Tag Archives: scams

Jealous? Cyber-crooks Have You In Their Sights

Jealousy_by_EvilTelephone Physiological studies have observed jealousy in infants as young as five months old and surprisingly, in elderly people. Many psychologists hold the view, that jealousy is a normal and appropriate reaction to the fear of losing a loved one to someone else.

It’s no surprise then, that Cyber-crooks are continuing to use jealousy as a social engineering email hook, to entice potential victims to click on an email containing enclosed links which can lead to the installation of malware.

The following screen capture (from one of my email inboxes, yesterday), illustrates the type of crafty email currently circulating on the Internet. Consider carefully – would you follow the links in this email?

image

If you had attempted to do so, in this case, you would have been cautioned by bit.ly (a free service that shortens long links), since the original link has been shortened using this service. Kudos to bit.ly for being on the ball here.

image

(Click pic for larger)

The following is the text of another email of this type, currently circulating on the Net.

Hello,

I apologize for my frankness. I’m sorry for not being able to speak to you in person, but I can only talk to you via email and I feel obliged to notify you to open your eyes, you are being betrayed.

I know it is difficult to prove, but every picture tells a story, I’ll send you these pictures so that you can see it with your own eyes. Take care…a big hug

From a good friend who is very fond of you

View photos here

In this case, there is no intermediary, like bit.ly – so you’re on your own.

It may well be that certain individuals are not prepared to take the fidelity of a loved one at face value, but these same individuals have no hesitation in opening an email from an unknown sender, it seems.

Do these types of emails work for scammers, do you suppose? You bet! Let me give you an example of how foolish people can be –

Several months ago, I wrote an article “Nude Pics Of Your Wife/Girlfriend Attached – Click Here”, as another of my frequent tests of Internet user gullibility. This is the very type of article frequently used by cyber-criminals to launch penetration attempts. Much to my surprise, the article is now one of the most frequently read articles on this site. I ask you – how careless can people be?

Regular readers of this site are familiar with the following safeguards:

  • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
  • As well, WOT now checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.
  • Don’t open unknown email attachments.
  • Disable scripting features in email programs.
  • Make regular backups of critical data.
  • Make a boot disk in case your computer is damaged or compromised.
  • Turn off file and printer sharing on the computer.
  • Install a personal firewall on your computer.
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
  • Ensure the anti-virus software scans all e-mail attachments.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under cybercrime, Don't Get Hacked, Drawing Software, Email, email scams, Freeware, Internet Security Alerts, Online Safety, Windows Tips and Tools, WOT (Web of Trust)

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

image I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Chase Fraud

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Safety, internet scams, Phishing

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Comodo, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Phishing, Rogue Software, spam, Symantec, trojans, Viruses, Windows Tips and Tools, worms

Online Banking Do’s and Don’ts

banking2 While it’s true that the Internet, despite its fundamental design flaws, has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices, and decisions, that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the positive hype surrounding financial institutions’ system security, we have learned, much to our detriment, that there are no absolutes in computer system security.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, the active security features offered by your financial institution.

Online banking 1

Examples of security features offered by financial institution:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that resembles a lock, or a key, when you conduct secure transactions online. Look for this symbol so that you have reason to believe your connection is, in fact, secure.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words, that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your password in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly.

Online banking 2

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer, even at home, unattended, once you have signed in to online banking.

After completing your transactions, ensure that you sign out, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly, many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party, or website, other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, (absolutely NOT recommended), to be safe, change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by someone else. The best passwords are made up of an alpha-numeric combination that are more than eight characters long, and a combination of capital and lower case letters.

Bank of America email scam

This is an example of an Online Banking email phishing attempt.

Final words – don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under cybercrime, Don't Get Scammed, Interconnectivity, Online Banking, Online Safety, Windows Tips and Tools

Gmail Service Center and PayPal Spam Scams Are Back!

The old “Due to the congestion in all Gmail users and removal of all unused Gmail Accounts” scam, is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber-criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

Gmail scam

If you receive an email that is supposedly from “Gmail Service Centers”, and it addresses you in any way other than your name (Dear Valued Member, for example), it’s a scam. Google is not likely to forget your name, right?

