TwitterBuilding

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

Inside The Password Stealing Business

McAfee, a large anti-virus company, has published a report called “Inside the Password Stealing Business: the Who and How of Identity Theft”. It goes into the details of password stealing programs and explains the “industry” driving it.

It’s quite detailed and at 17 pages it won’t take too long to read – it’s not very technical.

Password stealing is when a program gets installed on your PC that catches every stroke of your keyboard and sends it back to a criminal. The idea is that it’ll record all your passwords as you type them, no matter how strong they are. It’s a sophisticated piece of technology and a very large problem worldwide. If you’re not constantly upgrading your anti-virus software, web browser and OS then you’re at high risk.

These passwords are then sold off and used to steal money from your bank account or to commit other crimes. Even if you don’t use online banking you still have something to lose – someone can apply for a credit card under your name and use it to make expensive purchases, then you’re left to deal with the credit card company and convince them it wasn’t you (this happens every day).

So click on this link and have a read of the report.

Recovering Compromised Facebook Accounts

Accounts are often hacked, including Facebook accounts. Too many times people fall for scam emails telling them to (urgently) click on a link and type in their password. Too many times people don’t know how to tell the difference between the real Facebook login page and one made by a scammer (read here for some hints).

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

Vodafone Uses Incorrect Marketing Tactics

Today I received from someone claiming to be from Vodafone (a local phone company), offering me a new phone and new plan. Fair enough, I’m a Vodafone customer and my contract’s close to renewal.

But things turned ugly when the person on the phone asked for my account password, so that he could verify he’s talking to the right person. I refused.

I explained that I received an unsolicited call, I don’t know who I’m really speaking to, and that I’m not prepared to give a random stranger my account password.

He’s probably heard this several times so he said he understands, and I could give a few other personal details instead. I refused again. Confused, he put me onto his team leader, or at least someone claiming to be his team leader – I have no way of knowing who I’m speaking to. If I had been the one to initiate the call then I know I’m speaking to the right company. If I receive a call then I don’t know. There’s a fundamental difference here.

The team leader tried to explain they need to confirm who they’re speaking to. She claimed to understand my position, but wouldn’t change her argument. I continued refusing to give my password to a random stranger just so I can hear about new phones.

So we agreed to end the conversation. I wrote Vodafone a complaint using their website, explaining the situation. I’m not sure if the complaint went through because their web page took me to an answer’s and questions page after I’d typed everything out.

It’s not completely the cold-calling people’s fault, they’re doing what they’re paid to do. It’s Vodafone’s problem that they came up with this procedure. They’re giving their customers an expectation that it’s normal for strangers to call them and ask for their passwords.

And if you haven’t worked out the problem yet, look at it this way. I now know that Vodafone customers must be used to receiving unsolicited calls and giving out their passwords. So if I call 20 random people in Australia, chances are at least one will be a Vodafone customer. I just have to say I can offer them a new phone plan if they can give me their password. Then I can call up Vodafone, confirm my identity using that password, change my mailing address, and order a new phone and ask for it to be sent to my residence. I wouldn’t actually do it this way but you get the idea. It’s called identity theft.

I’ve written about the same problem before in 2007, it seems nothing’s changed in the past 2 years.

It was possible to read Facebook Profiles with a hack

Yesterday a web site published a hack for Facebook that lets anyone read anyone’s profile. It was possible to read details such as location, gender, relationship status, political views, religious views, etc. It didn’t matter what privacy settings people had set, this hack made it all visible.

Today Facebook have acknowledged the problem and fixed it.

This is a good reminder that when you publish information online, you lose some control over it. If something is so private that you can’t risk others seeing it then don’t publish it.

You can read more about the exploit here.

Govt Grant Scam

The email below suggests you can receive $20k from the US government. They ask you to send an email with your personal details. These type of scams then ask you for more details.

Your details are then used for fraudulent activities, under your name (this is called identity theft). It’s also common for the scammer to start asking you for money – there’s usually an excuse that they need to pay lawyers or some other convoluted story.

Below is the scam email, if you see this just delete it:

Hello

Secure $20k in Govt Grants and you never need to pay it back.

All American residents can apply for Govt Grants.

Allotment of grants doesnt depend on your credit history.

The strength of our firm is grants writing.We’re doing business since 1999 and we have helped around 20,000 people obtain grants.

