Fake Security Renewals

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

Penny Stock Scams Now Using Videos

The penny stock scam involves convincing people that a particular share is worth investing in, and in effect inflating the price on the stock market.

penniesIt’s a scam and you shouldn’t be taking financial advice from random strangers on the internet.

In the past I’ve written about mp3s being used to send this scam. Now scammers have created videos to spread their (false) messages. The videos (usually 30 or 60 seconds long) appear highly professional in quality, and come attached to an email.


  • This scam is also called a pump-and-dump scam
  • These emails have been found to begin with the words "Jump on the wave" or "Take a look at this 60 second video to start"
  • Other forms of this scam use synthesised speech, PDF documents and Excel spreadsheets to promote their stock.
  • In September last year some individuals pleaded guilty to this type of scam, they had made over US$20 million from it.

Work From Home Scams

There are a lot of work-from-home job offers being sent by email. In general these offers make someone else money and there’s rarely any money at all to me made from home. It’s an old scam that existed before the internet.

messy deskWhat’s new is that emails are being sent that appear to come from legitimate employment agencies. What’s happening is that spammers are collecting names and email addresses from large job web-sites, then sending spam with forged "From" addresses.

It’s best to ignore unsolicited emails (spam).

How To Recognise URLs

Understanding URLs is extremely important in avoiding online scams. If there’s only one technical skill you need to know about the internet it’s this, and it will save you being caught out one day.

I’ve limited acronyms to just one (URL) to make it easier to understand.

URL. It doesn’t matter what the letters stand for, it means the address of the web page you go to. You get to see URLs in the top of your web browser. An example of a URL is:


You probably see these every day, every page on the internet has one, and you see links for them every day. This is basically how the internet works.

The only other thing you’ll need to keep in mind for this article is that there are good web pages and bad ones – legitimate sites and scam sites created for various evil purposes.

Now we’ll explain how to recognise a good URL from a bad URL.

I’ve made up two names to demonstrate, and apologies in advance to anyone who’s real business name is similar to these (I googled the names and they came up blank so I’m fairly certain they aren’t real business names at the time of writing).

Let’s say a legitimate company is called SomeFancyBank, and that their legitimate website is www.somefancybank.com. It’s the good site. And imagine you have an account with them and a fair bit of money in there.

And let’s say there’s a fraudulent website registered as confusinglookingname.com. So this one is controlled by someone intent on stealing your money, it’s the bad site.

So if you get an email asking you to click on www.somefancybank.com/login.asp you’ll probably feel safe to do so.

If you see a link that looks a little like www.confusinglookingname.com/login.asp you’ll be surprised and you won’t click, it’s a fake website designed to look like the real bank’s site, only they capture your details.

What if the link is www.somefancybank.confusinglookingname.com ? You can see your favourite bank’s name in there so maybe it’s real… Read on, you’ll see why this is definitely illegitimate.

A URL can be broken down into three parts:

1. There’s the stuff at the beginning (often it’s www but doesn’t have to be). And it could be long and could include many dots.

2. Then there’s the domain name (e.g. somefancybank). It’s usually a company name or some other trademark, followed by a .com. There can only be one dot in this part.

3. Then there’s a / followed by a bunch of technical bits. We’re not covering this part in this article. It’s what comes before the / that’s important.

So there are three parts to a URL and we’re only concerned with the first two.

Let’s go straight to some examples (the important bits have been highlighted in bold):

  • somefancybank.com/login.php – good
  • abcde.somefancybank.com – good
  • 123.somfancybank.com/123/456/789 – good
  • abc.somefancybank.com/scaryletters/ – good
  • confusinglookingname.com/login.php – bad
  • 123.abc.zz45xy.confusinglookingname.com/some/fancy/bank – bad
  • www.somefancybank.confusinglookingname.com – bad
  • www.some.fancy.bank.confusinglookingname.com/somefancybank – bad
  • important.clicknow.confusinglookingname.com/some/fancy.bank/login.asp – bad

I’m sure you’re starting to get the idea by now. Now for some trickier examples:

  • www.somefancybank.com.au/login.php – bad
  • www.somefancybank.com.login.confusinglookingname.com – bad

Let’s leave things simple and end it there.

