Tag Archives: fraud

Email Spammers Are Smarter Than You Think

image I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Gmail Spam

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

– In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

– To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Web Forgery

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

19 Comments

Filed under Browsers, Don't Get Hacked, Email, email scams, Firefox, Interconnectivity, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Ransom38 Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

ransomware

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

1 Comment

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Ransomware, System File Protection, System Security, trojans, Viruses, Windows Tips and Tools

IE7 Vulnerability Now Being Exploited

explorer-advisory A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

  • Loss of personal data.
  • Malicious application installation.
  • Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

  • Don’t open emails that come from untrusted sources.
  • Don’t run files that you receive via email without making sure of their origin.
  • Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

3 Comments

Filed under Browsers, Don't Get Hacked, Email, Interconnectivity, Internet Explorer, Internet Safety, Malware Advisories, Microsoft Patch Tuesday, Online Safety, Safe Surfing, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools, worms

Cupid Is Out To Get You – Valentine’s Day Spam Jumps

valentines day 2 Happy Valentine’s Day – and hopefully it will be, unless you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users just prior to this day culturally set aside as a “celebration of love”.

Last year at this time, we saw abnormally high rates of this type of spam, but this year according to MessageLabs, a Symantec company, the volume of Valentine’s Day-related spam has increased by 50 percent over last year. Current estimates place cupid style spam at nine per cent of this weeks spam activity.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

A friend, who is an astute and aware computer user (I though), fell for one of these carefully crafted teasing emails earlier this week. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

valentines day 3

Fortunately, the common sense that I have been drilling into him, for ever it seems, kicked in, and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan which can connect to remote command and control Web sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

Need security solutions? Checkout “The 35 Best Free Applications – Tried, Tested and Reliable!”, on this site.

For additional timely advice on the scourge of spam, checkout “Make $6,513 a Day Doing This” from the pen of fellow blogger, TechPaul.

To help you keep ahead of cyber criminals, visit Scambusters.org, where you can get all the latest information on Internet Scams, Identity Theft, Internet Fraud, and more.

3 Comments

Filed under Don't Get Hacked, Email, Free Security Programs, Freeware, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Safe Surfing, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

McDonalds Email Christmas Offer is Scroogy Malware

mcdonalds-fries Who’s going to turn down an email savings coupon from that great American institution – McDonalds? The cyber-criminals behind this spam/scam email are counting on the fact that not many of us will turn it down.

Let’s face it – we’re all pretty used to McDonalds wishing us a “Merry Christmas” so getting an email with that heading is likely to entice many of us to “Simply print the coupon from this Email and head to your local McDonald’s for FREE giveaways and AWESOME savings” as the email instructs.

mcdonalds-email

(Pic courtesy of Panda)

According to PandaLabs, Panda Security’s laboratory for detecting and analyzing malware however, you won’t get a coupon, you won’t get “FREE giveaways and AWESOME savings”, but you will get infected by the P2PShared.U worm.

“Once on the computer”, according to Panda, “the worm sends out emails with the same subject and appearance to other users. Finally, it copies itself to folders of various P2P file-sharing programs (eMule, LimeWire, Morpheus, etc.) with names relating to security software, image editing programs, program cracks, etc. This way, any user that tries to download any of these applications will be actually letting a copy of the worm into their computer”.

At this time of the year, we can expect to be bombarded by socially engineered email spam/scam with a Christmas or Holiday Season theme, so be more vigilant than you normally would be.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable scripting features in email programs

Ensure your anti-virus software scans all e-mail attachments

If you are interested in staying on top of the latest in Internet security news, consider adding Panda Security news to your feed reader by adding the following URL – http://feeds.feedburner.com/PandaSecurity.

16 Comments

Filed under Don't Get Hacked, Email, Interconnectivity, internet scams, Malware Advisories, Online Safety, Safe Surfing, System Security, worms

Gpcode Trojan Ransomeware Kidnapping Again!

Have you ever considered your computer files as a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it! Ransomware is a vicious form of malware, taking into account that it encrypts the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

Trend Micro Advanced Threats Researcher, Ivan Macalintal, recently reported that Gpcode ransomware is loose on the Internet once again. Regular readers of this Blog will remember two previous articles in which this virulent malware was discussed.

First encountered two years ago by Kaspersky Lab, Gpcode has undergone several incarnations, with this latest version being identified by Trend Micro as TROJ_RANDSOM.A

Reportedly, Gpcode is now using a 1,024 bit encryption key, as opposed to 660 bits in an early variant. It has been estimated it would require 30 years to break this new encryption key using a brute force attack; trying every possible password.

According to Trend Micro TROJ_RANDSOM.A:

Can be downloaded from remote site(s) by other malware

May be dropped by other malware

May be downloaded unknowingly by a user when visiting malicious Web site(s)

(Fake error message upon malware execution. Courtesty Trend Micro)

As with previous versions of this malware, after installation, the victim is informed that the computer’s files have been encrypted and a decrypting tool must be purchased, for US $307, from the cyber-criminal, in order to decrypt the affected files. Email addresses are included in order to facilitate this fraudulent purchase.

Affected systems: Windows 98, ME, NT, 2000, XP, and Server 2003.

(Process illustration courtesty of Trend Micro)

If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.

For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.

References: Trend Micro

While it has been established how Gpcode infects the victim’s machine with the Trojan, none-the-less, the following precautions are critical to the security of your system.

Most importantly – make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

2 Comments

Filed under Don't Get Hacked, Freeware, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, System Security, trojans, Viruses, Windows Tips and Tools

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

4 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools