In one case a lady sent over $100,000. And in nearby Erskineville a woman was tricked into sending $275,000 to a con artist in England.

The scam begins with an ad on an online dating website, targeting asian women in Sydney. They describe themselves as wealthy bankers or businessmen. They send photos, stolen from other websites on the internet. They lure their victim along for up to six months, gaining their trust, and eventually start asking for money.

These scams happen all over the world. Please help raise awareness by talking about this issue with people you know.

Note: because I used the words “online dating”, Google has placed ads on this page with links to online dating websites. Some people who post ads on these sites are not genuine, use your own judgement here.

The figure comes from a report by McAfee. They also report that malware for Macs are becoming less common, and malware for Android are becoming more common.  You can read more details here, it’s pretty grim.

Some tips to avoid being a victim:

• Use a good antivirus product on your computer. Paid ones are usually better. Keep it updated
• Use Google Chrome
• Don’t click on every link you see in Facebook, Twitter, etc.
• Sometimes people’s accounts get hacked, so something they wrote online might not really be from them
• Don’t believe every sensational headline you see
• Don’t believe every alarming email you receive, especially emails that sound urgent and have poor spelling and grammar
• Use common sense (why would a stranger in an African country want to give you millions of dollars, or did you really enter the Spanish lottery?)
• Use Google to check if something you read is true

A new study of 1100 banking customers found that 1234 and birth dates make up a large percentage of PINS. This means if your wallet is stolen, a thief can find your birth date from your license or other ID, take your ATM card and guess your PIN. And it will work for 1 in 18 stolen wallets (or 1 in 11 for some banks). They’re good odds for thieves.

The study suggests that banks issue a random PIN instead of letting you set one yourself. I think it’s a good idea. Here’s the full document.

The GSM system (used by most phone companies) has a test mode built in. A recent demonstration by a university showed that anyone can access this test mode and request the location of any phone, if they have the right skills and equipment. The equipment doesn’t cost very much, and the skills can be shared on the internet.

Mobile phones use base towers to handle the communication. The phone network needs to keep track of which towers are closest to you. And by using triangulation, an approximate position can be calculated.

Here is the research paper by University of Minnesota explaining how they tracked phones: Location Leaks on the GSM Air Interface.

What can you do?

Nothing. Law enforcement organisations have always had access to your phone’s location. Hackers now have it as well. If you need to keep your location private then don’t carry a mobile phone. You could also keep it turned off until you need it, but as soon as you turn it on the cell network will know your location.

Spam comments are very vague. Instead of discussing your content, it says something very generic, such as “your website is great”. E.g.

naturally like your web-site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I to find it very bothersome to inform the reality nevertheless I will surely come again again.

There is nothing useful in this comment, and it could apply to anyone’s website. So obviously it was sent to every website they could find hoping someone clicks on their link.

Another place to look is the sender’s URL. Some website software such as WordPress allow commenters to include their URL (their web page). Look at it closely, if it says something like paydayloansonlinecash.com then it’s spam – they’re trying to make money off your site.

If you see something claiming to help you remove the Timeline feature in Facebook, it’s likely a scam. It starts with someone claiming to have instructions on removing Timeline. If you click on the link, spam is added to your Facebook profile. Another variation asks your Facebook friends to provide their details to the scammers. 

Some variations of the “Remove Timeline” scams are a little more complicated, and install software on your computer. To cover up the fact that it isn’t really helping you it says that it will take up to 24 hrs to take effect. This is just a trick.

If you see a scam like this on Facebook, ignore it, or click on the “Report App” button on the left menu – this will alert Facebook staff about the scam app (this is only visible on Facebook Apps).

At the moment there is no official way to remove the Timeline feature – I’ll update this post if this changes.

If you look closely you’ll see many spelling and grammatical errors. Also, the email was not sent from the FBI – you can see this in your inbox if you place the mouse pointer over the sender.

The emails is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Sir,

We the Federal Bureau of Investigations (FBI) Washington, DC in conjunction with some other relevant Investigation Agencies in the United states of America and right now in West Africa, headed by Wayne Mitchell (RPO), we understand that your fund has not yet been transferred to you do to an Outrageous Conduct.

