Fake IRS Tax Refunds

Emails are being sent claiming to be from USA’s IRS department. They claim to offer a $375 refund for filling out a form. The form is hosted on a hacked web site, not on the IRS’s web site. The form asks for a large amount of personal information including credit card numbers and PIN numbers. This information is collected (a trick known as phishing) and later used to commit identity theft (and effectively stealing your money).

cash_hand When doing any taxes online please ensure the website is correct. See this earlier article on how to recognise deceptive domain names (URLs) and check for SSL certificates on the page (double click on the padlock icon in Internet Explorer, read who owns the site).

Good antivirus packages these days will also keep track of which web sites you go to and alert you if it’s a known fraud site. So it’s a good investment to purchase one.


Any web address that ends with .com.au.com should be treated with caution. At the moment these pages are redirecting to a fake anti spyware page, tricking people into downloading malicious software.

For example an address such as importantcompany.com.au.com

  • is not the same as importantcompany.com.au
  • is not the same as importantcompany.com

Because the last few letters are different it takes users to a completely different site. Even having one different letter or the dot in a slightly different position is enough for your computer to go to a different site, one owned and operated by an individual with questionable intentions.

In this example importantcompany could be any company or web site you’re familiar with (eg Google).

This is a problem because people are good at recognising patterns and the addresses look similar. However they are in fact different. Care should always be taken with deceptive addresses.

World of Warcraft Scam

trollThere’s another scam targeting World of Warcraft players. It starts with an email claiming that the recipient’s World of Warcraft account has been suspended. There’s a long explanation and a link to a website.

The website asks for a username and password. It then passes on the username and password to whoever wrote the email, it’s not a legitimate service.

This is called phishing. It works by tricking people into typing in their credentials onto a fake site.

These days good anti-virus packages can filter for these sites. You should also pay careful attention to the web page address. Read this explanation on how to identify false addresses (URLs).

Is it safe to give out your bank account number?

No, it’s not safe to give everyone your bank account details.

Jeremy Clarkson of Top Gear fame believed that all people could do with his bank account number is put money into his account. He was so sure he published the details in a newspaper.

atm Soon after he found £500 missing from his bank account, someone had set up a direct debit from his account and donated it to a charity called Diabetes UK.

Lesson? Don’t give out your bank account details to just anyone. In fact, give out as little personal details as possible. There are so many people in the world looking for opportunities to commit fraud and to take your money, usually using what’s called identity theft.

Sometimes you have no choice, e.g. you want to sell someone an item and you want them to deposit money in your account. It’s difficult to completely avoid these situations, but keep the information as private as possible.

Read about the incident here, it’s amusing.

False Malware Cleaners

There are some programs that claim to test your computer for malware, then it will always tell you it found something bad. After that it either asks you for money to clean it or does some other misleading action.

tempted by a poison apple Based on some security company’s research there are now 500 of these programs, including some for Mac as well as for Windows.

They look like serious programs, have interesting names, and are complete with websites. Below are some of the more recent ones:

  • AVSystemCare
  • DriveCleaner
  • MalwareAlarm
  • AntiSpywareSheild
  • MacSweeper (written for the Mac)

Avoid all of these programs (don’t download or install them).

Unfortunately this is a growing trend with new products popping up all the time. Use a trusted antivirus package such as the kind that can be purchased from shops.

Identity Theft From Call Centres

Identity theft can happen in many ways. Before computers people just stole mail from letterboxes and documents from people’s wallets (watch the movie Catch Me If You Can for an example).

Call centre dummy Then when the internet came along criminals starting tricking people into handing over personal details, or they employ hackers to write spyware that achieves the same result.

A new identity theft trend emerging in the world is coming from call centres. Staff working at call centres have access to the person details of a lot of customers, and since a lot of call centres have been outsourced to countries such as India, the Philippines, etc, companies are having a difficult time keeping things under control.

There’s an article here that mentions a few of the crimes happening in call centres. In summary:

  • Using mobile phones to take screenshots
  • Quickly copying people’s details into hidden books
  • Using USB drives to copy data

Theft of personal information is serious. The information can be easily sold, especially if staff feel they’re underpaid (a likely situation for overseas call centres).

It’s good to remember that in this day and age your personal details can be known to many parties, there isn’t much that’s still personal or secret. Be selective in what information you give to companies. And as mentioned previously don’t give personal details to call centre staff when they call you (instead of you calling them).

Fake Security Renewals

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

How To Recognise URLs

Understanding URLs is extremely important in avoiding online scams. If there’s only one technical skill you need to know about the internet it’s this, and it will save you being caught out one day.

I’ve limited acronyms to just one (URL) to make it easier to understand.

