Monthly Archives: June 2009

Wireless Keyboards

Posted by on 12 June, 2009 No comments

keyboard green Would you be comfortable knowing that people can “listen in” to your wireless keyboard and watch what you type? It would be a great way to capture passwords, and that’s not a good thing.

I’ve written about how vulnerable wireless keyboards are. It used to take a lot of skill to hack into a wireless keyboard but now someone’s made it so much simpler. Here are instructions on how to build a wireless keyboard hacking device, complete with the software necessary. This model only works with 27MHz keyboards, which are the older and cheaper kind. It’s quite easy to build this device and to use it.

With a good enough aerial these type of hacks could be done from your neighbouring unit, house, office, or probably from a vehicle parked outside. You won’t know your wireless keyboard’s been hacked.

More modern and expensive keyboards can also be hacked, even those that have stickers on them saying how secure they are. But they take a bit more effort and skill.

I don’t believe in using wireless keyboards, they’re not secure. If you’re using one, it only costs $10 or so to upgrade to a wired one.

Loteria Espana (Spanish Lottery)

Posted by on 11 June, 2009 1 comment

I know that 0.4% of Fraudo readers are from Spain, 99.6% of you are from other parts of the world. So it’s safe to assume that if you receive an email saying you won the Spanish lottery, then it can’t possibly be true.

Scams are usually designed to excite or shock you, and to make something seem urgent. This has the unfortunate effect in most people of urging them to make rash decisions, to not think things through properly. For example, if you don’t live in Spain and haven’t been there, and haven’t purchased any kind of Spanish lottery ticket, then how could you have possibly won?

And even if you did, how do you suppose they got your email address? If you really did win, they’re most likely to send you a letter, again assuming you really  bought a ticket and registered your name and address.

So why is it that people fall for these scams?

Below is the email I received, it’s fake:

REF NO: HKD/7684/ES/97
BATCH:  YJM879/OLS/09

Winner in the 2nd category of our ONCE LOTERIA  free Net Lottery
Promotional award draws held in May, 2009. I am writing in respect to
your lotto winning prize of ONE MILLION, EUROS(1,000,000.00 Euros) which you won through the email ballot draws in the EUROMILLION Promotional Award in June, 2009 in the second Category prize winnings categories.

We wish to inform you that your total prize money of One Million
(1.000,000.00) Euro has remained unpaid by our treasury and credit office after the initial letter to your address for your payment was not successful.
You are hereby requested to contact your claims agent with your full names,telephone,batch and reference numbers respectively and immediately update your claims process for your payment.
Mr.ADRIANA WOOD,
FOREIGN TRANSFER MANAGER,
QUALITAS DE SEGUROS
MADRID SPAIN
Email:quainfo40@aim.com
TEL: 0034-615-730-594
Accept our felicitations!
Signed:Clara Casadoro
(Events,Draws and Promotion).

If you receive this email, or any similar lottery scam, please be cautious. It’s more likely to be a scam. And if possible try to discuss this with people who are new to the internet (such as the elderly), awareness is a great defence against scams.

Outlook Setup Notification

Posted by on 9 June, 2009 No comments

This email tries to trick you into running a virus attached to the email. Why would anyone do this? Well, the email is vague and it sounds like it’s a serious and technical matter.

If you receive any of the emails shown below, delete them:

Subject: Outlook Setup Notificataion

You have (1) message from Microsoft Outlook

Please re-configure your Microsoft Outlook again.

Download attached setup file and install.

 

Subject: TheBat Setup Notification

You have (98) message from Outlook Express.

Please re-configure your Outlook Express again.

Download attached setup file and install.

Fake Bank of America Digital Certificate

Posted by on 9 June, 2009 No comments

A spam email pretending to be sent from the Bank of America tells readers they need to install a digital certificate. What it really does is install malware.

Not only does it install malware, it also asks you for your user ID and password.

Here are some tips to help you avoid this sort of scam:

  • When you use any online banking service, look for the padlock icon in your browser. Then click on it, it needs to say your bank’s name, it’s full web address, and shouldn’t show any errors.
  • If you receive an email from your bank, don’t click on any links. Instead, open a new web browser and type in your bank’s web address. This way you can’t be tricked into clicking the wrong link.
  • Always be wary when you receive unsolicited emails. More often than not they’re scams.
  • Use a good antivirus product

New Facebook Trojan

Posted by on 8 June, 2009 No comments

There’s a new Facebook Trojan – it shows up as a message from a friend asking you to click on a link.

