Foxtel SMS

I just received this one. I haven’t worked out if it’s a scam or how it works, I’ll update this post when I find out (please post your comments here if you know anything). (Update: it’s legitimate)

The SMS was received in Australia and reads:

When you are home please call FOXTEL on 1800882016 (12pm to 8pm) so we can help you check whether your dish requires a component upgrade (no charge).

I don’t have a Foxtel dish and never requested any kind of service or upgrade. My guess is that if I call that number I’ll be charged at a premium rate, or someone will ask me for my credit card number.

Update 1: Someone pointed out that I should be able to call the 1800 number from a pay phone for free. So I’ll do that tomorrow, I have nothing to lose.

Update 2: Pay phones are rare these days. After finding one I called the free number, it’s an electronics engineering company that services Foxtel dishes. Seems like it’s a legitimate SMS, just sent to the wrong person (me). I also received a second SMS exactly the same.

So there we go, it’s not a scam.

Skype Scam

The following message came through on Skype. It’s a scam designed to scare you into clicking the link. Below is the message that came through:

WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT Server 4.0
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair
utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

There’s a link at the end that takes you to a site made by these scammers. Their web page then tries to trick you into installing their malware.

Never click on these type of messages. Ignore them. Better yet you can set Skype to block messages from people you don’t know.

Hidden Camera in a TV Set Top Box

There’s a video being posted around the internet that claims digital TV set top boxes have hidden cameras inside and that the government can use these to spy on you.

It’s a hoax, the guy who made it thought it would be funny (and it is). Set top boxes don’t have hidden cameras, and governments aren’t interested in spying on families.

The video is shown below, and here is a web site with more information.

Congratulations You Won

This article is about the fake lottery ads you see on web pages.

I was trying out some new ads on this site, expecting them to put ads for real items that you can legitimately purchase. Instead, this ad appeared:

Lottery ad It’s a very annoying ad that changes colours a lot. The text says:

Contragulations! You are the 999,999th visitor: Congratulations you WON! Click here to claim

It’s a scam so I quickly removed the ad and contacted the advertising company – I only want nice legitimate ads on this site that don’t annoy and don’t deceive readers.

You are not the 999,999th visitor, it always shows this no matter how many times people visit the page.

And you didn’t win, and clicking on the link doesn’t help you claim your fake winnings.

The link took me to a page run by Freelotto. It asks you for some personal details, and again has a button claiming it will "release your winnings". However the terms and conditions suggest that there’s some chance involved before you’ll get anything. It also states that they’ll send you ads, lots of ads.

A quick search on Google shows that Freelotto is a scam.

So I’ll continue to filter out scam ads and to inform you about them.

WorldPay Fake Emails

Another fake email, this time claiming to be from WorldPay. The body of the email makes you think you’ve paid for something, and since you surely haven’t you’ll be suspicious enough to open the attachment hoping to find more information.

The attachement is a zip file, disguised as something else. The attachment’s filename is WorldPay_CARD_Transaction_Confirmation_OrderNo76621.doc.zip – this is an old trick of using two extensions at the end. .doc is usually a Word document, but the real extension is the last one, in this case .zip. A zip file can contain programs (.exe) such as malware. So always look at the last bit of the extension (.zip) when deciding whether or not to open the attachment.

Below is an extract of the email:

Thank you!

Your transaction has been processed by WorldPay, on behalf of Academic Resources Center Inc. 

The invoice file is attached to this message.

This is not a tax receipt.

We processed your payment. 

Academic Resources Center Inc has received your order, and will inform you about delivery. 

Sincerely,

The AcaDemon Team

Enquiries

This confirmation only indicates that your transaction has been processed successfully. It does not indicate that your order has been accepted. It is the responsibility of Academic Resources Center Inc to confirm that your order has been accepted, and to deliver any goods or services you have ordered.

Fake eNom emails

Below are two fake emails claiming to be from eNom (a domain name and web hosting provider). The emails are worded such that they sound technical and that they require immediate action.

Both emails contain a link you’re supposed to click on, however if you examine the link closely you’ll see they actually point to someone else’s site. This is sneaky and you really need to be aware how to distinguish real links from malicious ones like these.

In this case the link is displayed as: http://www.enom.com – but if you place the mouse pointer over the link and wait a second, you’ll see the real link displayed (depending on which browse and email client you’re using). In this case the link really points to httpz: // w ww.enom.com.com92. _biz  – See what they did there? They added a few characters to the end. This is enough to make it point to a completely different site. Even though is has part of eNom’s address in there, it’s different. (Note that I broke up the URL to stop you from accidently clicking on it).

The second email is similar, it really points to h ttp :/ / www. enom. comcom94._com – Again this is different, even though it has part of eNom’s address. Even one letter or number is enough to make it go somewhere else. (Again I broke up the address to stop you clicking on it).

How can they do this? Unfortunately at this time nobody stops scammers registering an address that is very similar to a legitimate address. It’s up to you to take care what you click on.

