Wireless Network Used in Extortion

An Australian man in Rockhampton has been arrested for trying to extort money from people. Here’s how he did it.

  • He gained access to other people’s wireless networks. This is fairly easy to do, even if you turn on WEP encryption (read about securing a wireless network here). By using other people’s networks he was harder to locate
  • He sent users threatening messages, made to look like they came from elsewhere
  • He then demanded money to be dropped off at a specific location
  • And he repeated this a total of 12 times

Suitcase full of moneyThe police were able to find him and arrest him. It’s important to secure your wireless networks so that other people don’t use it to commit crimes.

Full article here.

Blackmail attempt

A programmer on another forum came across an interesting problem. A random stranger approached him basically asking for money not to expose his source code. This kind of action is illegal in some countries, I’m posting the details here to point out that these requests happen.

This email is a little vague in asking for money.

Dear Sir,

My name is Ramzi gattoussi, I’m a 28 years old man. I was graduated from a high school (My degree was a high technician in administration and communication). Due to joblessness and the fact of losing the possibility to continue my education, I forced myself to gain a high level in computer technology. Now, I have an experience of 5 years in this sector. So, I tried many solutions and programs (Due to the absence of copyrights limits in our county, we have the chance to use any kind of software without any limit).

In conclusion, I have a good level in programming (Php, Flash and Actionscript, Delphi, Vb, Sql, Vb.Net and C#). I’m a developer but in a country where the copyrights have no effect. Therefore, I’m asking you to help me by any kind of job in your company and some money to live honourably. And as a result of your help, I will have no need to build a website for commercialising working codes of some good applications like your one (Someone asked me to use the ability of decompiling and reconstruction of application’s codes to get money). Excuse me for sincerity but this is the result of being without a job and having a working brain. In order to convince you, I have joined a zipped file to this email containing a working code. Excuse me another time.

Faithfully, Gattoussi Ramzi

In these situations it’s best not to respond to the original email, never give any personal details and never hand over any money. And if possible you can report it to an online crimes agency such as the one mentioned here, http://www.cybercrime.gov/reporting.htm

Russian Chat Bot

Female robotIt’s amazing how many new tactics these people come up with in order to steal your personal information. There’s a new “bot” that chats with users on Russian online chat rooms (a bot is a program that mimics a real person online). It’s called CyberLover and apparently it’s quite clever in impersonating a human and gets people talking to it.

During a test it was found that the CyberLover chat bot got 10 real people to have conversations with it, in only 30 minutes. During this conversation it tricked people into providing their real names, contact information and photos. This is all private data, provided to the chatbot.

The darker side of this clever piece of software is that the bot is run by hackers intent on committing identity theft. Personal information like this is regularly sold on an online black market, and then used to commit fraud, such as opening credit card accounts in your name. Serious crimes indeed.

CyberLover is an interesting piece because it has different levels of its personality, and they’re mostly of a sexual nature. This type of conversation seems to get people’s attention more easily making it easier to manipulate them into providing personal information (called Social Engineering).

At the moment this is all in Russian however it won’t be long until it appears in other languages including English.

Malicious Christmas eCards

If you receive an eCard (email card) from someone you don’t know it might be from someone with malicious intents. Especially if it has the following:

  • The subject is similar to: This is my one-off Xmase-card for you ^_^ Very nice
  • The body of the email contains a link to: http://uklotttery.us/?id=ecard
  • The body of the email contains the text: This is my one-off Xmase-card for you ^_^ Very nice
  • And it has the words: no worm , no virus

If you find something similar to the above just delete it. It’s sent as spam and the link will try to install a virus.

No doubt there’ll be many attempts this festive season to play on people’s trust so as always be wary of things like this.

A plug-in must be installed

In order to view the photos a plug-in must be installed.”

Binoculars These dreadful words have been appearing in some spam emails, in Dutch. And on top of that the emails, at first glance, appear to be a legitimate news article. Interested readers might be tempted to click on the link, install the suggested plug-in, and hope to view photos of whatever the email is about.

You should never install anything an unsolicited email tells you to. You shouldn’t have to install anything to view photos. These particular spam emails will provide a link to a file called iPIX-install.exewhich is in fact a trojan that spies on your computer.

Another point worth mentioning is that spam and malicious emails are now being sent in languages other than English in the hope of catching out people who live in non English speaking countries (by trying to win their trust).

The Popularity of Videos

Online videos are popular these days and as with anything popular scams are everywhere. The following two items take advantage of this popularity.

1. A movie called ” Lust, Caution” has been attracting some attention lately. Some websites have been setup (in China) that promise the ability to download a bootleg copy of the movie. What the websites don’t point out is that the download is infected with a virus that steals your passwords.

So don’t try illegally obtaining copyrighted movies, and especially not this one.

2. YouTube Scams – An email has been doing the rounds containing an ad for a video supposedly hosted on YouTube. The email goes on to explain how the video is about two lovers, includes comments and reviews.

If someone was to click on the link in this email (a link that at first sight appears to point to YouTube) they’ll be taken to a fake website made to look a little like YouTube. Then a message comes up saying that a new Flash player is required. Don’t install this player, it’s a virus. Pay close attention to links (URL’s) in emails.

Virtual Theft

Toy FurnitureThe emergence of a new kind of crime is an interesting thing. We’ve had virtual worlds for quite a few years and as their popularity grows so too do crimes such as fraud, or in this case theft.

There’s a game called Habbo Hotel, it’s an online game where people have online characters. Like a few other online games they can pay real money to decorate their characters and the rooms they occupy. Effectively they buy virtual items to enhance their game.

So when some teenagers are accused of stealing username and passwords of other players, logging in with these accounts and transferring items to their own accounts, it becomes theft. The current buzzword is Virtual Theft. A 17 year old Dutch teenager has been arrested over this allegation, and five other 15 year olds are being questioned. What makes the “theft” significant is that the value of the virtual items is around US$5000.

A spokesman for Sulake, Habbo Hotel’s operator, said:

“It is a theft because the furniture is paid for with real money. But the only way to be a thief in Habbo is to get people’s usernames and passwords and then log in and take the furniture.”

The full article is here. It’s important to note that this isn’t an isolated case. Virtual worlds (in the form of online games) have been a growing trend and like most things that can happen in the real world most forms of crime can carry across to virtual worlds.

Virtual Visa Cards

This concept isn’t new, it’s just becoming more easily available. It’s like a prepaid credit card, and the idea is that if it gets lost or stolen there’s only so much credit that can be stolen. It’s not linked to any of your usual bank or credit cards. It could also be considered a disposable credit card. (And the term debit would be more accurate than credit).

In Australia there’s now a new credit card that works in this way called V-Card. It carries the Visa logo and can be used just like any other Visa credit card, only that you can put any value you want into it before you start spending.

Since the whole idea is to avoid online fraud you probably wouldn’t want to buy one online. They’re going to be available at real shops (Mobil/Quix for now), you then activate it online and they send you the security details by email or SMS to make you feel more secure. There’s a $5.50 setup fee on top of the credit.

It’s a good idea for many people, especially those who have avoided online shopping till now. It could also be useful when travelling overseas (so many travellers return with stories of how their credit card details were stolen).

Details here.

Scammers Asking For Donations

There are many emails being sent by scammers that makre reference to major news stories, such as the recent fires in California. The emails may contain a real logo (copied from an organisation’s website) and claim to be from some charity or social organisation. They also have a link allowing you to make donations.

In these scams the link provided to donate money is owned and operated by the scammer sending the emails.

So as always don’t trust unsolicited emails you receive that ask for money. The people behind these scams are up to date with popular news stories and try hard to cash in on major events.