Humans are good at recognising patterns, so when you see your favourite company name in the URL you might immediately think it’s legitimate. Scammers take advantage of this and deliberately make these links to trick people.

You’ll find these fake links in emails, other web pages, chat programs, etc. They’re everywhere so get used to recognising how they work and you’ll be a lot better off.

Wireless Network Used in Extortion

An Australian man in Rockhampton has been arrested for trying to extort money from people. Here’s how he did it.

  • He gained access to other people’s wireless networks. This is fairly easy to do, even if you turn on WEP encryption (read about securing a wireless network here). By using other people’s networks he was harder to locate
  • He sent users threatening messages, made to look like they came from elsewhere
  • He then demanded money to be dropped off at a specific location
  • And he repeated this a total of 12 times

Suitcase full of moneyThe police were able to find him and arrest him. It’s important to secure your wireless networks so that other people don’t use it to commit crimes.

Full article here.

Blackmail attempt

A programmer on another forum came across an interesting problem. A random stranger approached him basically asking for money not to expose his source code. This kind of action is illegal in some countries, I’m posting the details here to point out that these requests happen.

This email is a little vague in asking for money.

Dear Sir,

My name is Ramzi gattoussi, I’m a 28 years old man. I was graduated from a high school (My degree was a high technician in administration and communication). Due to joblessness and the fact of losing the possibility to continue my education, I forced myself to gain a high level in computer technology. Now, I have an experience of 5 years in this sector. So, I tried many solutions and programs (Due to the absence of copyrights limits in our county, we have the chance to use any kind of software without any limit).

In conclusion, I have a good level in programming (Php, Flash and Actionscript, Delphi, Vb, Sql, Vb.Net and C#). I’m a developer but in a country where the copyrights have no effect. Therefore, I’m asking you to help me by any kind of job in your company and some money to live honourably. And as a result of your help, I will have no need to build a website for commercialising working codes of some good applications like your one (Someone asked me to use the ability of decompiling and reconstruction of application’s codes to get money). Excuse me for sincerity but this is the result of being without a job and having a working brain. In order to convince you, I have joined a zipped file to this email containing a working code. Excuse me another time.

Faithfully, Gattoussi Ramzi

In these situations it’s best not to respond to the original email, never give any personal details and never hand over any money. And if possible you can report it to an online crimes agency such as the one mentioned here, http://www.cybercrime.gov/reporting.htm

The Popularity of Videos

Online videos are popular these days and as with anything popular scams are everywhere. The following two items take advantage of this popularity.

1. A movie called ” Lust, Caution” has been attracting some attention lately. Some websites have been setup (in China) that promise the ability to download a bootleg copy of the movie. What the websites don’t point out is that the download is infected with a virus that steals your passwords.

So don’t try illegally obtaining copyrighted movies, and especially not this one.

2. YouTube Scams – An email has been doing the rounds containing an ad for a video supposedly hosted on YouTube. The email goes on to explain how the video is about two lovers, includes comments and reviews.

If someone was to click on the link in this email (a link that at first sight appears to point to YouTube) they’ll be taken to a fake website made to look a little like YouTube. Then a message comes up saying that a new Flash player is required. Don’t install this player, it’s a virus. Pay close attention to links (URL’s) in emails.

2 New Skype Related Warnings

There are two new warnings related to Skype today. In each case it’s not Skype that’s the problem, it’s just related to their service.

1. Some people have received a warning saying “Security Center has detected malware on your computer“. If you click on the links provided you’ll get a message telling you malware was found on your computer. It then asks you to pay money for an alleged program to clean it. If you see this, ignore it. It didn’t really scan your computer for viruses, and the money they ask for won’t really go towards anything good.

2. Some Skype users have received a message about finding a lost girl. Again this is a hoax and if you click on the links provided a web site will attempt to install a virus on your computer. Ignore it.

More details can be found at Skype’s security site.

Scammers Asking For Donations

There are many emails being sent by scammers that makre reference to major news stories, such as the recent fires in California. The emails may contain a real logo (copied from an organisation’s website) and claim to be from some charity or social organisation. They also have a link allowing you to make donations.

In these scams the link provided to donate money is owned and operated by the scammer sending the emails.

So as always don’t trust unsolicited emails you receive that ask for money. The people behind these scams are up to date with popular news stories and try hard to cash in on major events.