FTC Kills “MAKE MONEY FROM WEBSITES” Scam

Posted on 15 May/2012 by mxw

An Own-Your-Own Website Business Opportunity where consumers would make money from links to major retailers was halted by the FTC.
An operation that lured consumers into spending thousands of dollars for Internet websites and advertising by misrepresenting that they could make lots of money by linking the sites to major retailers. The court ordered a stop to the defendants’ allegedly deceptive practices and froze their assets pending further litigation. The action is part of the FTC’s ongoing efforts to protect consumers in financial distress.

There are many of these ‘Business Opportunities’ on the Internet and only the most egregious (read “Greedy”) are ever brought to account. The rest go on taking millions of people’s hard earned money with dubious, immoral, illegal and downright criminal schemes. As soon as the current pool of suckers is exhausted and/or the law start sniffing around, they close up shop and reopen with a new name, domain name and logo and just carry on.
Continue reading

Posted in Dodgy Products, Email Scams, Online Advertising, Websites | Tagged , | Leave a comment

Alleged Image Copyright Theft Scam is a Money Spinner

Posted on 30 Apr/2012 by mxw

I got a comment recently on my blog about a scam that I was unaware of but which, after a small amount of research has made me boiling mad.

First, some background

The Internet is awash with images – mostly pictures of my cat, My Cat (c) Me, 2011 I admit, but they are everywhere – the World Wide Web is now a massively visual medium, made worse by social sites such as Facebook. The problem is, each one of these images is owned [by somebody] and they often don’t take kindly to anyone else using them without permissions [or payment].
The kings of the Pay-to-use images world are the stock photo libraries – massive databases of images, all of which have complex rules and pricelists depending on how, where and how long the image is used. It ay be 99c to have a thumbnail on your website or many $$ thousands to license an image to print on tee shirts or have as part of your company logo.

If you are looking for a picture, say, of a cat playing the piano, you can find many, many of them on any search engine. But each image has it’s own rules about usage.
Continue reading

Posted in Email Scams, Extortion, Scam Reports, Websites | 4 Comments

How do they make blog spam so hard to detect?

Posted on 23 Mar/2012 by mxw

Anyone that has visited a blog or forum will have seen those vaguely annoying one line posts that are generally bad grammer and say nothing except what a great blog it is, how they’ll be back soon and to keep up the good work, right?

Well that is so-called ‘Comment Spam’ and it is the bane of website owners like email spam is to, well, just about everyone else!

What they’re doing is embedding a link to a website either in the profile of the user, the ‘sig’ in the post or even inline in the comment. The vain hope is that ubiquity = high search engine ranking. Anyone who owns a forum will tell you that 90% of their time is spent combing comments for trash like this. Services such as Akismet can catch an awful lot of spam, if supported.
Continue reading

Posted in humor, spam, tools | Tagged , | 4 Comments

Don’t buy a vehicle from a “Curbstoner”

Posted on 7 Mar/2012 by mxw

OK, so what, precisely, is a Curbstoner?

Here’s some background:

You know that place on your commute that always has a bunch of cars for sale? the patch of waste ground by the stoplights?

That’s almost certainly a curbstone site. Curbstoners are unlicensed vehicle dealers, called as such because they tend to park a selection of cars for sale in popular areas along the curbstones. They operate in this way because a private sale of a vehicle is not covered by the legal restrictions that a dealer must abide by.

Why are they bad?

Several reasons:
Continue reading

Posted in Scam Reports, shopping scams, Tax Scams, Vehicle Scams | Tagged , , , | 2 Comments

Best places in the US to get Scammed Online!

Posted on 23 Feb/2012 by mxw

A report by Symantec (the somewhat self-interested PC Security company) has produced a report that lists the top ten places in the US to be scammed online.

The nation’s capital, Washington DC, is top of the cybercrime rankings, mainly due to its high saturation of smartphone usage (second in the country), but the large number of politicos, lobbyists [and all their money] must be a significant factor too.

It’s not all bad news, the study helpfully tells us that the top rated cities for risk of cybercrime are not necessarily the top rated cities for actual infection.

Risk elements that make this list are smartphone usage, widespread Wi-Fi hotspots and heavy Internet throughput which is presumably what brought Sacramento into the top ten for the first time. Sacramento apparently scored above average across all cybercrime risk categories.

1. Washington, D.C.
2. Seattle
3. San Francisco
4. Atlanta
5. Boston
6. Denver
7. Minneapolis
8. Sacramento, Calif.
9. Raleigh, N.C.
10. Austin, Texas

At the bottom of the list are cities such as Tulsa, Detroit and El Paso.

