Thursday, October 18, 2012

Facebook Email Scam warning – “your friend added a new photo”

Do not let this latest wave of scam emails trick you into clicking the big blue button in these emails. You wont get to see a photo of yourself, you will infect your system with a Trojan horse.
Social networking has changed the way businesses communicate with their customers and partners, and how people stay connected with friends and family.  Most organizations now incorporate social media into their marketing and communications strategies, and many allow their employees use of Facebook to stay in touch even when they are in work. Unsurprisingly, the popularity of this new media has also created an influx of social media specific malware.
The emails pretend to come from Facebook and saying that your Facebook friend added a new photo of you. This is a  scam email that really does  not come from Facebook, but is designed by internet scammers to trick the recipient to download or open the attachment.
Do not click the link in the email. Unfortunately, the attached ZIP file contains malware, designed to allow hackers to gain control over your Windows computer.
Subject:
Your friend added a new photo with you to the album
Attached File :
FacebookPhoto_ADD_album_[Ramdom].zip, where ‘random’ is a generated number.
Message Body:
Greetings,
One of Your Friends added a new photo with you to the album.
You are receiving this email because you’ve been listed as a close friend.
[View photo with you in the attachment]


Facebook users should be aware that the social media site never sends the pictures posted online as attachments via email.  Therefore  users are always advised to beware of shady-looking notifications.  And as always, to not click on links in emails.


Facebook Email Scam warning – “your friend added a new photo” | Omniquad Security Blog
Posted by at

Jamaican Phone Scammers Use BBB Name

A classic scam is back in action! Jamaican scammers are calling unsuspecting consumers across the country, but this time they are pretending to be representatives of BBB.

How the Scam Works:

You get a call from a phone number with a "876" area code. The person on the other line may have an accent but claims to work for BBB. The caller tells you that you won a sweepstakes with a prize of $2 million and a Mercedes Benz. The catch is that you can't collect your winnings until you pay them a fee.

This is the current scenario, but the scam will evolve as word gets out.  Scammers are claiming to represent the Acadiana BBB in Louisiana, but this may change to another location or even another credibility-boosting organization, such as the FBI. 

The scam itself also may change. Instead of asking victims to collect lottery winnings, scammers may ask for you to deposit a check and wire them part of the money or inform you that you are receiving a fake government grant.  


I Think I've Found a Scam. What Should I Do?    
Posted by at

Phishing campaign abuses flaw tricking thousands with shortened .gov URLs

A vulnerable component in a content management system has enabled savvy cybercriminals behind a spam campaign to spoof .gov site URLs by abusing a short link designed to validate the authenticity of redirects to U.S. government websites.
Despite the best intentions, 1.usa.gov short links seem to be ineffective at ensuring the ultimate destinations of the URLs are trustworthy government websites. Jeff Jarmoc, Dell SecureWorks
The click rate of the campaign has been significant, redirecting more than 16,000 victims over a five day period to a malicious website designed to look like a CNBC news article pushing several work from home scams. The phishers have abused several U.S. state government domains, including Vermont.gov, Iowa.gov, Indiana.gov and ca.gov. Guam.gov and Vermont.gov appear to have been abused the most so far this month, according to data collected by Dell SecureWorks.
Email spam has been the primary method for distributing the short links, wrote Jeff Jarmoc of Dell SecureWorks' Counter Threat Unit.
"While it seems the perpetrators are not targeting .gov sites specifically and are not using the government as a lure, the ability to generate short .gov links that lead users to malicious domains is concerning," Jarmoc wrote in an advisory about the phishing scam issued on Wednesday. "If combined with a government-focused message, such as the common tax season phishing emails , this spam could lure even savvy users."
Many of the links in the ongoing spam campaign abuse 1.usa.gov short URLs, according to Dell SecureWorks. The 1.usa.gov short URL service is run by the U.S. government, in partnership with bitly.com. It was designed to enable users to submit a long URL to bitly that resides on a .gov or .mil top-level domain. The goal of the service is to make it easier to verify the authenticity of a U.S. government site in a shortened URL.
"Despite the best intentions, 1.usa.gov short links seem to be ineffective at ensuring the ultimate destinations of the URLs are trustworthy government websites," Jarmoc wrote.
Dell traced the IP destination of the malicious servers used in the attack to hosting services in Moscow and InMotion Hosting Inc., based in Los Angeles.

