Avoid OnLine Internet Scams: 2009

Tuesday 8 December 2009

Holiday Shopping Tips

This holiday season the Federal Bureau of Investigation (
FBI) is reminding people that cyber criminals continue to aggressively
create new ways to steal money and personal information. Scammers use many techniques
to fool potential victims including fraudulent auction sales, reshipping merchandise
purchased with a stolen credit card, and sale of fraudulent or stolen gift cards
through auction sites at a discounted price.

Fraudulent Classified Ads or Auction Sales

Internet criminals post classified ads or auctions for products they do not have.
If you receive an auction product from a merchant or retail store, rather than directly
from the auction seller, the item may have been purchased with someone else's stolen
credit card number. Contact the merchant to verify the account used to pay for the
item actually belongs to you.

Shoppers should be cautious and not provide financial information directly to the
seller, as fraudulent sellers will use this information to purchase items for their
scheme from the provided financial account. Always use a legitimate payment service
to protect purchases.

As for product delivery, unfamiliar Web sites or individuals selling reduced or
free shipping to customers through auction sites many times are deemed to be fraudulent.
In many instances, these Web sites or sellers provide shipping labels to their customers
as a service. However, the delivery service providers are ultimately not being paid
to deliver the package; therefore, packages shipped by the victims using these labels
are intercepted by delivery service providers because they are identified as fraudulent.

Diligently check each seller's rating and feedback along with their number of sales
and the dates on which feedback was posted. Be wary of a seller with 100% positive
feedback, if they have a low total number of feedback postings and all feedback
was posted around the same date and time.

Gift Card Scam

Be careful about purchasing gift cards from auction sites or through classified
ads. If you need a gift card, it is safest to purchase it directly from the merchant
or another authorized retail store. If the gift card merchant discovers the card
you received from another source or auction was initially obtained fraudulently,
the merchant will deactivate the gift card number and it will not be honored for
purchases.

Phishing and Smishing Schemes

Be leery of e-mails or text messages you receive indicating a problem or question
regarding your financial accounts. In this scam, you are directed to follow a link
or call the number provided in the message to update your account or correct the
problem. The link actually directs the individuals to a fraudulent Web site or message
that appears legitimate where any personal information you provide, such as account
number and PIN, will be
stolen. Another scam involves victims receiving an e-mail message directing the recipient
to a spoofed Web site. A spoofed Web site is a fake site or copy of a real Web site
and misleads the recipient into providing personal information, which is routed
to the scammer's computers.

Tips

Here are some tips you can use to avoid becoming a victim of cyber fraud:

* Do not respond to unsolicited (spam) e-mail.
* Do not click on links contained within an unsolicited e-mail.
* Be cautious of e-mail claiming to contain pictures in attached files, as the files
may contain viruses. Only open attachments from known senders. Virus scan the attachments
if possible.
* Avoid filling out forms contained in e-mail messages that ask for personal information.
* Always compare the link in the e-mail to the link you are actually directed to and
determine if they actually match and will lead you to a legitimate site.
* Log on directly to the official Web site for the business identified in the e-mail,
instead of "linking" to it from an unsolicited e-mail. If the e-mail appears to
be from your bank, credit card issuer, or other company you deal with frequently,
your statements or official correspondence from the business will provide the proper
contact information.
* Contact the actual business that supposedly sent the e-mail to verify if the e-mail
is genuine.

Provided by Link from FBI & IC3.

This Christmas protect yourself better .

Thursday 3 December 2009

Fake H1N1 (Swine Flu) alerts lead to malware

Article taken from zdnet.com

Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.

The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile. During this process, a malware file gets planted on the user’s machine.

This US-CERT advisory contains some of the e-mail subject lines being used in the spam run. Some examples:

“Governmental registration program on the H1N1 vaccination”
“Your personal vaccination profile.”

According to researchers at AppRiver, the scam tricks computer users into believe they are part of a “State Wide H1N1 Vaccination Program” and are required to create a vaccination profile on the CDC website.

“The link provided in the email takes you to a very convincing looking imitation of a CDC web page where you are given a temporary ID and a link to your ‘vaccination profile’. The link is in fact…an executable file that contains a copy of a Trojan most commonly identified as xpack or Kryptik…once installed on your PC, this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization. It also enables a remote hacker to take complete control of your computer.”

AppRiver says the messages are being received at a rate of 18,000 per minute, more than one million per hour.

Here’s a look at the fake spoofed CDC Web site being used in this attack:

Monday 23 November 2009

Vodafone Hoax - AVOID IT

Hi Everyone,
There is an phishing email in circulation:
To: undisclosed-recipients
Subject: Vodafone Internet Team

Attn

We are happy to bring to your attention that our income of the year 2009 more than 983.34 Million dollars.
We have to allow our customers to use our service for free this December 2009 and also increase your email storage size with additional 5G.

