SuckerBait.info » Viruses and Worms

Stevie’s Scam School Videos

John Counsel — Tue, 01 May 2012 01:43:37 +0000

The Victorian Government (Australia) Department of Business and Consumer Affairs has a handy series of videos that identify and explain the most common types of scams that you’re likely to encounter. They apply to almost all countries, so they’re worth watching, wherever you live. Click the image below to view the video series.

Sly new Westpac Bank phishing scam

John Counsel — Sun, 25 Mar 2012 20:00:19 +0000

This phishing email arrived this morning and is set up to fool most people — even those who know how to check for differences between text links and embedded URL links.

It uses the correct Westpac login URL… but it’s hidden on an IP address in Paris, France. The IP address is 195.5.208.43. The Westpac link is a folder hidden on that URL, which may be a legitimate web site unconnected to the scammers.

Learning to spot these tell-tale clues is essential to your online security from slime-balls and crooks.

The criminal mind: cunning… and stoopid!

John Counsel — Wed, 14 Mar 2012 04:58:27 +0000

Here’s a classic blunder by a phishing scammer: claiming the message is from one bank, but then putting a text link to a competing bank!

It’s not hard to see the REAL address (not a bank at all, but a hacked site with a hidden script), but you have to wonder how fast they churn out these scam emails. Forgetting to change the name of the bank (and leaving off the .au in the URL) is a pretty obvious boo-boo, even for a dumb scammer. (Question: What’s the punishment for a scammer employed by scam gangs, especially in Russia, where most are located, who bungles the job this obviously?)

Sneaky new PayPal phishing scam

John Counsel — Tue, 13 Mar 2012 01:49:24 +0000

This scam email message is particularly sneaky: it links to a hidden script page on a compromised school server in Italy, which redirects to a hidden script on a compromised host server at a Canadian university. It also segments its targeted victims according to countries, with mail scripts hidden on compromised servers in the countries being targeted.

By using school and university web servers to host their hidden scripts, scammers hope to avoid the increasingly aggressive security protection being implemented by larger hosting companies. They obviously regard educational IT departments as an easier target for inserting hidden scripts.

The ultimate destination of the malicious script is here:

https://fhseta.mcmaster.ca/administrator/help/paypal.co.info.com.nz.auu/webscr.php?cmd=_login-run&dispatch=5885d8*****4ecf4773c91 (shortened for security reasons).

Intuit phishing scam

John Counsel — Thu, 01 Mar 2012 11:20:15 +0000

A number of variations of this scam are currently happening. They become really easy for me to identify because I have dozens of email addresses and these scammers send to all of them at the same time. But the scams aren’t hard to detect, as you can see.

Note the “from:” address — it’s identical to the one in the BBB scam that was sent at the same time. *D’oh!*

Two BBB phishing scams

John Counsel — Thu, 01 Mar 2012 11:10:41 +0000

The Better Business Bureau is a US-based organization that helps to mediate disputes with small and medium businesses and unhappy customers, among many other activities. But their charter doesn’t extend to businesses outside the USA, which helps to make these scams a little bit obvious — apart from the spoofed addresses and the compromised hosting servers they hide on.

Note that the spoofed “from:” address is the same as the one used in the “Intuit” phishing scam (see next post). Add that blunder to the obvious English mistakes and this scammer clearly was in a hurry. To make his day even worse, the missing images, etc — caused by detection and removal by the hacked server owners — aren’t a good look. (Dumb and dumber!)

Here’s the other version of the Better Business Bureau scam now doing the rounds:

Slick new PayPal phishing scam

John Counsel — Thu, 16 Feb 2012 00:16:05 +0000

We had to look twice at this email, but there are plenty of tell-tale signs that it’s another Russian phishing scam. If you read the full version of this post (click “read more”) you see what really gave the game away — a totally messed up landing page on a scam site with no secure server.

The dodgy landing page (on an insecure Russian domain running a fake PayPal web script)…

The REAL PayPal Australia site…

Yahoo! mail scam (malware attachment)

John Counsel — Tue, 14 Feb 2012 03:07:01 +0000

The problem with this scam email is the attachment — an html page that’s actually a malware script. (Malware is software that has a malicious purpose, like hooking your computer up to a global botnet for sending spam, breaking password encyptions, hiding code that can record all your banking and other secure usernames and passwords — and sending them to the coder who created it — and much more.)

Here are the tell-tale indicators. No recipient name or email address is one of the first red flags.

Latest PayPal scam (same old same old)

John Counsel — Mon, 13 Feb 2012 21:38:30 +0000

Yes, Russian crime syndicates are still out there trying to steal your identity, and they keep on doing it because gullible, ignorant, inexperienced, thoughtless people still keep falling for these scams, no matter how blatantly obvious they are.

Clumsy Facebook scam attempt

John Counsel — Mon, 06 Feb 2012 17:00:22 +0000

This inept attempt to provoke you into replying (to bungled masking of Russian scam pages) is glaringly obvious. Delete these on sight.