I would like to give a shout-out to a new site that I’ve come across – INFOMERCIALSCAMS.INFO.
InfomercialScams.info is a website designed to help the public identify all types of scams and schemes on and off the internet. They also try to help people distinguish between scams and actual deals by providing them with information on all the different types of scams and schemes that the good people at InfomercialScams.info hear about.
I had a quick look through and they have identified some new scams that I was unaware of (Video Game Tester, Jury Duty etc). Go see them and tell them Scamdex sent you!
I’ve seen hundreds of spam emails, for a year or more, that reference the Canadian couple, Violet and Allen Large.
The elderly couple, who lived in Nova Scotia, won $11.2 million in a Lotto 6/49 jackpot in July 2010. They decided, due to the fact hat they were retired and had plenty of savings to continue to live comfortably, to give away the bulk of their winnings to family, local churches and various charities.
Almost immediately, the scammers started sending out emails containing details of this true story. Typically, the pitch goes like this:
My wife Violet and I Allen Large won $11.3 million in a lottery 6-49 in July, 2010 and we have decided to donate the sum of $2,000,000.00 USD to you. Contact us via our personal email for more details (email@example.com). You can verify our story by visiting the web page below. http://www.ctvnews.ca/n-s-couple-gives-away-11m-in-lottery-winnings-1.570916
The link, which is usually to a worldwide news website article about the story, gives the scam bona fides. The amount ‘won’ is generally $2,000,000.
How it works
The scam is the typical ‘Advance Fee Fraud’ (aka Nigerian or 419), where a large sum of money can only be released by submitting a relatively smaller amount. This takes the form of taxes, bribes, customs, shipping, security, courier, lawyers and any other fees the scammer can think of. A check may arrive in the post, but it’ll be fake or stolen so don’t order your new Porsche just yet.
The amazing thing about these scams, which more usually are about Deposed Dictators’ fortunes, is how long they last. Scamdex has emails and Scam Tip submissions going back years and yet the scam must still have legs, judging by the continuing flow. Scamdex continues to collect, index, and publish information on these scams but …
Scammers have always relied on and profited from P.T Barnum’s famous maxim, “There’s a sucker born every minute”.
Read more: http://www.ctvnews.ca/canada/two-years-after-big-lottery-win-n-s-man-still-plagued-by-scam-artists-1.1194035#ixzz2SXBjhATt
A recent Scam Tip Off Report tells me of a Logistics Position for Recap Distribution. Supposedly operating in Finland, all the money seems to flow to Russia.
It’s a simple enough scam – You take a job as a ‘Receivables Clerk’. Packages arrive and you send them on to another address. Money comes in to your PayPal account, you ship it somewhere else bu Western Union.
Now you know that the packages were bought with stolen credit card numbers, right? and the money in your paypal account? same thing.
All goes well for a while until a cop turns up on your doorstep asking why you are (a) handling stolen goods and (b) money laundering. Demanding some kind of restitution.
So, if that kind of thing sounds good to you, go to the Recap Distribution Careers page on their website at RECAPDIST.COM
Which has been operating since way back in NOVEMBER 2012
Domain Name: RECAPDIST.COM
Registration Date: 14-Nov-2012
Expiration Date: 14-Nov-2013
Registrant Contact Details:
Danny Jones ()
SplashData.com recently published the following information regarding the most popular 2012 passwords on the web. The ranking was based on password information from compromised accounts posted by hackers online. The article was also featured on blogs.avg.com.
This year, the list is back! So it’s time to see how, if at all, users have learned their lessons about what makes a strong password.
Here’s the full list and how it compares to last year’s:
# Password Change from 2011
1. password Unchanged
2. 123456 Unchanged
3. 12345678 Unchanged
4. abc123 Up 1
5. qwerty Down 1
6. monkey Unchanged
7. letmein Up 1
8. dragon Up 2
9. 111111 Up 3
10. baseball Up 1
11. iloveyou Up 2
12. trustno1 Down 3
13. 1234567 Down 6
14. sunshine Up 1
15. master Down 1
16. 123123 Up 4
17. welcome New
18. shadow Up 1
19. ashley Down 3
20. football Up 5
21. jesus New
22. michael Up 2
23. ninja New
24. mustang New
25. password1 New
So I get an email from Google complaining that several links from my son’s blog (which I will not name here) are linking to malware sites. The sample links they included were valid but completely foreign to the site, and the pages themselves were mangled versions of existing blog posts, with long lists of search engine spam and a few websites.
Needless to say, these were not of our making so I set out to investigate and clear them down as soon as possible.
The blog is concerned with my 12 year old son’s love of all things Lego which, since getting his own laptop and discovering Minecraft, has been languishing since his last post in July 2012.
The spam pages are not referenced from the valid blog pages in any way and have been in place since October. Only Google, chiding me about pages with my Adsense code being used to point to Malware alerted me to the breech. Otherwise I would never have noticed.
How it got there?
I suspect that the intrusion method was a theme I installed in October. It’s just a guess though – WordPress is so ubiquitous, I’m sure there are loads of vulnerabilities, especially if the constant stream of updates is anything to go by. Suffice it to say that they got in, and with enough authentication to allow them to upload files.
What I found
I found a couple of anonymous type directories under the ‘/wordpress’ directory: “imgxkm” and “imguut”. The content was a load of files of the form 74XXXXX.html. Each file was a complete webpage which seems to be spam content mixed with genuine blog page content. There was also an index.php.txt file which does a lot of stuff which I was in no mood to examine.
The important file, the one that makes the whole thing work is a .htaccess file. For those not in the know, this file is the Swiss-army penknife for web developers – it can make black into white and cure cancer – it can also take a mangled-looking url and make it go to a perfectly normal-looking webpage (and vice versa). Anyway, the job of this one was to take those odd looking SEO-spammy type urls and serve them up with a content-rich webpage – all without the website owner knowing a thing about it.
I dont have time to completely debug this issue, I’m just glad to have found it (thanks to Google’s ever vigilant search engine spam detection algorithms). If you get messages from Google relating to webpages that you dont recognize, check for .htaccess files like this one.
Running the Scamdex Website isn’t a full-time job but occasionally I fall foul of the lovable rogues who perpetrate these scams and who get upset when I tell people about their doings. For example, from mid November in 2012, I had a week of distributed denial of service (dDos) attacks which effectively made Scamdex.com stop responding to requests.
A day or so into the attack, I was contacted by the instigator; a nice Russian scammer who said “You see I can bring your server down, now remove the post”. He referred to a post someone had made in the Scam Tip Off Reports section of the site.
I’m sad to say that I had no option other than to comply with is threat on the grounds of ‘The Greater Good’. Cowardly you may say, but dDos attacks are not to be taken lightly and while they were going on, no-one would be able to see anything on Scamdex.
You have all seen the effects that dDos attacks have on even the biggest Internet presences – with all their resources and experts, they can still be reduced to server farms full of technically dead servers – Scamdex really can’t fight this.
I’m sorry if the Russian scammed someone who just might have been saved if the original post had remained online, but my duty is to the whole Internet community, above and beyond the individual. Mea Culpa!
The massively informative “Krebs on Security” Blog published this graphic which is a startling depiction of just how valuable a compromised PC can be to cyber criminals.
Often the owner of such a PC does not even know that this has happened, and there are millions that have. Check your own PC regularly for oddities and update your malware/virus/firewall softwarre to prevent your own machines becoming a tool of scammers.