Symantec’s conclusions are to beware of using Wi-Fi hotspots for sensitive transactions and to use complex, unguessable passwords for all your online transactions. (and that does not include ‘abc123’, ‘qwerty’ or ‘password’, Mister!).

The full report, with complete ranking of the top 50 cities can be found here

Posted in Anti-Scam Protection, Identity Theft, Scam Reports | 5 Comments

Big Internet (Facebook, Google) gets serious about Email Scams.

Posted on 31 Jan/2012 by mxw

And this time, they seem to be serious, joining together these powerhouses:

* Big Internet: Google, Facebook, Microsoft, Yahoo, AOL, LinkedIn etc.

* Big Money (aka financial service providers): Bank of America, Fidelity Investments and PayPal.

* Big Security: Agari, Cloudmark, eCert, Return Path and the Trusted Domain Project

To fight Email Scams, specifically Phishing Scams. Such scams try to trick people into giving away passwords and other personal information by sending emails that look as if they come from a legitimate bank, retailer or other business. When Bank of America customers see emails that appear to come from the bank, they might click on a link that takes them to a fake site mimicking the real Bank of America’s. There, they might enter personal details, which scam artists can capture and use for fraud.

To combat that, 15 major technology and financial companies have formed an organisation to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC – short for Domain-based Message Authentication, Reporting and Conformance. In a nutshell, it is another way (in addition to the SPF and DKIM checking already available) to make sure hat an email is really form the organization that it says it is.

Most Phishing emails pretend to come from a respected institution and it is a simple matter to claimthat the message came from the domain name of the trusted entity. This is the first step in establishing trust – if an email arrives that seems to come from ‘accounts@paypal.com’, one’s guard is just that little bit lower.

DMARC aims to prevent those emails from ever arriving by intelligent checking and has a feedback mechanism that alerts the real organization that the event has occured.

It’s not going to stop email from addresses that use obfuscated (accounts@paypal.com.asjdgh.gyutut.com) or maliciously mis-spelled (accounts@paypai.com) or just completely fake email addresses (accounts@paypalbillingsupport.com)
…but it’s a start and Scamdex for one applauds it!

More information [than anyone probably needs to know] is available at the DMARC website

Posted in Anti-Scam Protection, ebay, Email Scams, Facebook, Google, Identity Theft, Phishing | Leave a comment

Fake ‘Scam’ Website to Educate Consumers.

Posted on 20 Jan/2012 by mxw

A new initiative has been launched by the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) to educate consumers about the pitfalls of internet scams. They have recently launched an educational campaign that includes a fake ‘scam’ website.

There are two components to this website: the first is a “teaser” page that appears to sell the consumer an irresistible deal. It has been modeled to look very much like many of the websites that promise guaranteed results, but in fact deliver nothing in return for the consumer’s money, or result in identity theft of consumer’s personal information. On clicking any of the links to find out more information, the consumer is directed to a second page that reveals that the first page is an example of a scam and is brought to the consumer by the Massachusetts Office of Consumer Affairs.

Most importantly, there is information about spotting similar fake advertisements. The website contains valuable information about how to protect yourself as a consumer, and a number of resources to consult if a consumer has become a victim of a scam.

Here is a link to the fake scam website: Fake Scam Website from OCABR


If you have any questions regarding this initiative or the efforts of the Massachusetts Office of Consumer Affairs and Business Regulation, contact visit their website at www.mass.gov/consumer.

Posted in Anti-Scam Protection, Email Scams, Identity Theft, Scam Reports | Leave a comment

Phishing Scam of the Day (PenFed)

Posted on 16 Dec/2011 by mxw

We received an email today with the promise of a $50 credit to my Pentagon Federal Credit Union (PenFed) account if I completed a customer service survey. The “survey” was sent as an attached HTML (web page) file, which, when completed went to the homepage of PenFed.

Apart from the simple questions, the final part of the form asked for the online account usrname and password and also the PIN number for the bank. If anyone did fill in this form, they will have handed over the keys to their bank account and should expect it to empty pretty quickly.

This is a common enough scam, but stands out for the clever use of bait ($50) and the simple but plausible task required to receive the bait. Enough to blind the recipient to the dangers.

What actually happens when you click ‘Continue’ in the form is that the detalils you entered are sent to a Texas-based Comcast computer –
IP Address 98.195.57.33 (Information on this IP from DomainWhitePages Information) and then immediately redirected to the PenFed website where the user will feel comforted by the secure website url (https://www.penfed.org/)

The only real mistake this scam makes is to use untargetted spam to deliver the message. Non-PenFed members are unlikely to click through and the chances are that websites such as Scamdex.com will pick it up and close the operation down. As of this post, the server is still up and running………

Posted in banking, Email Scams, Identity Theft, Phishing, spoof websites | Leave a comment