Another couple of tips to protect you from these tactics:

  • Use a good antivirus package that checks every web page you load. These days they have a list of good and bad sites, and it’ll warn you if you’re going to a known “bad” site.
  • If your web browser or email client doesn’t let you see the real link (by hovering the mouse pointer over the link) then upgrade to another browser or email client.
  • Use some kind of spam filtering with your email. This is fairly common these days.
  • Use an alternative browser, such as FireFox, Opera, Chrome, or Safari. This isn’t always enough these days, as we’ve seen with Flash malware. But it helps a little.

Below are the two emails. I’m putting them here so that people can search Google and get to this page to learn what they really are.

Email 1:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

Second email:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

Hijacked Baby Hoax

There’s an email being sent with a message about a hijacked baby. The message encourages the reader to open an attachment, which really contains malware.

This is what the email says:

Subject: We have hijacked your baby

Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later… We has attached photo of your fume

The attachment is called photo.zip and contains malware. Don’t open the file, just delete it.

Fake FBI Email

Here’s a scam email claiming to be from the FBI. There are at least two things wrong with this email:

  • The web address they publish is www.fbi.org – this is not the real FBI’s address (their real site is www.fbi.gov). Instead it shows a lot of ads and the publishers make money every time you click on a link on that site.
  • The email address provided is barclays_live_20@live.com. Live.com is a free email service, similar to Hotmail or Gmail. The real FBI would not be using a free email service

Below is a copy of the scam email (to help Google index this page and in turn help people find out about the scam):

CYBER WIRETAP AND FUNDS RECOVERY DEPARTMENT,
FEDERAL BUREAU OF INVESTIGATION FBI.
J.EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE,
NW WASHINGTON, D.C
20535-0001, USA .
WEB-PAGE: www.fbi.org

Kind Attention,

We believe this notification meets you in a very good state of mind and health. The FEDERAL BUREAU OF INVESTIGATION (FBI) Washington, D.C United States of America in conjunction with some other relevant Investigative Agencies here in the USA have recently been informed through our Global intelligence monitoring network that you have a pending FUND transaction with a Bank regarding to an over-due Inheritance / Award payment which was fully endorsed to be paid in your favor.It might interest you to know that we have taken out time in screening through this whole transaction as stipulated on our protocol of operation and have finally confirmed that BARCLAYS BANK PLC, is the authorized financial institution scheduled to make your payment in line with their remittance requirements. Several investigations by us have shown that you have been dealing with some unauthorized persons and banks regarding the transfer of these funds to your bank account.

Our UK attachee agent recently had a meeting with the Manager of BARCLAYS BANK PLC, in the person of MR. NAIL WIHTE along with some other top officials of BARCLAYS BANK PLC, regarding your case and they made us to understand that your file has been held in abase pending when you personally file for your claims. They intimated him that the only problem they are facing right now is that some unscrupulous element are using this project as an avenue to scam innocent people off their hard earned money by impersonating to be STAFF OF BANKS and its affiliates.

We were also made to understand that a lady with name Mrs. Joan C. Bailey from Ohio, United Of America has already contacted them and also presented to them all the necessary documentations evidencing your claim purported to have been signed personally by you prior to the release of your funds to her, though they insisted on hearing from you personally before they could go ahead on wiring the funds to the Bank information provided by the above named Lady. It is basically one of the main reasons why they contacted us, to enable us assist them in carrying out proper investigation and subsequently informing you of their mandate to Remitting your funds.

Most importnatly, We advise that you discontinue further dealings with any person or organization posing as staff or affiliate of any bank or agency concerning the transfer of your funds. In your own interest, You are advised to immediately contact BARCLAYS BANK PLC, LONDON on the following details for the onward remittance of your funds.

CONTACT PERSON : MR. NAIL WHITE.
ADDRESS: P. O. BOX 738, Eagle Court 75 King Street,
Hammersmith London, W6 9HY, U. K.
Direct Tel: +447024062992
EMAIL: barclays_live_20@live.com
Official Website: www.barclaysbank.co.uk

Ensure that you comply to all their remittance procedures and also furnish them with your full details (Full names and address, direct telephone and fax numbers, source of funds,Expected Amount, etc) to enable them in their verification processes before the release of your funds.

Best Regards,
Agent Lavine F. Ferdon.
FBI Special Agent.
Federal Bureau of Investigation (FBI) Washington DC, USA.
WEB: www.fbi.org.

Delete and ignore any emails you receive like this.

Iran Invaded – Malicious Emails

Some emails have been seen with headlines such as:

  • World War III has started
  • US has invaded Iran

The email looks like it has a link to a video.

bombing In the background it installs a variant of the Storm trojan, probably the most widely spread and malicious trojan to date. Your PC will then be under the control of others without your knowledge. It’s bad. Estimates vary but there are between 1 million and 10 million PCs in the world that are currently under the control of Storm.

So don’t open this email. At this time Iran has not been invaded (and hopefully no country ever will be). Delete it, and let others know.