Twitter Follower Scam

This scam has appeared on Twitter recently. There are a few minor variations but they all seem to work the same. It starts with a Twitter message saying,

I will follow back if you follow me

There’s a link at the end of the message that goes to a web page. On this page are two signup options, one free and a paid one called VIP.

The free one asks for your  Twitter username and password. It then asks prompts Twitter to grant you access to your account. You should not enter these details into any untrusted service.

Once they have your account password they send spam using your Twitter account, sending them to this same web site.

The VIP service is just as bad. It asks for your credit card details and Twitter account details, promising hundreds of Twitter followers. People who fall for this also end up sending spam from their own account, with the added risk of losing money.

Please help stop this scam by letting people know about it.

A plug-in must be installed

In order to view the photos a plug-in must be installed.”

Binoculars These dreadful words have been appearing in some spam emails, in Dutch. And on top of that the emails, at first glance, appear to be a legitimate news article. Interested readers might be tempted to click on the link, install the suggested plug-in, and hope to view photos of whatever the email is about.

You should never install anything an unsolicited email tells you to. You shouldn’t have to install anything to view photos. These particular spam emails will provide a link to a file called iPIX-install.exewhich is in fact a trojan that spies on your computer.

Another point worth mentioning is that spam and malicious emails are now being sent in languages other than English in the hope of catching out people who live in non English speaking countries (by trying to win their trust).

The Popularity of Videos

Online videos are popular these days and as with anything popular scams are everywhere. The following two items take advantage of this popularity.

1. A movie called ” Lust, Caution” has been attracting some attention lately. Some websites have been setup (in China) that promise the ability to download a bootleg copy of the movie. What the websites don’t point out is that the download is infected with a virus that steals your passwords.

So don’t try illegally obtaining copyrighted movies, and especially not this one.

2. YouTube Scams – An email has been doing the rounds containing an ad for a video supposedly hosted on YouTube. The email goes on to explain how the video is about two lovers, includes comments and reviews.

If someone was to click on the link in this email (a link that at first sight appears to point to YouTube) they’ll be taken to a fake website made to look a little like YouTube. Then a message comes up saying that a new Flash player is required. Don’t install this player, it’s a virus. Pay close attention to links (URL’s) in emails.

What is Search Jacking?

Post No BillsWhat is Search Jacking? And how is it bad?

The term Search Jacking is used when a program or network takes you to a search engine when you type an incorrect address into your web browser (e.g. Internet Explorer). For example, if you enter into the address bar of your web browser it is supposed to show you an error. The address doesn’t exist (at the time of writing this article). At least that’s how it’s meant to work in theory.

Some people with large marketing ambitions decided that if you enter an address that doesn’t exist it should take you to a search engine that can suggest some websites for you. One prominent company that did this is Microsoft. Microsoft’s Internet Explorer takes you to a search engine and suggests some other sites, and not necessarily the site you really wanted to see.

There have been a few companies that have taken it upon themselves to redirect the general internet user to their search engine of choice. And their choice is decided by whoever’s paying them the most. The technique is similar to domain squatting, where mistyping a web site takes you somewhere unexpected. Cox and Earthlink have also used this technique before.

The latest in search jacking attempts comes from Verizon (an American telecommunications company). If your internet is connected through Verizon and you try going to an invalid web site, you might land on Verizon’s search website (for the moment it’s active on one of their fibre network).

Is there a danger to you? For now there’s no real danger, it’s more of a nuisance. Soon they’ll most probably start putting ads on this search site. It’s a little deceptive, and is called by some as “accidental content delivery”. You accidentally type in an incorrect address, they deliver content of their choice. And of course they’ll make money from it.

It’s more of a nuisance for now, and if it works out for them other companies are likely to follow. If your network has already adopted this search jacking system you could complain to your internet provider. After all, someone’s paying for your internet connection and you shouldn’t expect your internet provider to fill it with ads for you.