Fashion Sale Fake Web Site

We are all used to sales at almost any time of year nowadays even by high fashion companies.

Scammers sometimes go to a lot of trouble to replicate part of the website of a fashion store online.

A recent scam started with a flood of emails about a Michael Kors sale.

Michael Kors is high fashion and comes with a hefty price tag so you can imagine the interest when the email says Huge Savings.

In fact later in the email it says “Take an additional 90% of your entire purchase of $100 or more”

They would not be in business for long giving away good quality product at 90% discount.

Of course, it’s all fake. Visitors to the fake site from the link in the email will find few items (with bargain prices) but it’s when you hand over your payment card details that the scammer has won and will use your card till it runs dry.

There are genuine sales of course and these are advertised by email sometimes.

But do pay attention to any links and which websites they would take you to.

In the Michael Kors email – it was all copied from genuine emails but the word “stockist” was spelled “srockist” which tells you it’s all fake and the unrealistic discount proves the point.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

April 24, 2022

African Bitcoin – What’s That?

This enterprising scammer has combined a standard Bitcoin scam with a 419 scam.

The email tells me that as member of the Africa Conference of Churches I am entitled to make up to $1,000 per day with Bitcoin investment.

The email is actually from a Portuguese domain name and I have never heard of any Africa Conference of Churches and of course the email isn’t addressed to me – just to “Good Day”.

“with our cutting-edge technology and experiences that cut across decades, we manage the wealth of billionaires and companies within a network of offshore facilities and you can start with as little as lb200”.

You can imagine the scammer or him and friends sitting a table trying to think up impressive sentences and some loser picking the one above as it is meaningless but contains the right key words and suggests competence but obviously it just shows ignorance and criminal intent.

I assume that lb200 is meant to be 200 pounds – not written by anyone with decades of experience in wealth management.

Pathetic.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 23, 2022

Time-Wasters Update

An email from Mr. Anthony offers loans between $1 million and $50 million for any business at 4% for up to 10 years. The sender’s email address has a ‘.ga’ domain which is Gabon in Africa. The reply address is a personal Gmail account. Only scammers typically use separate reply email addresses like this, so no thanks.

“Your hairdresser wont want you to discover it.” is the title of an email about a product called Trimsher which is supposedly professional quality hair clippers. However, the email then claims that using the clippers will guarantee you a professional quality haircut. People spend years at college learning how to be barbers and hairdressers and just using a better quality pair of clippers wont make much difference unless you are trained. Marketers tend to sell on the best points of a product but scammers oversell by miles in desperate hope of catching gullible people. Never reply to such unsolicited emails as they are always scams.

Coinbase is a cryptocurrency exchange platform – for buying and sell various cyber currencies. This attracts a lot of scammers desperate to steal people’s cryptocurrency as it is generally untraceable. There are numerous phishing emails from scammers trying to get people to key in their details on a fake website. This latest one says “Your transfer completed to Bank account number xxxx0465” to attract attention. It tries to look like it’s from Coinbase customer services but the sender’s email is actually costumer service @teamosp900qrzz.com which is obviously not Coinbase as I doubt they have a ‘costumer service’ department.

Emma Sun claims to work for Kanghui Medical Technology Co Ltd. and is offering medical beds for sale from China. No reputable supplier would send out mass spam emails to unknown companies selling such a product. Stupid.

Tony Goodman wants to present me as the next of kin of some unnamed dead person, to his bank as there is $17.3 million up for grabs. This is a simple 419 scam looking for people with more greed than brains. Of course there is no money just the payments that the scammer will try to get from anyone dumb enough to believe the story.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 22, 2022

Identify a Virus

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

April 21, 2022

Police Report Common Phone Scams

The National Fraud Bureau reports that the most common phone scams are:

False reports of a problem with your computer or device
A fake fraud investigation
An investment opportunity

Number 1 is better known as the Microsoft Support scam as most of the scammers cold call random people, pretending to be from Microsoft Support and warning of a severe computer problem. They offer to fix it and to do so they need access to your computer and will charge a fee for their time or for some software they supposedly have to install.

Since these scams became commonplace, most people know to put the phone down on any such call. A message to the same effect (you have a computer problem – call …) may pop up when you are on a new website and it will exhort you to phone a specified phone number – this will be to a scam call centre so do not call it.

Number 2 is the fake fraud investigation which can take many forms with the scammer pretending to be from your bank or the government or the Police etc. Usually, they warn you that your bank account has been hacked and they will assist you to save your remaining money – i.e. by taking it away from you. Any such callers should be ignored but if you want to check with your bank then use a different phone to call your bank on a known number.

Number 3 is scammers offering investments that have zero risk and give guaranteed returns are always fake and you should seek expert advice before making any investment.

Anything that looks too good to be true is almost certainly a scam.

Stay safe.

If you have any experiences with these scams do let me know, by email.

April 20, 2022

How do fraudsters get my personal information?

When scammers get hold of your personal information, it can lead to serious trouble. Those details can be used directly in fraud or be used to put together a more detailed picture of you that can be sold to identity thieves.

Personal details can include:

Full name, address and contact details
Bank account numbers and login information
Logins and passwords for websites
Identification numbers, e.g. passport details or driving licence

There are four main methods that scammers use to get your personal information.

Phishing Scams and Buying From Other Criminals

Criminals get your information from phishing exercises, fake competitions, fake websites etc. and often they simply find a business email address then make up entries by combining common first names with the business email address. If they get a response to their spam emails that tells them you have an active email account and you will get a lot more scam and spam messages.

They also buy this data from other scammers and spammers who sell list of people’s information on the dark web.

Simple data such as name and address sells for just tens of dollars per thousand people but financial data sells for much higher prices e.g. valid credit card details plus the security number on the back and the persons full name can sell for up to hundreds of dollars per person.

Data brokers

These companies collect and sell all the data they can legally find, such as names, date of birth, telephone numbers, addresses, land records, marriage records, criminal history, social media profiles etc. They consolidate this data from dozens of different public records, then compile it online.

A lot of the information is likely to be out of date or just wrong, but some is likely to be accurate.

Data breaches

This is where hackers break into organisation’s computer systems to steal data. Sometimes this is published on the dark web and sometimes sold directly to other criminals.

The targeted information may include names, driver’s license numbers, medical and financial records, and email addresses and passwords.

Social media and blogs

Your social media accounts may contain all the pieces a cybercriminal needs to commit fraud, such as your full name, where you live and work, photos of you and your family, holiday plans, and your favourite bands and hobbies. E,g, some people use a pet’s name as a password or as an answer to a security question so if your pet is on your social media then they will try it.

Removing social profiles and information on blogs or at least restricting the personal information makes it harder for the criminals to scam you.

Make sure the scammers cannot get your personal information – stay safe.

If you have any experiences with these scams do let me know, by email.