Category: Warning

The Website Contact Form Con

Hackers scour websites to pick up email addresses and other contact details which can then be sold to other scammers and spammers. Some legitimate companies also use the same method to get contact details to then sell on, although they know that’s really not allowed (but it’s not a criminal offence).

Some hackers specialise in collecting contact information from websites that use contact forms, as this sells for a higher price. Typically companies are less wary of messages created on their own websites so the scammer or spammer can get more of their messages read.

There is software available to scammers that will automatically fill in contact forms on websites and that is a problem for the website owners, as the messages can look legitimate whereas spam messages arriving on email are much easier to filter out and automatically delete.

Below is a typical incoming message to the radio station using the website contact form to enter the information.

Name: Forest Bovril

Email: forrest.bovril @ gmail.com

Message: Hello

I want to say what a beautiful shop you have made.

I am a regular customer of your website.

I visited your website last month and saw an item I wanna buy.

But I have a question today I wanted to order it but cannot find the product anymore on your website.

It looks like the first picture on this website (then a link)

Mail me if you are going to sell it again.

This is all rubbish – the radio station doesn’t have a shop and doesn’t sell anything online so the entire message is irrelevant and obviously the sender has no idea who they are sending to, so presumably the message has been sent to a huge number of random websites.

All just to get you to click a link which may simply be a website that the sender gets paid for each time someone clicks the link or it may be to download malware or anything else. Never click such links.

If you get a lot of such unwanted irrelevant emails from your contact page then you might consider implementing a Captcha on the form.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

A Scammers Mindset

As with many criminals, people who scam others for a living tend to carry on doing so until something dramatic makes them think again – such as a significant prison sentence, losing someone important in their life, violence etc.

“Fred” was a scammer for many years, working for various scam outfits until the day the Federal agents turned up at his office and he ended up spending several years in prison. Now he works to prevent fraud and warn people of how it is done. This is Fred’s warning.

 

Developing the Persona

The scammer assumes a false personality or social mask that makes it easier to pull off the deception. Swindling is really acting, and you play a character who will help you appear legitimate, confident and successful … even when you are not.

On the outside you will see nothing but charm, an engaging personality and swagger. On the inside lies a predator. There is no conscience in this business. It’s every person for themselves, and the goal is to get as much money as possible.

The business needs to have a persona, too, to look legitimate and trustworthy. Some scam companies run television commercials and hire famous actors to appear in them.

It’s About Emotion, Not Logic

Think about the first time you fell in love or a time when someone cut you off on the freeway and you were seething for hours. Were you thinking clearly? Probably not. Those who believe they’d never fall for a scam don’t realize it’s not about how smart you are; it’s about how well you control your emotions. Fraud victims are people with emotional needs, just like the rest of us. But they can’t separate out those needs when they make financial decisions. That’s what makes them vulnerable.

As a master scammer, I made it my first objective to get the victim’s emotions stirred up and so agitated that you won’t know which way is up and which is down. Once I have gotten you into this condition, it doesn’t matter how smart or dumb you are, you will succumb.

The two most powerful ways to do this are through need and greed.

To find a client’s emotional need, I’ll ask a bunch of personal questions. Then I’ll throttle up the pressure by focusing on that need. “Oh, you lost your job? That’s got to be tough.” Or “So your two kids are in college and the tuition is driving you into the poorhouse.” Now the person isn’t thinking about whether the offer is a scam but instead, “Here’s a fix for my problems.”

The “crush,” or the “kill” — that’s what we call closing the deal — is emotionally driven. It’s not logic. If you apply logic, the answer is: “No, I am not going to send you my hard-earned money. I don’t even know who you are.” If my victims had applied logic to our deals, they would have walked away every time.

The other pathway to the ether is simple greed: I just promise people they can make a ton of money.

 

The Perfect Victim

I’m often asked how I could have ripped off senior citizens. The answer is that con men target people who have money, and a lot of seniors are sitting on fat nest eggs. It’s the Willie Sutton rule: He robbed banks because that is where the money was.

But there’s more to it than that. I think older people are easier to scam, because their emotional needs are closer to the surface. They aren’t afraid to tell people how much they care about their kids and grandkids. They aren’t afraid to share their fears about the unstable financial markets and how much they worry about being on a fixed income. These fears are real. And every one of them is a bullet for my gun.

My scam career was focused on investments like phony oil and gas deals, bogus business opportunities and gold-coin scams. And for these types of investments the perfect victim was almost always a male. Why men? Men are grandiose; they are full of ego. And that’s all driven by emotion; it’s driven by insecurity; it’s driven by a feeling of inferiority.

Most people who get emotional quickly will fall every time. And if they don’t get worked up, I won’t waste my time with them. If prospects are asking a lot of questions or tell me they want to think it over or talk with their lawyer, I will hang up the phone. Victims don’t ask a lot of questions; they answer a lot of questions. Victims don’t read paperwork; they wait for you to tell them what it says. Victims don’t look for why the offer is a scam; they look for why the offer will make them money. They want you to make them feel good so they can pull the trigger.

 

Early on in my career I was selling bogus oil and gas units to investors. We were selling units for $22,500 for a quarter unit, or $90,000 for a full unit, promising a 10-to-1 return. Sure, we had a well, but it was a dry hole, and we knew it — there was no chance of hitting oil. Every so often when I was pitching these deals, an investor would ask if I was registered with the U.S. Securities and Exchange Commission. I would always say, “Of course we are, and I want you to verify that the minute we get off the phone.” The truth is, we were never registered, but 98 percent of the people who ask that question never check. They just want to hear me say it.