Our company is taking fees of 10% only after our clients receive funds from Govt.There’s no risk for you at all.You’re paying our fees only when you’ve received grant money in your bank account.

Send us details including first name, last name, address, profession, date of birth, annual income, reason for govt grant.

grantswriting27@mail.com
Reply back to this email.

Regards

Johnathon Hodge

Twitter Phishing: #twitterpornnames

Twitter is the biggest internet craze since Facebook, there are currently an estimated 6 million people using it.

A few days ago Twitter users were asked to take part in a “game” called #twitterpornnames. How does it work? You’re supposed to announce a made-up name along with the hash tag and share it. The formula provided to create your name just happens to match some very common security questions to help people reset their passwords. Pet’s name. First teacher. Street you grew up on.

So when people started participating they were in fact sharing the same information used by web sites to reset passwords. It’s called social engineering. It tricked people into revealing sensitive information. And the nature of Twitter is that people share information and click on links without much thought (is this a Gen-Y thing?)

If you use Twitter and see these sort of “games” going around, don’t share private sensitive data so easily. This same data can be used to hack into your accounts.

Are RFID Passports Safe? (No)

Passports these days have a small chip inside called an RFID. Governments who issue these passports say they’re secure and safe to use. And for years hackers have been saying they’re not secure. So who’s right?

Chris Paget, a white hat hacker (the good kind of hacker), recently did an experiment to see how many passports he could copy using some very simple tools. His aim was to see if he could read the RFID inside someone’s passport. The results?

In 20 minutes he managed to find 2 people carrying a new RFID passport, and was able to copy the contents of the RFID chip.

He did this from his car while driving around San Francisco. The people carrying the passports have no idea this happened. There’s no way for them to know. He made a video of his experiment that you can watch here:

(If the video above doesn’t play click here)

So what can we learn from this?

• The RFID chip inside passports are not secure
• The RFID chip inside passports can be copied from a distance

What can you do?

• If your governments wants to tag people using RFID, e.g. by embedding RFID chips in drivers licenses, be aware of the ramifications.
• It’s technically possible to shield your RFID passport by using a metal film. Some companies have started selling passport wallets that can block radio signals, stopping people reading the chip remotely.

Below are some passport wallets that can shield RFID signals (Click here to view in a full page)

FIFA World Cup Lottery Scam

The FIFA World Cup is scheduled for 2010 in South Africa and scammers have already started using this news to trick people into giving out their personal details.

A new scam email is sent to people telling them they won a lottery. The email is full of interesting things to catch people’s attention such as a large dollar amount ($850,000) and social tricks such as asking them not to tell anyone about their winnings.

At the end they ask the recipient to send them a few personal details, which the scammers then use to steal money from your bank accounts.

The email uses broken English and is full of "official looking" random letters and numbers.

Below are some quotes from the scam email. If you receive this email just delete it.

South Africa FIFA World Cup 2010
Government Accredited Licensed!!
Online National Lottery South African
2009/REF:EAASL/941OYI/04&
Batch: 12/25/DC34 RE:LOTTO

Your email have luckily won the sum of USD$850,000.00

Which subsequently won you the lottery in the 2nd category i.e. match 5 plus bonus. You have therefore been approved to claim a total sum of $850,000.00 USD… In cash credited to file KPC/9080118308/02. All participants for the online version were selected randomly from World Wide Web sites through computer draw system and extracted from over 100,000 union associations and corporate bodies that are listed online this promotion takes place weekly.

Our agent will immediately commence the process to facilitate the release of your funds as soon as you contact him. For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program your request to fill the information below.

And it goes on and on.

Some people who fall for these things have never entered a lottery, but they want to believe it so much that they don’t stop to consider why they were selected.

Now you might be wondering who could possibly be so foolish to fall for lottery scams. In fact, a large number of people fall for these things. In Australia alone (and with a small population of 21 million) 329,000 people lost money to lottery and phishing scams in one year. 3.6 million people fell for these scams in USA. Imagine how many people worldwide fall for these things.

Not everyone in the world reads Fraudo.com. You can help by talking to people about lottery scams, making them aware of what they are and how they work (there’s more information here). Help educate people, especially those who are less tech savvy or might be desperate for money. You could also help them subscribe to Fraudo.com – get them to enter their email address in the top right corner of this page, sometimes email is an easier way to receive these updates.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  33,007 spam comments blocked by
  Akismet

• Stats