Scam Alerts

Facebook Worm

The worm, known as Ramnit, dates back to April 2010 and steals stored login information. Ramnit was not initially designed to harvest Facebook credentials, but the Ramnit cybercriminals have recognized the value of Facebook accounts for propagation.

It is likely that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further.

In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.

As communication overall has shifted from traditional mediums such as email to social networks like Facebook, malware writers likewise are adopting their victim's preferred means of communication.

People are now less likely to click a random link via email, but trust is still relatively high on Facebook. Receiving communication from a trusted contact on Facebook will have much higher click-through rates.

Victims are simply not aware that the 'trusted' Facebook account from which the communication was received, may itself have already been compromised.

Remember not to click on strange links, to report suspicious activity on the social network, and become fans of the Facebook Security Page for additional security information.

Pet Scams

The Pay-Me-First Scam occurs when the pet owner receives a phone call from a person claiming that they have the lost pet in their possession. This person asks that the reward money be sent to them before they return the pet.

If the pet owner refuses, they will often threaten to hurt the pet in order to pressure the pet owner into sending money. Once the scammer receives the money, they are never heard from again.

The Truck Driver Scam involves someone claiming to be a long-haul truck driver who tells you that he came across your pet while on his route. He then asks you to send him money so that he can send your pet back to you, or he may ask you to wire him money to board your pet until he can send your pet back with another truck driver who's heading your way.

The Tag Team Scam works when you receive a call from someone who says that they think they have your pet. After talking to you for a while and getting information about your pet, they apologize and say that they're sorry, but it turns out that it's not your pet after all.

They then give all the information about your pet to a partner. This is a set-up as in a short time, the scammer uses the information received about your pet only to have a second person call and claim to have found your pet who will then try to collect any reward money in advance.

The Airline Ticket Scam involves a scammer calling and claiming that your pet somehow ended up in another state. They ask you to send money for a kennel and an airline ticket in order for them to ship your pet back to you.

Once the pet owner sends the money, the scammer walks away with it, leaving the owner without their pet and with less money in their bank account.

The following tips may prevent you from falling victim to a pet loss scam:

1. If you must place an ad, include only essential information. Refrain from providing information about unique markings or physical attributes.

2. If you get a call from someone who claims to be out-of-state, ask them for a phone number where you can call them back.

3. If a caller claims to have your pet in their possession, ask them to describe something about the pet that wouldn’t be visible in pictures which may have been posted.

4. Never wire money to anyone you don’t know.

Popular Passwords

One reason for the lack of security is the amount of passwords a user is required to remember to access the many databases, applications, multiple networks, etc., used on a daily basis.

Sharing passwords among users in a workplace is becoming a common theme to continue the flow of operations. Users have prioritized convenience over security when establishing passwords. The article provided a list of millions of stolen passwords posted on-line by hackers and ranked the top 25 common passwords.

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passw0rd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

Do any of these look familiar?

A strong password is an important protection to help you have safer online transactions. Here are some steps you can take to create a strong password. Some or all might help protect your online transactions:

• Length. Make your passwords long with eight or more characters

• Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

• Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months

• Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.

SMS Scams

These unsolicited text messages claim that your mobile phone number has been selected as the winning entry in a lottery or promotion. The texts claim that you have therefore won a substantial sum of money or, in some versions, a valuable prize such as a car.

To claim your prize, you are instructed to call or email using contact details included in the message.

However, the lottery or promotions mentioned in the text messages do not exist and there is no prize. The promised prize is simply the bait used to get you to contact the criminals responsible for the scam.

If you fall for the scam and make contact as instructed, you will soon be asked to send money, supposedly in order to allow the release and transfer of the prize. The scammers will claim that this money is required to cover expenses such as tax, legal, insurance or banking fees.

They will insist that these fees cannot be deducted from the prize itself. If you comply and send the first fee requested, the scammers will invent other "expenses" that must be paid in advance before the prize can be handed over.

Requests for money are likely to continue until you realize that you are being scammed or simply run out of money to send. During the course of the scam, you may also be asked to provide a substantial amount of personal and financial information, supposedly as a means of proving identity and allowing transfer of the "prize money". The scammers may subsequently use this information to steal your identity.

