Wednesday, January 30, 2013

Facebook Scam ALERT! Free Southwest Airline Tickets

There is a virus spreading like wildfire on Facebook tonight. The scam offers free southwest airline tickets BUT when you click, it spreads the virus to other people on your friends list, and the landing page is malicious, probably downloads spyware and definitely tries to put the victim through multiple questionnaires and surveys - collecting as much information as they can for identity theft and/or trying to ascertain passwords to banking accounts.

DO NOT CLICK ON IT when you see it on Facebook. DO NOT CLICK!

You can report it to Facebook as a spam or just ignore it. But do not click on it. It will only spread further.

Here is what one looks like on my wall:


You can learn more about protecting yourself from social media scams with this book, Social Media Scams, now available on Amazon.

Free Signed Book Giveaway Feb 4-7, 2013

Please feel free to enter my book giveaway contest on GoodReads.com

http://www.goodreads.com/giveaway/show/43422-social-media-scams-protect-yourself-on-facebook-twitter-ebay-more

I've been helping people for years avoid online scams and I wrote <i>Top 10 Email Scams</i> and <i>Social Media Scams</i> to help spread the word further on how to avoid Internet scams. I want to continue my crusade to reduce the number of victims from these criminals.

This giveaway focuses on my second book, in printed book format, in the series. In <i>Social Media Scams</i> you will learn to recognize and avoid all the top scams currently in use online - it covers scams on Facebook, Twitter, eBay, Craigslist, dating sites and more. It will be a signed copy. It is 220 pages.

The contest is from February 4 through February 7, 2013.

Stay safe out there!

Thursday, January 24, 2013

Email Scam: Fake Facebook Support Email

Here is an email I just got and it is pretending to be an official email from Facebook Support, which one might want to pay attention to. That is what the scammer is counting on. They are hoping that at least some percentage of the people receiving this email are not paying close attention and think it is really from Facebook Support when it is not.

All the links in the email look like they go to Facebook (or they are a linked button or linked word) but the actual destination of the link is: http://maxmax.webnow.biz/transferring.html?fb=katiemoe (DO NOT CLICK ON THIS LINK!!!!) but notice how they were able to insert a variable at the end of the string which identifies which Facebook account they are trying to attack. This is bad. If I click on this link, they will know who clicked on it, even if I don't provide them any further information. Worse than that, I may get some nasty spyware software downloaded to my computer. So, DO NOT CLICK ON ANY OF THESE LINKS!!!

From:    Facebook Support [surojitroy321@server55.neubox.net]
Sent:    Thu 1/24/13 6:27 PM
Subject: Facebook Support

facebook
Facebook Support sent you a notification.

Your account has been successfully updated.
Go To Facebook
See All Notifications
This message was sent to xxxx@xxxxx. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

New Book: Social Media Scams

I'm delighted to announce my second book is now available for sale. "Social Media Scams" is a book to help educate and protect people from falling victim to scams on sites like Facebook, Twitter, Craigslist, eBay, as well as online dating sites. eBook or Paperback can be purchased from Amazon at http://amzn.to/RZSfZc

The first book in my scam series covers how to protect yourself from email scams. It is called "Top 10 Email Scams" and can be purchased on Amazon at http://amzn.to/QsAzhT
 
I also provide a variety of resources where users post their scam experiences and help alert each other:

KTMObooks: https://www.facebook.com/ktmobooks

Facebook Stop Art Scams: https://www.facebook.com/pages/Stop-Art-Scams/135887239769963


Stop Art Scams Blog: http://stopartscams.blogspot.com/

KTMObooks Blog: http://KTMObooks.com/blog/


KTMObooks Twitter: http://www.twitter.com/KTMObooks 

Sunday, January 20, 2013

Scam Email: Fake Craigslist Alert Email

This email is just like fake LinkedIn email alerts, or fake PayPal alert emails, or fake account alerts supposedly from your online banking. It is fake and the goal of the scammer is to get you to click on the link in the email, which looks like it goes to one place but actually goes to their own malicious web page. Sometimes on that fake web page, they collect information, including your passwords or they download spyware software on your computer and you won't even know it. That spyware software will monitor your keystrokes and seek out account passwords. Ultimate goal? To get at your bank account, either through paypal or through your online banking. Failing that, they'll use your account to send out more scam emails so they look like they come from you instead of them.

