Scam

I’ve seen a few of these going around now, usually with different photos with some sort of mystique: The implied promise is of something interesting happening once you’ve clicked the like button and typed the number 1. There was one with an attractive girl and a square superimposed over her shoulder doing the rounds a little while ago too. I’ve seen others where the instructions are more explicit in terms of words or phrases to type. Here’s a good question: what usually happens when you like and comment on something in Facebook? The numbers go up (and you can see they’re already substantial) and it gets posted to your wall....

Regular readers of this blog would have seen sagas such as Anatomy of a virus call centre scam, Scamming the scammers – catching the virus call centre scammers red-handed and my personal favourite, “Type www.” – “Ok, w-w-w-d-o-t”; antagonising call centre scammers. That’s not an exhaustive list, indeed there are more videos on this blog and yet more phone calls that never made it here. A few months back there was a bunch of news around the FTC cracking down on these scams. Problem is, the FTC has about zero jurisdiction in India where the scams are originating from! They also have zero jurisdiction in anywhere that isn’t America so the effectiveness...

So someone sends you a link to the latest Gangnam parody / cat meme / man jumping on frozen pool video and the link looks something like this: http://bit.ly/10PMelv Nothing unusual about this, every second link shared these days uses a bit.ly or t.co (or comparable) URL shortener. Because you have an insatiable desire to participate in the latest social phenomenon, you click through and see this: There’s also nothing unusual about Facebook asking you for credentials, let’s log in. Aw c’mon, not this old trick of “now we want more crap from you before you can view the page”: Ok, fill it in and continue. Great, it wants...

This week’s post on Disassembling the Woolworths Facebook scam has had a pretty good run. In part, I suspect this is due to the approaching holiday shopping season and in part because I know this scam is really doing the rounds and being seen by a lot of people. Yesterday I had a chat with Dan Kaplan from Secure Computing Magazine for their podcast and pointed out a number of factors that make scams like this successful: They’re endorsed by your friends. You’re seeing people you know like and share these scams as that’s a condition of their “entry”. They have credibility. They’re a very low-overhead for the...

Who wants free stuff? C’mon, everybody wants a free lunch, right? Yes, yes they do and that’s precisely the trigger used in scams like this one. Recently I wrote about the mechanics of another Facebook scam where the “bait” was photos of a salacious school girl. Many people – including female friends and my mother in law – readily fell for that one. This one takes quite a different and rather cunning approach which chains together numerous illusions and other means of deceiving the unsuspecting victim. It all starts with a Facebook friend sharing a link to a page with the promise of free goods just like this: Which brings you to the website...

I’ll admit to some amusement when I see friends liking pages such as this: I’ll admit to even more amusement when they’re mature adults (of either gender) or as seen recently, when they’re my mother in law. Of course when confronted about their salacious ways they’ll always swear black and blue that they never “liked” the link. Except they did, they just didn’t know it. What you’re seeing here is a Facebook “worm” or in other words a script which replicates itself. Someone sees it, clicks the link then it automatically appears on their wall without their knowledge. Three of their friends...

As many readers and followers will know, I’ve had a bit of fun with scammers in the past. Remember those guys who call you up while you’re sitting down for dinner and tell you your computer has all sorts of nasties in it? Yeah, those guys. The blog posts I’ve made have been part of the story and inevitably the one most people are familiar with, but there are a few other things happening which I think some of you would be interested in, particularly as it helps understand the bigger picture. The catalyst for this post came after getting some good airtime last week. One thing that can be easily done and has...

It happened again. After 6pm, unlisted number, foreign accent. I’ve heard this before. And again before that. And again before that too. And again a bunch of other times where I either didn’t record it, came on a bit strong or, uh, tried to teach them some new words they may not have heard before. I’ve also interviewed the man behind one of the original scams (it has undoubtedly been copied by other scammers) and petitioned LogMeIn to stem the spread of the scam (also had a very nice chat with them – but to no avail). In short, I’ve given this some thought before. But there was something very, very different...

Phishing scams are getting tougher to pull off these days. All those damn email client and browser defences are getting in the way of hardworking phishermen and women going about their daily business. But – dear phisherpeople – you’re also not doing yourselves any favours when it comes to crafting a veneer of decency and honesty in your communications, in fact I propose that you’re missing a significant number of opportunities by neglecting some basics. So let me share some insight, if you will, into a handful of key techniques you might employ to introduce a little professionalism into your craft. They’re not big things, but they do raise the bar a little on...

There’s a pattern in the following stills from various scammer videos, see if you can spot it. Here’s one run by Comantra I captured back in Feb: And here’s another one from when an unknown scammer called me in late April: Now here’s one from Noah Magram who’s the principal software engineer for Sourcefire: Noah’s video in particular gained some serious exposure when it hit YouTube a couple of weeks back. In fact he’s had about 157,000 views at the time of writing and each of those viewers has seen the same thing they’ll see in my videos and any number of other...