Scam

A 21-post collection

Please login to your Facebook account: the execution of a data mining scam

So someone sends you a link to the latest Gangnam parody / cat meme / man jumping on frozen pool video and the link looks something like this: http://bit.ly/10PMelv Nothing unusual about this, every second link shared these days uses a bit.ly or t.co (or comparable) URL shortener. Because you have an insatiable desire to participate in the latest social phenomenon, you click through and see this: There’s also nothing unusual about Facebook asking you for credentials, let’s log in. Aw c’mon, not this old trick of “now we want more crap from you before you can view the page”: Ok, fill it in and continue. Great, it wants...

Podcasting with SC magazine: The anatomy of a Facebook gift card scam

This week’s post on Disassembling the Woolworths Facebook scam has had a pretty good run. In part, I suspect this is due to the approaching holiday shopping season and in part because I know this scam is really doing the rounds and being seen by a lot of people. Yesterday I had a chat with Dan Kaplan from Secure Computing Magazine for their podcast and pointed out a number of factors that make scams like this successful: They’re endorsed by your friends. You’re seeing people you know like and share these scams as that’s a condition of their “entry”. They have credibility. They’re a very low-overhead for the...

Disassembling the Woolworths Facebook scam

Who wants free stuff? C’mon, everybody wants a free lunch, right? Yes, yes they do and that’s precisely the trigger used in scams like this one. Recently I wrote about the mechanics of another Facebook scam where the “bait” was photos of a salacious school girl. Many people – including female friends and my mother in law – readily fell for that one. This one takes quite a different and rather cunning approach which chains together numerous illusions and other means of deceiving the unsuspecting victim. It all starts with a Facebook friend sharing a link to a page with the promise of free goods just like this: Which brings you to the website...

Virus scams, social engineering, victim’s stories and community awareness

As many readers and followers will know, I’ve had a bit of fun with scammers in the past. Remember those guys who call you up while you’re sitting down for dinner and tell you your computer has all sorts of nasties in it? Yeah, those guys. The blog posts I’ve made have been part of the story and inevitably the one most people are familiar with, but there are a few other things happening which I think some of you would be interested in, particularly as it helps understand the bigger picture. The catalyst for this post came after getting some good airtime last week. One thing that can be easily done and has...

Cold call scammed again – but this time, it’s local

It happened again. After 6pm, unlisted number, foreign accent. I’ve heard this before. And again before that. And again before that too. And again a bunch of other times where I either didn’t record it, came on a bit strong or, uh, tried to teach them some new words they may not have heard before. I’ve also interviewed the man behind one of the original scams (it has undoubtedly been copied by other scammers) and petitioned LogMeIn to stem the spread of the scam (also had a very nice chat with them – but to no avail). In short, I’ve given this some thought before. But there was something very, very different...

!!16 TIPS FOR RUNNING A SUCCESFULL PHISHING SCAM!

Phishing scams are getting tougher to pull off these days. All those damn email client and browser defences are getting in the way of hardworking phishermen and women going about their daily business. But – dear phisherpeople – you’re also not doing yourselves any favours when it comes to crafting a veneer of decency and honesty in your communications, in fact I propose that you’re missing a significant number of opportunities by neglecting some basics. So let me share some insight, if you will, into a handful of key techniques you might employ to introduce a little professionalism into your craft. They’re not big things, but they do raise the bar a little on...

How LogMeIn is enabling scammers to profit

There’s a pattern in the following stills from various scammer videos, see if you can spot it. Here’s one run by Comantra I captured back in Feb: And here’s another one from when an unknown scammer called me in late April: Now here’s one from Noah Magram who’s the principal software engineer for Sourcefire: Noah’s video in particular gained some serious exposure when it hit YouTube a couple of weeks back. In fact he’s had about 157,000 views at the time of writing and each of those viewers has seen the same thing they’ll see in my videos and any number of other...

Interview with the man behind Comantra, the “cold call virus scammers”

If you live in a western country and have a landline telephone with a listed phone number, chances are you’ve been “cold called” by someone on the other side of the world with an introduction that goes something like this: “Hello, I am from the Microsoft technical support division and I am calling you because we have detected some problems with your computer. This is very important – I need you to go and turn your computer on right away…” It doesn’t matter if you have a computer, in fact it doesn’t matter if you’ve never even touched a computer because these calls are totally random. There...

“Type www.” – “Ok, w-w-w-d-o-t”; antagonising call centre scammers

This ain’t my first rodeo, this ain’t the first I’ve seen this dog and pony show. I first wrote about virus call centre scammers back in October along with my recording titled Anatomy of a virus call centre scam. I followed up a couple of months ago with Scamming the scammers – catching the virus call-centre scammers red-handed which screen recorded the entire process right up to where they attempted to commoditise the scam, or in other words, get cash out of me. Imagine my pleasure when they called me back last night! I use the term “they” very colloquially; it’s always the same scam run against the same run-sheet...

Scamming the scammers – catching the virus call centre scammers red-handed

A few months back I got a call one evening which was clearly a virus call centre scam; you know, the ones that call you out of the blue, tell you your PC is infected with all sorts of nasties and offer to fix it for you? Or maybe you don’t know, which of course is why these scams have been going on for quite some time and are still very active today. Fortunately I did know about such things so rather than summarily dismissing them with a level of disdain I normally reserve only for telemarketers, I recorded the audio of the call right up until the point where they were ready to take control of my...