Twitter Phishing: #twitterpornnames

Twitter is the biggest internet craze since Facebook, there are currently an estimated 6 million people using it.

A few days ago Twitter users were asked to take part in a “game” called #twitterpornnames. How does it work? You’re supposed to announce a made-up name along with the hash tag and share it. The formula provided to create your name just happens to match some very common security questions to help people reset their passwords. Pet’s name. First teacher. Street you grew up on.

So when people started participating they were in fact sharing the same information used by web sites to reset passwords. It’s called social engineering. It tricked people into revealing sensitive information. And the nature of Twitter is that people share information and click on links without much thought (is this a Gen-Y thing?)

If you use Twitter and see these sort of “games” going around, don’t share private sensitive data so easily. This same data can be used to hack into your accounts.

Can Malware Damage Your PC?

We all know that malware can steal your passwords, cause you to lose money, and spread itself to other PCs. But can malware actually cause damage to your PC?

The short answer is yes.

A botnet is a collection of infected PCs under a hacker’s control. There are millions of PCs today forming these botnets (millions of infected home computers being controlled by hackers). Some new research on botnets shows that they sometimes include code to completely disable the PC.

In April 2009 a malicious hacker decided to “kill” the PCs he was controlling using a botnet. It disabled Windows on 100,000 computers, making all those PCs useless until a technician can repair it. (This is a slight simplification but for the general public it’s accurate enough). These 100,000 computers belonged to real people using their computers at home or at the office. One day it just stopped working because a malicious hacker thought it’d be fun. You can read more detailed information about this here.

And then there are other malware (viruses etc) that can damage the PC in more serious ways. In March 2009 researches created a sample malware that writes itself to the computer’s BIOS (the BIOS is inside a chip inside the PC) . Reformatting the PC won’t remove it, buying a new hard drive won’t remove it either, and they claim that even a “BIOS flash” won’t remove it. You’d have to buy a new PC (or if you’re technical, a new motherboard) to fix it. More info here.

In the past there have been viruses that could damage drives and monitors but there’s been very little of this lately.

So overall malware can cause your PC to visit a repair shop for servicing, which is not only an inconvenience but also costly. It’s always better to prevent malware than to repair the damage (and often you may not know a PC is infected). And the usual tips apply here:

• Use a good anti-virus package, the kind that updates itself several times a day and scans web pages as well as files. They’re not expensive.
• Always patch and update your programs, including your operating system (Windows, Linux, Mac OS X).
• Never assume it can’t happen to you or that your computer is somehow better than others.
• Use one of the newer browsers such as FireFox, Chrome, or Opera. Read about browser hacking here.
• Don’t download programs from hacker sites such as password generators (they’re usually infected with malware).
• Don’t be tricked into installing something to watch a funny video. If your computer can’t play the video as it is then it’s probably not worth watching. Read more about it here.
• Don’t be tricked by fake anti-virus programs. Examples here.
• And backup your files. Do this often.

Baiting Nigerian Scammers

I don’t recommend this, I just want to share what others are doing and raise awareness of the problem in general.

Nigerian scams are emails (or letters) telling you that some random stranger in Nigeria wants to give you a very large sum of money, and they need your help (and your money) to make it happen.

And some people are starting a trend in baiting the scammers, making them waste time and giving them misleading information, just for amusement. It’s a vigilante action fraught with real danger hence why I don’t recommend it. But it’s certainly interesting to read about it.

Click here for the full article.

Fake virus alerts

Sometimes hackers find innocent web sites and find a way to hack it and add malware. Below is an example. A (fake) message comes up telling you your PC is infected:

Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs.

Notice that the message is full of grammatical mistakes, scammers generally aren’t very good at English.

If you see a message like this click Cancel and close the window.

Fake KMart Survey

There’s a web page made to look like it’s from KMart (a retail store). It has a survey and it promises to give you $150 credit if you fill out the survey.

Like most scams, there’s an incentive to catch your attention – in this case it’s a $150 credit. This kind of scam is called phishing.

The fake survey asks a set of questions, then asks for your full name, credit card number and PIN. Never give this out in a survey!

After you enter all your details, it takes you to the real KMart’s web page so that you don’t suspect anything. Then criminals will use your credit card details to make expensive purchases.

How to identify the fake survey:

• An email is sent to you with the subject "You have been selected"
• The link in the email doesn’t point to KMart, it points to a web site with the word epiqteen in the URL
• The body of the email is:

You have been selected to access the Kmart Holiday Survey and win a $150.00 gift certificate.
Please click here and complete the form to claim your prize. Thank you.

To prevent these attacks:

• Use one of the "other" web browsers, such as FireFox, Opera and Chrome. These have better technology at detecting phishing sites.
• Install a good anti-virus package, one that scans web sites as well as files. This a paid service and you usually get a good up-to-date list of phishing sites, and it works automatically in the background. The small cost is a great investment for your security.
• Be very cautious of generous offers (I don’t think many companies can afford to give $150 to all their customers right now).
• When you see a suspicious email, copy and paste its contents into Google. Then read through the results to determine if it’s a scam. E.g., Google indexes all of Fraudo’s pages, so any scams I write about here will show up on a Google search.
• Never give out your credit card details in surveys.
• Read the URL carefully. The URL is the address shown at the top of your web browser. If it’s not the exact name of a legitimate company then be suspicious.

Dangerous PDF file with information about Swine Flu

There’s been lots of talk lately about swine flu, and there have been lots of PDF files emails back and forth with information about it.

One such PDF file was found to have a password stealing malware hidden in the code that installs itself using a vulnerability in Adobe Reader. After it installs the malware it then opens a legitimate document with information about swine flu.

The document is called The Association of Tibetan journalists Press Release.pdf

If you see this in an email delete it without opening it, and let the sender know that it contains a password stealer.

← Previous Page

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  33,009 spam comments blocked by
  Akismet

• Stats