Google Calendar Phishing

password Here’s a new spin in phishing attacks. The idea is to trick people into providing confidential data. This new technique is aimed at Gmail users. Here’s how it works:

VERIFY YOUR ACCOUNT (…)

This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account. (…)

You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username:

* Password:

It’s an attempt to get you to provide your username and password. If you see anything like that simply delete it.

July 5, 2008 | Filed Under Fraud, Identity Theft, Scams | Leave a Comment 

New Fraud Statistics

Sometimes it’s hard to believe these statistics, the numbers are so large. The Australian Bureau of Statistics has finished their first survey of personal fraud. Their findings are that 800,000 Australians fell victim to fraud in some way.

453,100 of those lost money, for a total of $977 million. That’s a lot of people and a lot of money for a rather small population.

329,000 Australians lost money after responding to lottery scams and other phishing related scams.

A lot of people keep falling for scams. The best thing you can do is help them become aware of what scams and fraud tricks are being used. Remember that you can always subscribe to Fraudo.com by email or with an RSS reader.

July 1, 2008 | Filed Under Fraud, News/Media, Scams, Statistics | Leave a Comment 

SMS Death Threat Scam

There’s a new scam being sent by SMS, similar to an email one sent recently. The SMS reads:

Someone paid me to kill you. If you want me to spare you, I’ll give you two days to pay $5000. If you inform the police or anybody, you will die, I am monitoring you.

The SMS also includes payment details and an email address.

This is a scam, do not contact the sender or send any money. The Australian Police has issued a warning about this. They also mention that money being paid by victims is being transferred to Thailand.

Let friends and family know about this scam so that they don’t fall victim to it.

July 1, 2008 | Filed Under Fraud, Scams | Leave a Comment 

Advanced Fee Fraud on LinkedIn

The Advanced Fee Fraud is also known as a 419 scam. This is an old and still very popular scam whereby someone who is either a foreigner or is posing as a foreigner asks a stranger for help transferring large amounts of money. They promise a large compensation in return, and ask for some money to get things started. It sounds simple and a lot of people fall for this.

business card LinkedIn is a social networking site, much like FaceBook and MySpace. LinkedIn is mostly used by professionals, i.e. adults with bank accounts and who have money. This would make a good target for a scammer.

It’s been reported that these advanced fee frauds have been appearing on LinkedIn recently. Users of the service are being too trusting of the community and scammers are taking advantage of this.

If you use any social networking site please be aware of people trying to scam money using these ploys. Read up on how this scam works and let other people know about it.

June 8, 2008 | Filed Under Fraud, Scams | Leave a Comment 

Job Scam

It’s now common to see spam advertising bogus jobs. Here is an example.

This job spam promises a lot of money for working very few hours. A few things give it away as spam. Firstly the email address given in the message doesn’t match the sender’s address (it’s not even close).

Secondly: I never asked for this email to be sent, I didn’t apply for any jobs recently and haven’t put myself on any work related mailing lists. This is spam (unsolicited emails).

Next, any job ad that doesn’t actually have a job description is suspicious. And when they promise large amounts of money for 1 to 2 hours work per day it’s too good to be true.

Here is the text of the email (complete with grammatical errors):

Subject: The best offers from our company!

Greetings!

You have a chance to start making 1200+ AUD a week spending 1-2 hours a day
Monday-Friday, working most of the time from home.This opportunity is brought to you by APL Sales Company and now is hiring!You received this offer via Worldwide net of advertisement brought to you via paid ads by Google.

If you are looking for an additional job or just an extra income - this position is for you.Designed for an ease of use and the best position available nowadays, time wise and income wise.

Although some requirements need to be met:
You are 18+ years old*
You have 1-2 hours of free time a day Monday-Friday*
You are responsible and dependable*
You are located in Australia only*
—–
Some reference:

“Best offer on The Net” - “Money” magazine, -John Keppke.
“Employment situation has gotten on a new level” - “The Economist” magazine, -Laura Star.
“Amazing solution for Extra Income” - “Newsweek” magazine, -Dennis Coleman.
—–
If you meet all requirements - don’t hesitate to get more information on this great
position called “Fund Operator”.

Reply to: apple.swed404@gmail.com with subject “Interested” to receive full information on this great position. Limited time offer, don’t wait! And Good luck.

They don’t publish a link to a web site, only an email address, so I don’t really know what they hope to gain from this.

In the interest of research for FraudO I’ve replied to this spam email and will update this post when I receive a reply. I sent the reply to their gmail address (which is different to the spam’s From address) with the following line:

Please provide more information on this offer.

That’s all I’ve said. Let’s wait and see what happens.

