Category Archives: Scams

Another Scam Job

Posted by on 4 March, 2010 No comments

Emails like this are scams. They are not legitimate jobs and you should not contact the sender – it’s part of a money mule scam.

Some words in this email can change but the general part of it remains the same:

Hello,
My name is Earnest and our company currently has several positions it needs to fill in your region.
We are a well known company with offices throughout Europe, Asia and North America.
Our current turnover is over 130 million annually and we are still seeking for expansion.
I have 12 vacancies of Financial Assistant that need to be fulfilled immediately.

Major operational duties are prompt receiving and processing customer’s payments for their further transfer according to the specified method. Detailed work scheme will be provided upon request.

I am looking for self-motivated individuals with strong work ethics and ability to schedule work hours effectively.

Requirements:

* Expert skills in managing payments and transfers between our company and clients
* Knowledge of basic payment systems
* Bank account (personal or business)
* Advanced PC and Internet skills
* Minimum 24 y.o.

Benefits:
*Salary plus commissions
*Full reimbursement of banking and Western Union fees.

NOTE: This vacancy is valid for American residents ONLY.

Contacts: <removed>

So if you see an email like this delete it. Don’t fall for the scam.

Facebook Groups And Toolbars

Posted by on 28 February, 2010 No comments

There is a facebook group that promises some special abilities but it’s actually a bit of a scam. The group is called:

NOW YOU CAN SEE EVERY 1 WHO VIEWS YOUR PROFILE

Apart from the annoying all-caps writing, the group suggests you install a toolbar to make this possible.

You should never install toolbars unless you completely trust the company who made it and really need it. In this case, Facebook didn’t make the toolbar. A stranger did. And you don’t really need it (and it doesn’t do what’s promised).

So do people fall for these things? I looked at this group in Facebook and 146,604 have joined it. That’s a lot of gullible people who don’t understand how Facebook’s privacy works.

There isn’t much information on what the toolbar actually does but it seems to spam your friends. Spamming is not nice (and possibly illegal in some places).

An Interview with a Nigerian Internet Scammer

Posted by on 18 February, 2010 No comments

The Nigerian scam goes by a few names and I’ve explained how it works before.

Here is an interview with someone who really scammed people using this technique. He explains how the scam operations work, how much work they put into building people’s trust and eventually take their money.

It’s an interesting read and it’s certainly a different way to learn about these scams and avoid them. It would be useful to show this interview to people who might be new to the internet. Then hopefully less people will fall victim to it.

The full interview is split into three parts:

Fake CUA Email

Posted by on 5 February, 2010 No comments

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

cua

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

Texaco Money Mule Scam

Posted by on 2 February, 2010 1 comment

I’ve written about money mule scams before, here’s another one.

When a scammer has a large amount of money to move, such as stolen money they want transferred into their own bank, they don’t do it themselves. That would make them too easy to get caught.

What they sometimes do is ask other people to transfer the money. They tell these other people that it’s a legitimate job, and trick them into making these bank transactions.

They even go so far as to invent a company in order to recruit innocent people, or sometimes borrow the name of a legitimate company.

One such example is a job ad that claims to be from a US company called Texaco. The scammers sent a forged email with a link to a fake website, made to look like the read Texaco.

The scam email says:

Texaco/Chevron Downstream Europe
  1 Westferry Circus Canary Wharf
  London E14 4HA

Dear Job Candidate,

The TEXACO Online Employment System wish to inform you that your posted information onlinehas been carefully and confidentially reviewed by our Recruitment Team Professionals and we have considered under our current vacant opportunities within the Firm to employ you for work in our company.

TEXACO Online Employment System is affiliated to various job recruitment websites and your information was submitted to us by our online agent that submit job candidate resumes for consideration of employment depending on the vacancies we have in any branch of TEXACO Company Worldwide.

As regards to this, you have been automatically granted this employment to work in TEXACO Oil & Gas Field with a monthly salary of Eight Thousand
Five Hundred Pounds (£8,500).

Kindly acknowledge the content of this message by reconfirming your interest in working for us and indicating your area of job interest, ensuring that you
have quoted your vacancy title below or send your CV with a covering letter.

