Tag Archives: scam

Free Disney Vacation Scam Alert

If you haven’t already, at some point very soon you are going to see this image on Facebook:

2015-07-17-disney-scam

The hook is this: like the photo, share it, then visit a website to enter a contest for a free Disney World vacation.

Here’s the problem: the Facebook page this image resides on is NOT the official Disney World page. It is an impostor designed to trick users into liking the page. Once enough people have done so, the page content will be changed to push other scams into the news feeds of the people who liked the Disney page.

Now, why am I such a downer? Why am I trying so hard to make people sad? How do I know it’s a fake Disney page?

Well, look at this screenshot for a moment (click to see it full-size):

2015-07-17-disney-scam-02

Do you see what it says next to the profile picture? I’ll zoom in a little so you can read it better (click for full size):

2015-07-17-disney-scam-02a

It says “Walt Disney-World.”.

Notice the dash.

Notice the period.

Notice the category: “Transport/Freight.”

Notice the lack of the blue “Verified Page” checkmark next to the name.

Do you think for one moment that a company the size of Disney would have ITS OWN NAME written incorrectly on its own Facebook page? Look at any official Disney website or product. Do you see “Walt Disney-World.” anywhere?

Do you see Walt Disney World train cars and semi trailers all over America’s railroad tracks and roadways, delivering jars of pickle relish and car parts and textiles? No? That’s because Disney World is a theme park, not a transportation and freight business.

Do you believe Disney World’s official Facebook page would have 20,000 likes (as of today) and ONE lousy post? And no link to the official Disney World website?

These, and a dozen other points, are your free ticket to knowing that this Facebook page and offer are a scam.

Go look at Walt Disney World’s official Facebook page. Notice:

  • 14 million likes
  • The name is correctly punctuated (which is to say there is NO punctuation)
  • The category is listed as “Theme Park,” which is correct
  • The checkmark next to “Walt Disney World.” This means Facebook has verified that the page is official. You can hold your mouse over the checkmark and a little window will pop up that says “Verified Page”
  • Posts going back to 2009
  • Multiple posts, pretty much every day

I’m taking a pretty emphatic tone because I want people to stop falling for fake Facebook pages. I’m tired of seeing people I know get taken in by this stuff because it helps crooks spread spam and fraud to millions of people. If you see this photo and post in your Facebook newsfeed, please do the following:

  • DO NOT SHARE, LIKE OR COMMENT ON the page yourself
  • Tell whoever shared it or posted it that it is a scam and that they need to unlike the page right away; point them to the real Disney World page if they don’t believe you
  • Go to the fake page and Report it as fraudulent to Facebook
  • Share this article, or this one from the Consumerist if you can’t bring yourself to take my word for it

I don’t Facebook much anymore, but I’ve always lived by an “If it’s being shared a lot on Facebook, it’s probably not true” code. It’s a pretty accurate rule, and the stuff that IS true you’ll hear from credible sources eventually anyway.

 

 

Heartbleed is the name of a bug, not a virus

The Heartbleed Bug was a major story not that long ago. Lists of affected websites circulated with instructions to change your passwords if you had accounts at those websites.

In the whirlwind of online news articles, a lot of jargon got tossed around that the average computer user may not be familiar with, and any time there is a knowledge gap, scammers can and do take advantage of it. Spam emails began to circulate claiming to include a Heartbleed removal tool that was, naturally, a malicious program itself. The attachment, if opened, installed a keylogger on victims’ computers, which could transmit sensitive information to criminals. Symantec has a fine article about this particular attack.

Of course, if you’re an old hack hand at Computer Stuff like myself, you already knew that Heartbleed was a bug affecting servers, not a virus. But not everybody is familiar with all these terms, so I decided it would be useful to explain some of these concepts in layman’s terms.

DATA is digital information. If you’re looking at a website, your computer is taking data and presenting it in a readable, watchable, or listenable way. You’re looking at data, which happens to be mostly in text form, right now. When you have an account at Amazon or Facebook (for example), your username and password are part of your personal data, which is the stuff you don’t want being accessed by anyone but yourself. Websites keep this kind of data on servers that use various software to make it (hopefully) impossible to access by unauthorized people.

SERVER is a big computer where data is stored. When you watch a video on YouTube, the digital information that makes up that video is stored on an incredibly large computer, which transmits that data to your computer, which turns it into a video you can watch. Companies such as Facebook and Google have multiple servers that fill entire buildings. Your employer may have a smaller server that looks like a regular desktop computer, which hold all the business’s customer data, and only employees have access to it. Same concept, different scale.

OpenSSL is a particular type of server software that was affected by the Heartbleed bug. You know how your desktop computer runs Windows or MacOS, and your phone runs Android or iOS? OpenSSL is pretty much the same type of thing for servers. Your home computer uses Windows or MacOS to do home computer things, some (but not all) servers use OpenSSL to do server things, like store huge customer databases.

