This email claims to be from Skype, offering a new version to download. It’s fake, the link has nothing to do with Skype.

Remember, Skype does not email you and me with links to download. Skype will update itself.

NEW VERSION OF SKYPE 2011 IS RELEASED

Dear Skype Users,

To start New Year 2011 with new features, options and improvements, we’ve just released the new version of Skype Software.

<link removed for security reasons>

New in this version :

* Up to 5-way group video call.
* Redesigned calling experience.
* Improved video snapshots gallery.
* Improved browser plugins performance on some websites.
* Reduced false positives on browser plugin phone number recognition.
* New presence icons.
* Improved handling of calling attempts made when the user has run out of credit.
* Improved access to sharing functionality  

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Skype better all the time !

Talk soon,

The people at Skype

====================== PROTECT YOUR PASSWORD ===========================
Skype or Skype Staff will NEVER ask you for your password via email. The only place you are asked for your password is when you sign in to the Skype application or our website.

If you see the above email, delete it or mark it as spam.

The following email claims to be from Adobe and suggests to install a new version of Adobe Acrobat Reader. It’s fake. Adobe does not email people asking them to download and install new versions.

The email says:

ADOBE ACROBAT READER 2011 UPDATE NOTIFICATION

This is to remind that a new version of Adobe Acrobat Reader 2011 with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released.

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Adobe Acrobat Reader better all the time !

Thanks and best regards,

Adobe Support

© 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated |343 Preston Street | Ottawa | ON | K1S 1N4 | Canada |

Remember, if you see this email just delete it, or mark it as spam.

Update: There’s now another version of this email, it too is a scam. The email looks like:

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
<link removed for security>
What’s new in this version :
* Read, search, and share PDF files. * Convert to PDF. * Export and edit PDF files * Add rich media to PDF files * Combine files from multiple applications * Increase productivity and process consistency * Streamline document reviews * Collect data with fillable PDF forms * Protect PDF files and content * Comply with PDF and accessibility standards
To get more and upgrade to this version, go to  :
<link removed for security>
Start downloading the update right now and let us know what you think about it.
We’re working on making Adobe Acrobat Reader better all the time !
Talk soon,
The people at Adobe
Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

Phishing emails are emails that appear to be from a legitimate company and ask you for your username and password. It’s a simple trick to get your account details.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

• Fake address: www.a-imbn . org
• Real address: ato.gov.au  (all Australian government web sites must end with .gov.au)

If you’re in Australia please let others know of this scam.

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

Android is a system used by some smartphones (similar to iPhone or Windows Mobile, but made by Google). Like other smartphones you can install apps on Android.

One Android app that showed up recently is a free banking app. It looks like it supports US banks. But instead of logging into your bank it sends your online banking details to a scammer. Then it won’t be long until someone steals money from your bank account.

Google has been notified of this malicious app and they have removed it. But for some people it may be too late.

There’s a lesson to be learnt here. Smartphones are cool, installing apps on them is cool. But we shouldn’t let our guard down and trust everything to them. Know what you’re installing, know who wrote the software, and how it stores and sends your login details.

As more people buy smartphone scams are only going to become more common.

I just received the following email. It’s a scam made to look like Google Adwords, however the web site was registered just a few hours ago to somebody else.

If you go to this site and enter your Google account details you’re actually letting a stranger (hacker) know your account details. It’s a scam.

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:388520237785520
———————————————

Hello,

You have a new text alert from adwords

Please use the link below to login:

http://www.adwlordls.com/Selects/Login/static/index.html?ref=56105007342

Advertise your business on Google

Best regards, Google AdWords Customer Team © 2009

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:847914946168909
———————————————

So if you see this email or one like it, delete it. Google did not send this email.

Update: another version of this scam is,

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please our Help Center to find answers to
frequently asked questions.
————————

Hello,

Please update your primary and backup payment information, even if you
plan to use the same information. Please follow the steps
below to update your information and trigger our billing system to try
processing your payment again. We’ll attempt to process your balance on
whichever card you update first.

1. Log in to your AdWords account at <link removed>
2. Enter your new or updated payment information.
3. Click ‘Save Changes’ when you are finished.

To update your backup credit card:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Backup Credit Card section, click ‘Edit’.
3. Re-enter your backup credit card details.
4. Click ‘Save’.