That was fast, I’ve received a reply already. It must be an automated reply. This is what they sent:

Thank You for being interested!
You have a chance to join our team and start making money for your family or just for yourself, as an extra income.
This is a new generation opportunity and it is based on a taxation loop between two countries.
You will represent a role of a S.u.b. Distributor for our company, it means that you will help us handle payments from our customers within Australia,thus we will pay you 10% commission from every payment that you handle. Since you are an individual it gives us opportunity of paying 2% tax for every sale, that’s why we need help from you.

Here is a live example:
1. You receive 3100 AUD from our customer to your b a n k account. We send you instructions by E-mail.
2. You go to the b a n k and withdraw 90%, and you leave 10% for yourself.
3. Then you go to a Western Union and send 90% to one of our agents. (will be given in instructions)
4. Then you send us e-mail with report form. (will be given in instructions)
5. As soon as report form received - you get your next transaction the very next day and so on.
Outcome >> You earned 10% from 3100 AUD which is 310 AUD just in your pocket. And it was only one transaction.It is not complicated at all, anybody can try this out and you always can get help from one of our representatives. Feel free to Get started.

F.A.Q.
1. Do i pay any tax? This is not your income and bank will know that, we pay fee for this activity to every Australian Bank.
2. Is there a contract? No, for your convenience we made this a part-time position, you can stop anytime and continue anytime, let us know prior 2 days.
3. How many transaction a day, how often? 1 transaction a day, 4 times a week, Monday-Thursday.
4. What products do you sell and what is the average amount i will need to process? Mostly we are big on electronics and computer hardware, but we also can help any other company to make a sale, so it can invole auto parts as well ashousing equipment.
5. When is this offer valid until? Offer is valid until October the 20th 2010.
6. Is this legal in Australia? Yes, everything is above board and regulated by financial government institution. Feel Free to try yourself out in this opportunity, here is the application information required IN ORDER TO GET STARTED:

___________
*FIRST NAME:
*LAST NAME:
*ADDRESS:
*CITY:
*ZIP CODE (optional):
*COUNTRY: Australia
*DATE OF BIRTH:
*MOBILE PHONE#:
*HOME PHONE#:
*NAME OF YOUR BANK::
*ACCOUNT# (contains numbers only):
*BSB# (6 digits):
*YOUR E-MAIL(to contact you best):
————
AFTER YOU SUBMIT YOUR INFO - ONE OF OUR REPRESENTATIVES WILL ASSIST YOU BACK SHORTLY! GOOD LUCK AND WELCOME TO OUR TEAM!!!

Notice that at the end of all this text they’re asking for my bank account details. It’s a scam.

Don’t ever provide your bank account details to strangers (unless, for example, you’re selling something online and need to accept payment, then it’s a compromise between security and doing business). Read here to see what happens if you give out your bank account details to everybody.

The rest of the email is just a story about some complicated money transfer scheme. Even if they really did want to do all this and pay me 10% it just doesn’t sound legal. Could it be a money laundering scheme? It’s not something you should get involved with.

May 27, 2008 | Filed Under Scams | Leave a Comment 

Nigerian 419 Scams

How much money do you think Australians send to Nigerians because of the old Nigerian 419 scam? (Keep in mind that Australia has a small population of 21 million)

wallet The answer is millions of dollars.

This very interesting interview with the head of the Queensland Police Corporate Crime Investigation Group (what a long title) discusses these scams and provides some interesting details.

People who fall for these scams often don’t report it, and in many cases repeatedly fall for these scams. Watch the video, discuss it with your friends, family and colleagues, and help raise awareness of this particular kind of scam. You can also read this article on how Nigerian scams work.

Link to video.

May 23, 2008 | Filed Under General, News/Media, Scams, Statistics | 1 Comment 

Domain Slamming

Nick, a regular reader, offered this advice on a scam known as domain slamming. If you have any domain names registered then take note of the following.

A company known as "Domain Registry of America" has been sending letters (the paper kind) telling people that their domain will expire soon and that they need to pay to renew it.

Normally you would renew your domain name with the company you’ve already used to register. But this company sends out letters that look like invoices hoping that some people will just pay it without questioning where it came from.

paperWhen you register a domain name you’re required to provide your name, mailing address, and email address. This information is made publicly available (use any of these free Whois services to view this information about any domain name). This is where they get your details from.

There’s plenty of information about domain slamming on these pages here, here and here.

If you own a domain name, especially a .com name, make sure that it’s locked. This is just an option you select when you setup the domain name. Then ignore any letters (or emails) you receive from other companies about your domain name.

Note that this happens in most countries, not just USA.