BUG is a flaw in a piece of software. You know how sometimes you download some goofy free app on your phone, and it works for a few seconds then crashes? That app has a bug that makes it function improperly. In the case of Heartbleed, the bug was a security flaw that potentially opened up account information (such as encrypted passwords) to hackers.

ENCRYPTED data has been scrambled in a way that unauthorized persons cannot access it. Servers don’t just store your username and password in text form because it would be too easy for someone to just steal the file and open it. They use complicated methods to make sure that, even if someone got the file, they wouldn’t be able to read it. (At least, this is how it would always work in a world without security bugs like Heartbleed; this is why you had to change your passwords at affected sites after the bug was fixed.)

HACKER: a person who breaks into computer networks. This in and of itself does not make them bad…many are actually hired to break in, in order to highlight security flaws so they can be fixed. Some use their skill for criminal purposes.

These are pretty simplistic explanations, but I think it’s important to at least have a concept of what these terms mean, so that when you read an article that says “security bug affecting servers running OpenSSL versions etc…” you can at least understand that they’re talking about software you’re NOT running on your home computer, and to ignore any emails offering a fix because Heartbleed wasn’t a virus in the first place.

But you’re not going to open attachments in any unsolicited emails, anyway, are you? If nothing else, remember this First Principle: “If you didn’t ask for it, don’t click on it.”

Credit Card Scam Alert: Ignore that offer from AmTrade International Bank

There is a new scam showing up in mailboxes.

It takes the form of an offer for a “secure” credit card, and it targets people with low credit scores or other financial issues.

A “secure” credit card is a credit card where the cardholder puts up some of their own money as collateral against the credit line. It allows lenders to extend credit to higher-risk consumers at a lower annual percentage rate, and can actually be a good tool for rebuilding credit (timely payment of debts makes up a large portion of your credit score). We actually offer a secured credit card here at REGIONAL. They’re a legitimate financial tool.

Except for when they’re used as the basis for a scam.

This one comes from AmTrade International Bank, with an implied connection to Credit One Bank, N.A. (there is none). Victims select a card with either a $1,500 or $3,600 credit limit, and then send in $500 or $900 (respectively) as “collateral” for the credit lines.

And the credit cards never arrive. At its core, this is the simplest form of scam: take money, disappear.

This exact same scam showed up earlier in the year, from Freedom 1st National Bank, which also implied a link to Credit One. In both cases, victims instantly found themselves robbed of either $500 or $900.

If you get offers for pre-approved credit cards in the mail, it is vital to verify all claims before making a purchase decision and sending personal information and money.

In fact, I’ll just put it out there now: don’t respond to unsolicited pre-approved offers for “secure” credit cards, at all.

Also, never just send money to an unknown entity, for any reason.

This scam is going to keep popping up, with different fake banks running it each time, and law enforcement is going be playing whack-a-mole for quite some time. In the meantime, it’s on each of us to look out for ourselves.

Read more:

 

Let’s kick off the long weekend with a derpy lottery scam

Many of us (here in the States, anyway) will spend today looking forward to a nice three-day weekend, visions of grilled meat, open-wheel race cars and (if you’re like me) binge-watching the entire fourth season of Arrested Development on Netflix dancing in their heads.

Seems like a good time for a “fun” sort of post, so let’s snark at a bad lottery scam email I received this morning:

From: [redacted]@co.pg.md.us
Subject: ! Are You Aware!!

Your email has been announced the winner of the Microsoft E-mail Sweepstakes of 5.6, Million Pounds. Please send these informations:
Full Name:
Address:
Tel / Mobile No.:
Country:
Occupation:
Sex / Age:
Alternative E-mail:
Contact Mrs. Kathrin Rogers: { Kath.rogers@msn.com<mailto:kath.rogers@msn.com> } OR { Kath.rogers@rogers.com<mailto:kath.rogers@rogers.com> } with details. Sincerely, Josphine B. Clay
(Microsoft Management Board, Copyright 1991-2013)

—————————————————————————————

This E-mail and any of its attachments may contain Prince George’s
County Government or Prince George’s County 7th Judicial Circuit
Court proprietary information or Protected Health Information,
which is privileged and confidential. This E-mail is intended
solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient of this E-mail,
you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and
attachments to this E-mail is strictly prohibited by federal law
and may expose you to civil and/or criminal penalties. If you have
received this E-mail in error, please notify the sender immediately
and permanently delete the original and any copy of this E-mail and
any printout.

Oh, where to even begin?

For one thing, it doesn’t say I won anything. My email, on the other had, has won 5.6 million pounds. Fat lot of good it will do.

Also: pounds? Microsoft, based in Redmond, Washington, conducts business in pounds? Sure. Whatever.

“Please send these informations.” Uh-huh. Because Microsoft doesn’t have enough money to hire people who use proper grammar.