URL. It doesn’t matter what the letters stand for, it means the address of the web page you go to. You get to see URLs in the top of your web browser. An example of a URL is:


You probably see these every day, every page on the internet has one, and you see links for them every day. This is basically how the internet works.

The only other thing you’ll need to keep in mind for this article is that there are good web pages and bad ones – legitimate sites and scam sites created for various evil purposes.

Now we’ll explain how to recognise a good URL from a bad URL.

I’ve made up two names to demonstrate, and apologies in advance to anyone who’s real business name is similar to these (I googled the names and they came up blank so I’m fairly certain they aren’t real business names at the time of writing).

Let’s say a legitimate company is called SomeFancyBank, and that their legitimate website is www.somefancybank.com. It’s the good site. And imagine you have an account with them and a fair bit of money in there.

And let’s say there’s a fraudulent website registered as confusinglookingname.com. So this one is controlled by someone intent on stealing your money, it’s the bad site.

So if you get an email asking you to click on www.somefancybank.com/login.asp you’ll probably feel safe to do so.

If you see a link that looks a little like www.confusinglookingname.com/login.asp you’ll be surprised and you won’t click, it’s a fake website designed to look like the real bank’s site, only they capture your details.

What if the link is www.somefancybank.confusinglookingname.com ? You can see your favourite bank’s name in there so maybe it’s real… Read on, you’ll see why this is definitely illegitimate.

A URL can be broken down into three parts:

1. There’s the stuff at the beginning (often it’s www but doesn’t have to be). And it could be long and could include many dots.

2. Then there’s the domain name (e.g. somefancybank). It’s usually a company name or some other trademark, followed by a .com. There can only be one dot in this part.

3. Then there’s a / followed by a bunch of technical bits. We’re not covering this part in this article. It’s what comes before the / that’s important.

So there are three parts to a URL and we’re only concerned with the first two.

Let’s go straight to some examples (the important bits have been highlighted in bold):

  • somefancybank.com/login.php – good
  • abcde.somefancybank.com – good
  • 123.somfancybank.com/123/456/789 – good
  • abc.somefancybank.com/scaryletters/ – good
  • confusinglookingname.com/login.php – bad
  • 123.abc.zz45xy.confusinglookingname.com/some/fancy/bank – bad
  • www.somefancybank.confusinglookingname.com – bad
  • www.some.fancy.bank.confusinglookingname.com/somefancybank – bad
  • important.clicknow.confusinglookingname.com/some/fancy.bank/login.asp – bad

I’m sure you’re starting to get the idea by now. Now for some trickier examples:

  • www.somefancybank.com.au/login.php – bad
  • www.somefancybank.com.login.confusinglookingname.com – bad

Let’s leave things simple and end it there.

Humans are good at recognising patterns, so when you see your favourite company name in the URL you might immediately think it’s legitimate. Scammers take advantage of this and deliberately make these links to trick people.

You’ll find these fake links in emails, other web pages, chat programs, etc. They’re everywhere so get used to recognising how they work and you’ll be a lot better off.

Using Unsecured Wireless Networks

Sophos (a large IT security company) recently conducted a survey of 560 people. 54% of them admitted to using someone else’s wireless network without permission. That’s more than half the respondents. Why should you care?

If you have a wireless network that isn’t well secured then:

  • Someone could be using your internet account and incurring expenses (or pushing you over a capped limit and effectively slowing down your connection)
  • Someone could be illegally downloading copyrighted content (such as using a file sharing program to download commercial movies – it’s illegal and you’re liable for providing the connection)
  • Someone could be using your internet connection to commit online crimes (just read the posts on this site to get an idea of how common this is).
  • It lets anyone within range bypass your firewall, making your computers and other wireless devices vulnerable. This is especially important if you have wireless in an office environment
  • It’s easier for someone to install spyware on your computer, making activities like online banking very dangerous

aerials The most important reason of these is how easy it makes it for someone to use your network to commit crimes. Imagine being involved in a child pornography investigation, or having your internet disconnected because your network was used to send millions of spam emails.

I’ve written before on how to secure a wireless network and if you haven’t done so it’s worth reading through here.

If you’re in the 54% of people who wouldn’t think twice of using someone else’s wireless network without permission then you should know that:

  • It’s illegal in a lot of countries (people get arrested for this quite often)
  • It’s effectively stealing. It isn’t a victimless crime
  • You can’t trust the network you’re using. It’s easy for someone to setup a wireless network in such a was that they can record all the traffic from it. This is one way to eavesdrop on other people’s traffic and to capture passwords

So the message here is to secure your wireless network, and don’t use other people’s wireless networks without permission.