Category: Scammer

Facebook Phishing Scam

angry-35446_640

There are numerous phishing emails and text messages that try to trick victims into giving away confidential information like account sign-on details or credit card numbers.

Usually, these messages claim the victim’s account has been frozen until they sign on again by clicking a link that leads to a bogus page imitating the real provider of the account.

These can usually be spotted easily but there is a new phishing scam. This is in the form of a comment  on an item on the user’s Facebook page.

The Scammer creates an account with an official sounding, security related name, so the victim may believe the comment has come from Facebook. The comment maker then warns that the user’s account is to be disabled unless the user verifies their details.

The warning says something like :

“Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page Disabled. Please verify your email account to prove this is your page and help us do more for security and comfort for everyone. Please check your account as proof of legitimate owner of the account that you use. Make sure you enter the correct details below.”

The message has two boxes for recipients to enter their email address and their Facebook password, along with date of birth details and a “Confirmation” button, which is linked to a bogus Facebook page.

In both cases, after providing their sign-on information, victims are asked for their credit card number.

The message warns: “Caution. If you do not update your credit card your payment page will be disabled.”

Sometimes, there’s also a link to a phony PayPal sign-on page.

This is quite a complex and well-executed scam but hopefully the poor wording will flag it up for what it really is. Even if Facebook stop this scam, other scammers are likely to will try something similar.

Facebook has pages of information and guidance about security and what to do in the event you think there is something suspicious in progress.

Sara Confronts a Local Business Scammer

gladiator-1499081_640

Sara ordered nearly a thousand pounds worth of window shutters  and six months later she says

“To date I have not received my shutters and I’m still trying to get my money back”

The business wouldn’t return her calls or respond to her emails.

She says “the only time I get through to him is calling him from telephone numbers which he doesn’t recognise. Since I placed my order he has changed his website and is trading under a new company name. He is still taking orders – and presumably money! – from customers. “

The Fightback Ninja heard what had happened and contacted Sara with an offer to publicise the story on his blog Fightback Ninja Blog and on his radio spot on Brooklands Radio.

Sara didn’t reply straightaway but instead forwarded the Ninja’s message to the company.

And suddenly they wanted to talk with her.

That’s the power of Radio. 

Cheats want to stay hidden from the glare of publicity.

Sara says “I finally got a reply from Mr X after I forwarded Fightback Ninja’s offer to do a case study on radio and the www. After learning of his circumstances, I didn’t want to add to his problems.The good news is the credit card company have upheld my claim so I’m not out of pocket which makes me more inclined to draw a line under the matter”.

Well done Sara (with a little help from the Fightback Ninja)

If you are scammed, don’t just accept it. Do whatever you can to get the money back and stop the scammer if possible. Also you should report the scam to Action Fraud.

US Government Takes Down PCCare247 Scammers

pccare247

The US government set up a sting operation to gather evidence against a company called PCCare247 which was defrauding people.

The Scam

This is a variant on the classic windows support engineer scam.

A cold caller tells you your PC has a virus, offers to prove it then offers to fix it for several hundred dollars or equivalent  in the local currency.

This variant is that PCCare247 advertised heavily that they help people sort out PC issues, but when someone called then PCarre247 would find faults that didn’t exist and charge a lot of money to rectify the non existent problems.

The Sting

Agent  Sheryl Novick phoned PCCare247 . “I saw some sort of pop-up and I don’t know if there’s a problem,” she told a PCCare247 tech named Yakeen. He offered to check her computer for possible problems and he convinced her to download a piece of software that let him take control of her PC.

Yakeen ran Event Viewer on the PC – this always shows lots of errors but they are trivial and should be ignored.

“It has 30 errors,” he told her and that her PC had been hacked by someone who was committing cyber fraud using it and also that there was a virus on the PC.

Yakeen promised that he could “remove all the hackers, remove all the errors and the virus from the computer and recover all the data?” All Novick needed was $400.

Novick agreed to a lower price and provided her credit card.

Yakeen didn’t know that Novick was actually a Federal Trade Commission (FTC) investigator and she had recorded the entire encounter, which had been conducted using a clean PC located within an FTC lab.

PCCare247 used the cash from this scam to build more business, spending more than $1 million advertising accounts on Google. The money bought “sponsored search results” that appeared when users searched for terms, including “virus removal.”

The FTC obtained a restraining order (TRO) against PCCare247, which made it all but impossible to do business in the US. Most of the company’s cash had already been transferred to Indian banks, but the TRO did shut down the company’s domain name, local phone numbers, and credit card processing. New money would not be flowing.

Well done the FTC.

http://fightbackonline.org/index.php/fightback/16-stories/24-us-government-takes-down-pccare247-scammers

Malvertising – The Bad Advertising

special-offer-1422378_640

Malvertising (the word is a contraction of “malicious advertising”) and means to use online advertising to spread malware which is computer viruses and programmes that take over your PC or steal identity information etc.

Malvertising is carried out by inserting malicious adverts into legitimate advertising networks and the ads can end up on highly reputable websites.  Malvertising is “attractive to attackers because they ‘can be easily spread across a large number of legitimate websites.

Malvertising is hard to combat because it can work its way into a webpage and spread through a system unknowingly:  It is able to expose millions of users to malware, even the most cautious, and is growing rapidly:

In 2012, it was estimated nearly 10 billion ad impressions were compromised by malvertising and things are not really getting much better.

Malvertising often involves the exploitation of trustworthy companies. Those attempting to spread malware place “clean” advertisements on trustworthy sites first in order to gain a good reputation, then they later insert a virus or spyware in the code behind the ad, and after a mass virus infection is produced, they remove the virus, thus infecting all visitors of the site during that time period. The identities of those responsible are often hard to trace, making it hard to prevent the attacks or stop them altogether, because the ad network infrastructure is very complex with many linked connections between ads and click-through destinations.

In 2015, there were Malvertising attacks against, eBay, answers.com, talktalk.co.uk and many others. It involved breaches of ad networks, including DoubleClick. Even the New York Times and the London Stock Exchange were affected.

This is difficult for the end user to combat as it depends very much on the security at the advertising networks.

Don’t automatically trust adverts on respected websites as they may not realise what’s being advertised.

 

Fake Watches Are Big Business

wrist-watch-183143_640

Over the past few weeks, Brooklands Radio station has received hundreds of emails trying to sell fake watches. These are harmless as they are so obvious.

But it is odd that specific scams and spams  appear and become very common very quickly then disappear for a period only to reappear in a different guise later on. This is a very common one currently.

Marketing people tell you to vary your sales pitch and try different versions to see what works and these scammers seem to have read those Marketing books.

We received similar emails selling fake watches but with a variety of titles – some nothing to do with watches – just something to make the recipient open the email message.

Titles such as

Impress your co-workers with a fine new watch

Or Rolex doesn’t want you to see our prices

Or Economy uncertain – copy watches are the way to go

Or Diamonds at a steal

Or Green dial submariner at a steal

Or No-one will believe its fake

Or Cheapest luxury items

Or Start off with a new hobby

Or Its dream time for those who cannot afford

 

Selling fake watches is of course illegal even if you tell people the watches are copies or fakes it’s but presumably big business based on the number of emails being sent out about the watches. Remember that such sales may fund more serious illegal activities.