To update your bank account:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Bank Account section, click ‘Edit’.
3. Re-enter your bank account details.
4. Click ‘Save’.

Thank you for advertising with GoogIe AdWords.
Grow your business with us.

Sincerely,

The GoogIe AdWords Team

If you see this email delete it, don’t click on the link, don’t give them your Google password.

And yet another version:

Dear Valued Customer,

You have a new alert from Google Adwords.

Sign in to your AdWords account at http://adwords.googlxmcn.com/Select/login

Yours Sincerely,
The AdWords Team

Notice the domain name above, googlxmcn.com. This is not google.com, it’s spelt differently, so it’s a scam.

This product is a scam. It’s made to look like a real antivirus or antispyware program but all it does is ask you for money. It’s not a legitimate program, it doesn’t stop spyware, viruses or do anything useful.

It’s called PC Antispyware 2010, a name that sounds a bit serious (and misleading). The screen looks pretty fancy, maybe people trust things that look nice or shiny – don’t be fooled by it.

If you see the screen above then don’t click on the download link, don’t install it. You can see a larger screenshot by clicking here. Only use antivirus products from known and trusted vendors.

Accounts are often hacked, including Facebook accounts. Too many times people fall for scam emails telling them to (urgently) click on a link and type in their password. Too many times people don’t know how to tell the difference between the real Facebook login page and one made by a scammer (read here for some hints).

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

This one’s an old phishing email that never gives up, it’s still being sent in bulk to just about everyone.

St George is an Australian bank and this email’s designed to catch out their customers and to steal their online banking details.

Below is a copy of the email:

Restore your Internet Banking Access

As a result of too many incorrect attempts to access Internet Banking, your access to this service has been locked. We apologize for any inconvenience this may cause.

Please logon to your account and restore your access as soon as possible.

Internet Banking: Restore Access

Like all phishing attempts it’s designed to strike some fear and sense of urgency into account holders. Fear and urgency often cause people to make irrational decisions, and possibly to click on the link and quickly type in their banking details before realising they’re on a fake site.

Because this email’s been around for some time a lot of web browsers, email clients, and anti-virus products will block it. If it hasn’t been blocked on your system then you really need to upgrade your software.

A new phishing email designed to catch PayPal users. This one should be fairly easy to identify as a phishing attempt, the “story” in the email doesn’t make much sense at all. It just mentions PayPal and that you need to open an attachment.

Here’s the email:

For security reasons we have sent you this message as an attachment file. This measure has been adopted to prevent personal information theft and data loss. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. To receive email notifications in plain text instead of HTML,update your preferences. 

PayPal Email ID PP694

If you see this just delete it. Don’t open the attachment and certainly don’t type your PayPal login details onto the web page it sends you to.

Citi Prepaid Services is a legitimate banking service. Recently some emails have been sent that look like they came from this service. Like most phishing attacks it contains an email that tries to scare you into clicking their link.

The link takes you to a web page that “looks like” Citi Prepaid Services, however it’s run by hackers and used to collect your login details (this is called phishing).

Below is the scam email:

Dear Ecount Citi Prepaid Services Member,

Due to concerns, for safety and integrity of the online banking community we have issues this warning message.

It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. If you could take 5 – 10 minutes out of your online experience, and renew your records you will not run into future problems with the online service.

NOTE: THIS NOTIFICATION EXPIRES ON MAY 17, 2009.

Once you have updated your account records, your internet banking service will not be interrupted and will continue as normal.

Please click the link bellow and renew your account information

Scammers obviously have terrible English skills (though they’ve gotten better in the last couple of years). The email shown above has at least 2 grammatical errors and at least 1 spelling error. Maybe they should spend some of that stolen money to pay for better education.

Even if you’re not a customer of the service above, this serves as a reminder that scammers never give up sending out these phishing emails. Always be wary of emails that try to scare or shock you into clicking a link.

Instead of clicking on their link, open a new web browser and type in your bank’s web site. Trust your own memory (or better yet a bookmark) rather than an unsolicited email.

You can also use a good anti-virus package that scans web pages for scams such as this one. And modern web browsers such as Chrome can also filter out some scams as well, so keep upgrading your browsers.