Click the below website to activate.

(the link shows www. formspring . com)

Login to activate your email immediately.

Thanks,
Vodafone Internet Team

When Googling this "Formspring" web service it explains:
FormSpring gives businesses and organizations an easy way to build any type of online form, integrate it with their website and begin collecting data. Once you have started collecting that data you can use the information you gathered in our online database or export it. With FormSpring anyone can build all types of web forms, collect data online and do it simply and efficiently.

The sender was from online944641@telkomsa.net.

The Purpose of this Phishing email is to gather email addresses and passwords.

Do not action the request. This is not from the Vodafone Internet Team

Thanks
Amys

This post was first published in the official Vodafone Forums and it is 100% phising. Do not reply , do not get excited and be sure that Vodafone IS NOT sending this hoax email to you.

Thank you very much , jave a nice day and .... Avoid IT !!!!

E-mail Scams Archieve - Examples

Avoid These E-mails at all times .

These are some examples of e-mail frauds that succeded in the past. Read them to understand how do they want to cheat you. Whenever I am reading those I wonder how many people could have fallen for these scams ... Get Informed !!! Get Smart ... AVOID THEM ALL ...

Hello ,
Thanks for your mail back concerning the inquiry mail i sent to you.
The price,condition also the pics i viewed is okay by me .And my client
confirm there is no problem about the price($975 ) ,my client do pays with
a {USA}cashier check,he has agreed to mail out as bank cashiers check of
$3500. to you on my behalf to cover the shippment fees.About the shippment,
that we be taken care by my me & my personal assistant,my personal assistant
will be using his shipper to do the quick processing of the shipping of
the(1987 Toyota Celica) to my client.
So all you are to do after you will received the check in your mail,
Just take out your sale amount and refer the remaining money to my shipper
immediately through the westernunion or the money gramm outlet so to get the
money fast and start the fast arrangement for the pickup of the
(1987 Toyota Celica).Since you are the original owner of this item,and i
am buying the item directly from you i will like you to write your full name
to be on the check,with the mailing address which my client will be using
to issued out the check to you.I do wish to trust you by refering the rest
balance back to my shipper and also your fast doing to this transaction.
I will like to hear fromyou if this is okay by you and you are ready to
process ,if you aready to sale your item and promise refering the rest
balance to my shipper immediately you received the check so can start the
quick arrangement for the pickup. Any body that want to buy this item
this item just tell therm that it as been sold. I will like to copmplete
this transaction befor the new year. I be at my computer waiting to see
your epky to my payment method mailed.
THANKS AND MAIL ME BACK WITH YOUR DETAIL AS SOON AS POSSIBLE.

>   Thanks for getting back to me,i will be
>purchasing the motorbike Like i said earlier i am based in the
>netherlands(holland).there won't be any probs about the shipment,after
>payment ,the pick up will be made at your place. i have made arrangements
>with the prepaid shipping company. As regards payment,this is what i am
>going to do;I have a client in ENGLAND who is owing me 5800POUNDS i would
>instruct him to make out a money order/certifiedcheck to you in that
>amount and as soon as it clears your bank. you can now deduct your money
>from it and send me my balance,i will using use part of the money to pay
>for the shipping and other expenses .you will then send my balance by via
>western union money transfer.Although the value of the check is more than
>the asking price but i think i should be able to trust you with my
>balance. The reason why i am doing this is that it would take a check
>sent from over here in HOLLAND 21days to clearover there,whereas a check
>sent from the US would clear tops within 48hrs. So i would like you to
>deduct the western union charges from my balance.So if my terms are
>acceptableto you,i would like you to give me your fullname,address and
>phone number so that i can instruct my client to make out the check to
>you.  Pls get back to me as soon as you get this mail so that we can
>round things up in a timely fashion..i willbe trusting in this business
>transaction.

> Good day
> i am an auto dealer based in TAIWAN,i am interested in buying your
> ( 1989 Jetta GL 4 door  )I will like to know if you would accept
> acertified cashier check for the payment of the,i also need to
> know the price and your full name and address including your
> phone is also needed in which payment will be sent to . i have a
> shipping company who takes cares of my shippment .So don't bother
> about the shippment.I will also like to know if is still in good
> condition and
> shape.urgent response is needed for procedure of payment of the (
> 1989 Jetta GL 4 door )
> REGARD

> Thanks for your mail,Since the cost of your bike is $800 i just contacted
my client about the cost of your bike and it present condition and he said
there is no problem about that.So my client said he will be issuing you a
Certified Check of $4000 while you wire 3000 to me through Western Union
Money Trasfer and you deduct the cost of your bike $800 and keep the
remaining $200 which my client said you should take for the terms of
Transaction and Agreement between you and my client.So i will like you to
send me your full contact information to where my client will be sending you
> the Certified Check like this:
> name.........
> full address.............
> city...............
> state.............
> country..........
> zipcode............
> cell/office/home phone number.......................
> I will look forward to the requested information as soon as  possible so
that the check can be sent out to you immediately  And do get back to me
with the Pics of the bike so tha! t my client will  be Able to see What he
is paying off.Get back to me immediately. Looking torwards your
> respond,
> Best Regards.

