Make 2013 the year you take action against scams that target seniors

January 25, 2013

I know, you already made your New Year resolutions several weeks ago.

But I also know that you’re probably already using the treadmill as a clothes rack again, too, so it’s time to make some more.

This year, I am challenging you to take action against scams and identity theft that target older people.

Every year, seniors lose millions to scams that target them because crooks make certain assumptions:

  1. They’re wealthy
  2. They’re gullible
  3. They live alone
  4. They won’t tell anyone

And all too often, seniors who are victims of scams don’t tell their families, out of fear or shame. Too often, they do live without regular contact from their loved ones. That’s why it’s important to join in the fight against fraud.

Maybe it’s your parents or grandparents, aunts or uncles. Maybe it’s just a neighbor. Whoever you know, whoever you care about, talk to them. Tell them about the scams that target seniors—utility scams, the grandchild-in-jeopardy scam, the 419 scams, the phony investments (Iraqi Dinars), the fake sweepstakes calls, the work-at-home cons. You can find out more about these on this very site, and all over the Internet.

Visit more often this year. Have dinner together. Talk to them about life in general. Did they mention phone calls or letters that sound suspicious? You don’t have to pry or cajole—you don’t need to know every detail of their bank account, or try to convince them to add you as an authorized signer in most cases. But you need to talk more, be together more.

It’s important for other reasons, too, you know.

Can we all do that this year?

Comments Off | Senior Fraud | Tagged: , , , , , , , | Permalink
Posted by Clint

Alert for businesses: beware of fake BBB complaint emails

January 18, 2013

I received an email recently that highlights the importance of business owners and employees being aware of various types of fraud activity:

From: Better Business Bureau <[redacted]@newyork.bbb.org>
Subject: Case #28475466
Owner/Manager

The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.

As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.

In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by January 17, 2013. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.

Sincerely,

BBB Serving Metropolitan New York, Long Island and the Mid-Hudson Region

There was a 102KB file attached to the message named “Complaint Case  #28475466.zip”. Except for the fact that it appeared to come from a Better Business Bureau office a thousand miles away, it looked pretty legitimate.

However, looks can be very deceiving.

According to a report from Cisco, the attachment is an executable file that contains malicious code. They don’t specify what that malware is, but given the nature of the message I would guess it’s designed to log keystrokes or use some other method to steal online banking credentials from businesses. Once they’ve got account numbers and passwords, they wire thousands of dollars out of payroll, expense and other accounts, then use their network of (unwitting and witting) money mules to launder the ill-gotten funds.

So here’s the lesson today: if you receive a message like the one above, do not under any circumstances open the attached file. If you think there might be a legitimate complaint from the Better Business Bureau, contact them directly. It’s a general rule, but in this case it applied more specifically to business owners and their employees.

1 Comment | Fraud | Tagged: , , , , , , | Permalink
Posted by Clint

The irony of online banner advertisements

November 9, 2012

Earlier this year, an article about the Iraqi Dinar Scam appeared on Forbes.com. Here’s a screenshot:

First, let me go on record here: I vehemently disagree with the author’s use of the word “stupid” in the title of this article. It’s arrogant. Falling for a scam doesn’t make you stupid; it is my deeply-held belief that everyone is vulnerable to scams. Every single one of us has some magic combination of situation, emotion and opportunity capable of leading us straight into Scamsville. My goal with this site has always been to eliminate as many of those possibilities as possible; to make your own scam-combination-lock as difficult to decipher as possible. But we’ve all got a tell. Somewhere. I can’t emphasize this enough.

But this particular scam isn’t really my focus here. Yes, the Iraqi Dinar Investment Thing is very much a scam. The fact that entities selling it have to classify their businesses as a service for collectors of exotic currency (and not as a foreign exchange investment) to get around regulations should tell you something. Now you know. Go forth and tell others.