There’s a message being sent on Twitter that tells people they can add 1000 followers in one go. The message has a link to a website called twittercut [dot] com.

Don’t click on this site, it asks you for your Twitter account name and password. If you were to hand over your Twitter account details it then sends the same message from your account.

Always be very careful when handing over your account details to unknown web sites.

There’s a new phishing attack on Facebook (phishing is when people try to trick you into providing your personal details). It begins with a message that simply says:

Hello

If you click on it, it links to a site called 151-im. Don’t click on this message. It takes you to a copy of Facebook, asks you for your Facebook username and password, then steals that information.

Facebook’s response to this was:

"This is a phishing attack. We’re well aware of it and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users…”

There’s a web page made to look like it’s from KMart (a retail store). It has a survey and it promises to give you $150 credit if you fill out the survey.

Like most scams, there’s an incentive to catch your attention – in this case it’s a $150 credit. This kind of scam is called phishing.

The fake survey asks a set of questions, then asks for your full name, credit card number and PIN. Never give this out in a survey!

After you enter all your details, it takes you to the real KMart’s web page so that you don’t suspect anything. Then criminals will use your credit card details to make expensive purchases.

How to identify the fake survey:

• An email is sent to you with the subject "You have been selected"
• The link in the email doesn’t point to KMart, it points to a web site with the word epiqteen in the URL
• The body of the email is:

You have been selected to access the Kmart Holiday Survey and win a $150.00 gift certificate.
Please click here and complete the form to claim your prize. Thank you.

To prevent these attacks:

• Use one of the "other" web browsers, such as FireFox, Opera and Chrome. These have better technology at detecting phishing sites.
• Install a good anti-virus package, one that scans web sites as well as files. This a paid service and you usually get a good up-to-date list of phishing sites, and it works automatically in the background. The small cost is a great investment for your security.
• Be very cautious of generous offers (I don’t think many companies can afford to give $150 to all their customers right now).
• When you see a suspicious email, copy and paste its contents into Google. Then read through the results to determine if it’s a scam. E.g., Google indexes all of Fraudo’s pages, so any scams I write about here will show up on a Google search.
• Never give out your credit card details in surveys.
• Read the URL carefully. The URL is the address shown at the top of your web browser. If it’s not the exact name of a legitimate company then be suspicious.

There’s some spam pretending to be from Delta Airlines. It tries to trick readers into opening the attached file, making readers believe that the ticket has been paid in full and that it’s ready to be used by the reader. The attachment is a trojan that gives people complete access to the PC and tries to download more malware every time you reboot.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.

If you get an email telling you that your credit card is locked and that you need to click on the link to unlock it, treat it as a scam. It’s an example of email scams where they start with a story that sounds urgent (your credit card is locked), and that you need to click on the link right now (before you have time to think or research the email).

What usually happens is the link they give you is fake. It might look like a real company’s link, but if you hover your mouse pointer over the link you’ll be able to see where it really points to. And usually it’s a scammer’s web site in places like China or Russia.

Then when you get to that page, it’s been designed to look just like a real company’s site, and it prompts you to enter all your personal details including passwords. This information goes straight to the scammer who set up the fake site. He then sells it on a black market. Then someone buys your account details and uses it to commit fraud. It’s a large complex network that steals billions of dollars a year.

Below is an email claiming to be from Visa. When you receive emails like this, copy and paste it into Google, then Google will show you web sites like FraudO telling you if they’re scams.

Your Visa card is temporarily locked and the last transaction is on hold. Please understand we work to ensure your account safety. To restore your card and regain access you are required to register your Visa card in the Verified by Visa program, its a free, simple-to-use service that confirms your identity with an extra password when you make an online transaction.

It’s easy and only takes a few moments to activate your card. You can do it by clicking on the link below that will take you to Visa secure website.

[link removed - it looks like a Visa web site]

This is an outbound message only. Please do not reply to this email. If you have any questions, please refer to our Frequently Asked Questions (FAQ), or contact us. You will receive a response within 2 business days.

Thank you for using Visa Cards.

If in doubt just call your credit card company on the phone. They’ll reply immediately, not in 2 days, and you can be sure you’re speaking to a legitimate company.

Thanks to Erik for sending this one in. If you find other scams or fraud attempts you can send them in using our contact form.

