MasterCard 16% Scam

A fake promotional email, claiming to be from MasterCard SecureCode, offers a 16% discount on all purchases. This could be enough to tempt readers to sign up on the fake web site.

discount The email has a link to a web site that has been made to look the same as MasterCard’s web site with a form to sign up. The personal details entered here end up going to a scammer. Personal details including your credit card’s number, expiry date, 3 digit security code, and your date of birth.

If you receive an unsolicited email offering 16% discounts just delete it. And don’t click on links in these emails, instead go to a web browser and type in the address you need.

Microsoft Certificate Enrolment Code

There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.

US money The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.

The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.

So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.

XP Antivirus

ads XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.

The road to XP Antivirus is:

  1. A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
  2. A message appears offering a product called XP Antivirus. The message reads:
    • Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.

      Detect and remove viruses before they damage your computer!
      XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.

      Do you want to install XP antivirus to scan your computer for malware now? (Recommended)

      (Note: I bolded the typo that appears in the original ad)

  3. If you say ok then a fake anti virus program is installed.
  4. The program then informs you about a large number of (untrue) malware on your computer
  5. You’re then asked to pay to remove them

A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.


Vishing is short for voice phishing. This involves tricking someone into calling a phone number, listening to a recorded message, then being tricked into providing personal information to the phone service.

phoneWhy would someone want to set this up? To collect your personal information, such as credit card number, its expiry date, your date of birth, PIN codes, etc. That information is then either sold on the black market or used by the scammers to steal or spend your money (this is also called identity theft).

Setting up an automated phone system like the ones described here is fairly easy these days, and fairly cheap.

Do people fall for it? Oddly enough, yes. Hopefully by now everyone’s getting the message not to trust strange web sites on the internet. But less obvious methods such as automated phone services are easily forgotten.

Anti virus software can’t stop you making a phone call. And people can be more trusting of “old fashioned” technology such as phones.

How does it work in practice? Here’s a summary of a recent vishing attempt.

  1. Emails are sent in bulk to as many people as possible.
  2. The emails have forged headers to appear to come from
  3. The email contains an important looking message. Note that it doesn’t have any links to click on, instead it gives a phone number.
  1. Internal Revenue Service Tax Refund

    After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $215.

    Tax Refund Number: <number here> – Will Expire on <date here>


    Tax refunds can be sent only to VISA or Mastercard DEBIT CARDS.

    To receive your tax refund please call the IRS Tax Refund Department at: 602-427-59x

    Internal Revenue Service

  • The reader takes an interest because of the offer for free money (who wouldn’t!) and calls the number shown.
  • Because the email already warned people they need a VISA or Mastercard card to receive payment they would be more willing to provide the card’s details.
  • Tips to avoid this scam:

    • A good anti virus package will detect fraudulent emails such as the one above and filter them out, so invest in one if you haven’t already.
    • In a company (small or large) invest in mail filtering. This is usually not included in corporate anti virus software.
    • Think carefully why you received this email. Did you really lodge a tax submit a tax return recently, and in the country the email says it’s from? (e.g., if you live in USA and receive an email offering a tax refund from Australia, it’s most probably a scam).
    • Does your country’s tax department even have your email address? If you didn’t give it to them then why are you receiving this email?
    • Don’t blindly dial the number shown in the email. Look them up in your local phone book.

    This isn’t limited to tax refunds. Other vishing variations may appear to be from banks or other financial institutions.

    Another variation of this scam is to send people an SMS instead of an email, with a shorter version of the message above. Treat SMS’s like you would treat emails. Note: it’s also easy to forge SMS’s to appear to come from other people.

    Automated voice systems can also initiate phone calls with fake caller IDs. The technology’s easily available. VoIP systems are even easier to set up.

    The potential to trick people into handing over personal details is just as easy using phones as it is using emails and web pages.

    Only In Malaysia Mah

    There’s a website published by someone called Jason Tan, in Malaysia. On his website Jason claims to be earning incredible amounts of money with almost no work. After a lengthy sales spiel there’s an offer to buy his e-book for RM90 so that you too can make this much money.

    So, is this real and is it worth spending the RM90 he asks for? Yes and no.

    Based on comments and blogs from other websites on the internet it seems Jason earns his money from selling this e-book. It’s highly unlikely the house and Mercedes on his web site are actually his.