Phishers exploit open redirect flaw

The cybercriminals hunt for servers with a vulnerable version of DotNetNukes LinkClick.aspx, software designed to give website developers the ability to configure a set of custom re-direct rules.
"By exploiting an open-redirect vulnerability in this .aspx file, the attacker can direct traffic to a non-.gov site under his control, while exposing only a 1.usa.gov short link in the initial message," Jarmoc wrote.
An open-redirect vulnerability is a common coding error in Web applications that simplifies phishing attacks by bypassing protection mechanisms. Attackers can set up spoofed pages and more easily dupe people into giving up account credentials or infect their system with malware.


Phishing campaign abuses flaw tricking thousands with shortened .gov URLs
Posted by at

Email on adopting Marine dogs is a hoax


The Marine Corps is debunking an offer to provide bomb-sniffing dogs for adoption that has been published by numerous websites, blogs and email lists.There are currently no bomb detection dogs available for adoption, the Marine Corps Systems Command said in a statement.
An email whose origin is not clear and that appeared to circulate widely said the Corps was looking for good homes for “incredibly well-trained” Labradors, Belgian Malinois, border collies, German shepherds and Rottweilers that served in war zones.
The email went on to say that the approximately 400 dogs were “war heroes,” having saved countless American lives by sniffing out improvised explosive devices before they could blow up. Adoptive families were told they must go to Washington to pick up the dogs or arrange transport at their own expense.
The contact information provided in the email was that of an actual Marine office and staffer, but when contacted Tuesday the office said the email was a hoax and no such offer was available.
However, by then news stations’ websites in Miami and elsewhere had run with the email, as had blogs that cover topics involving pets and adopting animals. Neighborhood listserves in Arlington, Va., home of the Pentagon, also posted the offer to thousands of members.
The Marine Corps Systems Command said it was not known who received the email or who sent it out.
The Marines said such offers are sometimes made for “decommissioned” dogs but that they are offered to other federal agencies first since many are still fit for service even when they can no longer deploy to war zones.


Email on adopting Marine dogs is a hoax - Marine Corps News | News from Afghanistan & Iraq - Marine Corps Times
Posted by at

Tuesday, October 16, 2012

Microsoft says free money scams are most commonly encountered


microsoft, scam, online sca
Microsoft has released results from a recent survey as part of a campaign to promote National Cyber Security Awareness Month. The questionnaire reveals that the phrase “Congratulation, you’ve won!” or something related to lottery winnings is the most popular line used to lure unsuspecting people to online scams.
It should come as little surprise that the promise of free money or getting something for nothing ranks highest in the list of most commonly encountered online scams at 44 percent. Fake antivirus alert scams that mimic real programs account for 40 percent, good for second place on the survey.
Phishing scams using fake emails that attempt to get user to click a link and emails claiming to be from a foreign person that needs help transferring a large sum of money are tied for third place at 39 percent each. Rounding out the top five online scams are work-from-home offers that promise to help you start your own business, encountered by 38 percent of respondents.
The survey points out that the average Internet user has encountered roughly eight different types of online scam. Most people, 62 percent surveyed, believe they wouldn’t fall victim to an online scam although only 12 percent said they felt fully protected. Survey-takers were most fearful of impersonation scams like fake antivirus alerts, phishing scams and work-from-home offers.
Microsoft offers up some common-sense tips to help keep yourself protected online like thinking before you click, looking for warning signs that an offer might be fake and cutting down on spam by only sharing your email address with friends, family and organizations you know and trust.


Microsoft says free money scams are most commonly encountered - TechSpot News
Posted by at

Scam Alert: Who’s Who Directories Take Your Money and Give Little Back

Congratulations! Through an unexpected email or phone call, you learn you've been selected for listing in a "Who's Who"-type directory. Now, after patting yourself on the back, be prepared to reach for your wallet.

A keepsake copy of one such publication will cost you up to $900. The companies say they make selections based on "humanitarian contribution" or "leadership and professional achievement," yet there's no mention of Bill Gates, Warren Buffett or other well-known philanthropists on the pages … just people who've made their living selling insurance, operating beauty salons or manufacturing ladies' clothing. The 2012 "Executives of the Year" for one registry are a retired business professor from a small Montana college and the director of a nonprofit in Chicago that helps immigrants from Asia and Eastern Europe.