Another phishing email claiming to be from Maybank. As usual it starts with a story about something happening to your account. It gives you a link to click on and asks you to enter your personal banking details.

Please read the previous post on how to identify phishing emails.

Below is the text from the email:

Dear Maybank customer,

We are hereby notifying you that we’ve recently suffered a DDos-Attack on one of our’s Online Banking server. For security reasons you must complete the next steps to verify the integrity of your Maybank account. If you fail to complete the verification in the next 24 hours your account will be suspended.

Here’s how to get started:

1. Log in to Maybank online account (click here).

2. You must request for TAC via Maybank online banking – your TAC will be sent via SMS to the mobile phone number you registered. ( you can find the "Request a TAC" button in the Utilities menu of your account )

3. Logout from your account and close the browser.

4. When you have received the TAC (Transaction Authorization Code) on your mobile phone, go to our secured verification server and submit the requested information (Username, password and TAC). (click here) to go on our secured server.

5. Please allow 48 hours for processing.

Please comply and thanks for understanding

If you see this email just delete it.

Phishing is when someone sends you an email designed to trick you into handing over personal details such as your passwords. Below is a new phishing email. At first glance it looks like it came from PayPal. It’s designed to trick you into clicking their link – it does this by coming up with a story about your account being locked.

Below is the email. At the end of this post I’ll explain what you can do to avoid falling for these things.

We are constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
Why is my account access limited?

Your account access has been limited for the following reason(s):

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

(Your case ID for this reason is PP-0XD2-0XBC-0XDA-0X37.)

How can I restore my account access?

Please visit the Resolution Center and complete the "Steps to Remove Limitations."

Be aware that until we can verify your identity we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.

Sincerely,
Account Departement.

What can you do to avoid phishing emails?

1. Do you have a PayPal account? If not then you should immediately suspect it’s fake.
2. Is the email poorly written? If you look carefully you’ll find grammatical errors in the email shown above. Scammers generally have poor English skills.
3. Use one of the newer web browsers. For example, I clicked on the link in the email to see what happens. Google Chrome immediately identified it as a phishing email and displayed a large red screen with a large warning that this is a phishing site. Opera does the same. Internet Explorer didn’t try to stop me (80% of Windows users still use Internet Explorer, it’s time to upgrade). So alternative browsers are safer to use.
4. Install a good anti-virus package. For example, Trend Internet Security checks which web sites you’re visiting and it will stop you from going to known phishing sites. There’s a small subscription fee to buy and keep using Trend Internet Security and I think it’s a good investment (it’s cheaper than having someone take all the money out of your bank account).
5. When you see a suspicious email, don’t click on the links they provide. If you’re really concerned about your account being locked, open a new tab in your browser and type in the address yourself. Then you know you’ll be going to the real PayPal site (or your bank, etc).
6. When there’s a link embedded in an email you can place the mouse pointer over the link and wait a second. Usually you’ll be shown the address it points to. If the address isn’t exactly what you expect then it’s fake. Read more here about recognising fake addresses.
7. Some email services include spam filtering. Sometimes you have to pay extra for this service. Spam filtering usually also filters out phishing emails. This removes these bad emails before you even get to see them.
8. When you see a suspicious email, copy some of the text and paste it into Google. Then look through the results to see if it’s a known scam. (This is why I copy & paste all these bad emails into FraudO, to help Google find them).

A new way of stealing internet banking passwords has been discovered. Here’s how a victim would see it:

• You’re reading a few web pages on the internet. One of them is infected with some malicious code – you don’t know.
• You log onto your normal internet banking site
• The malicious code on the other site detects that you’ve logged into internet banking
• the malicious code bring up a window asking you to type in your internet banking password again, giving you some excuse as to why you have to log in again
• The malicious code sends your password to a 3rd party who uses it or sells it to someone who will

How can this happen?

I won’t go into the technical explanation, suffice it to say that most browsers will trust and run code under certain conditions, and hackers have discovered how to exploit those conditions.

It works because it knows what banks to look for and won’t do anything until you log into your internet banking. So to a casual person it sounds plausible that they need your password again.

What can be done to prevent this?

• When you use internet banking close all the other tabs you might have open. Just keep the internet banking page open by itself.
• If you get a popup window to enter your password again you need to decide if the popup window is really from your bank.