Good day
i am an auto dealer based in TAIWAN,i am interested in buying your
( Comic book collection - 500 comics  )I will like to know if you
would accept acertified cashier check for the payment of the,i also
need to knowthe price and your full name and address including your phone
is alsoneeded in which payment will be sent to . i have a shipping
company who takes cares of my shippment .So don't bother about the
shippment.I will also like to know if is still in good condition
and shape.urgent response is needed for procedure of payment of the (
Comic book collection - 500 comics )
REGARD

Got Attacked ??? Inform the appropriate agencies NOW .

You don't know who to inform if you find out a scam or a fraud. You want to immediately take actions against those who tried to steal from you ? The following List contains of all the appropriate agencies that you should report your frauds and scams.

If, for some reason, you are not able to e-mail them or can't recognise which one you should use; Send an e-mail to me ( symeonlaf@googlemail.com) and all the appropriate actions will be taken. Be smart !! Be one step ahead , be smarter .

Saturday 21 November 2009

Another Windows 7 Scam - E-Mail Fraud

Lately I've been targeting my posts on the new Windows 7 release. People or companies that want to damage you are taking the opportunity of this massive release to update their list of victims. For those that have already installed and/or updated to Windows 7 you might be enticed by an e-mail that wants you to confirm your Windows 7 Licence so that you MS Office will be activated. Something like that is not needed and you will be redirected to a malicious virus included web site.

AVOID THIS E-MAIL :

Subject: Email List -- Requires Confirmation
From: "Microsoft Office for Windows 7"
Date: Tue, 17 Nov 2009 12:00:29 -0800
To: <*******@imail.losrios.edu>
Priority: Normal
Message Header | Printable Version
[Plain Text]
Dear ,
Click the link below to automatically confirm your subscription to the Microsoft Office for Windows 7 Email List:
Confirm Your Subscription You have 30 days to submit your confirmation. If you do not want to join, simply do not respond. To find out the exact date and location your email address was entered, follow the link below:
How was I added? If you think your email address may have been used without your consent, follow the link below: Report Abuse Thank You, Microsoft Office for Windows 7

Avoid this scam and have a beautiful day !!

Friday 20 November 2009

1 More Windows 7 Scam !!!

Today I came across this website www.windows7giveaway.com which promises to give away a free copy of windows 7 ultimate if you pay $25 as the shipping cost. This looks like a very attractive deal. One of our friends from Pune startups group took the initiative to verify it from Microsoft and here is what they have to say.

“Dear Sir,Thank you for your e-mail concerning the Microsoft lottery. We would like to confirm this is a hoax website and did not originate from Microsoft. Microsoft does not have any connection whatsoever with this alleged lottery. It’s unfortunate that some people have chosen to abuse the freedom that the internet offers by conducting fraudulent activity. Privacy and security are very important to Microsoft. For more information please visit the following website:

http://www.microsoft.com/security/lottery/default.mspx

Yours sincerely,

Microsoft UK”
Avoid using offers like that and always remember that there is nothing given for free nowadays. Note that you can also report scams for Microsoft products on http://go.microsoft.com/?linkid=9661492
Have a nice day, take care and ... Don't fall for that !!!

Tuesday 17 November 2009

URGENT NOTICE - DO NOT RESPOND

This came out by Internet Crime Complaint Center (IC3)on the 27th of Octomber.

Spammers Continue To Abuse The Names Of Top Government Executives By Misusing The Name Of The United States Attorney General
As with previous spam attacks, which have included the names of high-ranking FBI executives and names of various government agencies, a new version misuses the name of the United States Attorney General, Eric Holder. The current spam alleges that the Department of Homeland Security and the Federal Bureau of Investigation were informed the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.

Do not respond. These e-mails are a hoax.

Government agencies do not send unsolicited e-mails of this nature. The FBI, Department of Justice, and other United States government executives are briefed on numerous investigations, but do not personally contact consumers regarding such matters.
In addition, United States government agencies use the legal process to contact
individuals. These agencies do not send threatening letters/e-mails to consumers
demanding payments for Internet crimes.
Consumers should not respond to any unsolicited e-mails or click on any embedded
links associated with such e-mails, as they may contain viruses or malware.
It is imperative consumers guard their Personally Identifiable Information (PII). Providing your PII will compromise your identity! If you have been a victim of Internet crime, please file a complaint at www.IC3.gov.