The words "Who's Who" are in the public domain — any publisher can use them. There are old and reputable directories of that name that charge nothing and are truly discriminating in their selections. Some are published by professional organizations to cite notables in a specific occupation, say surgery or engineering.
But there's a whole group of less trustworthy ones that try to profit from the cachet the legit ones carry.
It's not that people listed in the vanity directories are necessarily undeserving of recognition; many are hard-working professionals making valuable contributions to society. It's just that the qualifying criteria may be less "outstanding" than what's suggested in the titles.
"In most cases," notes the Better Business Bureau, "the [publisher] doesn't turn down any nominee or entry." In fact, honorees are often recruited via mass-sent "congratulations" emails or phone calls in hopes that ego-stroking or hard-sell tactics will elicit the spending of big bucks on "memberships," commemorative plaques and/or souvenir copies. Many directories are touted for their usefulness in "networking," but they typically aren't available in libraries or bookstores, only online. — Peter Dazeley/Getty Images
The latest sales method, report some candidates: Telemarketers falsely claiming they are calling from Google Books. More accurately, a three-year-old registry is posted on Google Books, along with countless other publications.
Here's what else you should know if told you've been selected for one of these registries.

  • Your credit card may be immediately charged — "before I even received forms" to submit a biography, writes one recent selectee. "They assured me it would cost nothing; the next month there was a $700-plus charge on my credit card."


Scam Alert: Who’s Who Directories Take Your Money and Give Little Back - AARP
Posted by at

Monday, October 15, 2012

Giving the Bounce to Counterfeit Check Scams

It’s your lucky day! You just won a foreign lottery! The letter says so. And the cashier’s check to cover the taxes and fees is included. All you have to do to get your winnings is deposit the check and wire the money to the sender to pay the taxes and fees. You’re guaranteed that when they get your payment, you’ll get your prize. There’s just one catch: this is a scam. The check is no good, even though it appears to be a legitimate cashier’s check. The lottery angle is a trick to get you to wire money to someone you don’t know. If you were to deposit the check and wire the money, your bank would soon learn that the check was a fake. And you’re out the money because the money you wired can’t be retrieved, and you’re responsible for the checks you deposit — even though you don’t know they’re fake. This is just one example of a counterfeit check scam that could leave you scratching your head. The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake. These fakes come in many forms, from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.

Fake Checks: Variations on a Scheme

Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams (as described above), check overpayment scams, Internet auction scams, and secret shopper scams.
Check overpayment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks. Here’s how it happens:
A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.
In secret shopper scams, the consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.
Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.

You and Your Bank — Who is Responsible for What?

Under federal law, banks must make funds available to you from U.S. Treasury checks, official bank checks (cashier’s checks, certified checks, and teller’s checks), and checks paid by government agencies at the opening of business the day after you deposit the check. For other checks, banks must similarly make the first $100 available the day after you deposit the check. Remaining funds must be made available on the second day after the deposit if payable by a local bank, and within five days if drawn on distant banks.
However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.

Protecting Yourself

Here’s how to avoid a counterfeit check scam:
  • Throw away any offer that asks you to pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.
  • Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
  • Know who you’re dealing with, and never wire money to strangers.
  • If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don’t send the merchandise.
  • As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. There may be a charge for an escrow service. If the buyer insists on using a particular escrow or online payment service you’ve never heard of, check it out. Visit its website, and read its terms of agreement and privacy policy. Call the customer service line. If there isn’t one — or if you call and can’t get answers about the service’s reliability — don’t use the service. To learn more about escrow services and online payment systems, visit ftc.gov/onlineshopping.
  • If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.
  • If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.
  • Resist any pressure to “act now.” If the buyer’s offer is good now, it should be good after the check clears.

If You Think You’re a Victim

If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:
  • The Federal Trade Commission Visit ftc.gov or 1-877-FTC-HELP (1-877-382-4357). • The U.S. Postal Inspection Service Visit www.usps.gov/websites/depart/inspect or call your local post office. The number is in the Blue Pages of your local telephone directory.
  • Your state or local consumer protection agencies Visit www.naag.org for a list of state Attorneys General, or check the Blue Pages of your local telephone directory for appropriate phone numbers.

For More Information

The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Giving the Bounce to Counterfeit Check Scams
Posted by at
Subscribe to: Posts (Atom)