We have to let you know the truth because we know that you have gone far in trying to get this fund and you must have paid some amounts of monies to persons you are not supposed to give out a dime to. Through our Global Networking Investigation, we discover that your fund (Sixteen Million United States Dollars $16,000,000.00 including the accrued interest is among the funds ON HOLD in West Africa (Ghana) do to one or two reasons which you have not been told.

As the Executive Director, Federal Bureau of Investigation FBI and a Principal Officer, We strongly know that the people you have been dealing with are not going to tell you the truth because they are all Criminals. You are hereby advised to stop every communication with any Office and feel free to explain to this Bureau why your fund is not yet released to you.

As a matter of fact, we do not have enough time to waste since we have consumed much time in going through your Payment files to ensure that these Funds are genuine and legit. On this Effect, this instruction requires urgent attention because the release of your fund is due.

We awaiting for your urgent response,

Sincerely,

Robert Muller III
FBI Director Headquarters

If you reply to the email they’ll make their story even more complicated and start asking for your bank account details. Their reply is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Kind Attn:

This is to bring to your notice that we have received your mail today.

We understand that your fund has not yet been transferred to you do to an Outrageous Government Conduct which you have not been told. What a mess? though the FBI expertise and the investigation teams has officially instructed the holding bank to release your long awaited fund valued the sum of Sixteen Million United States Dollars $16,000,000.00 to you with immediate and effect.

The financial expertise and the investigation team has resolved to the fact that the fund is genuine therefore you have to stop every communication with any Office and feel free to contact the holding/ paying bank with your banking details through the below contacts information for your fund to be release to you:

MERCHANT BANK GHANA LTD
Contact Person: Managing Director
Email: merban@accountant.com
Phone: +233-247630112
Fax: +233-303403381

Do this and let us know if there’s anything you do not understood so that we can give you further instructions to back you up for this claim.

Sincerely,

Mr. Robert Muller III.

If you see this email, mark it as spam, or delete it.

The email says,

Hello. Your email is sending spam messages! If you don’t stop sending spam, we will be impelled to sue you! We’ve attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!

The subject is one of

• You are sending ad messages
• We are going to sue you
• This is the final warning
• We’ve sent you a copy of a complaint
• A message from our security service

If you see an email like this don’t click on the attachment. Delete the email. The attachment is a trojan that then installs viruses every time you reboot the PC.

The email says:

Australian Taxation Office informs you about the changes in the rules of submitting tax report.

Please, read about the changes to Click Here.

Important to know
We do not offer cashier services for tax payments or refunds. For further information on how to pay your taxes, see How to pay.
(http://www.ato.gov.au/content.asp?doc=/content/33696.htm) 

We are kindly asking you to keep to rules and terms of tax report submission to avoid penalty. 

Best regards,

Andrew Nichols
Australian Taxation Office

If you see this email, don’t click on the links. Delete it.

How can you be sure if it’s real or a scam?

Place the mouse pointer over the links, but don’t click. You should see the real address popup. If it looks dodgy then it’s probably a scam. See this screenshot,

This type of scam email is common. Always use this trick to judge if the email is legitimate or a scam.

This screenshot was captured from the US National Archives’ signup page (click here then click on New User). It asks for a challenge question and challenge answer, in case you forget your password. The problem here is one of the questions, “What is your preferred internet password?“.

Why would you give someone this information?

Challenge questions and answers are a way to recover lost passwords. Unfortunately this information is often not encrypted – it’s less secure. So whatever you set for your challenge question and answer is sometimes vulnerable to hacking. Also, the questions are often things that other people can easily find out about you, like your pet’s name. This is why I don’t like them.

Poll:

According to  Norton’s Cybercrime 2011 report, criminals stole US$114b worth of money using the internet. This is a serious problem. Think about where all that money came from? Who do you know that had stolen from their bank account, credit card, or other cases of fraud?

Here’s a breakdown the US$114b:

• USA: $32b (74 million victims)
• China: $25b
• Brazil: $15b
• India: $4b

Facebook have published a security guide and it’s quite good. It covers topics like recognising scams, recognising hacked accounts and how to use SSL connections. All good stuff! For example,

The common scams offer prizes like free  virtual objects. Other lures claim that your account has been suspended and provide a link for you to remedy the problem.

If you use Facebook at all I recommend reading through the guide. I also strongly suggest you print it out and lend it to your friends and family – people who might not be able to do their own research on security.