For previous PSAs concerning e-mail scams targeting the FBI and other government
agencies:

* http://www.ic3.gov/media/2008/081210.aspx
* http://www.ic3.gov/media/2008/081205-1.aspx
* http://www.ic3.gov/media/2008/081016.aspx
* http://www.ic3.gov/media/2008/080606.aspx
* http://www.ic3.gov/media/2008/080508.aspx
* http://www.ic3.gov/media/2008/080606.aspx
* http://www.ic3.gov/media/2007/071214.aspx
* http://www.ic3.gov/media/2007/070717-2.aspx
* http://www.ic3.gov/media/2007/070717-3.aspx
* http://www.ic3.gov/media/2007/070627.aspx
* http://www.ic3.gov/media/2006/061018.aspx
* http://www.ic3.gov/media/2006/061013-2.aspx
* http://www.ic3.gov/media/2006/060724.aspx
* http://www.ic3.gov/media/2005/051201.aspx
* http://www.ic3.gov/media/2005/051122.aspx

It is important that you understand the urgency on informing people about this scam. Do not fall for that !!!

Windows 7 Scam !!! Watch Out

As I promised to inform you about the newest on line scams I announce this one. There is a new trend on receiving e-mails offering you free copies of Windows 7 FOR FREE ... As you all know , nothing is FOR FREE ... So , don't fall for that either cause the redirected link that the email is going to send you is probably a malicious one. People are trying to magnetize others to their viruses and spyware websites and they will try to reach for you with every method you can imagine. So , don't follow any link that protests for a free copy of Windows 7 among with their serial numbers cracks etc...

Another so called , Windows 7 Scam is the fact that some other bloggers announce windows 7 as a backturn to Windows XP ... Or Windows Vista SP 2.1 .... None are true and since there is no objectivity on blogging anyone can right anything. Just be aware that Windows 7 is a completely new OS and as every new software it might have some bugs. Personaly I'll update to Windows 7 the day that the 1st big update will come up.

See ya, Jave a nice day and ,,, DON'T FALL FOR THAT.

Saturday 14 November 2009

The Top 10 Internet Scams

We've been analysing some of the most successful online scams but lets see the official Top 10 List of those by www.419fraud.com .

The Top 10 Internet Scams

Recently there were 251 law enforcement actions taken against online scammers as a result of a yearlong law enforcement effort targeting Internet scams. The effort included 5 separate law enforcement U.S. agencies working with consumer protection organizations from 23 states and 9 different countries (including the United States FTC, Canadian and Australian law enforcers, and the United Kingdom's Department of Trade and Industry and Office of Fair Trading). Using a database of more than 285,000 consumer complaints established and maintained by the Federal Trade Commission, the Top Ten Internet Scams were:

1. Multi-level Marketing/Pyramid Scams

2. Health Care Frauds

3. Internet Web Site Design/Promotions - Web Cramming

4. Travel/Vacation Fraud

5. Internet Auction Fraud

6. Business Opportunities and Work-At-Home Scams

7. Investment Schemes and Get-Rich-Quick Scams

8. Internet Information and Adult Services - Credit Card Cramming

9. Telephone/Pay-Per-Call Solicitation Frauds (including modem dialers and videotext)

10. Internet Service Provider Scams

I bet everyone has received the common e-mail with the poor :P Nigerian prince that cant take his money from his Nigerian bank and wants you to help him . Just watch the video and you'll get the point.
DON'T FALL FOR NOTHING !!!

http://www.youtube.com/watch?v=Q0e-pPfITts&feature=PlayList&p=76A0910978C6A4A2&playnext=1&playnext_from=PL&index=7

Avoiding Online Job Scams: Critical Tips for Job Seekers

Amazing article published in www.privacyrights.org with the permission of with permission of Pam Dixon World Privacy Forum. Really good information with e-mails and phone numbers if you want to submit a potential internet fraud. Take a few minutes and read it.

Job seekers who use online job search web sites must be careful to avoid a type of job scam in which the applicant is asked to accept payment to his or her own bank account. These are known as payment-forwarding or payment-transfer scams.

Payment-transfer scams involve a con artist who pretends to be an employer. The con artist uses a job ad to lure an unsuspecting job seeker, or they may use information from a resume they have found online. Such con artists can be quite convincing, and may even steal company names and corporate logos to convince victims that they are legitimate employers.

After the con artist has won the job seeker's trust, the con artist tricks the job seeker into giving up bank account numbers. The reasons given for this can be clever. One ploy is to tell the job seeker they can only deliver paychecks by "direct deposit.

