Posts Tagged ‘scams’

Earlier this month we talked bout “scareware“. One such attack recently was perpetrated through the popular social networking site Twitter. In fact, this week I have witnessed several different phishing schemes on Twitter.

1. Scareware Scam: Scammers were found to be using machine-generated Twitter accounts to post messages about popular topics. Each of these messages would include a link, often disguised using a link-shortening service (making it difficult to know where the link would lead). The link would lead to servers hosting fake Windows antivirus software.

2. DMs that Steal Logins: This second scam would use hacked accounts to send direct messages (DMs) to users. Clicking the link in the scam would take you to a fake login page in a ploy to steal your login information. This scam would then perpetrate to all the friends of the compromised account. Receiving direct messages with links from “friends” increases the likelihood these links will be clicked.

3. Baiting Users: I have witnessed attempts by several auto-generated accounts to bait particular users. To do so, they will accuse the user of something, such as a political stance, in repeated @ messages. This will be retweeted or continued by a whole series of other accounts. In all cases, the accounts will have other “real” looking tweets with links in them, trying to bait you to check the account and click the links.

In reference to the second scam, I know of individuals who had their accounts breached without handing over their passwords, so it’s imperative that anyone who has received direct messages with links not click those links. If you do, change your password right away and contact Twitter support to report the issue.

I myself have been baited by many of these schemes, but I never click the links. Here, for example, is one a “friend” sent me yesterday:

If you are unsure about a particular link, don’t click it. If it is a shortened URL, you can see what it leads to with a service such as LongURL. If you use Firefox and want added protection from cross-site scripting attacks, you can install the NoScript plugin.

Via mashable, computer world

We’ve been talking a lot lately about Facebook, particularly as Facebook aims to improve its security and privacy measures. A new article from Switched has laid out 5 common Facebook social engineering scams and how to avoid them. It’s a great primer on how to avoid being duped by any scan.

Aside from never clicking on suspicious or shortened links from friends (unless you expand them first), the article outlines these 5 common scams and how to avoid them:

1. 419 Scams - your friends’ accounts may be hijacked if you receive any message from them claiming to be desperate for cash. Always talk to your friend by some non-web-based means to confirm if they really are in need first!
2. Hidden Fee Apps – You should never have to submit your cell phone number or other personal information in order to unlock features or receive quiz results from any application
3. Fake Login Pages - they may look real, but if you get an email asking you to log into Facebook, make sure you’re actually at Facebook, not following some link (particularly if the link leads to anywhere other than Facebook.com).
4. Malware Links - If you receive messages from friends with links, beware. There is a chance that account has been hijacked and you’re being sent to malicious sites that could then steal any personal info on your computer.
5. Facebook Apps that are Malware – Yes, even the applications themselves can be dangerous! Some may even mimic valid applications, sending you realistic messages such as a notification that someone has left a message on your wall. Like with #3, their goal is to get you to a fake login page. So, look for anything weird in these emails (odd icons, poor grammar, invalid links).

There are many websites featuring this list. For more comprehensive details about these scams and how to avoid them, you can check out PC World. Another variant of the same theme can be found at CSO Online, which also includes tips to avoid Twitter scams.

If you do find yourself a victim of a scam on Facebook, it’s best to alert Facebook administrators with all of the details of the scam.

Earlier in December, McAfee released their 4th annual Virtual Criminology Report, which outlines trends in global cybercrime. The report indicated that cybercriminals quickly shifted tactics to take advantage of emotional “hot ticket” items such as the economic recession. Botnets alone are capable of sending 100 billion spam messages per day, an infrastructure that is making it easier and more lucrative for cyber criminals to stay hidden.

Banking scams emerged soon after banks started to struggle during the start of the recession. Cybercriminals are taking advantage of the fear and uncertainty of this by asking users to “update account information” before their bank merged, for example. Targeted scams emerge as early as a day after news breaks, as they did also during the presidential race this year. In addition to a shift in tactics, the report indicates that criminals are becoming more aggressive:

“With almost all of today’s malware being financially motivated, even cybercriminals are looking for more business in tough economic times and are really stepping up their game.”

Analysts say these trends point out that cybercriminals are getting faster and smarter than ever before. Also tapping into fear that’s the result of the economic downturn, there has been an increase in scammers luring customers into “internet sales” jobs that are end up assisting cyber criminals in things such as money laundering. Some examples of various recent scams of these sorts can be found on the Avert Labs blog.

As with all security problems, with both consumers and the corporate environment, the solution to these issues comes by combining education with technology:

“Technology alone cannot solve the problem. Education alone cannot solve the problem. Both combined, however, can enable us all to use the Internet the way we want.”

In addition to these measures, the report strongly encourages governments to step up in fighting cybercrime. Law enforcement at every level has been ad-hoc and incapable of coping with cybercrime, with issues in cross-border law enforcement making the issues worse.

Download the McAfee Virtual Criminology Report here. And, along similar lines, the Anti-Phishing Working Group has published their quarterly report, indicating that the use of malware on websites to steal passwords and other sensitive information is at an all-time high.

The FBI is also reminding people to be aware of holiday-themed scams criminals are using to steal personal information and/or money. Be aware of greeting e-card scams, spoofing and phishing scams. They remind you not to respond to unsolicited email, not to click on links or attached files, to keep private information to yourself, and to verify with the business the email is supposedly from, just in case.

The Federal Trade Commission (FTC) is warning victims of Hurricane Ike and Gustav, and donors to the recovery, to beware of identity theft scams.

The FTC works to prevent fraudulent, deceptive and unfair business practices, and to educate consumers about these practices. One such warning involves being extra cautious in the wake of current events, particularly those that pull at your heart strings. Many people will take advantage of natural disasters like Ike and Gustav to create bogus fund-raising operations.

The FTC advises consumers to give to charities that have been around for some time, as they are best prepared to delivery assistance, and to ensure (among other things) that you are donating to the charity you intended to. They recommend a checklist of things to do to prevent becoming a victim of fraud.

In addition to charity fraud, victims of Hurricane Ike and Gustav are cautioned against becoming victims of home repair fraud. They recommend taking the time to check the references of your contractors and to be responsible with your payment process. The FTC reminds consumers not to sign an insurance check over to a contractor.

In order to get relief benefits or replacement documents, victims of the hurricanes will need to share personal information. Be cautious of scams of people claiming to be government officials - check their IDs and know that the government never charges application fees.

Here are some resources from the FTC:

• FTC Charity Checklist – to ensure your donation dollars benefit the people and organizations you want to help
• FTC Hurricane Recovery Resources (Charity Fraud, Home Repair Fraud, Identity Protection)
• Hurricane Recovery Consumer Information – more information about a slew of scams to beware of

Via MarketWatch ; Image: NASA by Jesse Allen