The more people understand security on Facebook the better it will be for everyone. Click here for A Guide to Facebook Security.

• Foursquare
• Facebook Places
• Bing and Google have their location sharing systems

It’s a popular thing to do. But have you ever had a good think about the pros and cons of doing this?

Pros:

• You receive an email telling you that a hotel has incorrectly charged your credit card
• The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
• The attachment installs a fake antivirus program
• The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)

Hotel Renaissance Chicago made wrong transaction

Hotel Westin St. Francis made wrong transaction

Wrong transaction from your credit card in Woodrun V Townhomes

At the moment it only detects one strain of malware, but since it’s transparent and non intrusive it’s a good thing. Also, this is only relevant to Windows.

So if you see this message, your PC is probably infected with malware. Google suggests some steps to remove it, and you should really buy and install an antivirus program to prevent further problems.

Details of the scam:

a salesperson wearing a jacket bearing the logo of a telco is going from door to door in Hobart telling customers that they can only get on the NBN with that particular telco. The alleged salesperson also made errors about broadband speeds, and was unfamiliar with the local area

So there you go, if someone tries to sell you something to do with the NBN, get it in writing and do some research. Details here.

What VirusBarrier does:

• it can scan email attachments – but it’s not automatic, you need to go into VirusBarrier and tell it which email attachment to scan (and only one at a time)
• it can scan files on DropBox

What VirusBarrier does not do:

• it does not scan all files or apps on the iPhone. It can’t because of Apple’s sandbox model.
• it does not do automatic scans
• it does not do scheduled scans
• it does not scan apps

“BREAKING NEWS–Leaked Video of Casey Anthony CONFESSING to Lawyer!”, don’t believe the hype. Please. Don’t say I didn’t warn you

If you see this don’t click on it, it’s a scam.  If you click and try to watch the video it accesses your Facebook profile and spams all of your friends. It then takes you to an online survey that makes someone else money. Then your friends will also have the scam posted from their own Facebook accounts, spreading the scam down the network.

If you see this message on Facebook let them know it’s a scam. Don’t click on it.

Enable video calls

This scam installs a malicious app in your Facebook account that reads through your profile and spams all of your friends. The malicious app then sends them to an online survey that has nothing to do with Facebook.

Facebook does have a video feature but you don’t need to click on someone’s post and enable a Facebook app to enable it. So why would one of your friends post a link to malware? They probably don’t know, malware has a way of using people’s Facebook accounts to advertise itself.

If you see a message like the one in the post above, let your friend know it’s a scam.

The right way to use Facebook video is by opening up the chat window then clicking on the icon of a video camera,

I will follow back if you follow me

There’s a link at the end of the message that goes to a web page. On this page are two signup options, one free and a paid one called VIP.

The free one asks for your  Twitter username and password. It then asks prompts Twitter to grant you access to your account. You should not enter these details into any untrusted service.

Once they have your account password they send spam using your Twitter account, sending them to this same web site.

The VIP service is just as bad. It asks for your credit card details and Twitter account details, promising hundreds of Twitter followers. People who fall for this also end up sending spam from their own account, with the added risk of losing money.

Please help stop this scam by letting people know about it.

1. 1234
2. 0000
3. 2580 (a vertical row)
4. 1111
5. 5555
6. 5683 (spells LOVE)
7. 0852 (a vertical row)
8. 2222
9. 1212
10. 1998

This list represents 15% of all PINS (that’s too high). Years starting with 199 were also found to be common. And PINS starting with 1 are also very common.

The information here is relevant to other devices as well, basically anything that uses a 4 digit PIN typed into a keypad.

If you use any of these codes to lock something you consider important you should change it now.

Can I speak to the user of the computer?

Then the caller started explaining he’s from Windows. I hung up, frustrated, because it’s a scam. Never believe anything like this from an unsolicited caller. Talking to other people it’s evident the scam involves the caller gaining remote access to your computer, installing spyware, then invoicing you for their time.

Have you received phone calls like this? Care to share your experience?