"The "job" a job seeker will be asked to do involves forwarding or wiring money from a personal bank account, a PayPal account, or from Western Union to another account. The other account is often overseas. As part of their pay, the job seeker is instructed to keep a small percentage of the money as their payment. Sometimes the payment for making the money transfer is as low as $15. Sometimes it is as high as several hundred or several thousand dollars. Almost always, the money the victims are transferring is stolen, and therefore, the victims are committing theft and wire fraud. Usually, this kind of scam involves at least two or three victims.

There are many variations of payment-forwarding scams. Following are very simple tips that will go far to protect you from falling victim with some clarifications noted below. Again, this scam can be quite clever and refined.

1. Do not give personal bank account, PayPal account, or credit card numbers to an employer.

2. Do not agree to have funds or paychecks direct deposited to any of your accounts by a new employer.

3. Do not forward, transfer, or "wire" money to an employer.
4. Do not transfer money and retain a portion for payment.

Legitimate employers do not usually need your bank account numbers. While direct deposit of a paycheck is a convenience, if that is the only option an employer offers, then you should not accept the job. A legitimate employer will give you the option of direct deposit, but not demand that it is used. You should wait until you have met the employer in person before agreeing to a direct deposit option.

There is one exception to this: the U.S. government typically does require that employees agree to direct deposit. If you have been interviewed in person, and you are sure that you are dealing with a government agency, then agreeing to direct deposit is not a problem. Also, if you have been working for an employer for a while and you are very sure about their legitimacy, then agreeing to a direct deposit is usually fine. This is especially true if you have received a number of paychecks from the employer and you have met the employer in person. "Work from home" and telecommuting jobs are most at risk when agreeing to direct deposit, especially from brand new employers. Use caution and good sense.

Regarding payment transfers, while some jobs may require an employee to make transfers for employers, legitimate employers making this request will go to extraordinary efforts to check the job seeker prior to making the hire. This would involve meeting the jobseeker in person and conducting rigorous interviews. This kind of job hire would not be made via email or even the telephone or a single meeting. And a legitimate employer would typically ask you to make transfers from their business accounts, not yours. You need to draw a line and understand that transferring money for employers from your personal bank account or personal PayPal account is off-limits, period.

Known Red Flags

Payment-forwarding scams contain certain "red-flags" that should alert you to fraudulent job ads. Here are the known red flags:
bullet

Request for bank account numbers.

Request for Social Security number (SSN).

Request to "scan the ID" of a job seeker, for example, a drivers' license. Scam artists will say they need to
scan job seekers' IDs to "verify identity." This is not a legitimate request.

A contact email address that is not a primary domain. For example, an employer calling itself "Omega Inc." with a Yahoo! email address.

Misspellings and grammatical mistakes in the job ad.

Monster.com lists descriptive words in job postings that are tip-offs to fraud. Their list includes "package-forwarding," "money transfers," "wiring funds," "eBay," and "PayPal." World Privacy Forum researchers also found that the terms "Foreign Agent Agreement" often appears in contracts and emails sent to job seekers.

Please see Appendix A (http://www.worldprivacyforum.org/jobscamreportpt1.html#appendixA) in the World Privacy Forum report for examples of what the emails and contracts for this kind of money transfer scam look like. The Timeline (http://www.worldprivacyforum.org/jobscamtimeline.html) has multiple examples of what the fraudulent job ads look like.

Most Effective Steps for Victims of Job Scams

Unfortunately, not everyone will escape job fraud in time. Job seekers who are victimized by payment-forwarding scams are advised to take the following steps.

1. Close all bank accounts at the bank where the scam took place. It is a good idea to change banks to avoid "social engineering" attempts by the con artists to fool bank workers into giving out new account information.

2. Order a credit report from all three credit bureaus every 2 to 3 months. Watch the reports for unusual activity. If you have given your SSN to the fraudster, we advise that you place fraud alerts on your three credit reports - Experian, Equifax, and TransUnion. For information on how to establish fraud alerts, read Privacy Rights Clearinghouse Fact Sheet 17a on identity theft, http://www.privacyrights.org/fs/fs17a.htm.

3. Victims of payment-forwarding scams should contact their local Secret Service field agent. The Secret Service handles complaints of international fraud. Fraud victims should also file a police report with local law enforcement officials as well.

4. Victims should report the company name, the job posting, and all contact names to the job sites where the scam was posted.

5. Victims should permanently close all email addresses that were associated with the job fraud.

Visual examples of what the fraudulent jobs look like, and what these scams look like in action are at http://www.worldprivacyforum.org/umabtips.html

Resources

For updated tips on online jobseeking safety, consult this publication on the web site of the World Privacy Forum web site: "Job Seekers' Guide to Resume Databases: Twelve Resume Posting Truths," at
www.worldprivacyforum.org/resumedatabaseprivacytips.html

First Report on Bogus Job Ads

The original consumer report relating to payment-forwarding job scam, issued in December 2003 by the World Privacy Forum, may be found at http://www.worldprivacyforum.org/consfraudalert1.html.

FTC Complaint Line

Call this number to file a complaint about fraudulent jobs posted on an online job search web site. (877) 382-4357.
bullet

To file a complaint online, go to www.ftc.gov.

Fact Sheet with Privacy Tips for Online Job Seekers
bullet Fact Sheet 25, "Online Job Search Web Sites: Tips to Safeguard Your Privacy," http://www.privacyrights.org/fs/fs25-JobSeekerPriv.htm

Consumer Agencies in Your Area
bullet To find a consumer agency near you, visit the U.S. government's Consumer Assistance Directory at www.consumeraction.gov/state.shtml

Credit Bureaus
To order your credit reports:

Equifax: (800)-685-1111

Experian: (888) 397-3742

TransUnion: (800) 888-4213

To place a fraud alert on your credit reports:

Equifax: (888) 766-0008

Experian: (888) 397-3742

TransUnion: (800) 680-7289

Have a good day . And as always , Have fun .

Saturday 7 November 2009

Facebook Threats & Scams

As we are all using Facebook systematically we understand that we are risking facing a number of threats. Nowadays people are starting to understand the potential threats of social engineering. Its nasty, wild and people have faced numerous issues with their accounts, others impersonating them or loosing information. We should take this as a notice and keep finding ways to close the gaps in our security measures.

Following , an interesting article by: Nicole Kobie, 7 Nov 2009

“Facebook faces more trouble this week, as security threats make their way across the social networking site.

The latest is a variant of the Koobface worm, which targets all the major social networking sites, including Facebook.

Rik Ferguson, a security researcher from Trend Micro, explained in a blog post that he received a message via Facebook, directing him to a video. “The link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from,” he said.

“In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering.”

The site prompts visitors to download a setup.exe file, which in fact holds the Koobface worm. “The worm connects to a respective site using login credentials stored in the gathered cookies,” Ferguson explained. “It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded.”

Ferguson warned users “to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity.”

The worm follows previous security woes over the past week, including a pair of rogue applications which sent an error message to users of the site. The site also made headlines after changing its terms.

Rob Cotton, chief executive of NCC Group, said users of such sites need to learn to be wary. “The friendly, open nature of social media sites such as Facebook makes them easy targets for hackers as users are very trusting of the content.”

“As web 2.0 applications become more mainstream, it is vital that people start to ask questions about where the content and applications are coming from,” Cotton added. “We are all careful now about shredding our personal post at home, but we are dangerously unaware of the information we are handing out to online criminals.”

Watch out for these kind of scams and have a nice day.

Tuesday 1 September 2009

Credit Card Fraud: 21 Tips to Protect Yourself

1. Keep an eye on your credit card every time you use it, and make sure you get it back as quickly as possible. Try not to let your credit card out of your sight whenever possible.
2. Be very careful to whom you give your credit card. Don't give out your account number over the phone unless you initiate the call and you know the company is reputable. Never give your credit card info out when you receive a phone call. (For example, if you're told there has been a 'computer problem' and the caller needs you to verify information.) Legitimate companies don't call you to ask for a credit card number over the phone.
3. Never respond to emails that request you provide your credit card info via email -- and don't ever respond to emails that ask you to go to a website to verify personal (and credit card) information. These are called 'phishing' scams.
4. Never provide your credit card information on a website that is not a secure site.
5. Sign your credit cards as soon as you receive them.
6. Shred all credit card applications you receive.
7. Don't write your PIN number on your credit card -- or have it anywhere near your credit card (in the event that your wallet gets stolen).
8. Never leave your credit cards or receipts lying around.
9. Shield your credit card number so that others around you can't copy it or capture it on a cell phone or other camera.
10. Keep a list in a secure place with all of your account numbers and expiration dates, as well as the phone number and address of each bank that has issued you a credit card. Keep this list updated each time you get a new credit card.
11. Only carry around credit cards that you absolutely need. Don't carry around extra credit cards that you rarely use.
12. Open credit card bills promptly and make sure there are no bogus charges. Treat your credit card bill like your checking account -- reconcile it monthly. Save your receipts so you can compare them with your monthly bills.
13. If you find any charges that you don't have a receipt for -- or that you don't recognize -- report these charges promptly (and in writing) to the credit card issuer.
14. Always void and destroy incorrect receipts.
15. Shred anything with your credit card number written on it.
16. Never sign a blank credit card receipt. Carefully draw a line through blank portions of the receipt where additional charges could be fraudulently added.
17. Carbon paper is rarely used these days, but if there is a carbon that is used in a credit card transaction, destroy it immediately.
18. Never write your credit card account number in a public place (such as on a postcard or so that it shows through the envelope payment window).
19. Ideally, it's a good idea to carry your credit cards separately from your wallet -- perhaps in a zippered compartment or a small pouch.
20. Never lend a credit card to anyone else.
21. If you move, notify your credit card issuers in advance of your change of address.

A decent guide on how to avoid being scammed by web-sharks, Good Luck .
Originally posted by By Audri and Jim Lanford - Copyright © Audri and Jim Lanford.

Wednesday 26 August 2009

The Work From Home Scams , Part 2

Everyvody has faced now and then ads that tell you that it is amazingly easy to make money over the internet. Work from home ads promising you $$$$$$$$$ money . DO NOT FALL for that ...
Lets see ... These websites try to convince you by mixing the truth with lies. The truth is that , YES there are on-line marketing systems that pay you to show advertisments through your website. This requires that you do have a website . In these systems you are getting paid for the clicks on the ads they provided for you or for the number of impressions these are shown.
In order to make the amount of money these "companies" promise you , you need to have thousands of visitors in your website and most important , clicking on your ads. This is difficult for starters and cannot be the work of 1 week to create so many viewers and therefore money .

The most common scam of this category is the "Google money making bla bla bla..." Websites promising you that by buying their e-books or applications you will create a fortune with google. Google is not paying you for automated clicks on ads and they are smart enough to recognise these kind of illegal applications. So avoid any kind of online marketing system that you have to pay for. Examples to AVOID given:

Google's official website marketing system is adsense and only by using that you can have a profit. https://www.google.com/adsense/ it is not a matter of additional software the amount of money you make but just your web visitors and clicks on your ads.

There is ofcourse lots of theory behind it regarding positioning of ads , colouring and customization over the content of your website but you dont have to pay for all that. Google provides you with written tutorials and videos on how to achieve maximum effect on your revenues.
Thank you very much for your time , feel free to ask me questions on on-line products
and how this system works rather than buy random stuff over the internet.
As always , have fun and ... DO NOT FALL FOR THAT

The Work From Home Scams , part 1.

I am going to divide this part to 2 or maybe 3 sections since lots of the online scams are referring to work from home. On this part I will analyse the "Personal Development opportunities" that numerous web sites are trying to sell to us. Companies that refer to "Personal Development" "Life Coaching" "Change Your Life" "Human Excellance University" and other catchy lines are only trying to do one thing. Make money for themselves and for a limited number of people. Companies like that are
"Liberty League International" http://www.libertyleague.com/
"Ex Navy Seals" http://www.exnavyseal.com/
"Life Path Unlimites" http://www.lifepathunlimited.com/
and numerous others are occupied with making money out of you. Their "sellers" need to create a website of their own inorder to share their experiences . In order to join their foundations you have to PAY a fee and then start selling products like :
CDs & DVDs with Personal development stories , instructions, change of life lessons.
Trips to ... energy conferences in .... exotic places !!! (Don't fall for that)
and fake opportunities in general.
These products might have some appeal to 50-70 year old people who are searching for something to spend time on and not to actual career hunters. You need to invest at least an amount of 2000Euros in order to join the companies actively and start making "profit" .
Lets explain the inevitable of the operations ...
If you accept to join them and pay the entrance fee , you become a part of a team with your leader to be the guy who introduced you. He is obviously making commision out of your money and also gets a share out of your own commisions. You only start making money when your own team, starts making sales themselves. The typical pyramid financial system that is always leading to huge crashes when it fails.
In my opinion these companies might not be 100% scam but it is a good thing if you avoid all that and keep your dignity as a person. Personal development is a personal thing and noone and nothing can lead you to be someone else. This is the reason why salesmen of these kinds of products fail.

DO NOT FALL BY THE AMOUNT OF PEOPLE TALKING TO YOU
DO NOT FALL BY THE ORGANIZATION THESE PEOPLE SEEM TO BE ABLE TO PROVIDE YOU
DO NOT FALL FOR THEIR CATCHY LINES & HYPOTHETICAL SUPPORT THEY PROVIDE
DO NOT FALL FOR THE IDEA THAT YOU WILL BE MORE SUCCESFULL BY FOLLOWING THEM OR THAT YOU WILL MAKE THE AMOUNTS OF MONEY THEY TELL YOU ...

ps. in order to join them , apart from paying the entrance fee you have to introduce to them 2 new salespeople ... these can be people really close to you that in case of failure you will be in debt to them .

BE SMART
BE INNOVATIVE
and the rest will come ....

Thank you for your time .

Newest Scam - Almost fell for that ...

