Tag Archives: scam

LinkedIn Phishing Scam

Posted on by
Comment

Another day, another scam.

Just a quick note about yet another phishing scam, this one purportedly coming from the social networking service, LinkedIn. In this example, you’ll get an email message telling you that “your LinkedIn account was blocked due to inactivity.” As you might imagine, they provide a handy link to fix the problem.

Linked In Scam Email

Trouble is, the link does not go to LinkedIn. Instead, it opens a page designed to gather information about your account and send it back to the scammers.

The best way to avoid phishing attempts — even ones that look like real communications from a social networking service, bank, or other organization you might have an account with — is to never click a link in an email message.

If I thought this message might be real, I’d check by using my Web browser — not the link in the email message — to go to LinkedIn, log in, and check the situation for myself.

Don’t get scammed.

Yet Another PayPal Phishing Attempt

Posted on by
11

This one looks, on the surface, quite convincing.

This morning, I got the following message that appeared to be from PayPal in my inbox:

Another PayPal ScamDear PayPal Customer,

You have added andrew1987 @btconnect.com as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

As shown in the accompanying screenshot, the message included all the usual PayPal logos and even a VeriSign Identity Protection logo. (What good is a logo like that if it’s so easily stolen and reused by scammers?) Of course, it was from an address at ppal.com (not paypal.com) and it was addressed to “Dear PayPal Customer” instead of my name. That’s a dead giveaway that the message is not real.

Of course, there was an HTML file attached. Opening the file in a text editor — not a Web browser! — showed HTML code with a JavaScript that would, among other things, collect your PayPal name, password, date of birth, and mother’s maiden name. I don’t know enough about JavaScript to figure out what would be done with this info, but I can assume it gets sent back to the folks who will then use it for identity theft.

Reading the message offers other clues that it’s fake. For example, although it’s standard for PayPal to send you an e-mail message if you add or change an e-mail account, they make a conflicting request. First, they say action is only necessary if you believe your account has been compromised. Then they tell you that if you ignore the request, they’ll suspend your account. That, of course, makes no sense.

But I’m sure that many people would fall for this. After all, it indicates that a stranger’s email has been added to their PayPal account. All the talk about Internet fraud would send a person into panic mode. He’d open the file attachment and possibly go through the process of giving away information about his own account.

You have no idea how much this pisses me off. I know people who have been scammed by emails like this. One of them is an elderly man who had a bank account tapped into and partially drained before he was able to resolve the problem.

I immediately forwarded this message to spoofs@paypal.com — the address you should forward any questionable PayPal communication to.

Please help spread the word among friends and family members who might fall for phishing attempts like this. Tell them that if they get a communication from any company they do business with, they should log into their account the usual waynot by clicking a link or opening a file attachment in the message they receive.

September 3, 2011 Update:

Thought I’d mention another version of this scam. Here’s the message that arrived today:

Dear Customer,

You sent a payment of 40.90 GBP to Mobile Top-up Online
(sales@topups247.com)

If you have questions about the shipping and tracking of your
purchased item or service, please contact the seller.

Please download the document attached to this
email to cancel or forward your purchase.
————————-

Merchant
Mobile Top-up Online
sales@topups247.com
Instructions to merchant
You haven’t entered any instructions.

Shipping address – Unconfirmed
United Kingdom
Postage details

Of course, this one came with an HTML attachment, too. It’s named “PayPal Refund.html” and, to someone who isn’t actually thinking, it might seem like something worth double-clicking to fix the perceived incorrect charge.

Don’t get scammed.

November 21, 2011 Update: They’re now doing the same thing with the name sarah@comcast.com.

Interesting Links, August 10, 2011

Posted on by

Here are links I found interesting on August 10, 2011:

  • Why Groupon is Bad for Small Business – Some specific notes on what's wrong with Groupon from the small business owner's point of view. Excellent points.
  • Groupon Is a Straight-Up Ponzi Scheme – Why Groupon can't work in the long run: "The vast majority of local merchants can’t discount more than 10 percent. Some can go maybe 25 percent in special situations. But 75 percent is a wholly unsustainable number. If all local merchants begin using Groupon then it can’t send loyal customers to anyone; Groupon can only send discount chasers to merchants. Which means that as Groupon grows, both local merchants and their competitors will find that Groupon’s main argument no longer works (if it ever did) — Groupon simply can’t send them loyal new business. So they all stop using Groupon in its current form." Read the rest of this interesting article on Knewton.com.
  • Apple is now the world’s most valuable company – Not sure how long this will last, but it is kind of cool.
  • Discontent with Lion’s “My Way or the Highway” Approach – Another interesting look at Lion features that aren't pleasing all Lion users. Personally, I feel that the positives in Lion far outweigh the negatives.
  • A Box You Want to Uncheck on LinkedIn – "Apparently, LinkedIn has recently done us the “favor” of having a default setting whereby our names and photos can be used for third-party advertising." Read more (and fix this) on BrandImpact.com.
  • How Could Anonymous "Destroy" Facebook? – Interesting look at Anonymous's threat to "destroy" Facebook and how such destruction could be accomplished. My opinion: I'd love to see Facebook go away.
  • Password Strength – This says it all.