! Are You Aware!! Um, ?No I’m Am Not ! !!

Why would a message about a Microsoft sweepstakes come from a Prince George’s County, Maryland email address?

Why would the disclaimer refer to said county, and not, oh…I don’t know…maybe Microsoft?

Finally: there is absolutely no such thing as a Microsoft E-Mail Sweepstakes, nor has there ever been, and nor will there ever be. But if you’ve been reading this site for a while, you already knew that one, didn’t you?

Have a good weekend. Stay vigilant. (Also, try grilling corn with garlic butter and without wrapping it in foil if you’re cooking out this weekend. You have to move it around a lot to avoid flare-ups and burnt corn, but dude…seriously, you’ll never do it the old way again.)

Email Scam/Malware Alert: “Corporate eFax message”

I received this message yesterday afternoon (links have been removed, but are shown in blue):

*   *   *

From: eFax <[redacted]@coderbit.com>
Subject: Corporate eFax message – 9 pages

Fax Message [Caller-ID: 680-973-3656]

You have received a 9 pages fax at Wed, 03 Oct 2012 22:22:19 -1000.

* The reference number for this fax is min1_20121003222219.1055179.

View this fax using your PDF reader.

Click here to view this message

Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.

Thank you for using the eFax service!

Home | Contact | Login

© 2011 j2 Global Communications, Inc. All rights reserved.

eFax® is a registered trademark of j2 Global Communications, Inc.

This account is subject to the terms listed in the eFax® Customer Agreement.

*   *   *

eFax is a real company, and the whole thing looks right, with the footer and all. So how did I know this message was bad news?

By mousing-over the links. I’ve used that term before but I’ve never explained it, so here it is: to mouse over (or mouseover) is to move the cursor (the arrow, usually) on your screen over a link without clicking on it. In most web browsers and email clients, this action will show you where the link actually leads, usually in the lower left corner of the window. If the text of the link says one thing, but the information that shows up when you mouseover, that’s a good indication of foul play.

In this case, every single link was disguised. Here are the links and where they actually led, in order. Do NOT visit any of the sites listed!

  1. min1_20121003222219.1055179: www.bathroomdesignstafford.co.uk/SAMiMyXq/index.html
  2. Click here to view this message: gurkan.bae.com.tr/1ttCGhGq/index.html
  3. www.eFax.com/en/efax/twa/page/help: webview360.net/Zn3VbH/index.html
  4. Home: egelisanfen.com/v2WPTAhV/index.html
  5. Contact: christianharfouche.net/Q1uRBnn/index.html
  6. Login: teknoturkbilisim.com.tr/5UTrCN5/index.html
  7. eFax® Customer Agreement: happlications.com/phjbPEB/index.html

You’d think a legitimate message from eFax would have at least ONE link that led to eFax.com, wouldn’t you? You’d also think the “from” address would contain “@efax.com.”

Instead, we’ve got web pages from all around the globe, including the UK and Turkey (.tr). Every single one of these pages has likely been compromised with malware.

Word on the street is that the linked sites will try to infect your computer with the BlackHole exploit kit, which takes control of your computer and adds it to a worldwide network of compromised (“zombie”) computers used to traffic illicit data, launder money and other criminal activity.

Like I said, bad news. If you get this message (the number of “pages” in the subject line may be different), don’t click. Delete it on sight.

IC3 Scam Alerts

The latest batch of scam alerts from the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) came out yesterday, and there are some interesting things going on out there.

I won’t past the entire text here, but the “Triangle Credit Card Fraud” was a new one to me. It works this way:

The first party is the fraudster who acts as a seller on a popular auction or marketplace site. The fraudster “sells” a product to the second party, the buyer that knows nothing about the scam. The buyer pays the seller for the product or service. The seller then needs to deliver the product or service to the buyer and does so by placing an order with the manufacturer of the product or service to the buyer and does so by placing an order with the manufacturer of the product or service, the third party. That order will contain the buyer’s information for shipping and stolen credit card information for billing. When the company receives the order, the billing and shipping information is all legitimate, thus it looks like an order being placed as a gift, so the company delivers the product or service.

That’s a big ball of text that takes a minute to decipher (and it seems to repeat itself at least once, but the underlying message is clear: you have to be really, really cautious when buying things from online auction sites.

The alerts also point out a new take on the old work-at-home scheme. This time, crooks are telling victims they submitted a resume online and using the names of well-known financial institutions and agencies (instead of the usual out-of-the-blue offer for mystery shopper work), then sending victims a fraudulent cashier’s check to purchase software or other supplies. Naturally, the victim then wires back the overage and ends up losing money. This time they’re finding victims because a vast number of people have been submitting resumes online, and I can tell you from experience: unless you’re a record-keeping ninja, it can get hard to keep track of what jobs you’ve applied for.