At one and the same time, the following email purportedly from PayPal, is making the rounds once again. Similar to the Gmail scam it opens with a generic salutation – in this case,  “Dear PayPal Member”.

Paypal scam

PayPal is familiar with this type of scam, and has issued the following warning:

“PayPal will never send an email with the greeting “Dear PayPal User” or “Dear PayPal Member.” Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information – to spoof@paypal.com”.

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Google, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Windows Tips and Tools

Federal Reserve Bank Spam Scam

No, I’m not referring to the U.S. Federal Reserve as a scam, although there are more than a few, it seems, who think just that. Instead, I’m referring to the latest cybercriminal phishing scam which uses a phony “warning”, purportedly from the Federal Reserve Bank, which warns against – are you ready for this – phishing. You have to think that these guys are the very definition of “brazen”.

Federal reserve scam 3

We first reported on this scam back in November 2008, and since it has now resurfaced, it’s probable that cybercriminals have had some success with this. I suppose cybercriminals are into recycling, just like the rest of us.

The graphic below represents last year’s attempt. The only noticeable difference between this year, and last year, is the link address. Notice the red circles following the links in this graphic which is WOT’s (described later in this article), way of warning you that these links are dangerous. You will not see a warning on the links in the latest version of this scam since the the cybercrooks are now using a flash element in this latest version.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive, or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party.

Scam emails like this may have several purposes; they can be crafted to trick you into revealing financial information that can be used to steal your money, or they can be designed to install various types of malware on your computer.

Hopefully, you are aware of this type of Internet scam, but I can assure you that a sufficiently large number of people are not. Scams such as this, rely on the principal that exposing a large number of people to this type of scam email, will always deceive at least some of those people.

As part of their Internet Threats series, WOT (the developers of my favorite Internet browser security add-on), has produced a short video designed to educate consumers about the wave of financial-themed phishing and spam, and the steps they can take to protect themselves.

Being aware of Internet threats is critical to your security on the Internet, so I suggest you take this opportunity to view this short (2:21 mins.), educational video.

WOT video new

As I have pointed out in the past (I’m sure regular readers of this Blog must be tired of seeing this), the following tips will help you protect your computer system, your money and your identity:

Don’t open emails that come from untrusted sources. It’s been estimated that 96% of emails are spam. While not all spam is unsafe, common sense dictates that you treat it as if it is.

Don’t run files that you receive via email without making sure of their origin. If the link has been sent to you in a forwarded email from a friend, be particularly cautious. Forwarded emails are notorious for containing dangerous elements, and links.

Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

If you do not use a web based email service, then be sure your anti-virus software scans all incoming e-mail and attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Federal Reserve Bank Spam Scam

Filed under Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, email scams, Firefox Add-ons, Internet Explorer Add-ons, Internet Safety Tools, Malware Advisories, Online Safety, Phishing, Windows Tips and Tools, WOT (Web of Trust)

Gmail Customer Care is Gonna Close You Account – Not!

image The old “we’re going to close your email account” scam is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

What could be better for scammers than this; a natural market for fraudulent emails – new, and unaware users. Staying safe on the Internet is definitely one area where experience counts.

According to a recent email, sent to my relatively new Gmail account, my G mail account (these guys can’t spell – it’s Gmail not G mail), will be deleted within 24 hours unless I verify my user name, password, date of birth, and country information.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

image

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

If you have received the following email recently, I trust you recognized it for what it is, and after reporting it as Spam, you simply deleted it.

If your email account is not relatively new, it’s unlikely you received this email but reading it can still be instructive. BTW, all of the spelling mistakes are the spammers.

“This Email is from G mail customer care and we are sending it to every G mail accounts owner for safety. We are having congestion due to the anonymous registration of G mail accounts so we are shutting down some G mail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.

Due to the congestion in all G mail users and removal of all unused G mail Accounts. G mail would be shutting down all unused Accounts, you will have to confirm your E-mail by filling out your Lo gin Information below after clicking the reply button or your account will be suspended within 24 hours for security reasons.

* User name: …

* Password: ……

* Date of Birth: …….

* Country Or Territory: …..

Warning!!! Account owner that refuses to update his or her account within Seven days of receivinga this warning will lose his or her account permanently.

Thank you for using G mail !”

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, Google, Malware Advisories, Online Safety, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools