Another Adwords Scam

Posted by on 6 January, 2010 2 comments

I just received the following email. It’s a scam made to look like Google Adwords, however the web site was registered just a few hours ago to somebody else.

If you go to this site and enter your Google account details you’re actually letting a stranger (hacker) know your account details. It’s a scam.

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:388520237785520
———————————————

Hello,

You have a new text alert from adwords

Please use the link below to login:

http://www.adwlordls.com/Selects/Login/static/index.html?ref=56105007342

Advertise your business on Google

Best regards, Google AdWords Customer Team © 2009

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:847914946168909
———————————————

So if you see this email or one like it, delete it. Google did not send this email.

Update: another version of this scam is,

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please our Help Center to find answers to
frequently asked questions.
————————

Hello,

Please update your primary and backup payment information, even if you
plan to use the same information. Please follow the steps
below to update your information and trigger our billing system to try
processing your payment again. We’ll attempt to process your balance on
whichever card you update first.

1. Log in to your AdWords account at <link removed>
2. Enter your new or updated payment information.
3. Click ‘Save Changes’ when you are finished.

To update your backup credit card:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Backup Credit Card section, click ‘Edit’.
3. Re-enter your backup credit card details.
4. Click ‘Save’.

To update your bank account:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Bank Account section, click ‘Edit’.
3. Re-enter your bank account details.
4. Click ‘Save’.

Thank you for advertising with GoogIe AdWords.
Grow your business with us.

Sincerely,

The GoogIe AdWords Team

If you see this email delete it, don’t click on the link, don’t give them your Google password.

 

BitLocker Can Be Cracked

Posted by on 5 December, 2009 No comments

Microsoft make an encryption system called BitLocker, it encrypts hard drives so that it’s impossible to access any files without the key. Top level security.

That was true until now. Passware are a company that recently released new tool that cracks this BitLocker security. The way it works is complicated and someone would need physical access to the computer.

So if you rely on Passware for security life is suddenly more complicated. The best you could do is to also concentrate on the physical security of your computers.

More details here and here.

iPhone Viruses

Posted by on 28 November, 2009 No comments

A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

  • Firstly, if you don’t jailbreak your phone you have nothing to worry about.
  • If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

Google Work From Home Scam

Posted by on 11 November, 2009 2 comments

This link was posted on Facebook – it’s a scam. It says that Google is hiring people to work from home, no experience is necessary, and the article goes on and on about how good it is.

Below is an extract from the scam site:

Breaking News: Google Now Hiring People To Work From Home

If you live in America and you have been wanting to work from home, you might be in luck. Google has now released a new "Work From Home Program" that will allow Americans to work for the titan from the comfort of their own homes.
To thousands of Americans this means that they will soon have a safe and bright future working for one of the fastest growing companies in the world.

What you need: A Computer, an Internet Connection and the desire to make a living working from home. No special skills are required other than knowing how to use a computer and navigate the internet.

Google will send out your checks weekly. Or you can start to have them wire directly into your checking account. (Your first checks will be about $750 to $1,500 a week. Then it goes up from there. Depends on how many links you posted online.)

Like most scams, you don’t need any experience, you can work from home, and you can make $1500 a week so easily. It’s all too good to be true!

The fake article is hosted on a site called ValuePromotions.

If someone were gullible enough to sign up they’ll be asked to pay US$2 to get started. But instead of paying $2 they’ll be charged US$80 a month directly from their bank account.

There are so many scams similar to this one. They all feature the same principle – a promise of free or easy money. Always do research on articles like this (use Google) and have a sceptic mind – if it’s too good to be true it’s probably a scam.

Facebook Password Reset

Posted by on 27 October, 2009 No comments

The following email contains a virus, it was not sent by Facebook:

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,

The Facebook Team

If you see this email just delete it. Don’t click on the attached file.

Some Personal Firewalls

Posted by on 13 October, 2009 1 comment

A personal firewall is a program you install on your computer. It stops unknown programs talking to the internet. Why is this important?

Just say some malware gets installed on your computer. It wasn’t picked up by your antivirus program for whatever reason (maybe you don’t even have antivirus). It starts watching you type in your passwords and tries to send details to a criminal’s server. This actually happens every day to some people.

A personal firewall would detect that an unknown program is trying to send information to the internet and bring it to your attention. It blocks the program and asks you if you want to allow it to proceed.

It’s different to a normal firewall because it runs on your PC instead of on the network. And it doesn’t just keep people from hacking into your computer, it stops malware connecting out to the internet. So overall it’s a good thing to have, it’s just a bit more defence against online fraud.