Update: List of phones numbers these calls have come from:

• 00496075278802 [UK]
• 760 429 2887 [USA]
• 760-429-2887 [USA]

• a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid
• an X-rated video of celebrities Rihanna and Hayden Panettiere

These videos are not actual videos, but are links to a website that installs malware. Note that it affects both Windows and Mac computers. On Windows, the malware tells people to install a new version of Adobe Flash Player, but instead installs a fake antivirus program. On a Mac the malware brings up a fake security warning and asks people to install a fake “fix” to the problem. In both cases the malware then wreaks havoc with the computer, shows pornographic images, and asks the user to pay money to stop it happening. After (real) money is paid the malware remains. So overall it’s quite a nasty bit of work.

If you come across anything like this in Facebook please let the person who posted it know it’s malicious. The sooner they remove the post the less damage it will do.

• bit.ly
• tiny.cc
• fb.me

The list is endless. You can even make your own service, which is exactly what spammers are now doing.

Spam messages are now being posted on Twitter with these new URL shorteners and it’s difficult to filter them out. E.g. URLs that begin with

• www.srtu.in/

The best thing you can do is to use a modern web browser that does some URL scanning, such as Chrome, Opera, or IE9 (older versions of IE are vulnerable). Also buy and install a good virus scanner.

More information about URL shorteners here.

Congratulations! You have won One Million Euro on orange mobile promotion; send your names and Mobile No. via email to; orange [at] citynew [.] com

Please don’t respond to this message. It’s part of a scam. Just delete it.

CLICK HERE to see the status udpate that got a girl expelled from school!!

or

OMG… This GIRL KILLED Herself After HER DAD Posted This ON Her WALL!

or

OMG! Look What this Kid did to his School after being Expelled! After this 11 year old child was expelled from his school he went beserk

Anyone curious enough to click on the link is taken to a page that “looks like” Facebook, but isn’t Facebook. Then two things happen:

1. You’re asked to “Like” the page, which adds the scam to your own Facebook wall. This is how the scam spreads.
2. You’re also asked to fill in a survey. This is how the scammer is making money. They’re being paid by a marketing company to fill in these surveys.

And that’s it. There’s no interesting video or article. It’s just a viral scam – it spreads because it sounds interesting.

So if you come across this, don’t click on the links, and let the person who posted it know about the scam.

Thanks to DBM for writing in and letting me know about it. I’m sure that by letting others know about scams we can all help reduce them.

Remember, Skype does not email you and me with links to download. Skype will update itself.

NEW VERSION OF SKYPE 2011 IS RELEASED

Dear Skype Users,

To start New Year 2011 with new features, options and improvements, we’ve just released the new version of Skype Software.

<link removed for security reasons>

New in this version :

* Up to 5-way group video call.
* Redesigned calling experience.
* Improved video snapshots gallery.
* Improved browser plugins performance on some websites.
* Reduced false positives on browser plugin phone number recognition.
* New presence icons.
* Improved handling of calling attempts made when the user has run out of credit.
* Improved access to sharing functionality  

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Skype better all the time !

Talk soon,

The people at Skype

====================== PROTECT YOUR PASSWORD ===========================
Skype or Skype Staff will NEVER ask you for your password via email. The only place you are asked for your password is when you sign in to the Skype application or our website.

If you see the above email, delete it or mark it as spam.

The email says:

ADOBE ACROBAT READER 2011 UPDATE NOTIFICATION

This is to remind that a new version of Adobe Acrobat Reader 2011 with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released.

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Adobe Acrobat Reader better all the time !

Thanks and best regards,

Adobe Support

© 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated |343 Preston Street | Ottawa | ON | K1S 1N4 | Canada |

Remember, if you see this email just delete it, or mark it as spam.

Update: There’s now another version of this email, it too is a scam. The email looks like:

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
<link removed for security>
What’s new in this version :
* Read, search, and share PDF files. * Convert to PDF. * Export and edit PDF files * Add rich media to PDF files * Combine files from multiple applications * Increase productivity and process consistency * Streamline document reviews * Collect data with fillable PDF forms * Protect PDF files and content * Comply with PDF and accessibility standards
To get more and upgrade to this version, go to  :
<link removed for security>
Start downloading the update right now and let us know what you think about it.
We’re working on making Adobe Acrobat Reader better all the time !
Talk soon,
The people at Adobe
Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

The fake email looks like this:

Dear Customers,

Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.

http:// www.adobe-new-software.com

Advanced features include:

