Anti-Scam Protection

Scammers turning your WordPress Website into a Spam/Malware Distributor

So I get an email from Google complaining that several links from my son’s blog (which I will not name here) are linking to malware sites. The sample links they included were valid but completely foreign to the site, and the pages themselves were mangled versions of existing blog posts, with long lists of search engine spam and a few websites.
Needless to say, these were not of our making so I set out to investigate and clear them down as soon as possible.
The blog is concerned with my 12 year old son’s love of all things Lego which, since getting his own laptop and discovering Minecraft, has been languishing since his last post in July 2012.
The spam pages are not referenced from the valid blog pages in any way and have been in place since October. Only Google, chiding me about pages with my Adsense code being used to point to Malware alerted me to the breech. Otherwise I would never have noticed.

How it got there?

I suspect that the intrusion method was a theme I installed in October. It’s just a guess though – WordPress is so ubiquitous, I’m sure there are loads of vulnerabilities, especially if the constant stream of updates is anything to go by. Suffice it to say that they got in, and with enough authentication to allow them to upload files.

What I found

I found a couple of anonymous type directories under the ‘/wordpress’ directory: “imgxkm” and “imguut”. The content was a load of files of the form 74XXXXX.html. Each file was a complete webpage which seems to be spam content mixed with genuine blog page content. There was also an index.php.txt file which does a lot of stuff which I was in no mood to examine.
The important file, the one that makes the whole thing work is a .htaccess file. For those not in the know, this file is the Swiss-army penknife for web developers – it can make black into white and cure cancer – it can also take a mangled-looking url and make it go to a perfectly normal-looking webpage (and vice versa). Anyway, the job of this one was to take those odd looking SEO-spammy type urls and serve them up with a content-rich webpage – all without the website owner knowing a thing about it.

What Now?

I dont have time to completely debug this issue, I’m just glad to have found it (thanks to Google’s ever vigilant search engine spam detection algorithms). If you get messages from Google relating to webpages that you dont recognize, check for .htaccess files like this one.

Bon Chance!

Best places in the US to get Scammed Online!

A report by Symantec (the somewhat self-interested PC Security company) has produced a report that lists the top ten places in the US to be scammed online.

The nation’s capital, Washington DC, is top of the cybercrime rankings, mainly due to its high saturation of smartphone usage (second in the country), but the large number of politicos, lobbyists [and all their money] must be a significant factor too.

It’s not all bad news, the study helpfully tells us that the top rated cities for risk of cybercrime are not necessarily the top rated cities for actual infection.

Risk elements that make this list are smartphone usage, widespread Wi-Fi hotspots and heavy Internet throughput which is presumably what brought Sacramento into the top ten for the first time. Sacramento apparently scored above average across all cybercrime risk categories.

1. Washington, D.C.
2. Seattle
3. San Francisco
4. Atlanta
5. Boston
6. Denver
7. Minneapolis
8. Sacramento, Calif.
9. Raleigh, N.C.
10. Austin, Texas

At the bottom of the list are cities such as Tulsa, Detroit and El Paso.

Symantec’s conclusions are to beware of using Wi-Fi hotspots for sensitive transactions and to use complex, unguessable passwords for all your online transactions. (and that does not include ‘abc123’, ‘qwerty’ or ‘password’, Mister!).

The full report, with complete ranking of the top 50 cities can be found here

Big Internet (Facebook, Google) gets serious about Email Scams.

And this time, they seem to be serious, joining together these powerhouses:

* Big Internet: Google, Facebook, Microsoft, Yahoo, AOL, LinkedIn etc.

* Big Money (aka financial service providers): Bank of America, Fidelity Investments and PayPal.

* Big Security: Agari, Cloudmark, eCert, Return Path and the Trusted Domain Project

To fight Email Scams, specifically Phishing Scams. Such scams try to trick people into giving away passwords and other personal information by sending emails that look as if they come from a legitimate bank, retailer or other business. When Bank of America customers see emails that appear to come from the bank, they might click on a link that takes them to a fake site mimicking the real Bank of America’s. There, they might enter personal details, which scam artists can capture and use for fraud.

To combat that, 15 major technology and financial companies have formed an organisation to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC – short for Domain-based Message Authentication, Reporting and Conformance. In a nutshell, it is another way (in addition to the SPF and DKIM checking already available) to make sure hat an email is really form the organization that it says it is.

Most Phishing emails pretend to come from a respected institution and it is a simple matter to claimthat the message came from the domain name of the trusted entity. This is the first step in establishing trust – if an email arrives that seems to come from ‘accounts@paypal.com’, one’s guard is just that little bit lower.

DMARC aims to prevent those emails from ever arriving by intelligent checking and has a feedback mechanism that alerts the real organization that the event has occured.

It’s not going to stop email from addresses that use obfuscated (accounts@paypal.com.asjdgh.gyutut.com) or maliciously mis-spelled (accounts@paypai.com) or just completely fake email addresses (accounts@paypalbillingsupport.com)
…but it’s a start and Scamdex for one applauds it!

More information [than anyone probably needs to know] is available at the DMARC website

Fake ‘Scam’ Website to Educate Consumers.