Below are some new deals I’ve come across. I haven’t tried these programs and can’t comment on how well they work – I suggest you ask around.

ZoneAlarm Pro – this program has been around for many years. The Pro version, which usually costs USD39.95, will be free for today only (13th of October 2009). Go to their web site here.

Online Armor Premium – I haven’t heard of this product before but it’s legitimate. It usually costs $39.95 but it’s free to PayPal members, until the 19th of October 2009. Click here, then on the button to buy now, then proceed to pay with PayPal, it will be discounted to $0.

Windows also has a firewall built in but in my opinion it isn’t very good and it’s difficult to configure. And most antivirus packages, the kind that cost money, include a personal firewall.

A Sophisticated Way To Steal Money

Posted by on 12 October, 2009 No comments

Here’s an example of a very sophisticated piece of malware designed to steal money. It was discovered recently in Germany and was used to steal €300,000 in 3 weeks. Here’s how it works:

  1. You visit a web page that has been hacked. It’s an ordinary web page (such as a news site), nothing looks out of the ordinary.
  2. A trojan is installed on your computer without your knowledge. It sits there on your PC waiting and watching.
  3. You log onto your internet banking site. Everything still looks normal.
  4. The trojan detects that you’ve logged into an internet banking site and it makes a transaction, transferring money from your account to the account of a money mule (more on this later).
  5. When you look at your bank statement online, the trojan captures the network data and changes it to hide the transaction it made. The numbers it shows on the screen have been altered.

Step 5 is the sophisticated part of this attack. Normally you’d notice if money was transferred from your bank account without your approval, but the trojan hides this by showing you a fake statement on your screen. If you can’t see the money being taken from your account the criminals have more time to keep making withdrawals.

The amount of money it steals is different each time so that the bank’s anti-fraud detectors don’t see the pattern of theft.

More details here on this attack works.

So what’s a money mule?

Stealing money from people’s bank accounts is a big business. Criminals not only write sophisticated malware to carry out the transactions, they also recruit money mules to launder the money.

They place ads online offering jobs to desperate people. These jobs require no experience and you work from home (sound familiar?). People who sign up to these jobs receive money in their bank accounts, then they have to transfer it to someone else’s account. They do this willingly and are paid for it, but they usually don’t know that it’s part of a criminal organisation.

This is how the criminals receive their stolen money and cover their tracks. It’s a form of money laundering and is illegal. And to avoid a pattern detection they usually only use these money mules twice.

Here’s an example of a money mule job ad.

Lessons Learnt:

  • Always use an antivirus program that not only scans your PC for malware, but also checks every web page you go to. Good antivirus programs cost money and it’s a good investment to protect your online security.
  • Only use internet banking from a PC you trust.
  • Always update your PC with the latest patches. For example, tomorrow there’ll be a large Windows update, you should install this as soon as possible (after you make a backup).
  • Don’t trust job ads that promise the world for little to no effort.

Patch Tuesday

Posted by on 12 October, 2009 No comments

Tomorrow, Tuesday the 13th October, Microsoft is releasing several critical updates to Windows. They fix known security problems so it’s important for all Windows PCs to download these updates.

Microsoft tries to release these updates on Tuesdays, tomorrow’s batch will be larger than usual. So as always, make a backup of your PC’s data today in case the patches cause any problems.

Microsoft Security Essentials

Posted by on 30 September, 2009 No comments

Today Microsoft launched a new anti-virus program called Microsoft Security Essentials. People who have tested it are fairly happy with it, it’s certainly better than not having any anti-virus. And best of all it’s free. It works on Window XP, Windows Vista, and Windows 7.

Free download of Microsoft Security Essentials: http://www.microsoft.com/Security_essentials/

Now I’ve always said that paid anti-virus programs are generally better. I still believe this because you get more security features such as web page scanning, a personal firewall and fraud detection. And with all the online fraud and scams that happen every day you need all the security you can get and that costs money.

But sometimes you really can’t justify paying for anti-virus, like a computer you’re only going to use for a month. So this fits in nicely. Also keep in mind that there are several other good free anti-virus programs out there.

I’d also like to point out that sometimes internet security companies can be biased. Take Symantec as an example. On the same day that Microsoft launches a free anti-virus program Symantec started a campaign telling people that free anti-virus programs are bad. I see it as a clearly biased argument to protect their business. Marketing is always biased, it’s always best to get an independent opinion (Fraudo is not sponsored by any companies, the ads on the right are dynamic and I don’t get to choose them).