- Collaborate across borders

- Create rich, polished PDF files from any application that prints

- Ensure visual fidelity

- Encrypt and share PDF files more securely

- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today, go to:

http://www.adobe-new-software.com

If you have any question please contact us at: support@adobe-new-software.com

Best regards,

Michael Lobenberg

Adobe Acrobat

Copy rights © Adobe Acrobat 2010 – All Rights Reserved

Website: http:// www.adobe-new-software.com

Dear Customers, Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com Advanced features include:
- Collaborate across borders- Create rich, polished PDF files from any application that prints- Ensure visual fidelity- Encrypt and share PDF files more securely- Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com  If you have any question please contact us at: support@adobe-new-software.com Best regards, Michael Lobenberg Adobe AcrobatCopy rights © Adobe Acrobat 2010 – All Rights Reserved Website: http:// www.adobe-new-software.com

Adobe does not send out emails like this. Acrobat Reader can update itself by showing a small window with update information (and you should update it as soon as updates are released). You should not have to visit a web site to download Acrobat updates.

Below is the email, with personal details and all of the malicious links removed:

Dear …,

Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to:
See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.
You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

• Identify which company the email claims to be from. In this case, it’s a company called Chase.
• Place your mouse pointer over a link, but don’t click.
• Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).
• If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. When I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.

Google Chrome has an excellent system that warns of dangerous web sites. When you click on a link to a dangerous (malicious) site, hopefully it will give you a large red warning page.

Now someone has been using this to trick people into thinking the website is malicious. It also asks you to download something called “Google Chrome secure updates” – this is bad, you shouldn’t have to install anything.

Here is the fake warning message (click to enlarge):

The popup message says:

This web page has been blocked based on your security preferences. Click ‘OK’ to download and install Google Chrome secure updates.

And here is the real warning message:

So never trust web sites that ask you to download anything, and if in doubt search Google for more information.

A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

This type of scam happens on both Windows and Mac computers.

Dear Customer,

This e-mail was send by smileworld.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

(C) smileworld.com

Note how many spelling mistakes and typographical errors there are in the email. A serious company would proof read any emails such as this.

Also, there is no reason for any company to send you unsolicited attachments. It’s a sure sign of a scam.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

• Disable the autorun feature in Windows (click here for instructions)
• Install a good antivirus package.

This type of problem is becoming more frequent – ordinary consumer devices infected with malware at the factory.

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

• Contratulations. Get a free $1,000 Ikea Gift Card
• Get A Free Apple Ipad Just For Testing It!: Would You Like To Test Apple Ipod? Get Your Free IPad Here Hurry
• Get the Aple iPad Free

Note how many mistakes there are on the second one, a clear sign of a scam.

All of these ads are part of a scam. They take you to a site that asks for your name, address, date of birth, and email. These details are used to send you more spam.

Then you are taken to an online gambling site, hoping that you’ll be tempted to hand over money.

Nearly 40,000 Facebook users have been tricked by this scam, and it doesn’t end there. The same scam is also used for fake food gift certificates, and no doubt will continue to evolve.

If you see scams like these, please don’t forward the message along. You don’t want your friends and family to fall victims of a scam. Do proper research before passing any “bargain” messages along.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

These are services used by developers, most “normal” people would not have accounts on these services. If you do use these services please read the full incident report here.

I changed DNS registrars a couple of days ago, it didn’t go as smoothly as I’d hoped for so yesterday this site would not have been accessible. My apologies for that. It’s all running smoothly again.

It’s not a replacement for a good antivirus product, but if it’s too late and your PC has been infected then this could help clean it.

Download it directly from McAfee’s web site and follow their instructions.

Some words in this email can change but the general part of it remains the same:

Hello,
My name is Earnest and our company currently has several positions it needs to fill in your region.
We are a well known company with offices throughout Europe, Asia and North America.
Our current turnover is over 130 million annually and we are still seeking for expansion.
I have 12 vacancies of Financial Assistant that need to be fulfilled immediately.

Major operational duties are prompt receiving and processing customer’s payments for their further transfer according to the specified method. Detailed work scheme will be provided upon request.

I am looking for self-motivated individuals with strong work ethics and ability to schedule work hours effectively.