A new initiative has been launched by the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) to educate consumers about the pitfalls of internet scams. They have recently launched an educational campaign that includes a fake ‘scam’ website.

There are two components to this website: the first is a “teaser” page that appears to sell the consumer an irresistible deal. It has been modeled to look very much like many of the websites that promise guaranteed results, but in fact deliver nothing in return for the consumer’s money, or result in identity theft of consumer’s personal information. On clicking any of the links to find out more information, the consumer is directed to a second page that reveals that the first page is an example of a scam and is brought to the consumer by the Massachusetts Office of Consumer Affairs.

Most importantly, there is information about spotting similar fake advertisements. The website contains valuable information about how to protect yourself as a consumer, and a number of resources to consult if a consumer has become a victim of a scam.

Here is a link to the fake scam website: Fake Scam Website from OCABR



If you have any questions regarding this initiative or the efforts of the Massachusetts Office of Consumer Affairs and Business Regulation, contact visit their website at www.mass.gov/consumer.

Preventing Identity Theft by Credit Bureau Monitoring

Lifelock LogoLifeLock was arguably the first online business to provide consumer-targetted Identity Theft Protection. Since their start in 2005, LifeLock has provided a useful service providing consumers with the tools they need to help protect themselves from identity theft and manage their credit. Scamdex was and continues to be a firm proponent of organizations like LifeLock and there are many imitators out there. You may have seen the early ads where the CEO showed his Social Security Number.

LifeLock are now continuing their consumer protection services by a new product called LifeLock Credit Score Manager. This service monitors the big three credit bureaux on a  daily basis, sending alerts when changes are made to the member’s credit files. The service also provides members with monthly updates and online access to their TransUnion credit score, and annual updates to credit scores and reports for all three credit bureaus.

Credit rating downgrades can be due to errors, high balances, too many credit inquiries or Identity Theft (Someone takes out a loan using your ID).  Low credit ratings can cause higher interest rates or denial of credit or even employment.

If your continued credit-worthyness is important to you or your business, it makes a lot of sense to have the most up-to-date information and this product seems to provide a solution.

They have a 30 day free trial – If you signup from this link, Scamdex will benefit financially :’)

Get Credit Score Manager from LifeLock for FREE for 30 days!
Manage and monitor your credit score at LifeLock.com

Spoof websites bilk Caledonia man out of $30K

A man in Caledonia, Wisconsin thought he was buying a car from a reputable website (autotrader.com) and paying for it using a reputable financial site (amazonpayments.com). Turned out that both sites were so-called ‘spoof sites’ – Identical copies of valid website, used to capture personal information such as credit card numbers/passwords or, as in this case, to make it appear that a bona-fide tramsaction was taking place.2009 Porsche Cayman

The Porche Cayman he paid $30,000 for did not show up and by the time he realised, the cash had flown to Romania.

The lesson?

Never trust a link supplied to you from email or a website, especially if it is a financial transaction. Always go independantly to websites using your own bookmarks or typing the url in. it’s insanely easy to show the ‘correct’ link but to go to a different one when it is clicked. Financial Sites Always use ‘https’ instead of ‘httpd’. No Exceptions. Look at your online bank url when you are logged in some time.

Check the address bar of your browser. It’s trying to keep you safe.

Read More at the Caledonia Patch website (it’s the real one, trust me!)

Online Trading – A Warning!

Avoiding the Pitfalls of Online Trading, a guide by US-CERT


Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim.

What is online trading?

Online trading allows you to conduct investment transactions over the internet. The accessibility of the internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions.

What are the risks?

Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage’s database makes it valuable; this information can be traded or sold for personal
profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code.

Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks (see Avoiding Social Engineering and Phishing Attacks for more information). With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk.

How can you protect yourself?

  • Research your investment opportunities – Take advantage of resources such as the U.S. Securities and Exchange Commission’s EDGAR database and your state’s securities commission (found through the North American Securities (more…)

… and now the FTC weighs in.

After the IC3 list released earlier, the FTC publishes it’s own list of ‘Consumer Complaints’ for 2010

The Federal Trade Commission today released the list of top consumer complaints received by the agency in 2010. And for the 11th year in a row, identity theft was number one. Of 1,339,265 complaints received in 2010, 250,854 (19%)  were related to identity theft.  Debt collection complaints were in second place, with 144,159 complaints.

For the first time, “imposter scams” – where imposters posed as friends, family, respected companies or government agencies to get consumers to send them money – made the top 10. The FTC also has issued a new consumer alert, “Spotting an Imposter”, to help consumers avoid imposter scams.

The top consumer complaints were:

Rank Category Number of Complaints Percentage
1 Identity Theft 250,854 19%
2 Debt Collection 144,159 11%
3 Internet Services 65,565 5%
4 Prizes, Sweepstakes and Lotteries 64,085 5%
5 Shop-at-Home and Catalog Sales 60,205 4%
6 Imposter Scams 60,158 4%
7 Internet Auctions 56,107 4%
8 Foreign Money/Counterfeit Check Scams 43,866 3%
9 Telephone and Mobile Services 37,388 3%
10 Credit Cards 33,258 2%

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.