In the below email I just got, the words "simple click" are hotlinked and actually goes to http://craigslistuser.yolasite.com/ but DO NOT TRY OR CLICK ON THIS LINK!


From: winndowwmall@telenet.be
Subject: Craigslist Account Alert!‏‏
Date: Sun 1/20/13 9:40 PM
Return-Path: Return-Path: peterdegraef@telenet.be

Dear Craigslist User,

We require you to verify your Account with one, simple click ,to confirm the validity of your account.

Thanks again for choosing our Service

Sincerely,
Craigslist Team

Thursday, January 17, 2013

Catfishing Scam

I love that someone has dubbed a word for online dating scams. It helps it become more ingrained in the sub-conscious mind of more people. People like buzz words. People can remember them better.

Catfish. A little different than what you think this word would mean at first. But in the urban dictionary a "catfish" is someone who creates a full false identity online, typically in pursuit of deceptive online romances. The name came from a 2010 documentary movie made by Henry Joost and Ariel Schulman. In the movie, Ariel Schulman develops a relationship - falls in love, with a woman on Facebook and then goes to track her down in real life and finds her to be not at all what she represented herself to be, and married with children.

Now there are many more meanings for "catfishing" than just creating false identities for the purpose of deceptive online dating. People have created them to enact out whole "stories", about having cancer or some other crisis in their life. It is probably a convoluted way to feel the connection, sympathy and compassion of others. Sometimes, they want to "end" the story (it must become a burden after awhile keeping all the stories straight) but because others online think they are interacting with a real person, often the only way they can think to do this is to "kill" off their online identity. That is what happened in the case of Notre Dame linebacker Manti Te'o. He was, at first, torn to shreds in the media for making up a girlfriend (and still parts of the story do not make complete sense, like apparently his father referred to them being in Hawaii together), but Manti insists he was a victim of a "catfish" scam. That he thought someone was his girlfriend online and that she died of leukemia last year. Until some reporters looked into the story and realized there was no one by the name of his girlfriend. This particular story is still developing, but however it turns out, it is certainly a great example of the perils of online relationships. Most victims say it may seem crazy but that it happens in very small increments and does not seem so crazy at the time. Until you step back and look at the whole thing. But for me, how can these people think they are in a relationship and "in love" when they have never met the person face-to-face? It certainly targets people who may have idealized notions of love and relationships and those who may have more difficulty connecting face-to-face with people.

So what are the catfish scammers after? I think there are two main types. The ones after the deceptive sense of connection, sympathy, love, and compassion of another, and then those that are strictly in the game to eventually begin siphoning their victims dry of their money and savings. I mostly see the latter but I'm aware some create their false identities just to be able to "live" online as that character. It certainly blurs the lines of imagination, reality, identity exploration, and morality. The ones after the money are a little more clear cut. They are after the money. Very clear.

These type of scammers typically operate with more than one person, often in little cooperative "gangs", sharing the loot. And they go for big, big numbers. In fake buyer scams, they tend to target stealing about $1000-$3000 and stay under the radar of the authorities and just hope to get a lot of victims under the radar so it adds up. But in online dating scams, it may take longer to warm up their victim, but then they go for broke, often getting $200,000 or more out of the victims. I've seen cases commonly in the $800,000 range. You can see why scammers are attracted to this scam. Some victims, thinking they are helping someone they are in love with, will begin borrowing money once their own money is all gone, and in one case, the woman began writing checks from her employers checkbook and she was eventually arrested for embezzling. But she didn't keep a dime. It all went to her "fiancee", who she had never met face-to-face. So she was in jail with none of the money and the scammer got off scott-free, sitting in some foreign country with all the money. Amazing.

But I'm glad now there is a popularized term for this scam. Catfishing. It means more unsuspecting people will become educated and look out for the warning signs. Hopefully, it will begin to result in fewer victims. I review the warning signs for online dating in depth in my book "<a href="http://amzn.to/RZSfZc">Social Media Scams</a>". All efforts to bring this scam out of the dark corners of shame and embarrassment and bring more light to the subject is, well, a Good Thing. I think Manti Te'o is a reluctant educator on this subject, but still, that is a positive thing that will come out of his experience. And congrats to the "Catfish" documentary guys - you are doing great work to expose this scam.