Don’t Get Burned

Never make a buying decision when you’ve just heard the sales pitch. Always give yourself at least 24 hours to think about it. This gives you time for the emotional effects of the sales presentation to subside — and time for you to do research.

Don’t ever share personal information about your family or about your worries with people who are trying to sell you something.

In any interaction with someone trying to sell you a deal, always ask yourself, “What’s in it for them?” In other words, if this is such a great deal, why are they calling you about it? Why don’t they just do it themselves?

 If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Phishing a WiFi Password

Most people believe that using Wi-Fi in public places is safe as long as there is a password needed to access the service, rather than the public ones with open access.

However, there are assorted methods used by hackers to get into Wi-Fi services and in particular a set of software and techniques we’ll call Wi-FiX (not the real name).

Sadly, Wi-FiX is available on the Internet to anyone with programming skills.

The basic method used involves the software creating a fake Wi-Fi access point that mimics the real ones on the selected network. Then it jams any messages to the real access points and posts up a message requesting login and password. The user cannot get around this so enters their login and password and then the software relays on the messages to the real wi-fi access point so the user believes everything is OK again, but the fake Wi-FI access point is recording all of the traffic.

In that data may well be logins and passwords, credit card details etc.

The details are complex but below is a simple technical explanation

  1. The victim is deauthenticated from their access point. WiFiXcontinuously jams all of the target access point’s wifi devices within range.
  2. WiFiXcopies the target access point’s settings. It then creates a rogue wireless access point that is modelled on the target. It also sets up a NAT/DHCP server and forwards the relevant
  3. The victim is requested to re-input login and password which WiFiX can use to access the genuine access point. The victim joins the hacker’s rogue access point.

The victim continues to use the Wi-Fi unaware that all of their messages are being copied and examined for confidential information etc.

Always be wary of using Wi-Fi outside of your home and office.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

You Have a Car Problem Scam

This is a well known scam that targets single women in cars – either arriving back home or just parked in a quiet area or about to leave a multi storey car park.

The target is approached by a man with an East European accent who warns her of a problem with her car.

He points out something wrong at the back of the car – could be trailing wires, something that looks like it’s fallen off underneath the car etc. Anything the scammers can easily add to the car unseen.

While the first scammer keeps the woman occupied worrying about car problems, a second man appears and his job is to rifle the handbag on the passenger seat for credit and debit cards and notes. If there’s nothing valuable in the car or she is carrying her handbag – they either give up or snatch the bag.

Either way they typically get away with payment cards and cash.

A Surrey woman recently suffered this scam where she had just driven into her driveway and a man pointed out loose wires at the back of the car. The accomplice got her payment cards and stole £500. Luckily for her they also tried to take out £2,000 from her account but the bank blocked it.

Stay safe.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Fake Event Tickets

Festivals, sports events and other big events attract a lot of attention and a lot of people wanting to visit and usually find accommodation as well Scammers can see these people as easy targets and target them with specific adverts for a popular event of any kind. .

This is most common with the huge events such as World Cup football but also applies to smaller events such as niche music festivals.

The scammers sometimes go to the trouble of creating realistic looking websites, advertising campaigns etc.

Action Fraud estimate that  people are losing more than £1.6 million per year to the perpetrators of these scams. The fraudsters may sell fake tickets, fake travel arrangements, fake accommodation or all of these things.

If you’re travelling to a big sports event or festival etc. make very sure that the tickets you buy are valid. It would be sad to arrive at the event only to discover your bargain price tickets were fake and you’d wasted your time and money.

If you have been caught out by this scam – do let me know, by email.

Fightback Ninja Signature

Domain Name Theft

Your Internet domain name e.g. mybusiness.co.uk can be very valuable and a key part of your business. Without it, online customers won’t be able to find your website or may be redirected without their knowledge to a copycat site.

You may think it’s impossible for someone to take your domain name but it does happen and the scammers are clever in how they do it, leaving you with the difficult task of proving you are the rightful owner.

For a hacker to take your domain name, there are two basic methods:-

  1. They change your DNS configuration, to redirect traffic from your site to their site
  2. They modify your registration contact information, which gives them full control over your domain

A hacker can also change the registration data in the WHOIS database. This then makes it difficult for you to prove that you are the rightful owner. If they have control, then the hacker may also move the domain registration to another registrar which makes it more difficult to get your domain name back.

Q. How Can Hackers Access Your Domain Account?

The most common method is through a phishing attack. They send you emails that look to be from some official body, such as the domain registrar and get you to click a link to their fake website page and use your login and password thus giving them your login credentials.

Alternatively they get your login credentials from a data breach or simply buy the information from another hacker who has employed phishing attacks etc.

Protecting Your Domain

Prevention is the key, rather than planning what to do in the event of such a problem.

Ensure a strong password and that only you know the password for domain control, guard against phishing attacks and anything out of the ordinary regarding your domain.  The most effective control is domain locking.

Domain Locking

You can ‘lock’ your domain, which means that changes will not be allowed unless you ‘unlock’ the domain.  Your domain registrar will do this for you and it’s normally a free service.

Domain locking also stops unauthorised transfer of your domain name to another registrar.

Keep your domain name safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature