Category: Phishing

Careless Facebook profiling can lead to Identity Theft!

Paul

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

Something users shouldn't do!!!As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

This deservese a little mind and a lot of understanding.   By the spammers hacking into facebook accounts they have the chance to scam or spam people with links to possibly have a virus or trojan installer.

[ad#ad2-right]For example This one blog talks about the Virus:

Symantec’s Norton Antivirus software has flagged this as a “high risk” Infostealer.Gampass virus. More info on this particular Trojan vius is here. (Note: Symantec warns the risk level is “low,” since it originated in 2006, but this new Facebook email is a new iteration of the same virus.)

You might be inclined to click on this link because it’s from a friend, but they did not intentionally send it to you — and yes, their Facebook photo is attached, too.

[Via Sync-blog]

facebookident2Now I went searching through my friends list and also found this little bit of information.  As you can see this one is asking for people to use there account to scam people out of money.  They could use this to find out even more information of the Other partner and make you believe your talking to the real deal.   Saying they need money because they are stuck over seas or something like that.   I’ve seen this on other blogs where people have sent money to “friends” but are actually people who are the scammers.  Then if you send the money you are out of luck with your money and possibly your friends to.  I am sure there are more but this is prime examples of what you shouldn’t do and why.

So what can you do to prevent Identity Theft and/or being scammed?

    [ad#cricket-right-ez]

  • Roboform Review — A Password Manager that will help protect your passwords from key loggers and other such phishing sites.    I strongly recommend it to to all who are security minded. (Never use the same password for all your accounts)

  • Are you worried about your identity? — This is good information in checking out sites that might be questionable.  You can find out what type of site it by using your brains.

  • Old Phish Become New again — This is blog post about twitter and what may happen if you did give out your password.   This is a good example of why you never should give out your password to third party websites.

  • Twitter Spammers a getting more smarter — This is also good example of what happens when you see become friends with someone who isn’t real.   You could be the next to be spammed and/or impersonated.

If you follow some common steps you to could prevent from being the victim or getting your Identitiy stolen.   Some things to remember is Never tell anyone your Birthday the whole date like someone did on twitter a few days ago.  It’s nice that they are growing older but that gives people that much more information to use to steal your money or your idenitiy.   Think before you give out any personal information like Age, Married, who your married to and anything that might be used to be able to access your account or your impersonate you.  Remember only you can prevent from being scammed or lossing your identity, you wouldn’t want to have to pay for your mistakes.

Tech Journalist breaks the silence — Journalist got Pwned!!

Paul

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam The Face Of A Facebook Phishing Scam
[Click Picture to see the full story]

[ad#ad2-right]As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

You could be the next person to have your Identity taken away from you.  So what should you do to prevent this type of phishing attacks, assume any email you get from Facebook, Myspace, Twitter, and Any other Social Sites to be a possible phish email.   These are always going to be a problem for these sites.  The spammers want access to be able to spam your friends and family with links, or to make you look foolish.  This is the reason they do it for Money or just for laughs.

One thing to remember is having a strong password will make it that much harder for you to be phished because if you can’t remember it you will be more careful.  I will keep preaching this having a good Firewall and Anti-virus will also prevent you from getting viruses from these type of phishing attacks.  It will also make it much more harder to go to sites that smell like Phish.  Remember only you can keep your identity a secret.

Phishing sites pop up for IRS!

Paul

Well, this just came to light with The Spywareguide blog. I’ve seen some activity about Where’s my refund lately and I thought I tell you how to make sure you’re on the right site. If you’re expecting a refund check the OFFICIAL SITE. The Official Site is http://www.irs.gov and nothing else. If you want to find out about some of the most common Phishing attempts check out the Phishing advice from the IRS.

[ad#ad2-right]The Spyware Guide blog talks about sites that looks to be IRS but are actually just phishing for information.  Some of the ones they talk about are:

gicrisis.org/data/refundtax/SearchTAXERR.php

irs-2009.com/refund/refunds.html

collectrefund-irs.com/refund/refunds.html

cimaonline.ca/application/Internal/Revenue/Service/pas.php?certegy_vm=trueportlet_change_1_actionOverrideFchaseonlineFchangeFprocessDetails_windowLabel_portlet_process_pageLabel_page_process

jklabs.cz/phpayv2/admin/import/.secure/www.irs.gov/get-refund/refunds.php?Where_is_my_refund&Get_Refund

Although this list will most likely change this is just starting for people who filed there income tax. Some things to Remember are:

You can generally access information about your refund 72 hours after IRS acknowledges receipt of your e-filed return, or three to four weeks after mailing a paper return

Via IRS.GOV

So if you’ve filed your Taxes it should be getting to you in 3 to 4 weeks although as you get closer to the March 15, 2009 Deadline it will take longer so you should consider filling early to prevent from having to wait to long for your return.  If you follow the rule that any email claiming  to be from IRS is not true and shouldn’t click or install any software.  You should however tell the IRS as quickly possible about this attempt to get sensitive information.  If you want to protect your  system from virus or even think you have a virus, trojan, or Malware please check my Malware Resource for further information on removing it!!

.

Looks Like Monster.com and UsaJobs.gov was Hacked : Change your PW!!

Paul

[ad#ad2-right]

As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include – sensitive data such as social security numbers or personal financial data.

As a further precaution, we want to remind you that an email address could be used to target “phishing” emails. Monster will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, “tool” or “access agreement” in order to use your Monster account.
[Via Monster.com]

UsaJobs.Gov is a partner with Monster.com so You should think about changing your Password.    They Also think this will be used for Phishing, if you have any doubts to the authenticity of email.  I’d suggest doing a google search on the company or name of the person who emailed you that way you can be well informaed before you do decide how you will handle it.   Also Remember most times if they ask you download software, it is probably Malware and should be scanned by your Anti-virus software.

Spammers defies Bill Gates ‘magic Solution’

Paul

Sopho’s published statistics and I thought I would talk about it here.   Bill Gates promised to have a Magic Solution 5 Years ago.   Sophos Also provide a Chart of the Dirty Dozen:

dirty-dozen-q408

Sopho’s also is claiming that “US retains its crown as spam king“.    I don’t think so because of the the Other 32.4%.   The US can’t be the main culprit to spam.    So What was this ‘Magic Solution’ that they promised 5 years ago?

Microsoft has two techniques in mind for solving the spam issue, both based on the premise of changing the economics of email to place a greater burden on the sender.

[Via CBR]

Microsoft did have some good ideas but they wouldn’t work for right now because the first part of the ‘magic Solution’ was to add  mathmatical question to each and every email we sent out.   I know that this wasn’t going to work because hackers have already created a systems to get around the captcha verification.

[ad#ad2-right]Spammers of course are the ones  who is sending out the spam but they have people who write virus software, which I consider a hacker.  You see they want to infect systems so they can easily send out even more email.  When a system becomes a Botnet they usually are used to send out email.  If your curious as to what a Botnet is Check out the Wikipedia entry for further details.  So they need these systems to be able to send out spam, and other types of email phishing.   Most of the time a spammers  spam just for money because they make money by spamming people.   I hate spam because it clogs up our email accounts with unwanted emails.

So Did Microsoft come up with a fix?  According to Sopho’s they seem to be dropping percentages from 2004 to now in the US.   I have to wonder if Microsoft proclomation made them worry and go outside of the US.   I don’t think it will stop in fact, I suspect with the economy like it is we will undoubtedly start seeing even more spam and even more computer infections.

In order to prevent yourself from viruses and computer infections, you will need to install Anti-virus software and a Good firewall, not just the Default Windows Firewall.  This will greatly increase your chances of not getting a virus and possibly help prevent some of the spam.   You should also tell your associates or customers the benefits of preventive updates.  You should also remind people about not clicking links in emails and also not everything you read is true.