    So what’s in the book? Some people have bought it and written their thoughts on it. Jason’s e-book basically tells readers that they should write an e-book and sell it online to make money just like he does. That’s it, that’s his big secret. This method doesn’t scale very well,

    The other idea that Jason sells to people is an affiliate system. Anyone who wants to make a small amount of money with very little effort is encouraged to help Jason sell his e-book and earn commission. Unfortunately people have been spamming web sites and mailing lists in order to get their commission. Again this money making scheme that doesn’t scale very well.

    onlyinmalaysiamahJason Tan’s website is

    Another site that looks almost identical to his is Ewan Chia’s money making scheme. Once you start to see a pattern of these websites appearing it’s obvious that it’s a bit of a scam. Ewan’s site is here,

    And James Ng created a site that’s also almost identical to the above two,

    Are you starting to see the pattern?

    Save yourself the RM90 (or any other amount these people charge). Instead spend it on some business books at your local bookstore. You’ll get much better value.

    Reference: This page has a long discussion thread about Jason Tan’s scheme with a detailed description of what his e-book contains.

    False Adwords Emails

    Some people have been receiving emails that appear to come from Google AdWords. The email has a long story about your account being suspended and gives you a link to reactivate it.

    At first glance the link  to Google Adwords seems genuine but instead it takes you to a fake web site that looks exactly like Google Adwords. It lets you type in your username and password, sends it to the person who setup this fake site, then takes you to the login page of the real Google Adwords site.

    This is a common phishing email targeting Google Adwords customers.

    Usually to identify real links from fake malicious links put the mouse pointer over the link and wait a second. Most email clients will show you the true destination either in a yellow tool-tip or at the bottom of the window.

    I checked my spam folder and found one of these emails, let’s have a close look at it:

    adwords phishing

    The sender looks legitimate. Look at the part in the angled brackets, Technically the sender’s name & email is trivial to forge. This email didn’t really originate from Google.

    Now at the end of the email is a link to At first glance this look innocent. What everyone should get into the habit of doing is putting the mouse pointer over the link (without clicking) and looking at the bottom of the screen to see where it really points to.

    Let’s have a look at where this link would really take you:


    It’s says: (NOTE: don’t try visiting this site).

    This is not Google’s site. It’s hosted on (always look at the last 2 parts of the URL, as explained in our earlier article). CN stands for China, so this fake site was registered in China – something that should make you suspicious of this link. Also note they spelt adwords wrong (adwrods). The word Google in this link doesn’t have anything to do with the real Google, it’s only here to trick casual readers.

    So there you have it, an example on how to spot a phishing email.

    A good virus & spam filtering system will filter out most of these phishing emails.

    Note: Google Adwords is an advertising service run by Google. Go to Google’s site and type in adwords to find the real site.

    Brazilian Tax Return Site

    Another fraudulent tax return site has appeared, this time targeting people in Brazil. It begins with a forged email claiming to be from Brazil’s Ministry of Finance, Ministerio da Fazenda.

    The email has a link to a virus file called formulario.exe.

    Brazil If you receive this email just delete it. Don’t click on the links and don’t download (or even worse, Run) the .exe file it offers you.

    And of course invest in a good anti virus package that will filter these sites and block them.

    Other recent tax scams:

    3.6 Million People

    crowdGartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

    That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

    Some tips you might find useful to avoid being of of these 3.6 million people:

    • Never hand over personal details to people or web sites, unless you’re 100% certain of who you’re handing the details to.
    • Pay attention to web addresses you click on. Read our article on this here.
    • If you didn’t ask your bank or other service provider to send you an email then treat it as suspicious.
    • Scammers always take advantage of popular events to send phishing emails. E.g., it’s now Easter so expect lots of Easter related scam emails.
    • Be skeptical of what you read online. Chances are you didn’t really win a lottery in Spain without even buying a ticket.
    • Use a good antivirus package that includes a web site scanner. The newer packages filter out fraudulent pages.

    G-Archiver Password Theft

    G-Archiver is an archival tool for Gmail. It lets you backup your Gmail emails to your computer. It’s been discovered that it also has a darker purpose.

    emailG-Archiver costs US$29.95, and it does what it claims. To use it you enter your Gmail username and password, and it downloads emails to your computer as a backup.

    Unfortunately the program has also been sending people’s usernames and password to the program’s creator (identified as John Terry).

    If you’ve used G-Archiver before then uninstall it and change your Gmail password.