Archive for the ‘Spam Dangers’ Category

The Victorian Government (Australia) Department of Business and Consumer Affairs has a handy series of videos that identify and explain the most common types of scams that you’re likely to encounter. They apply to almost all countries, so they’re worth watching, wherever you live. Click the image below to view the video series.

This phishing email arrived this morning and is set up to fool most people — even those who know how to check for differences between text links and embedded URL links.

It uses the correct Westpac login URL… but it’s hidden on an IP address in Paris, France. The IP address is 195.5.208.43. The Westpac link is a folder hidden on that URL, which may be a legitimate web site unconnected to the scammers.

Learning to spot these tell-tale clues is essential to your online security from slime-balls and crooks.

Here’s a classic blunder by a phishing scammer: claiming the message is from one bank, but then putting a text link to a competing bank!

It’s not hard to see the REAL address (not a bank at all, but a hacked site with a hidden script), but you have to wonder how fast they churn out these scam emails. Forgetting to change the name of the bank (and leaving off the .au in the URL) is a pretty obvious boo-boo, even for a dumb scammer. (Question: What’s the punishment for a scammer employed by scam gangs, especially in Russia, where most are located, who bungles the job this obviously?)

This scam email message is particularly sneaky: it links to a hidden script page on a compromised school server in Italy, which redirects to a hidden script on a compromised host server at a Canadian university. It also segments its targeted victims according to countries, with mail scripts hidden on compromised servers in the countries being targeted.

By using school and university web servers to host their hidden scripts, scammers hope to avoid the increasingly aggressive security protection being implemented by larger hosting companies. They obviously regard educational IT departments as an easier target for inserting hidden scripts.

The ultimate destination of the malicious script is here:

https://fhseta.mcmaster.ca/administrator/help/paypal.co.info.com.nz.auu/webscr.php?cmd=_login-run&dispatch=5885d8*****4ecf4773c91 (shortened for security reasons).

A number of variations of this scam are currently happening. They become really easy for me to identify because I have dozens of email addresses and these scammers send to all of them at the same time.  But the scams aren’t hard to detect, as you can see.

Note the “from:” address — it’s identical to the one in the BBB scam that was sent at the same time. *D’oh!*

The Better Business Bureau is a US-based organization that helps to mediate disputes with small and medium businesses and unhappy customers, among many other activities. But their charter doesn’t extend to businesses outside the USA, which helps to make these scams a little bit obvious — apart from the spoofed addresses and the compromised hosting servers they hide on.

Read the rest of this entry »

We had to look twice at this email, but there are plenty of tell-tale signs that it’s another Russian phishing scam. If you read the full version of this post (click “read more”) you see what really gave the game away — a totally messed up landing page on a scam site with no secure server.

Read the rest of this entry »

The problem with this scam email is the attachment — an html page that’s actually a malware script. (Malware is software that has a malicious purpose, like hooking your computer up to a global botnet for sending spam, breaking password encyptions, hiding code that can record all your banking and other secure usernames and passwords — and sending them to the coder who created it — and much more.)

Here are the tell-tale indicators. No recipient name or email address is one of the first red flags.

Yes, Russian crime syndicates are still out there trying to steal your identity, and they keep on doing it because gullible, ignorant, inexperienced, thoughtless people still keep falling for these scams, no matter how blatantly obvious they are.

This inept attempt to provoke you into replying (to bungled masking of Russian scam pages) is glaringly obvious. Delete these on sight.