Fake CUA Email

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

Microsoft Does Not Send Updates By Email

Companies do not send updates by email, including Microsoft. They use other methods to tell their users about updates then expect users to download the updates themselves. Attachments in emails are generally bad.

So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.

So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.

Below is a copy of the infected email:

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.

So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.

You should also have a good antivirus package installed.

Texaco Money Mule Scam

I’ve written about money mule scams before, here’s another one.

When a scammer has a large amount of money to move, such as stolen money they want transferred into their own bank, they don’t do it themselves. That would make them too easy to get caught.

What they sometimes do is ask other people to transfer the money. They tell these other people that it’s a legitimate job, and trick them into making these bank transactions.

They even go so far as to invent a company in order to recruit innocent people, or sometimes borrow the name of a legitimate company.

One such example is a job ad that claims to be from a US company called Texaco. The scammers sent a forged email with a link to a fake website, made to look like the read Texaco.

The scam email says:

Texaco/Chevron Downstream Europe
  1 Westferry Circus Canary Wharf
  London E14 4HA

Dear Job Candidate,

The TEXACO Online Employment System wish to inform you that your posted information onlinehas been carefully and confidentially reviewed by our Recruitment Team Professionals and we have considered under our current vacant opportunities within the Firm to employ you for work in our company.

TEXACO Online Employment System is affiliated to various job recruitment websites and your information was submitted to us by our online agent that submit job candidate resumes for consideration of employment depending on the vacancies we have in any branch of TEXACO Company Worldwide.

As regards to this, you have been automatically granted this employment to work in TEXACO Oil & Gas Field with a monthly salary of Eight Thousand
Five Hundred Pounds (£8,500).

Kindly acknowledge the content of this message by reconfirming your interest in working for us and indicating your area of job interest, ensuring that you
have quoted your vacancy title below or send your CV with a covering letter.

For further details relating to your employment, kindly send an email to
Texaco/Chevron Downstream Europe H/R Recruitment Service Department
texaco@post.com / http:// texaco.us.ms / http:// texaco.com/portal_default.asp/.

  Regards,
  Paul Matins
  HR Recruitment Manager

This email is a scam. The web site that they give ends with .us.ms – this is not the real Texaco’s domain name.

So the next time you see a job ad too good to be true, consider if it might be a money mule scam. Does the job ad promise to pay an unusually large rate? Is the work unusually easy? Is the job description vague? Is the web address correct? Did you receive the job ad in an unsolicited email? These are all questions you need to ask yourself.

Facebook Un Named App

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

Avast 5

Avast 5 is the latest version of a great (and free) antivirus program. It’s designed for Windows PCs and does a pretty good job. And did I mention it’s free? There’s no excuse not to have an antivirus program installed on any computer.

There’s also a paid version which extra features such as a personal firewall. I personally use and trust Trend Internet Security, but Avast would be my other choice (especially the paid version called Avast Internet Security).

The free version can be downloaded from here.

ATM Card Skimmers

ATM card skimmers are still very common. There’s a new web page showing the latest ones found (click here). It’s a very good quality card skimmer,  most people wouldn’t be able to tell it’s actually stealing card details. In the photo on the right can you tell which one is the real card reader and which is the skimmer?

Inside the card skimmer it has:

• Electronics to read your bank card’s details
• A camera to record someone typing a PIN

Some other card skimming devices also have a mobile (cell) phone built in, to transmit details to the criminal. This one doesn’t.

So the next time you use an ATM have a good look at the card reader. These things are out there, people get caught out every day.

Common Passwords

Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).

Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.

• 41% of passwords only use lower case letters (weak)
• 15% of passwords only user numerals (even weaker)
• Nearly 50% of people used names, slang words, dictionary words or trivial words as their passwords. These can be guessed in seconds by a “brute force” program.

The ten most common passwords were:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.

For tips on how to choose a good password read our previous article. And here are some tips on testing how good your password is.

Imperva’s complete report is here. It’s full of interesting technical details on what they found and what the risks are.

Fake ATO Emails

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

• Fake address: www.a-imbn . org
• Real address: ato.gov.au  (all Australian government web sites must end with .gov.au)

If you’re in Australia please let others know of this scam.

TwitterBuilding

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Ads

  • Anastasia International Scam

• Recently Written

  • Fake CUA Email
  • Microsoft Does Not Send Updates By Email
  • Texaco Money Mule Scam
  • Facebook Un Named App
  • Avast 5
  • ATM Card Skimmers
  • Common Passwords
  • Fake ATO Emails
  • TwitterBuilding
  • IE6
  • BlackBerry Hoax Message
  • Fake Haiti Donation Email
  • Fake banking App For Android
  • Another Adwords Scam
  • BitLocker Can Be Cracked

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month February 2010  (3) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Ads

• Affiliates

• Spam Blocked

  30,119 spam comments

  blocked by
  Akismet

• Stats