No, my focus today is to point out one of the absurd ironies of online publishing and the keyword-based online advertisements that accompany it. Because, on the very same page as the article shown above, this advertisement appeared, plain as day:

Yep. An advertisement for a business involved in the very scam the article spends several hundred words discussing.

No, I didn’t click on it. I don’t trust these businesses enough to even expose my computer to their websites. So I can’t give you any further details on this particular “offer,” but I can assure you: it involves you paying a few thousand dollars for a mound of paper that’s going to be worth the same nothing ten years from now that it’s worth today.

So here’s your takeaway for this Friday: for the most part, just don’t click on advertisements that appear on websites, even when those websites are reputable (I mean, Forbes wasn’t exactly founded a week ago, you know?). Even if the ads seem relevant to what you’re reading.

In fact, lots of web browsers now have plugins available that will block banner ads from view altogether. Adblock for Google Chrome is popular. I used it in the past, but since I have to occasionally write articles on this stuff, I felt it was better for me to be able to see the ads. There was even a variant called “Catblock” at one point, which replaced ads with pictures of totally adorable cats. Which is just awesome.

Comments Off | General Scams, Online Scams | Tagged: , , , , , , | Permalink
Posted by Clint

Score one for the good guys: “Rachel From Cardholder Services” has left the building

November 1, 2012

Have you ever gotten one (or a couple thousand) of those robocalls where “Rachel From Cardholder Services” tells you to press “1″ to lower the interest rate on all your credit cards?

If you pressed “1″ instead of hanging up the phone in disgust, you were connected to a telemarketer who would attempt to scam you out of a couple thousand dollars in up-front fees. If you pressed “2,” you were supposedly removed from the call list. Of course, Rachel would still call back a few weeks later because pressing “2″ did absolutely nothing.

It turns out there were five companies running this scam, and the FTC has now officially brought charges against them. These companies have violated a whole slumgullion of federal regulations. In other words, Rachel From Cardholder Services won’t be calling anymore.

I never liked her anyway.

Anyway, there’s an article over at the Consumerist that goes into more detail.

Comments Off | Credit Card Scams | Tagged: , , , , , | Permalink
Posted by Clint

Beware LinkedIn phishing emails

October 17, 2012

Here’s a screenshot of an email message I got the other day (click to enlarge):

There are a total of five links within this message, all of which lead to a different website and none of which lead to a page hosted at LinkedIn.com. The links were located in these places:

  1. The yellow “Accept” button
  2. The white “Ignore Privately” button
  3. “Marva Leonard”
  4. “Unsubscribe”
  5. “Learn why we included this”

Of course, the real issue here is that this looks like it could be a real email from LinkedIn (and hey, the VP Operations from Allstate wants to know you, wow!). But look what happens when I hover the mouse over the “Unsubscribe” link, for example (detail):

I’m not sure what’s on that site (I didn’t click to find out), but I can promise you it’s not a real LinkedIn page. Most likely it’s a hacked website that will attempt to infect your computer with malicious software.

If you’re a LinkedIn user, it’s important to be careful with email messages that appear to be from the network. Hover your mouse over any links before you click. Better yet, just visit the site directly and log in to your account; if you’ve got pending invitations, they’ll show up.

Also, most email clients these days don’t display embedded images unless you manually tell them to (note the red “X” and the word “LinkedIn” in the upper right corner of the message). There’s usually a box or a bar that says something like this:

Unless you know who the message is from and what it contains, never click on that box.

Comments Off | Phishing | Tagged: , , , , | Permalink
Posted by Clint

Email Scam/Malware Alert: “Corporate eFax message”

October 4, 2012

I received this message yesterday afternoon (links have been removed, but are shown in blue):

*   *   *

From: eFax <[redacted]@coderbit.com>
Subject: Corporate eFax message – 9 pages

Fax Message [Caller-ID: 680-973-3656]

You have received a 9 pages fax at Wed, 03 Oct 2012 22:22:19 -1000.

* The reference number for this fax is min1_20121003222219.1055179.

View this fax using your PDF reader.

Click here to view this message

Please visit http://www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.

Thank you for using the eFax service!

Home | Contact | Login

© 2011 j2 Global Communications, Inc. All rights reserved.

eFax® is a registered trademark of j2 Global Communications, Inc.

This account is subject to the terms listed in the eFax® Customer Agreement.

*   *   *

eFax is a real company, and the whole thing looks right, with the footer and all. So how did I know this message was bad news?

By mousing-over the links. I’ve used that term before but I’ve never explained it, so here it is: to mouse over (or mouseover) is to move the cursor (the arrow, usually) on your screen over a link without clicking on it. In most web browsers and email clients, this action will show you where the link actually leads, usually in the lower left corner of the window. If the text of the link says one thing, but the information that shows up when you mouseover, that’s a good indication of foul play.

In this case, every single link was disguised. Here are the links and where they actually led, in order. Do NOT visit any of the sites listed!

  1. min1_20121003222219.1055179: http://www.bathroomdesignstafford.co.uk/SAMiMyXq/index.html
  2. Click here to view this message: gurkan.bae.com.tr/1ttCGhGq/index.html
  3. http://www.eFax.com/en/efax/twa/page/help: webview360.net/Zn3VbH/index.html
  4. Home: egelisanfen.com/v2WPTAhV/index.html
  5. Contact: christianharfouche.net/Q1uRBnn/index.html
  6. Login: teknoturkbilisim.com.tr/5UTrCN5/index.html
  7. eFax® Customer Agreement: happlications.com/phjbPEB/index.html

You’d think a legitimate message from eFax would have at least ONE link that led to eFax.com, wouldn’t you? You’d also think the “from” address would contain “@efax.com.”

Instead, we’ve got web pages from all around the globe, including the UK and Turkey (.tr). Every single one of these pages has likely been compromised with malware.

Word on the street is that the linked sites will try to infect your computer with the BlackHole exploit kit, which takes control of your computer and adds it to a worldwide network of compromised (“zombie”) computers used to traffic illicit data, launder money and other criminal activity.

Like I said, bad news. If you get this message (the number of “pages” in the subject line may be different), don’t click. Delete it on sight.

1 Comment | Malware | Tagged: , , , , , , , , , , | Permalink
Posted by Clint

IC3 Scam Alerts

September 20, 2012

The latest batch of scam alerts from the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) came out yesterday, and there are some interesting things going on out there.

I won’t past the entire text here, but the “Triangle Credit Card Fraud” was a new one to me. It works this way:

The first party is the fraudster who acts as a seller on a popular auction or marketplace site. The fraudster “sells” a product to the second party, the buyer that knows nothing about the scam. The buyer pays the seller for the product or service. The seller then needs to deliver the product or service to the buyer and does so by placing an order with the manufacturer of the product or service to the buyer and does so by placing an order with the manufacturer of the product or service, the third party. That order will contain the buyer’s information for shipping and stolen credit card information for billing. When the company receives the order, the billing and shipping information is all legitimate, thus it looks like an order being placed as a gift, so the company delivers the product or service.

That’s a big ball of text that takes a minute to decipher (and it seems to repeat itself at least once, but the underlying message is clear: you have to be really, really cautious when buying things from online auction sites.

The alerts also point out a new take on the old work-at-home scheme. This time, crooks are telling victims they submitted a resume online and using the names of well-known financial institutions and agencies (instead of the usual out-of-the-blue offer for mystery shopper work), then sending victims a fraudulent cashier’s check to purchase software or other supplies. Naturally, the victim then wires back the overage and ends up losing money. This time they’re finding victims because a vast number of people have been submitting resumes online, and I can tell you from experience: unless you’re a record-keeping ninja, it can get hard to keep track of what jobs you’ve applied for.

Comments Off | Scams | Tagged: , , , , , , | Permalink
Posted by Clint

« Previous Entries
Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 161 other followers