Advance fee lottery scams are certainly not new and have been around for many years. Advance fee scammers use a variety of methods to reach potential victims, including email, surface mail, fax, social networking and, now SMS.

The scammers often claim that the prize or promotion is connected to a high-profile company such as Nokia or Microsoft. The scammers use the names, and, sometimes, the logos and trademarks of such companies without permission as a means of making their claims seem more legitimate.

You need to be very cautious of any unsolicited message that claims that you have won money or a prize in some form of lottery or promotion that you have never even entered.

Be wary of any message in any format that claims that your name, phone number or email address has been randomly selected as the winner of a substantial prize. Genuine lotteries do not operate in this manner. If you receive such a scam message, do not reply or respond to the scammers in any way.

Holiday Shopping Season Tips

Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, sale of fraudulent or stolen gift cards through auction sites at discounted prices, and phishing e-mails advertising brand name merchandise for bargain prices or e-mails promoting the sale of merchandise that ends up being a counterfeit product.

Fraudulent Classified Ads or Auction Sales

Internet criminals post classified ads or auctions for products they do not have. If you receive an auction product from a merchant or retail store, rather than directly from the auction seller, the item may have been purchased with someone else's stolen credit card number.

Contact the merchant to verify the account used to pay for the item actually belongs to you. Shoppers should be cautious and not provide credit card numbers, bank account numbers, or other financial information directly to the seller. Fraudulent sellers will use this information to purchase items for their scheme from the provided financial account. Always use a legitimate payment service to protect purchases. Diligently check each seller's rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100% positive feedback, if they have a low total number of feedback postings and all feedback was posted around the same date and time.

Gift Card Scam

The safest way to purchase gift cards is directly from the merchant or authorized retail merchant. If the merchant discovers the card you received from another source or auction was initially obtained fraudulently, the merchant will deactivate the gift card number, and it will not be honored to make purchases.

Phishing and Social Networking

Be wary of e-mails or text messages you receive indicating a problem or question regarding your financial accounts. In this scam, you are directed to follow a link or call the number provided in the message to update your account or correct the problem.

The link actually directs the individual to a fraudulent Web site or message that appears legitimate; however, any personal information you provide, such as account number and personal identification number (PIN), will be stolen. Another scam involves victims receiving an e-mail message directing the recipient to a spoofed Web site. A spoofed Web site is a fake site or copy of a real Web site that is designed to mislead the recipient into providing personal information. Consumers are encouraged to beware of bargain e-mails advertising one day only promotions for recognized brands or Web sites. Fraudsters often use the hot items of the season to lure bargain hunters into providing credit card information. The old adage "if it seems too good to be true" is a good barometer to use to legitimize e-mails. Along with on-line shopping comes the growth of consumers utilizing social networking sites and mobile phones to satisfy their shopping needs more easily. Again, consumers are encouraged to beware of e-mails, text messages, or postings that may lead to fraudulent sites offering bargains on brand name products.

Tips

Here are some tips you can use to avoid becoming a victim of cyber fraud:

• Do not respond to unsolicited (spam) e-mail

• Do not click on links contained within an unsolicited e-mail

• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening

• Avoid filling out forms contained in e-mail messages that ask for personal information

• Always compare the link in the e-mail to the web address link you are directed to and determine if they match

• Log on directly to the official Web site for the business identified in the e-mail, instead of "linking" to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information

• Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine

• If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively

• If you receive a request for personal information from a business or financial institution, always look up the main contact information for the requesting company on an independent source (phone book, trusted internet directory, legitimate billing statement, etc.) and use that contact information to verify the legitimacy of the request

• Remember if it looks too good to be true, it probably is.

Twilight Scams

If you are doing a Web search you will see results such as “nude pictures of Taylor Lautner,” “Robert and Kristin kissing,” and “Twilight true love.” Clicking these links can infect your computer, tablet, or smartphone with viruses or keyloggers.

There will be more of this malware as the excitement around the movie grows.

This isn’t the first time fans of Twilight Saga have been the target of a scam. In April, 2011 a Twilight scam spread virally on Facebook so that when Twilight fans tried to play Twilight: Breaking Dawn, they discovered they first had to “like” the game, and then it would get posted to their Facebook wall, spreading to their friends.