• Does it look the same as your normal login screen?
• Is there a good reason why you have to enter your details again? (e.g. if you don’t use the internet banking page for 10 minutes it might time out, but otherwise it shouldn’t have timed out)
• Does it have the SSL icon? This is often a padlock icon on the top right corner, if you click on it it should identify your bank.

The makers of web browsers (Microsoft, Mozilla, Google, etc) need to address this issue. When they do it’s up to you to update your browser to the latest version. Then this particular problem will go away.

Below is a press release from a banking security company offering more information on this type of attack.

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf

Recently people have been receiving a message in Twitter that says something like

hey! check out this funny blog about you…
hxxp://t w i tter.access-logins..com

The link takes you to a page that looks a lot like the Twitter login page. If you try typing in your Twitter username and password it records it in a private database. Later someone will log into your Twitter account using your password and start sending out message like the one above.

Many people have one password for many sites, so once they have your Twitter account they could later try other services (e.g. Facebook).

If you use Twitter and see the above message just ignore it. Don’t click on the link.

Some web browsers (such as the latest version of FireFox and the latest version of Opera) will now detect this fake site and show you a large warning. A good antivirus package will also detect these sites and block them.

And if you think you’ve already fallen for this change your passwords.

hi5 is a social network, much like Facebook or Myspace. A fake email has been going around pretending to be from someone called "Sarah xxx" (the name could change), and asking the reader to add them as a friend. The message says:

hi5 Friend Request from Sarah xxx

Hi,

I’d like to add you to my hi5 friends network. You have to confirm that we are friends, and we’ll each get to meet more people. Please approve or reject my request by accessing the hi5 web site:

Accept Friend

Thanks,

Adelina

This seems real enough but there’s one serious flaw. They include a link you can click on (where it says "Accept Friend"). Clicking on this link doesn’t take you to hi5′s web site, instead it takes you to a phishing site.

Assuming you had a hi5 account, when you enter your login details into the fake hi5 login page the system records your username and password and shares it with the criminals running this site.

Like all phishing sites, it’s just a fake page designed to steal your password.

What can you do?

• If you use hi5 or any other social network, when you receive a notification email you can go their web page yourself, without clicking on the links in the email. In other words, open a web browser and type in the name of the web site (or use a bookmark).
• When you see a link in an email, place the mouse pointer over it for a couple of seconds. Most email clients will display the real address it points to. Of course it helps to have a bit of experience recognising real addresses from fake ones – read this FraudO article to learn more.
• Use a good anti-virus package. The big commercial packages scan your emails for fake emails like this one and filter them out. They also scan the address of every web page you go to and if it’s known to be a scam they’re filtered out too.
• And if you don’t know anyone called "Sarah xxx" who signs her name as "Adelina" then you can just ignore the email entirely.

There’s a new phishing email that takes readers to a fake survey claiming to be from McDonald’s (the fast food company). It’s similar to this one seen recently.

The email suggests that McDonald’s will give you $75 for filling in the survey. Clicking on the link takes you to a web site with a survey and some McDonald’s images.

When you submit the survey form it then asks you for:

• Your full name
• Your email address
• Your credit card number
• Your credit card’s expiry date
• Your credit card’s security code

This information is collected and later used for fraudulent purposes (i.e. to make purchases using your credit card). If you receive this email or similar ones just delete them. Don’t be tempted by whatever they promise to give you.

And remember that to fill in a survey form there’s never any reason to give out your credit card details. It’s always a scam.

A fake email has been sent claiming that JP Morgan Chase (a financial services company) will pay you $50 for filling in a survey. Sounds tempting, except that the link they want you to click on does not take you to the real JP Morgan Chase’s web site.

Instead it takes you to a fake web site with a form asking you a few questions (the form looks like a real survey). At the end it asks you for your full name, credit card number, expiry date, and PIN number! This kind of trick is known as phishing. Any information you enter here is collected and eventually used to steal money from people’s accounts.

The idea is to entice you with filling in a survey by promising a reward ($50), making their site look like it’s from a large company, then collecting private information that you really shouldn’t be giving out to anyone.

The email reads:

Online Survey – Add 50$ to your account in 2 minutes!

