Spotify Scams

Some scammers are increasingly turning to Spotify, trying to find new ways to con people, so how do scammers aim to get your money by means of Spotify?

Typically, they offer a Spotify service and want you to click a link to sign up for trials of the service.

e.g. “Break your music without breaking the bank”.

Or “100% organic Spotify promotions”

Or “Playlist pitching to targeted curators”

Or “Guaranteed placements”

The radio station has received many dozens of these types of emails recently, all with similar wording.

The phrases used make sense in some contexts to do with Spotify but it’s all a con.

The emails are not from Spotify or from a reputable business but from ridiculous email addresses such as tickets @1i90xcqw221.lo009axtwq1.tawk.email

There are companies that do offer genuine Spotify promotions if that’s something you’re interested in paying for – but beware that finding real listeners who like a product is a lot more difficult than paying for idiots to supposedly listen to it.

If you do want such services, then do your research to find the real companies and never reply to or click links in unsolicited emails.

If you have any experiences with these scams do let me know, by email.

April 27, 2022

Keep your personal information safe

Fraudsters are after your personal information including – full name, address and contact details, bank account numbers, logins and passwords for websites and Identification numbers such as passport details and driving licence.

Once they obtain your full name and other personal details, they can search official records, social media etc to piece together a fuller picture about you, with the intention of scamming you or even identity theft.

How To Stay Safe

Use multiple email addresses [link]
Use disposable email addresses (https://fightback.ninja/disposable-email-addresses/)
Use temporary email addresses [link]
Use the magic phone number if you don’t want to be contacted by phone, but a website insists you provide one [https://fightback.ninja/a-magic-phone-number-and-call-blocking]
Stop tracking cookies
Opt out whenever possible of Marketing emails etc.
Withhold data when you can or make something up if it is unimportant

Removing your personal information from the internet

There is a trade-off between having some information on the Internet about you so that prospective employers, old friends and others can find you and the problem of there being so much that criminals can use that information to con and steal from you. Also, it’s virtually impossible to remove all traces of your Internet activity.

Restrict or Delete Social Media Accounts

Scammers seeking your information may start with your social media posts so make sure not to post anything personal or mention holiday dates etc. Simply deleting such accounts is safer.

Close down Blogs and Blog Posts

Close or delete any blogs posts or the whole blog if it gives away personal information on you.

Personal blogs may contain intimate details about your daily life, family, jobs, health information and financial situation — which is information a fraudster could use to scam you or access your accounts. If you publish a blog, be mindful of the details you’re sharing.

Websites, Chat Groups etc. With Your Information

If someone else has posted sensitive information about you on their website or blog, then you can contact the webmaster of the site and ask them to remove the information.

If a website refuses to remove your info, then you can send a legal request to Google and ask to have it removed.

Phone APPS

Many APPS on your smartphone and tablet collect personal details such as your name, email address, spending habits, and geographical location. This information could be accessed by cybercriminals, leaked or stolen, and if it ends up in the hands of scammer, your finances could be at risk.

If you’re unsure whether an app is trustworthy, it’s a good idea to review the Terms of Use and Privacy Notice first to determine what info is collected, why it is collected, and how it may be secured, stored, and shared. You might also check some user reviews.

Block Tracking Software

While browsing the web, you’ve probably noticed disclaimers about “cookies,” which is technology that tracks your web browsing habits. If you don’t want that information tracked and stored, then consider running security software that contains features to block online tracking. You should also understand the limitations of your browser and any do-not-track feature.

Clean out your computer data

There’s a trove of personal information stored on your browser history, including the websites you visit (including financial institutions), passwords, and cached images and files. If a cybercriminal gains access to your device, they may be able to use that information. Regularly clear your browser history, delete cookies and install and use security software that includes online privacy features.

If you do all of the above then you will remove most of the data that anyone can find about you on the open Internet. There will always be data on government systems, retailers you buy from etc. but that is harder for any criminals to access.

If you have any experiences with these scams do let me know, by email.

April 25, 2022

Fashion Sale Fake Web Site

We are all used to sales at almost any time of year nowadays even by high fashion companies.

Scammers sometimes go to a lot of trouble to replicate part of the website of a fashion store online.

A recent scam started with a flood of emails about a Michael Kors sale.

Michael Kors is high fashion and comes with a hefty price tag so you can imagine the interest when the email says Huge Savings.

In fact later in the email it says “Take an additional 90% of your entire purchase of $100 or more”

They would not be in business for long giving away good quality product at 90% discount.

Of course, it’s all fake. Visitors to the fake site from the link in the email will find few items (with bargain prices) but it’s when you hand over your payment card details that the scammer has won and will use your card till it runs dry.

There are genuine sales of course and these are advertised by email sometimes.

But do pay attention to any links and which websites they would take you to.

In the Michael Kors email – it was all copied from genuine emails but the word “stockist” was spelled “srockist” which tells you it’s all fake and the unrealistic discount proves the point.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

April 24, 2022

African Bitcoin – What’s That?

This enterprising scammer has combined a standard Bitcoin scam with a 419 scam.

The email tells me that as member of the Africa Conference of Churches I am entitled to make up to $1,000 per day with Bitcoin investment.

The email is actually from a Portuguese domain name and I have never heard of any Africa Conference of Churches and of course the email isn’t addressed to me – just to “Good Day”.

“with our cutting-edge technology and experiences that cut across decades, we manage the wealth of billionaires and companies within a network of offshore facilities and you can start with as little as lb200”.

You can imagine the scammer or him and friends sitting a table trying to think up impressive sentences and some loser picking the one above as it is meaningless but contains the right key words and suggests competence but obviously it just shows ignorance and criminal intent.

I assume that lb200 is meant to be 200 pounds – not written by anyone with decades of experience in wealth management.

Pathetic.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 23, 2022

Time-Wasters Update

An email from Mr. Anthony offers loans between $1 million and $50 million for any business at 4% for up to 10 years. The sender’s email address has a ‘.ga’ domain which is Gabon in Africa. The reply address is a personal Gmail account. Only scammers typically use separate reply email addresses like this, so no thanks.

“Your hairdresser wont want you to discover it.” is the title of an email about a product called Trimsher which is supposedly professional quality hair clippers. However, the email then claims that using the clippers will guarantee you a professional quality haircut. People spend years at college learning how to be barbers and hairdressers and just using a better quality pair of clippers wont make much difference unless you are trained. Marketers tend to sell on the best points of a product but scammers oversell by miles in desperate hope of catching gullible people. Never reply to such unsolicited emails as they are always scams.

Coinbase is a cryptocurrency exchange platform – for buying and sell various cyber currencies. This attracts a lot of scammers desperate to steal people’s cryptocurrency as it is generally untraceable. There are numerous phishing emails from scammers trying to get people to key in their details on a fake website. This latest one says “Your transfer completed to Bank account number xxxx0465” to attract attention. It tries to look like it’s from Coinbase customer services but the sender’s email is actually costumer service @teamosp900qrzz.com which is obviously not Coinbase as I doubt they have a ‘costumer service’ department.

Emma Sun claims to work for Kanghui Medical Technology Co Ltd. and is offering medical beds for sale from China. No reputable supplier would send out mass spam emails to unknown companies selling such a product. Stupid.

Tony Goodman wants to present me as the next of kin of some unnamed dead person, to his bank as there is $17.3 million up for grabs. This is a simple 419 scam looking for people with more greed than brains. Of course there is no money just the payments that the scammer will try to get from anyone dumb enough to believe the story.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 22, 2022

Identify a Virus

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.