For further details relating to your employment, kindly send an email to
Texaco/Chevron Downstream Europe H/R Recruitment Service Department
texaco@post.com / http:// texaco.us.ms / http:// texaco.com/portal_default.asp/.

  Regards,
  Paul Matins
  HR Recruitment Manager

This email is a scam. The web site that they give ends with .us.ms – this is not the real Texaco’s domain name.

So the next time you see a job ad too good to be true, consider if it might be a money mule scam. Does the job ad promise to pay an unusually large rate? Is the work unusually easy? Is the job description vague? Is the web address correct? Did you receive the job ad in an unsolicited email? These are all questions you need to ask yourself.

Facebook Un Named App

Posted by on 28 January, 2010 No comments

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

Fake ATO Emails

Posted by on 21 January, 2010 No comments

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

  • Fake address: www.a-imbn . org
  • Real address: ato.gov.au  (all Australian government web sites must end with .gov.au)

If you’re in Australia please let others know of this scam.

Fake Haiti Donation Email

Posted by on 15 January, 2010 No comments

There’s a fake email being circulated in the UK asking for donations to help with the recent earthquake in Haiti. The email claims to be from the Red Cross but it’s really just a scam.

This is what the email looks like:

The British Red Cross Society
British Red Cross
UK Office
44 Moorfields
London EC2Y 9AL

MAKE YOUR DONATIONS NOW
=====================

Dear reader,

A devastating earthquake measuring 7.3 on the Richter scale struck Haiti on 12 January 2010 sending the Haitian Capital Port-Au-Prince into chaos, killing hundreds and affecting thousands more. Please give what you can today to help thousands of people there in desperate need of humanitarian assistance.

Relief aid workers from the Red Cross have already been arriving at the Haitian capital with relief materials.

Donations have been grouped into two cartegories:

1: Group A (£250 British Pounds to £1,000 British Pounds
2: Group B (£1,000 British Pounds and above)

Donations are to be made payable immediately via WESTERN UNION MONEY TRANSFER immediately and directly to our donations accounts liason officer as RECEIVER’S name:

DONATIONS ACCOUNT LIASON OFFICER:
LOCATION: 44 Moorfields, London EC2Y 9AL

Please provide us via return email the following informations below as they appear on the Western Union Money Transfer slip;

1. Name and Address of Sender
2. Exact Amount Sent ***
3. MTCN ***

NOTE: At British Red Cross we are committed to protecting your privacy as a STANDARD practice. We will not share your information unless you have previously indicated that you are happy for us to do so.

Hope to receive your donations soon as thousands need your help.

Please send return email with donations details to

Yours Sincerely,

For and on behalf of The British Red Cross Society

first_ aid kit The email has a few spelling and grammatical errors. They unnecessarily capitalise a few words. Both of these things are unprofessional and would not be done by a serious organisation. Also, they want money sent to Western Union! Any legitimate organisation would have a professional method of accepting money. All these things should make you suspicious of the email.

If you see this email remember that it’s a scam. And there’s no doubt that there’ll be dozens more emails with similar Haiti scams. If you want to donate to help with humanitarian efforts then find an official (and recognised) charity organisation and donate to them. Don’t click on links in emails that you receive.

Also be aware that scammers will use every event that makes the news as an excuse to send these type of emails. When celebrities die they send out similar emails, asking for money or asking you to click on a link (that goes to a malicious site). They never stop sending out these emails.

Fake banking App For Android

Posted by on 13 January, 2010 No comments

Android is a system used by some smartphones (similar to iPhone or Windows Mobile, but made by Google). Like other smartphones you can install apps on Android.

One Android app that showed up recently is a free banking app. It looks like it supports US banks. But instead of logging into your bank it sends your online banking details to a scammer. Then it won’t be long until someone steals money from your bank account.

Google has been notified of this malicious app and they have removed it. But for some people it may be too late.

There’s a lesson to be learnt here. Smartphones are cool, installing apps on them is cool. But we shouldn’t let our guard down and trust everything to them. Know what you’re installing, know who wrote the software, and how it stores and sends your login details.

As more people buy smartphone scams are only going to become more common.