Australian Tax Bonus Payments

Some Australians will be receiving a tax bonus payment soon (the $900 everyone’s talking about). Scammers have taken this opportunity to contact random people by phone and ask them for their bank account details.

The scam phone calls involve a story about the ATO or Centrelink needing their details to process the handout. They ask for the person’s name, date of birth, address, and bank account details.

Never give this information out to a random stranger who called you. If you submitted a tax return last year the ATO already has your details. If not, you should be the one contacting them (they won’t contact you) – get their phone number from the ATO web site.

The same goes for emails. The ATO or other government agencies will not send emails to you asking for your bank account details.

Phone Scams in Australia

People in Australia have been receiving phone calls from someone claiming to be from Microsoft.

He tells people that their PC is infected with malware, and gives them instructions on how to fix it. What really happens is that his instructions actually installs malware on the PC so that he can log into their computer and steal passwords.

And then to make things even worse, the caller asks for a payment for this service, asking for credit card details.

This person has also been impersonating other IT companies, not just Microsoft. This type of scam has been around for a while in other countries.

If you receive an unsolicited call from a random stranger claiming to help you with a problem you didn’t know you had, challenge them, insist they’re wrong, and basically ignore their advice. If there was a real problem on your PC you should be the one initiating a phone call, not the other way around.

If you feel you’ve been victimised by this, or have information to share, you can call the Australian Competition & Consumer Commission, details here.

Ghostnet – Cyber Espionage

Ghostnet is the name given to some malware that’s been spreading around the world recently. This sort of thing happens every day, but what’s different about Ghostnet is that it has mainly targeted political offices.

This can’t be an accident or coincidence. So far 1,300 computers have been found to be infected with Ghostnet (not many), including the computer used by the Dalai Lama, a NATO computer, computers in the embassies of India, South Korea, Indonesia, Romania, Thailand and many other government offices around the world. These were clearly targeted.

What’s Ghostnet do? Researchers have found that it can turn on the camera and microphone on computers that have one, allowing people to spy in a room (or office). Can malware really do things like that? Yes, malware can do anything on a PC, that’s why it’s important to protect your PC.

Who’s behind Ghostnet? Researchers have directly accused the Chinese of operating it.

How do you get it? So far it seems people are tricked into downloading a file that infects the PC. Specific people are targeted and asked to download the file. This is called social engineering. And because they only targeted a small number of people it takes a long time for anti-virus companies to find out about it and to update their anti-virus programs.

Confirmation of Ticket Purchase

There’s some spam pretending to be from Delta Airlines. It tries to trick readers into opening the attached file, making readers believe that the ticket has been paid in full and that it’s ready to be used by the reader. The attachment is a trojan that gives people complete access to the PC and tries to download more malware every time you reboot.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.

Trojans for Macs

Macs are not immune to malware such as trojans. At the moment there are some pirated copies of Apple iWorks 2009 and Adobe Photoshop for Mac, and some people think it’s a good idea to download pirated software. Unfortunately there’s currently a trojan called OSX_RSPLUG.B that is hidden in some pirated versions of these programs. So people installing it, thinking they’re getting free (and illegal) copies of these programs are actually installing malware.

This malware changes network settings on the Mac and redirects web pages to somewhere else.

So yes, Macs can have Malware. And never trust pirated software (it’s also bad for the companies that spend time and money making software, and it’s illegal).

What is TinyURL and how does it affect internet security?

TinyURL is a web redirection service. Its main purpose in life is to make long URL’s short (a URL is a web "address"). Here’s an example:

Sometimes you end up with a long URL such as: http://fraudo.com/2009/03/19/does-windows-safe-mode-protect-you-from-malware/

TinyURL can shorten this address for you. Try clicking on the following address: http://tinyurl.com/dfwohy

You’ll notice it takes you to the same page as the first link, but it’s much shorter to write. And why would someone want a short URL? Marketing people would argue that short URLs are easier on the eyes. And sometimes there are technical reasons – for example, Twitter only supports short messages so it’s normal to shorten URLs.

So what’s the risk?

If you receive an email from some company telling you to click on their link, and if you notice their link goes to a Chinese or Russian web site, you’ll be suspicious and you won’t click on it. And if you have a good anti-virus package installed it can detect the links and warn you before you click on them.

However, if the email’s links point to TinyURL you have no way of knowing if it’s legitimate (actually there is a way, keep reading). Maybe it goes to the company’s real site, maybe it goes to a hacker’s. You won’t know until you click (and usually once you click it’s too late).

Do legitimate companies really use TinyURL? Unfortunately yes. Marketing people write these newsletters, not their IT security people.

What about Twitter? Almost everyone on Twitter uses a service such as TinyURL to shorten addresses they share. When you click on these you’re taking a chance.