When job hunting you probably upload your CV in major
online HR companies in order to be found and proposed a
job. That's what I did in www.totaljobs.co.uk and the same
happened to others from other HR websites . The scam starts
with an email which has a title like :

Employment Offer [TotalJobs]‏

It is not marked as spam or part of a multiple send so you
can say that it is personalized enough and real. And you
have the following message. Copy Pasted :

"

Romad Financial Services Pty. Ltd.
94 Woodhouse Grove, Box Hill North,
VIC, 3129, Australia


Hello,
my name is John Alison and I am Romad
Financial Services Pty. Ltd. Staff manager.
We have found and reviewed your CV at totaljobs.com
and decided to offer this job to you.
Our services
When buying-selling operations via the Internet are
concerned, the buyer and the seller don’t know each
other and are placed in different corners of the
world. Therefore, it is important both to the buyer
and the seller for their transaction to be made safely.
Payment Protection means receiving money, documents,
goods (it might be both the seller’s and the buyer’s)
concerning the transaction by a reliable, experienced,
impartial person - our Payment Protection agent.
The agent will hold all the money and documents until all
the terms of the deal are satisfied and only then
release them to the intended receiver. Please, visit our
web-site for more information.
(http://www.romadfinancial.com/)
                         

Why we need Payment Protection agents
Having a Payment Protection agent in every country we can
quickly transfer funds inside a country without wasting
time on the international bank transfers, and continue
our rapid growth rather than overwhelming our own bank
account with inbound and outbound transactions leading
to severe hold times and possible service interruption.
It is time that is of significant importance to our
clients.


Career and Benefits
Your main task will be receiving money transactions to any
bank account you would like to use for the purposes of
this job; and then forwarding these transactions to the
next party of the Payment Protection process according
to our instructions. You will benefit from the commissions,
which are 5-7% of each transaction and depend on the
quantity of the completed transactions and the speed
of your work. Besides, you will be paid a basic salary
of 1500 GBP per month.
                                                                                       

For your convenience there will be no paychecks, your
commission will remain in your account after every
successfully completed transaction. The money transfer
fee is not included in your commission, meaning that you
will deduct it from the received amount, not from your
commission. Also you receive 5-7% of the transaction amount.
Normally the amounts that we process vary from 2,000 GBP
to 10,000 GBP , but can go higher on special occasions.


Job details
As the financial activity in your area is not too high,
a Payment Protection agent will be processing approximately
1-2 transactions per week. Each transaction requires
approximately 4-5 hours of the agent work. Our manager
always calls the agent beforehand to provide all the
instructions. Therefore, with the due time management,
the agent is able to combine this job with other
activities (e.g. primary job or studies).
                                                                                                                                   

If you are ready to proceed, please provide your AVAILABLE
phone number to our hiring manager (Charles McAlister) at
hiring@romadfinancial.com

Please do not hesitate to contact us if you need more
information.

--
Sincerely yours,
John Alison,
Romad Financial Services Pty. Ltd.
visit us at http://www.romadfinancial.com/
"



I didn't get too excited to see that but instantly checked on the
information of the company.Checked the information on the link
they provided me and ..... Everything was appearing to be correct.
I even made a call to australia to check with the IRS for the dignity
and safety to acompany with them ... The IRS gave me the correct
information from the company that appears to be prestigous and
legal. The scam ...

"THE LINK THEY PROVIDE YOU IS NOT REAL AND SENDS
YOU TO AN EXACT REPLICA OF THE WEBSITE'S LAYOUT"

I actually was convinced that this was the same company
website and then responded positively to their "Interest"
And then I got an email from mr. . . McAlister .

"Thank you for showing your interest in our organization.

1) In order to find more information about the Payment
Protection Agent
job on our website, please visit the links below:
http://romadfinancial.com/aboutprot.php
http://romadfinancial.com/protstage.php

2) To join our team now, you have to confirm your intention
by filling &
signing the Agent Agreement.
You may download it here:
http://romadfinancial.com/PaymentProtectionAgentEU.pdf

3) If you agree with ALL conditions of the Agent Agreement,
please fill in
the registration form online at
http://romadfinancial.com/registration.php

4) Send us a scanned copy of your ID or DL.
NOTE: This is for the security and identification purposes.


Thank you for choosing Romad Financial Services Pty. Ltd.

--
Sincerely yours,
Charles McAlister
Romad Financial Services Pty. Ltd.
hiring@romadfinancial.com
Visit us at http://www.romadfinancial.com/ "

After that, they called me over the phone to get more
details about me and more information. 
After a research I've done over the network these guys
actually use you & your bank account for either
money laundring and other illegal procedures. Avoid
contacting them and avoid talking to them .

Thank you for your time , I hope this will be helpful and
will make you avoid one more scammer.