it more difficult for a victim to recover from the attack – files are overwritten.

Once GpCode has finished its nasty work, the victim is presented with the following Desktop message.

Followed by a ransom note via Notepad, which is launched automatically by GpCode. The ransom note demands payment of a $120 fee.

Preliminary indications are; the attack vector is a malicious PDF which when opened, downloads and installs, the ransomware.

Vitaly Kamluk over at Kaspersky Lab’s Securelist site, offers the following advice – “If you think you are infected, we recommend that you do not change anything on your system as it may prevent potential data recovery if we find a solution.

It is safe to shutdown the computer or restart it despite claims by the malware writer that files are deleted after N days – we haven’t seen any evidence of time-based file deleting mechanism. But nevertheless, it is better to stay away from any changes that could be made to the file system which, for example, may be caused by computer restart”.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

Let me reemphasize – Make regular backups of critical data. If you become infected, this may be your only recovery option.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.