The victims were then asked to okay a Facebook application to access their account and to complete a form th at asked for personal information.

So be suspicious of links like these and verify each application before giving it additional permissions on Facebook.

Here are other signs of scams that could surround the Twilight hype:

1. Fake online sneak previews or complete downloads of the movies, usually accompanied by fake comments from supposedly delighted users

2. Page links that lead to surveys that collect personal details for spammers, or insist users first download a toolbar or special viewer, either of which, in reality, installs spyware, a virus or fake anti-virus software onto computers

3. Phony digital (ebook) versions of the series, again leading to the kind of scams outlined in the point above

4. Subject headings for web pages and emails with some sort of sensational claim about one of the characters, luring curious fans to visit or open attachments.  

Free Airline Tickets Scam

The messages are being left on people's walls as though they are from Facebook friends.

“Aweet! i just got 2 free flight vouchers from Southwest Air to fly to any destination i can think of lmao!,” one message says. “i didnt believe it would work but it was, got it here..[LINK] try for yourself i just figured i would share with everyone.”

The fact is Southwest isn't giving away any free tickets. If you fall for the scam and click on the link, you will be taken to a site that appears to be the official Southwest site, but is actually a fake site set up by the scammer.

When you get to the site, you'll be asked to allow installation of third-party software to allow you to register for the tickets. If you agree, you will download malware that can access your profile and post messages from your account.

A variation of the scam leads you through a maze of multiple surveys, resulting in no tickets for your efforts. Southwest alerted customers through social media Monday, warning them of the fraud.

The scams have a common theme and every few weeks resurface with a slight variation.

Last month the hot Facebook scam was the promise of free giftcards from Starbucks. It read along the lines of “Facebook Users!, Starbucks is gifting away new giftcards! Rush, Dont waste any time. Here is webpage (link) There just 241 left!!!

The rest of the scam is pretty much the same and entices you into downloading an application that gives the scammer access to your Facebook account.

According to Softpedia.com, a recent bust by the FBI showed a cybercrook gang took in $14 million off a similar scam.  

Online Holiday Scams to Avoid

1. Mobile malware: More of us are using our phones for shopping, to research products or to redeem coupons. McAfee says Android phones are "most at risk," citing "a 76 percent increase in malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform."

McAfee also says new malware "has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy."

2. Malicious mobile apps: "These are mobile apps designed to steal information from smartphones, or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China."

3. Phony Facebook promotions and contests: "Who doesn’t want to win some free prizes or get a great deal around the holidays? Unfortunately, cyber scammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information." One recent scam promised two free airline tickets — something that sounds appealing at this time of year especially — "but required participants to fill out multiple surveys requesting personal information."

4. Scareware, or fake antivirus software: We've seen lots of examples this year. "Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk — or already infected — so they agree to download and pay for phony software." McAfee says it's one of "the most common and dangerous Internet threats today, with an estimated 1 million victims falling for this scam each day."

5. Holiday screensavers: Ah yes, we love our screensavers for special times of the years like Christmas. But some of the free ones are loaded with more than holiday cheer. "A recent search for a Santa screensaver that promises to let you 'fly with Santa in 3D' is malicious," McAfee says. "Holiday-themed ringtones and e-cards have been known to be malicious too."

6. Mac malware: Those two words wouldn't have even been put together in the same sentence a few years ago. But, as McAfee correctly says, "with the growing popularity of Apple products, for both business and personal use, cyber criminals have designed a new wave of malware directed squarely at Mac users." McAfee Labs says as of a year ago, there were "5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent month on month."

7. Holiday phishing scams: "Cyber scammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information."

A "common holiday phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyber scammer."

Bank phishing scams "continue to be popular and the holiday season means consumers will be spending more money — and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day."

And, "smishing" — phishing by text message, usually involving banking — is also a growing problem. "Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated — and collects the user’s personal information including Social Security number, address and account details."

8. Online coupon scams and offers: Whether you're an extreme couponer or an occasional one, the season is rife with good online offers — and malicious ones. "Scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information," McAfee says. "One popular scam is to lure consumers with the hope of winning a 'free' iPad. Consumers click on a 'phishing' site, which can result in email spam and possibly dealing with identify theft." Another is that "consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit-card details, passwords and other financial data."