TinyURL isn’t the only redirection service. Here’s a list of the popular ones:

• tinyurl.com
• bit.ly
• budurl.com
• eweri.com
• hex.io
• idek.net
• is.gd
• poprl.com
• snipr.com
• twurl.nl
• ub0.cc

Notice how many there are? Shortening URLs has become a popular thing to do. Also notice that international domain names are popular here, such as .io and .ly.

So what can you do?

• Use a good web browser. In a recent hacking competition Google’s Chrome was not hacked, showing that at the moment it’s a good choice.
• Use a good anti-virus package that also scans web pages.
• Be cautious of shortened URLs, realise that you’ll be redirected to a different place
• You could ask companies such as TinyURL to scan all their links but that’s not going to happen, they don’t see it as their job.
• You could boycott all shortened URLs. That’s easier said than done and it’s not very realistic.
• And finally, the best way to protect yourself from this is also the most troublesome, so I’ve left it to last. Services such as TinyURL do give you a tool to test a link before you click on it.

TinyURL’s Preview Feature:

TinyURL has a preview feature. It’s a good security decision to turn it on. It’s an inconvenience if you enjoy clicking on unknown links but it’s a smart move. Click here to turn on their Preview feature: http://tinyurl.com/preview.php?enable=1

Then when you click on an unknown TinyURL link, it will show you where you’re about to go. You still have to be careful about weird Chinese and Russian sites that might be hacked but at least you’ll have enough information to make that decision.

It’s not a foolproof system though. Even if you’ve enabled Preview there might be times where it doesn’t work. That’s just the way computers work, it’s technically complicated. And enabling Preview on TinyURL doesn’t help you with all the other services I listed above. There’s just too many of them at the moment.

If you’ve read this far you’ve done well. Being aware of the dangers gets you half way to being secure.

Browser Hacking Competition Results

There is a competition where people try to hack web browsers (they call it Pwn2own) , the winners get thousands of dollars in cash and prizes. Below are the results of the competition. It says a lot about which web browsers are safer than others:

• Safari running on Mac OS X – hacked in 10 seconds
• FireFox running on Windows – hacked
• IE 8 running on Windows – hacked
• Chrome running on Windows – was not hacked

When a web browser is hacked (like in this competition), it means someone out there in the real world can do things on your computer, such as installing a virus or taking control of your PC.

You can see photos of the winners here. These are talented people that are using their skills to help developers fix their browsers. There are many more people who use their hacking skills to install malware and steal money from people’s bank accounts (this isn’t just about winning competitions).

The best thing you can do right now is:

• Stop using Internet Explorer (IE) for everything.
• Use Google’s Chrome as much as possible, at the moment it seems to be the most secure browser
• Keep updating your web browser – the latest updates are there to fix up bugs and security vulnerabilities
• Keep updating Windows (or Mac OS X or Linux) whenever a new update is released.
• Install a good anti-virus package that blocks web sites that have malware on them. This might cost you a bit of money (you usually have to pay a yearly subscription fee) and it’s a good investment.
• Don’t be ignorant and assume it won’t happen to you.
• Keep reading Fraudo to learn about online fraud and what you can do to prevent it.

Does Windows Safe Mode Protect You From Malware?

Windows has something called "Safe Mode". You usually see it when you don’t shut down Windows properly, then when you restart you’re prompted if you want to start in safe mode.

So what is safe mode? It’s basically Windows without all the frills, very simplified. It’s intended to help techies fix problems if Windows is broken.

There’s also an assumption that malware can’t hurt your computer if you start it in safe mode. This has been proven to be a false assumption. Malware can still run in safe mode.

To be protected from malware you need some common sense (you’ll get plenty of that from this site), and having a good anti-virus helps.

Foxtel SMS

I just received this one. I haven’t worked out if it’s a scam or how it works, I’ll update this post when I find out (please post your comments here if you know anything). (Update: it’s legitimate)

The SMS was received in Australia and reads:

When you are home please call FOXTEL on 1800882016 (12pm to 8pm) so we can help you check whether your dish requires a component upgrade (no charge).

I don’t have a Foxtel dish and never requested any kind of service or upgrade. My guess is that if I call that number I’ll be charged at a premium rate, or someone will ask me for my credit card number.

Update 1: Someone pointed out that I should be able to call the 1800 number from a pay phone for free. So I’ll do that tomorrow, I have nothing to lose.

Update 2: Pay phones are rare these days. After finding one I called the free number, it’s an electronics engineering company that services Foxtel dishes. Seems like it’s a legitimate SMS, just sent to the wrong person (me). I also received a second SMS exactly the same.

So there we go, it’s not a scam.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  32,952 spam comments blocked by
  Akismet

• Stats