Archive for the ‘Online Scams’ Category

Standard-issue phishing scam email claiming to be from Twitter.

Objective: to steal your identity and your Twitter account, and the IDs of your followers.

Clumsy and inept, but still people fall for these really easy-to-detect scams in droves.

More of the usual stuff, which is quite easy to detect if you follow these simple checks:

• Check the “To:” email address. Is it the email address you registered with Facebook?
  Simple solution: Change your email address. Get a new G-mail account just for Facebook. Use it only for Facebook and don’t tell anyone else the details.
• Check the REAL web addresses of all those hyperlinks. Hover your mouse over them (do NOT click!) to reveal the true destination.
  Chances are that the address that appears links to a page hidden on that site by the scammer, who hacked that server. 

The rise of mobile malware has been a top story of 2011. From June 2010-January 2011, malware for the Android operating system rose by 400%! Malware creators follow the crowds, and mobile web browsing is huge. Some experts predict the amount of mobile malware to double this year.

This infographic from Bullguard does an excellent job of explaining what mobile malware is, its history and what you can do to protect yourself from it. The bottom line is this… if you’re using a mobile device, then you absolutely should have a mobile security suite installed.

This is a short excerpt only. Click here to view the entire image.

Westpac Bank is one of Australia’s Big Four multinational banks. (All four are listed in the World Bank’s Top 10 for security, stability and liquidity.)

This latest phishing scam is obvious for several reasons, as shown below on the images. These criminals are learning not to include a recipient address because anyone with more than one email address can easily tell at a glance if the recipient address is NOT connected with their Westpac account. *D’oh!*

For experienced marketers and market researchers, the questions asked (all about attitudes and intentions) are meaningless if the person responding is identifiable, because it’s well-known that people will rarely reveal their true intentions like this. They’ll lie for the money being offered — which is out of all proportion to the value of the information in this case.

The REAL purpose of the scam is to obtain your personal account information — ALL of which is already held by Westpac!

Here’s the scam email, with notes: 

Here’s the attached form (minus the header image). NOTE: You should NEVER open attachments in unsolicited emails! Read the rest of this entry »

Beware of this sleazy try-on from Domain Services

Our old “friends” Domain Services are at it again (still?). After years of suckering inexperienced and unwary domain name owners into paying up to 30-times more for domain name renewals than they need to, regulators finally applied the proverbial “blowtorch to the belly” with these sleazebags.

But, true to form (they couldn’t lie straight in bed!), they come up with another swerve on their traditional scam which was to:

• Create an official-looking form that most people assumed was an invoice for domain name registration. (It wasn’t when you read the fine print.)
• Suckers paid the exhorbitant over-charges, only to discover that their domain names were now transferred to another registrar not of their choosing (because Domain Services and their related entities were NEVER domain registrars… they just performed a service — and in some cases, pseudo-registrars like Domain Services registered the domains in their own names, meaning the original owners no longer had control over their own domain names).

This latest sucker-bait from Domain Services is to send you a similar, official-looking non-invoice (that looks just like a real one) that’s equally misleading unless you read the fine print carefully.

What it really is is a solicitation for them to submit your domain name to search engines — a totally unnecessary task these days, when search engine spiders and crawlers will usually index your new site within days of launch (in some cases, within hours) automatically.

Take a look at the form we received this morning for one of our domains… and if you receive one, by either email or snail mail, trash it.

Do NOT click on the attachment!

This is just another variant on the classic PayPal phishing scam designed to get you to either enter your account access info into a fake PayPal form or page, or to take over your computer by adding it to a botnet. Check out the tell-tale signs:

The link to ppal.com reveals the truth…

Plenty of clues here: Copyright to an unrelated company; domain name for sale; vague search results and a standard “link farm” page typical of those used by domain resellers and squatters who snap up expired domain names in the hope of holding the neglectful owners to ransom. NONE of this related to PayPal in any way.

How to check if your domain has been black-listed or blocked

You don’t need to be spammer or crook to find your domain blocked or black-listed. Some low-life spoofing your address in their spam messages, wrong choice of words in your message, or some incompetent fool who thinks the best way to unsubscribe from your list is to report it as spam… these are just some of the ways you can find yourself on the pointy end of anti-spam software.

There’s nothing more frustrating than discovering that your email messages aren’t arriving at their intended destinations. It’s even worse than having a low open rate because blocked messages have no chance whatever of being opened.

You can use test email addresses at various email services like gmail.com, mail.yahoo.com, hotmail.com and many more. But when mail you send to them fails to arrive, all it really tells you is that it hasn’t arrived. It doesn’t tell you WHY.

So you need to check the email black lists and block lists that Email Service Providers (ESPs) and Internet Service Providers (ISPs) subscribe to in their desperate efforts to reduce SPAM and other abusive email.

There are TWO type of Black Lists (RTBLs):

1. Those that filter SENDER DOMAINS against their black-lists or block-lists (RTBLs or Real Time Black Lists).
2. Those that filter ALL DOMAINS in the BODY of your messages against their black-lists or block-lists (SURBLs or Spam URI Realtime Block Lists).

You need to check BOTH types. Your own domain name may not be blocked, but a domain name in an URL in your message may be.

Read the rest of this entry »

Bog-standard phishing scam designed to steal your identity. Easy to spot if you know what to look for… like spoofed email addresses, hi-jacked domains, etc.

A couple of important things to consider in these kinds of phishing scam emails:

The fake links to email addresses and web pages are rarely directed to servers owned by the scammers. Too easy to trace them.

Instead, they hack into insecure hosting servers and plant pages to serve their phishing forms to unsuspecting, gullible, inexperienced suckers visitors. Those email addresses on pkfhotels.com and awardspace.com, and the landing page at targui.guerch.com/backs.html, are almost certainly on hacked domains — and the owners have no idea that those pages exist.

Follow the usual simple procedures to identify this message as a phishing scam. Don’t be suckered…

Don’t you love the highlighted comment about never giving your PayPal password to anyone? Then they ask you for it on the scam “PayPal” log-in page that the main link (circled) leads you to — and gullible people do exactly that… hand over their PayPal account username and password, then wonder where their money has gone!

“Spear-phishing” attacks on the rise

(New York Times) Most people know to ignore the e-mail overture from a Nigerian prince offering riches in exchange for a bank account number. That is a scam, plain to the eye.

But what if the e-mail appears to come from a colleague down the hall? And all he asks is that you add some personal information to a company database?

This is spear phishing, a rapidly proliferating form of fraud that comes with a familiar face: messages that seem to be from co-workers, friends or family members, customized to trick you into letting your guard down online. And it has turned into a major problem, according to technology companies and computer security experts.

Read the entire article here.