Interesting Links, June 12, 2011

Posted on by
Comment

Here are links I found interesting on June 12, 2011:

New Social Networking Scam

Posted on by
1

Another story from my inbox.

Yesterday, the following e-mail message from “Ben” arrived in my e-mail inbox. It had been sent using the contact form on this blog. Here’s the text with the identifying information redacted.

Hi,

My name is Ben and I’m working with the [dedacted TV channel] to help spread the word about their new outdoor photography show, “[redacted name of show].” The second episode airs [redacted date/time] and follows [redacted host name] as he photographs the red rock canyons of the American Southwest.

I came across your wonderful blog and I thought you might be interested in doing a post to let your readers know about the show and help spread the awareness. Any posts that you put up will go up on [dedacted TV channel]‘s Facebook Page and/or their twitter page- so it is a good way to get some publicity for your own site. I also have a copy of [redacted host's name] ‘[redacted host's book]‘ which I could offer out to you for your time.

I’ve put some info about the show, pics, and videos below just to give you some background. If you have any questions or need more information please don’t hesitate to get in touch.

Thanks for your time and let me know if you are interested as it would be so great to have your help.

Best,

Ben

What followed was a bunch of links to content in various places that evidently showed off the show. (I admit that I didn’t follow any of them.)

Bryce Canyon DawnI received the message on my iPhone while I was stuck waiting for a tow truck (long story) and, because of that, didn’t really read it carefully. At first, I was flattered. This well-known TV channel had found my blog, liked it, and wanted to work with me on some publicity for their show. This made me feel really good because, as regular visitors here know, I do a lot of photography in red rock country in Arizona and in Utah. It looked as if I were getting a bit of recognition.

But when I got back to my office and re-read the message on my computer screen, I realized that the message was obviously boilerplate. Nowhere did it mention my name, the name of my blog, or any other identifying piece of information that might make me think it was written specifically to me. “Your wonderful blog” could be a nice way to refer to anyone’s online drivel — provided you wanted to make them feel warm and fuzzy about your project.

I’d been duped.

Or almost duped.

I then took a closer look at the domain name on “Ben’s” e-mail address. It wasn’t from that TV channel. I popped the URL into my browser and found myself looking at a Web site for a company claiming to be “social media marketing & publicity specials” that “develop strategies and execute initiatives, which generate conversations & cultivate relationships between brands and publishers.” In other words, they con active members of the social networking community to tweet and blog about their clients.

For free.

Well, the client doesn’t get their services for free. It’s Ben and his company who get the services of the social networking folks for free. Free authoring, free placement of the ads, free “buzz.” Ben and his cohorts just send out boilerplate messages to lure in unsuspecting bloggers who apparently have little else to write about. Along the way, they get these bloggers to look at the content on their clients’ sites, bumping up the hit counter to show immediate results.

I’m wondering how many bloggers fall for this strategy and how many thousands of dollars Ben & Co. rake in weekly by copying and pasting boilerplate messages on the Web.

I composed my response:

Ben,

I’m interested in this, but admit that I’m a bit put off by being ask to write what’s essentially an advertisement and place it on my own blog without compensation. Not quite sure how this would benefit me. A few additional hits to my blog would be nice, but since my blog does not generate any income for me, getting more hits is not really that important to me.

I also wonder how many dozens (or hundreds) of other bloggers you’ve contacted. Your message was very generic and could have been sent to anyone with a “wonderful blog.”

Now if I were offered compensation via exposure for my helicopter charter company (http://www.flyingmair.com/), which specializes in aerial photography over red rock areas such as Sedona and Lake Powell — well that might interest me a bit more.

Or is your message just another bit of spam to get ME to check out this site? So far, it’s a FAIL.

Any interest in making this more appealing to me?

Maria

I’m waiting for a response that likely won’t come. Why should he respond to me when he probably has dozens or hundreds of other bloggers taking the bait?

In the meantime, Ben has indeed given me something to blog about.