If you click, it runs a trojan on your computer that uses your Facebook account to send the same message to all your contacts.

The message has a few variations, such as the ones below:

Veryy veryy funnny videoo of you..;)

 

Donn’t cryy! Yoour mom wiill nnever see thhis moviee.HA-HA-HA!!

 

Check out my video: http…etc…

 

AA-ha-ha, i saw yourr a__ in the internnet! lol My a__ has not been on the internet. My hubby won a nipp

 

Yoou’ve bbeen fiilmed! Haven’’t you notiiced?Is this whatIra is talking about?

 

If you see these in Facebook don’t click on it. And tell the person who sent it that their PC might be infected with malware.

Malware Doctor Is Fake

Posted by on 6 June, 2009 No comments

There is another fake anti-virus product called Malware Doctor. It pretends to scan your PC then tries to trick you into paying them money.

When Malware Doctor first starts up it pretends to scan your PC for viruses and other malware. Then it tells you it found a few things that shouldn’t be there.

It then says that you’re using an unregistered version of Malware Doctor and that you need to pay for the full version to remove the malware.

It’s a scam, if you see Malware Doctor on your PC you need to take action to clean your PC.

How does Malware Doctor appear on your PC?

There are viruses that spend their life downloading malware (viruses, trojans, etc) and installing them on your PC. So if you have Malware Doctor on your PC it means you have more malware that keeps installing it. A big problem.

How do you get rid of it?

There’s a procedure here. If this is too technical for you then you’ll need to get your PC serviced.

Always have a good anti-virus product on your PC that prevents all this malware from installing in the first place. It’s easier to prevent malware than it is to fix.

Change Your Password Day

Posted by on 5 June, 2009 2 comments

e-security Today is “Change Your Password Day” in Australia, an idea by National E-security Awareness week.

Whether you live in Australia or anywhere else in the world, changing your password is always a good idea. Below are some do’s and don’ts for passwords:

  • Do use numbers in the password
  • Do make it difficult to guess
  • Do make up words, or misspell words
  • Do make it at least 8 characters

 

  • Don’t put a “1” at the end of the password, this is too common
  • Don’t use a word that you could find in a dictionary
  • Don’t use the same password on every site. Web sites you use every day (e.g. Facebook, email) should always have a unique password, they’re more at risk.

To help you work out if your password is good you could try using a password meter. Click here for more information.

And you can use a password safe to keep track of all your complicated passwords. Click here for more information on password safes.

What are your suggestions for choosing strong passwords? Add your comments below and I’ll put them all together in a new article dedicated to choosing good passwords.

Web Sites That Ask For Your Other Passwords

Posted by on 2 June, 2009 No comments

Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.

mystery cubeOften these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.

It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:

  • Who runs Badoo? Is it some guy sitting at home with no one to answer to?
  • Do you trust the company (such as Badoo) and all of their employees?
  • What is their privacy policy? Who are they accountable to if they breach their privacy policy?
  • Do they store your MSN password? (You have no way of knowing this for sure)
  • Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)

You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.

So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.

I’d like to thank our regular reader Nick for bringing this issue up.

St George Bank Phishing Email

Posted by on 2 June, 2009 1 comment

This one’s an old phishing email that never gives up, it’s still being sent in bulk to just about everyone.

St George is an Australian bank and this email’s designed to catch out their customers and to steal their online banking details.

Below is a copy of the email:

Restore your Internet Banking Access

As a result of too many incorrect attempts to access Internet Banking, your access to this service has been locked. We apologize for any inconvenience this may cause.

Please logon to your account and restore your access as soon as possible.

Internet Banking: Restore Access

trashLike all phishing attempts it’s designed to strike some fear and sense of urgency into account holders. Fear and urgency often cause people to make irrational decisions, and possibly to click on the link and quickly type in their banking details before realising they’re on a fake site.

Because this email’s been around for some time a lot of web browsers, email clients, and anti-virus products will block it. If it hasn’t been blocked on your system then you really need to upgrade your software.