May 11, 2008 | Filed Under General, Scams | Leave a Comment 

Chinese Domain Scam

A recent scam email uses the following technique:

Below is a sample of this scam email:

Dear Sir

We received a formal application from a company who is called Meiao Investment Co.,Ltd are applying to register “—” as their domain name and Internet keyword in China and also in Asia on Apr 17 2008. During our auditing procedure we find out that the alleged Meiao Investment Co.,Ltd has no trade mark, brand nor patent even similar to that word. As authorized anti-cybersquatting organization we hereby suspect the alleged Meiao Investment Co.,Ltd to be a domain grabber. Hence we need you confirmation for two things,

First of all, whether this alleged Meiao Investment Co.,Ltd is your business partner or distributor in China.

Secondly, whether you are interested in registering these domains. (The alleged Meiao Investment Co.,Ltd will be entitled to obtain a domain not needed by original trademark owner.)

If you are not in charge of this please transfer this email to appropriate dept.

This is a letter for confirmation. If the mentioned third party is your business partner or distributor in China please DO NOT reply. We will automatically confirm application from your business partner after this audit procedure.

Bst Rgs
chenllychen
Registration Commissioner
Beijing HA ZD Networks Science and Technology Co., Ltd
Tel: +86-10-82772601
Fax: +86-10-82773610
Email: chenlly.chen@ha-zd.com
http://www.ha-zd.com.cn

There are quite a few variations to this email, the concept is the same. Don’t reply to these emails and certainly don’t buy domain names from them. It’s just another scam. If you really want a Chinese domain name buy one from a reputable registrar.

April 22, 2008 | Filed Under Fraud, Scams | 1 Comment 

She has already gone to hospital!…

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

HTML_IFRAME.TW virus

April 21, 2008 | Filed Under Malware, Scams | 7 Comments 

MasterCard 16% Scam

A fake promotional email, claiming to be from MasterCard SecureCode, offers a 16% discount on all purchases. This could be enough to tempt readers to sign up on the fake web site.

discount The email has a link to a web site that has been made to look the same as MasterCard’s web site with a form to sign up. The personal details entered here end up going to a scammer. Personal details including your credit card’s number, expiry date, 3 digit security code, and your date of birth.

If you receive an unsolicited email offering 16% discounts just delete it. And don’t click on links in these emails, instead go to a web browser and type in the address you need.

April 19, 2008 | Filed Under Fraud, Scams | Leave a Comment 

Microsoft Certificate Enrolment Code

There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.

US money The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.

The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.

So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.

April 18, 2008 | Filed Under Fraud, Malware, Scams | 1 Comment 

XP Antivirus

ads XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.

The road to XP Antivirus is:

  1. A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
  2. A message appears offering a product called XP Antivirus. The message reads:
    • Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.

      Detect and remove viruses before they damage your computer!
      XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.

      Do you want to install XP antivirus to scan your computer for malware now? (Recommended)

      (Note: I bolded the typo that appears in the original ad)

  3. If you say ok then a fake anti virus program is installed.
  4. The program then informs you about a large number of (untrue) malware on your computer
  5. You’re then asked to pay to remove them

A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.

April 14, 2008 | Filed Under Antivirus, Scams | 2 Comments 

Vishing

Vishing is short for voice phishing. This involves tricking someone into calling a phone number, listening to a recorded message, then being tricked into providing personal information to the phone service.

phoneWhy would someone want to set this up? To collect your personal information, such as credit card number, its expiry date, your date of birth, PIN codes, etc. That information is then either sold on the black market or used by the scammers to steal or spend your money (this is also called identity theft).

Setting up an automated phone system like the ones described here is fairly easy these days, and fairly cheap.

Do people fall for it? Oddly enough, yes. Hopefully by now everyone’s getting the message not to trust strange web sites on the internet. But less obvious methods such as automated phone services are easily forgotten.

Anti virus software can’t stop you making a phone call. And people can be more trusting of “old fashioned” technology such as phones.

How does it work in practice? Here’s a summary of a recent vishing attempt.

  1. Emails are sent in bulk to as many people as possible.
  2. The emails have forged headers to appear to come from service@irs.gov
  3. The email contains an important looking message. Note that it doesn’t have any links to click on, instead it gives a phone number.
  1. Internal Revenue Service Tax Refund

    After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $215.

    Tax Refund Number: <number here> - Will Expire on <date here>

    Attention!

    Tax refunds can be sent only to VISA or Mastercard DEBIT CARDS.

    To receive your tax refund please call the IRS Tax Refund Department at: 602-427-59x

    Internal Revenue Service

  • The reader takes an interest because of the offer for free money (who wouldn’t!) and calls the number shown.
  • Because the email already warned people they need a VISA or Mastercard card to receive payment they would be more willing to provide the card’s details.

    • Tips to avoid this scam:

    This isn’t limited to tax refunds. Other vishing variations may appear to be from banks or other financial institutions.

    Another variation of this scam is to send people an SMS instead of an email, with a shorter version of the message above. Treat SMS’s like you would treat emails. Note: it’s also easy to forge SMS’s to appear to come from other people.

    Automated voice systems can also initiate phone calls with fake caller IDs. The technology’s easily available. VoIP systems are even easier to set up.

    The potential to trick people into handing over personal details is just as easy using phones as it is using emails and web pages.

    April 8, 2008 | Filed Under Fraud, General, Identity Theft, Scams | Leave a Comment 

    Only In Malaysia Mah

    There’s a website published by someone called Jason Tan, in Malaysia. On his website Jason claims to be earning incredible amounts of money with almost no work. After a lengthy sales spiel there’s an offer to buy his e-book for RM90 so that you too can make this much money.

    So, is this real and is it worth spending the RM90 he asks for? Yes and no.

    Based on comments and blogs from other websites on the internet it seems Jason earns his money from selling this e-book. It’s highly unlikely the house and Mercedes on his web site are actually his.

    So what’s in the book? Some people have bought it and written their thoughts on it. Jason’s e-book basically tells readers that they should write an e-book and sell it online to make money just like he does. That’s it, that’s his big secret. This method doesn’t scale very well,

    The other idea that Jason sells to people is an affiliate system. Anyone who wants to make a small amount of money with very little effort is encouraged to help Jason sell his e-book and earn commission. Unfortunately people have been spamming web sites and mailing lists in order to get their commission. Again this money making scheme that doesn’t scale very well.

    onlyinmalaysiamahJason Tan’s website is http://www.onlyinmalaysiamah.com/

    Another site that looks almost identical to his is Ewan Chia’s money making scheme. Once you start to see a pattern of these websites appearing it’s obvious that it’s a bit of a scam. Ewan’s site is here, http://autopilotprofits.com/

    And James Ng created a site that’s also almost identical to the above two, http://www.besuccessonline.com/

    Are you starting to see the pattern?

    Save yourself the RM90 (or any other amount these people charge). Instead spend it on some business books at your local bookstore. You’ll get much better value.

    Reference: This page has a long discussion thread about Jason Tan’s scheme with a detailed description of what his e-book contains.

    April 6, 2008 | Filed Under Scams | 1 Comment 

    False Adwords Emails

    Some people have been receiving emails that appear to come from Google AdWords. The email has a long story about your account being suspended and gives you a link to reactivate it.

    At first glance the link  to Google Adwords seems genuine but instead it takes you to a fake web site that looks exactly like Google Adwords. It lets you type in your username and password, sends it to the person who setup this fake site, then takes you to the login page of the real Google Adwords site.

    This is a common phishing email targeting Google Adwords customers.

    Usually to identify real links from fake malicious links put the mouse pointer over the link and wait a second. Most email clients will show you the true destination either in a yellow tool-tip or at the bottom of the window.

    I checked my spam folder and found one of these emails, let’s have a close look at it:

    adwords phishing

    The sender looks legitimate. Look at the part in the angled brackets, adwords-noreply@google.com. Technically the sender’s name & email is trivial to forge. This email didn’t really originate from Google.

    Now at the end of the email is a link to http://adwords.google.com/select/login. At first glance this look innocent. What everyone should get into the habit of doing is putting the mouse pointer over the link (without clicking) and looking at the bottom of the screen to see where it really points to.

    Let’s have a look at where this link would really take you:

    adwords_2

    It’s says: http://adwrods.google.select.ncjd43.cn (NOTE: don’t try visiting this site).

    This is not Google’s site. It’s hosted on ncjd32.cn (always look at the last 2 parts of the URL, as explained in our earlier article). CN stands for China, so this fake site was registered in China - something that should make you suspicious of this link. Also note they spelt adwords wrong (adwrods). The word Google in this link doesn’t have anything to do with the real Google, it’s only here to trick casual readers.

    So there you have it, an example on how to spot a phishing email.

    A good virus & spam filtering system will filter out most of these phishing emails.

    Note: Google Adwords is an advertising service run by Google. Go to Google’s site and type in adwords to find the real site.

    March 31, 2008 | Filed Under Fraud, Identity Theft, Scams | Leave a Comment 

    Brazilian Tax Return Site

    Another fraudulent tax return site has appeared, this time targeting people in Brazil. It begins with a forged email claiming to be from Brazil’s Ministry of Finance, Ministerio da Fazenda.

    The email has a link to a virus file called formulario.exe.

    Brazil If you receive this email just delete it. Don’t click on the links and don’t download (or even worse, Run) the .exe file it offers you.

    And of course invest in a good anti virus package that will filter these sites and block them.

    Other recent tax scams:

    March 27, 2008 | Filed Under Malware, Scams | Leave a Comment 

    Next Page →