9. Mystery shopper scams: "There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers."

10. Hotel "wrong transaction" malware emails: "In one recent example, a scammer sent out emails that appeared to be from a hotel, claiming that a 'wrong transaction' had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine."

11. “It” gift scams: Looking for the kind of gift that might sell out quickly this year? "When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t have them," says McAfee. "So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse."

12. “I’m away from home” scammers: You know this by now, or should: "Posting information about a vacation on social networking sites could ... be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them. Furthermore, a quick online search can easily turn up their home address."

Protecting yourself:

Here are some of McAfee's tips on staying safe in general, but especially in the weeks ahead:

•"Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them."

•"Be extra vigilant when reviewing and responding to emails."

•"Watch out for too-good-to-be-true offers on social networks (like free airline tickets). Never agree to reveal your personal information just to participate in a promotion."

•"Don’t accept requests on social networks from people you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home

Gift Card Scam

Most commonly, thieves case racks of gift cards in stores, writing down the identifying numbers or using a scanner to lift information from their magnetic strips.

Armed with the data, they head home to their computers and wait for customers to buy the cards. They repeatedly check websites that display gift card balances, which tell them when the card is activated. As soon as it's activated, they spend the balance in an online shopping spree.

In a more sophisticated variation of the scam, the thieves also steal a blank card to create a counterfeit card they can use in a store as well as online. In both cases, customers often don't find out their gift is null and void until the intended recipient receives it, weeks or months after the original purchase.

The scams are possible because most retailers simply don't package their gift cards well enough to conceal the identifying numbers And while the greatest risk lies with so-called "closed-loop" cards that can only be used at a single store such as Target or Best Buy, thieves can also target "open-loop" cards issued by credit card companies. They swap activation stickers attached to the outside packaging, so that a consumer buys one card but activates the one possessed by the scam artists.

Other scammers target consumers who buy gift cards from online exchanges such as PlasticJungle or auction sites such as eBay.

Some thieves try writing down their card's numeric identifiers, selling the card to the discount website and then racing to spend the card's balance before a new buyer has the chance to do so.

Tips for avoiding gift cards scams

• Don't buy gift cards displayed prominently within the store. Ask sales clerks to sell you cards from the back room or behind the customer service desk

• Examine cards and packaging for signs of tampering. Don't buy a card where the coating covering the PIN number has been scratched away or the activation sticker isn't firmly affixed

• Spend the gift card as soon as possible. Don't put the card in a drawer for months. The longer consumers take to spend their gift cards, the more time thieves have to do it for them

• Beware of online exchanges and auction sites. The Federal Trade Commission advise against buying cards from online exchanges or auction sites because of the possibility of buying stolen cards. Instead, buy cards directly from retailers  

AT&T Phishing Scam

According to the message, if you wish to keep your account you must verify it by replying with your username and password details.

Please note that the email is not from AT&T and the claim that all unused accounts are about to be closed is false. The message is an attempt by criminals to trick you into divulging your account login details. If you fall for the scam and send the requested details, you will be effectively handing control of your AT&&T account to the scammers.

Once they have collected your details, the scammers can login to your compromised account, steal more personal information stored in the account's files and use the account to launch further scam and spam campaigns.

Often, the scammers use the hijacked accounts to send typical "stranded in a foreign country" scam messages to people on your contact list. Because the messages apparently come from a person that you know, you may be more inclined to believe the scammer's story and send money as requested.

AT&T will never send you an unsolicited email that expects you to reply with sensitive information such as passwords. Nor will any other legitimate Internet or telecommunications company.

If you receive one of these emails, do not reply. Do not open any attachments that the message may contain and do not click any links in the email.

Online Vehicle Scam Using Kelley Blue Book's Name

Some people reported that the fraudster sent pictures of the vehicle as well. Once the purchase was agreed upon, the fraudster sent the complainant an official-looking e-mail, supposidly from KBB, instructing them to wire the payment to a KBB agent. Upon contacting the actual KBB company, complainants were advised that it was a scam and that KBB does not offer an escrow-based buyer-protection plan. Recent articles have been posted on the KBB website warning consumers of this particular scam.

Archive 16