Requirements:

* Expert skills in managing payments and transfers between our company and clients
* Knowledge of basic payment systems
* Bank account (personal or business)
* Advanced PC and Internet skills
* Minimum 24 y.o.

Benefits:
*Salary plus commissions
*Full reimbursement of banking and Western Union fees.

NOTE: This vacancy is valid for American residents ONLY.

Contacts: <removed>

So if you see an email like this delete it. Don’t fall for the scam.

The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

If you receive this email, delete it. Do not open the attached file.

NOW YOU CAN SEE EVERY 1 WHO VIEWS YOUR PROFILE

Apart from the annoying all-caps writing, the group suggests you install a toolbar to make this possible.

You should never install toolbars unless you completely trust the company who made it and really need it. In this case, Facebook didn’t make the toolbar. A stranger did. And you don’t really need it (and it doesn’t do what’s promised).

So do people fall for these things? I looked at this group in Facebook and 146,604 have joined it. That’s a lot of gullible people who don’t understand how Facebook’s privacy works.

There isn’t much information on what the toolbar actually does but it seems to spam your friends. Spamming is not nice (and possibly illegal in some places).

Here is an interview with someone who really scammed people using this technique. He explains how the scam operations work, how much work they put into building people’s trust and eventually take their money.

It’s an interesting read and it’s certainly a different way to learn about these scams and avoid them. It would be useful to show this interview to people who might be new to the internet. Then hopefully less people will fall victim to it.

The full interview is split into three parts:

• Part One
• Part Two
• Part Three

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

So the following email I received is clearly an attempt to spread malware. It’s an email that claims to be from Microsoft – a quick look at the email’s header shows that it came from branchen4u.de. Not Microsoft.

So apart from the suspicious attachment and forged sender address, the other thing that tipped me off is that I don’t actually use Microsoft Outlook or Outlook Express.

Below is a copy of the infected email:

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

* This update applies to the following product: Microsoft Outlook / Outlook Express

There was a zip file attached that contains the Bredlab trojan. If the trojan were installed it runs quietly in the background downloading viruses and other malware.

So again, don’t trust unsolicited emails. I didn’t ask Microsoft to email me patches so this one was unsolicited. And it turns out it contained a trojan.

You should also have a good antivirus package installed.

When a scammer has a large amount of money to move, such as stolen money they want transferred into their own bank, they don’t do it themselves. That would make them too easy to get caught.

What they sometimes do is ask other people to transfer the money. They tell these other people that it’s a legitimate job, and trick them into making these bank transactions.

They even go so far as to invent a company in order to recruit innocent people, or sometimes borrow the name of a legitimate company.

One such example is a job ad that claims to be from a US company called Texaco. The scammers sent a forged email with a link to a fake website, made to look like the read Texaco.

The scam email says:

Texaco/Chevron Downstream Europe
  1 Westferry Circus Canary Wharf
  London E14 4HA

Dear Job Candidate,

The TEXACO Online Employment System wish to inform you that your posted information onlinehas been carefully and confidentially reviewed by our Recruitment Team Professionals and we have considered under our current vacant opportunities within the Firm to employ you for work in our company.

TEXACO Online Employment System is affiliated to various job recruitment websites and your information was submitted to us by our online agent that submit job candidate resumes for consideration of employment depending on the vacancies we have in any branch of TEXACO Company Worldwide.

As regards to this, you have been automatically granted this employment to work in TEXACO Oil & Gas Field with a monthly salary of Eight Thousand
Five Hundred Pounds (£8,500).

Kindly acknowledge the content of this message by reconfirming your interest in working for us and indicating your area of job interest, ensuring that you
have quoted your vacancy title below or send your CV with a covering letter.

For further details relating to your employment, kindly send an email to
Texaco/Chevron Downstream Europe H/R Recruitment Service Department
texaco@post.com / http:// texaco.us.ms / http:// texaco.com/portal_default.asp/.

  Regards,
  Paul Matins
  HR Recruitment Manager

This email is a scam. The web site that they give ends with .us.ms – this is not the real Texaco’s domain name.

So the next time you see a job ad too good to be true, consider if it might be a money mule scam. Does the job ad promise to pay an unusually large rate? Is the work unusually easy? Is the job description vague? Is the web address correct? Did you receive the job ad in an unsolicited email? These are all questions you need to ask yourself.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).