Tag Archives: spammers

Valentine’s Day – Malware Love Is Coming Your Way

From the – here we go again files. Love in your inbox – malware on your computer.

imageLike clockwork, spammers and cybercrooks ramp up the volume of Valentine’s spam emails aimed at unsuspecting users – every yearstarting just about now.

You know the ones –  “Falling in love with you”, “Sending you my love”, “Memories of you”, “I Love You Soo Much” …………. (saccharin sells I guess  Smile  ). Since cyber crooks are opportunity driven, you can expect much more of this type of cybercriminal activity again this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. You get them so often, that you just automatically click on the email attachment without thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting emotions. The fact is, we’re all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, many of us find it difficult, if not irresistible, to not peek at love notes received via *email.

The reality.

The truth is, these emails often contain links that deliver advertisements – or worse, redirect the victim to an unsafe site where malware can be installed on the soon to be victim’s computer.

Would you be fooled?

A couple of years back, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. Clicking on the link led him to a site which had a graphic of hearts and puppies – and of course,  the teaser.

image

Luckily, common sense prevailed and he backed out of this site. If he had clicked on the teaser, he would have begun the process of infecting his machine with a Trojan. A Trojan designed to connect to a remote command and control center.

Unfortunately, being smart is often NOT enough to protect yourself. At a minimum – make sure you have an effective security solution installed; capable of detecting both known and new malware strains.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them – they could take you to a web site designed to download malware onto your computer.

* Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc..

6 Comments

Filed under Don't Get Scammed, Don't Get Hacked, email scams, Malware Alert

URL Shortening Sites Target Email Weakness

imageSites like Tinyurl.com and Bitly.com are the go-to places for Tweeters who do not want long URLs to eat up their typing space. However, shortened URLs have a second, more insidious use. They allow spammers and hackers past the old email filters and into your inbox.

Most email anti-spam engines were created before the use of embedded URLs in emails, not to mention shortened ones. Most anti-spam programs try to trace back the URL to see if the site is dangerous. However, a shortened URL can be used by hackers two ways.

The first way is simple. They plug the site they want you to get directed to into one of the known and trusted URL shortening sites available for free to the public. Because the URL shortening site is trusted, the link is trusted. However, the link does not take you to the URL shortening site; it takes you where it was originally directed.

Secondly, hackers get even more creative. Once the anti-spam filters get around the URL shortening sites, as some have done, hackers create their own URL shortening sites. Essentially, they shorten a site that’s already shortened. So, when you click on the link, you get redirected not once, but twice. The first redirection is safe, the next is a hackers.

This was “yet another example” of cyber-criminals adopting new technology to bypass traditional security measures, said Bradley Anstis, vice-president of technical strategy at M86.

“A lot of the traditional anti-spam engines were developed before Twitter, so they are not geared up to recognize embedded URLs as seen in blended email threats in spam, let alone shortened URLs that link to malicious, or compromised Web pages,” Anstis said.

Some frightening statistics:

In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).
The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April. (From Net-security.org)

So, what can you do to protect yourself? For one, never click on an email link if you do not trust the sender. Two, even if you do trust the sender, try to get to the link organically, meaning follow the normal method. If you are checking on a shipment, go through the main website instead of clicking on the link. These simple tricks will help to keep your computer and information safe from hackers.

Author Bio

This Guest post is by Christine Kane from internet service providers. She is a graduate of Communication and Journalism. She enjoys writing about a wide-variety of subjects for different blogs. She can be reached via email at: Christi.Kane00 @ gmail.com.

Update:

Here’s a super tip from anarchy4ever – “Some people may call me paranoid but I NEVER click on shortened url links. People should use url enlarger sites such as this one:
http://url-enlarger.appspot.com/

Just a personal observation – anarchy4ever is far from being paranoid – sounds like a very sensible solution.

6 Comments

Filed under cybercrime, Email, Guest Writers, Hackers, internet scams, Twitter

Fake URL Shortening Services –Spammers Latest Weapon

imageAccording to Symantec’s May 2011 MessageLabs Intelligence Report, released several days ago, spammers are now employing their own fake URL shortening services to redirect users to the spammer’s Web site. It’s hardly surprising that this new technique has directly contributed to rising spam rates.

MessageLabs Intelligence reports that “shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s own Web site.”

Key findings from the May 2011 report include:

Spam: In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).

In the US 76.4 percent of email was spam, 75.3 percent in Canada, 75.4 percent in the UK, and 73.9 percent in Australia.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April.

Endpoint Threats: The most frequently blocked malware targeting endpoint devices for the last month was the W32.Ramnit!html, a worm that spreads through removable drives and by infecting executable files.

Phishing: In May, phishing activity was 1 in 286.7 emails (0.349 percent), a decrease of 0.06 percentage points since April.

Web security: Analysis of Web security activity shows that approximately 3,142 Web sites each day were harboring malware and other potentially unwanted programs including spyware and adware, an increase of 30.4 percent since April 2011. 36.8 percent of malicious domains blocked were new in May, an increase of 3.8 percentage points since April. Additionally, 24.6 percent of all web-based malware blocked was new in May, an increase of 2.1 percentage points since last month.

The May 2011 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.

Reading this type of report (or at least the highlights), can be a major step in expanding the sense of threat awareness that active Internet users’ require.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, MessageLabs, Online Safety, spam, Symantec, Windows Tips and Tools

Who Is Dany Ibrahim And Why Is He Giving You Money!

imageThe quick answer is – Dany Ibrahim is one of the most prolific fraudulent spammers on the Internet, and a master of the 419 email scam. Good old Dany wants to screw you out of your hard earned money. But first, Dany wants to give you millions of dollars and all you have to do is, involve yourself in a fraud.