Dear Customer,

You are invited to take part in our nation-wide 5 question survey. Your time is very important to us so $50 will be credited to your account upon the completion of this survey.

Please note that no sensitive information will be required, collected or stored. The information will be used to further improve our services

To take part please click here

So if you see any emails like this just delete them. Also keep in mind that a good anti-virus package can often detect you’re going to a fake web site and stop you.

Another fake email, this time claiming to be from WorldPay. The body of the email makes you think you’ve paid for something, and since you surely haven’t you’ll be suspicious enough to open the attachment hoping to find more information.

The attachement is a zip file, disguised as something else. The attachment’s filename is WorldPay_CARD_Transaction_Confirmation_OrderNo76621.doc.zip – this is an old trick of using two extensions at the end. .doc is usually a Word document, but the real extension is the last one, in this case .zip. A zip file can contain programs (.exe) such as malware. So always look at the last bit of the extension (.zip) when deciding whether or not to open the attachment.

Below is an extract of the email:

Thank you!

Your transaction has been processed by WorldPay, on behalf of Academic Resources Center Inc. 

The invoice file is attached to this message.

This is not a tax receipt.

We processed your payment. 

Academic Resources Center Inc has received your order, and will inform you about delivery. 

Sincerely,

The AcaDemon Team

Enquiries

This confirmation only indicates that your transaction has been processed successfully. It does not indicate that your order has been accepted. It is the responsibility of Academic Resources Center Inc to confirm that your order has been accepted, and to deliver any goods or services you have ordered.

Below are two fake emails claiming to be from eNom (a domain name and web hosting provider). The emails are worded such that they sound technical and that they require immediate action.

Both emails contain a link you’re supposed to click on, however if you examine the link closely you’ll see they actually point to someone else’s site. This is sneaky and you really need to be aware how to distinguish real links from malicious ones like these.

In this case the link is displayed as: http://www.enom.com – but if you place the mouse pointer over the link and wait a second, you’ll see the real link displayed (depending on which browse and email client you’re using). In this case the link really points to httpz: // w ww.enom.com.com92. _biz  - See what they did there? They added a few characters to the end. This is enough to make it point to a completely different site. Even though is has part of eNom’s address in there, it’s different. (Note that I broke up the URL to stop you from accidently clicking on it).

The second email is similar, it really points to h ttp :/ / www. enom. comcom94._com – Again this is different, even though it has part of eNom’s address. Even one letter or number is enough to make it go somewhere else. (Again I broke up the address to stop you clicking on it).

How can they do this? Unfortunately at this time nobody stops scammers registering an address that is very similar to a legitimate address. It’s up to you to take care what you click on.

Another couple of tips to protect you from these tactics:

• Use a good antivirus package that checks every web page you load. These days they have a list of good and bad sites, and it’ll warn you if you’re going to a known “bad” site.
• If your web browser or email client doesn’t let you see the real link (by hovering the mouse pointer over the link) then upgrade to another browser or email client.
• Use some kind of spam filtering with your email. This is fairly common these days.
• Use an alternative browser, such as FireFox, Opera, Chrome, or Safari. This isn’t always enough these days, as we’ve seen with Flash malware. But it helps a little.

Below are the two emails. I’m putting them here so that people can search Google and get to this page to learn what they really are.

Email 1:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

Second email:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

Tuesdays are when Microsoft publishes patches to their software, and today they’ve published quite a few (if you use Windows then you should be installing the patches today). 

However today there’s a malicious email being sent around that looks like it came from Microsoft (it’s actually fake). The email tells people about the patches and has a file attached. 

The attachment isn’t really a Microsoft update, it’s actually a trojan that installs something on your PC that lets hackers log into it, without you ever finding out. You really don’t want this kind of thing installed on your PC.

The email has a few features designed to convince people that it’s genuine, such as a PGP signature at the end, and the fake sender address.

The subject of the email is:

Security Update for OS Microsoft Windows

If you see this just delete it. You should also have a good spam filter for your inbox – email services such as Gmail do a good job of this. For businesses it’s a little more complicated and even more important. You should also invest in a good antivirus package, one that checks everything and downloads updates at least once a day.

And remember to never trust attachments you unexpectadly receive(you didn’t ask Microsoft to send you an attachment, so why would they really do this?)