Even though the the majority of seasoned computer users (I hope), are familiar with the infamous “419” or advance fee fraud scam, in which the victim is encouraged to sent money to the scammer, with the promise they will realize a significant gain, this scam is becoming ever more popular. Our friend Dany, for example, has been around forever – and he never seems to quit!

Here’s an edited version of Dany’s latest scam attempt.

Dear Friend,

I need your urgent assistance in transferring the sum of ($15) Million US Dollars only to your account within 10 or 14 banking days. This money has been dormant for years in our Bank without claim.I want the bank to release the money to you as the nearest person to our deceased customer late Mr Andrew Eich.  I don’t want the money to go into government treasury as an abandoned fund. So this is the reason why I am contacting you so that the bank can release the money to you as the next of kin to the deceased customer.

Please I would like you to keep this proposal as a top secret and delete it if you are not interested.Upon receipt of your reply, I will give you full details on how the business will be executed and also note that you will have 30% of the above mentioned sum if you agree to handle this business with me. I am expecting your urgent response as soon as you receive my message.

Regard,

Mr. Dany Ibrahim.

If you’re sick and tired of getting scam emails like this in your inbox, and you’re looking for ways to fight back against these creepy criminals (and, have a little fun besides), then checkout Scammer Baiting Hints and Tips, at the 419 Eater website. Just to be clear, I’m not recommending that you become an anti-scam crusader, but…

I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are – there are people who will believe this nonsense.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

How gullible can people be? When Michael Jackson died, I wrote a piece entitled “Hey Sucker – Read This! Michael Jackson’s Not Dead!”, simply as a test of “curiosity exploitation”.

The results that followed were astonishing – within days, this article was getting 1,000’s of daily hits. Even today, this article continues to get hits. Talk about gullible people!

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under 419 Scam, cybercrime, Don't Get Scammed, Email, email scams, Internet Safety, internet scams, Online Safety, spam, Windows Tips and Tools

If Your Bank Doesn’t Know Your Name – Maybe That’s A Clue The Email Is Fraud – Huh?

image I can’t imagine receiving an email from my bank that didn’t include my name and other pertinent personal details. After all, how difficult would it be for my bank to personally address an email to me, given the size and complexity of their database?

So receiving an email like the one below, instantly raises my fraud antenna – as I’m sure it does yours. Right?

“Dear Chase member,

You were qualified to participate in $50.00 credit reward surwey. – (When are these people going to learn to spell?)

Just take part in our quick 5 question survey:

http://survey.chase.com.damn3lo.com/chase/survey.htm?id=3852”

Chase Fraud

Who couldn’t use an extra $50 – especially these days, with the economy in the tank? Unfortunately, there is no $50. This email is a phishing attempt.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

Most of this activity is automated, so phishing is considered an opportunistic attack, rather than the targeting of a specific person. You can relax – they’re not after you personally.

In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, Chase. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.

Although it may be true that the Internet has the potential for safe, and secure transactions, staying safe online relies on you making good choices and decisions that will help you avoid costly surprises, or carefully crafted scams and phishing schemes such as the one just described.

The type of attack described above, is occurring with such frequency that the IC³ (the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance, has called the situation “alarming”, so you need to be extremely vigilant.

Be kind to your friends, relatives, and associates, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take:

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

An additional key point offered by my Internet friend Georg L. – Do not use any e-mail client like Outlook, Outlook Express, Thunderbird, or others. Instead, rely exclusively on the webmail facility of your service provider, even if this is less comfortable. In this way, e-mail cannot be misused as a vector for malware, because nothing is downloaded to your computer in the first place. By going without an e-mail client, you also save computer resources.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Safety, internet scams, Phishing

Email Scammers Threaten to Have Me Charged with Money Laundering

image I’m use to receiving scam emails (up to 10 a day), which attempt to entice me into divulging personal information with all sorts of promises of quick money – if only I complete a particular task. A task which always involves me having to spend money.

Generally, these types of emails , while they may be designed to cheat the unwary, are helpful in the extreme; paving the way to illusive riches with a detailed list of easy to follow instructions. The type of email I like to call – “the wolf in sheep’s clothing” email.

But, in a spam scam email I received this morning, the scammers have abandoned this helpful attitude and instead, have resorted to intimidation and threats.

Here are the highlights of this threatening email:

We, office of the international police association (IPA) hereby write to inform you that we caught a diplomatic lady by the name Mrs. Vernon Wallace at (John F Kennedy International Airport ) here in New York with a consignment box filled with United States Dollars.

She said that the consignment box belongs to you and that she was sent by one Edward Luis to deliver the consignment box to your doorstep not knowing that the content of the box is money.

In this regards you are to reassure and prove to us that the money you are about to receive is legal by sending us the Award Ownership Certificate showing that the money is not illegal.

The Award Ownership Certificate must to be secured from the office of the Nigerian Senate President … this is because the fund originated from Nigeria.

Furthermore, we are giving you only but 3 working business days to forward the requested Award Ownership Certificate … if you didn’t come up with the certificate we shall confiscate the funds into World Bank account then charge you for money laundering.

I think these scammers have watched one too many movies.

I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are. Believe it or not, there are some people, somewhere, who will believe this nonsense.

Be kind to your friends, relatives, and associates, particularly those who are new Internet users, and let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

As well, ask your friends, relatives, and associates to keep the following tips in mind while on the Internet:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.Keep your computer protected.

Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Internet Security Alerts, Online Safety, Phishing, spam, Windows Tips and Tools