Wednesday, January 9, 2013

Scam Email: Fake LinkedIn Private Message Emails

Okay, I'm getting slammed with these tonight so I wanted to post an alert. These look like they come from LinkedIn and someone has left you a private message, then providing you a link to click on in the email to see the private message. DON'T CLICK ON THAT LINK!

From:Glenda Clark [yianniskalaitzakis@s109.loopia.se]
Subject: Glenda sent you a 1 personal message‏

Linked In

Glenda Clark sent you a 1 personal message
Date: 1/10/2013

http://linkedin.com/do?viewProfile&message=89839692

This email was intended for katiemoe@hotmail.com. Learn why we included this.
© 2013, Linked In Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA


The actual destination of the links in this email goes to: http://123-beach-resort.com/caverns.html (don't click on this link either!!)

Here is another one I got tonight was well (and the actual destination of the links goes to http://cgssac.com/headland.html, so don't click on it!!!)

From:Andrea Cook [Cook1972@server41.campusspeicher.de]








 

Subject: Andrea Cook just sent you a private message.

LinkedIn

Andrea Cook has sent you a personal message.
Date: 1/10/2013
https://www.linkedin.com/trk?act=viewProfile&yt=message&poster=8897
Don't want to receive e-mail notifications? Adjust your message settings.
© 2013, LinkedIn Corporation



New European Cybercrime Centre

A shout out over the pond for the newly formed European Cybercrime Centre (EC3), opening January 11th, to fight online abuse, child pornography, identity theft and banking fraud on smartphones attacking European nations.

More resources on this worldwide problem is a great thing.

The centre already has a staff of 30 full-time employees. It will provide operational support to member states to combat intrusions, fraud and online child sexual abuse. The centre will also provide technical, analytical and forensic expertise in EU joint investigations. EC3 will focus on criminals with the aim of becoming a "focal point" of information exchange between national law enforcement agencies to identify threats more quickly.

This is a great addition to the U.S.'s effort with IC3 (ic3.gov).

Although scammers are like cockroaches and there is no hope of eradicating them completely,  more resources to make their life harder and to hold the line against the rising tide of gangs of scammers becoming more and more effective, this is an encouraging sign of hope. It's almost too easy now to become a scammer and steal money from unsuspecting victims. This will throw an additional wrench in their otherwise pretty cushy activities.

Congrats, EC3 - lots of good wishes on your cybercrime-fighting efforts. Go get 'em!

Tuesday, January 1, 2013

Scam: Independent Third Party Technical Support

I had a close friend get caught in this in the past week. It reminded me how vulnerable non-technical people are when something is not working right on their laptop, their printer, or something like their Hotmail email account.

It is so easy for the non-technical to get led down dangerous paths while they just look for the support they need to fix their problem.

One version of this scam is just a plain ole scam - the victim doesn't have any problem with their computer but they get a call or an email saying their computer DOES have a problem and they need to call such-and-such number to get technical support to fix it. Once they call the number, the "technician" (yeah, right...) downloads remote control software on the victim's system (now giving them access to EVERYTHING, including passwords, online banking... everything) and then charges them some fee for the service, which they'll charge via credit card or ask the money be wired with some lame story as to why they are making such a weird request. Other variations of this scam claim the victim's computer has been identified by the FBI as having illegal information on it... or porn and asking for a fee to have it removed and not prosecuted (the scammer is counting on real porn watchers being so embarrassed or intimated that they will pay and never let anyone know what has happened, ensuring the scammer gets off scot-free).

That's just a plain ole scam.

What my friend got caught in this past week was more of a deceptive unethical business practice scam than a regular ole gonna-steal-your-money scam (though the result is the same). These scams are distinct in that they actually pretend to provide a real service. And maybe they do, I'm not sure, but what I do know is how they get their customers is very slimy and what they do once they have a customer is also unethical and dangerous to the non-technical person seeking technical support.

These are independent, third party technical support companies, mostly operating out of India, who present themselves online is such a way as to confuse non-technical people. The victim thinks they are talking to Microsoft technical support, Hotmail technical support, Toshiba technical support, Canon technical support - whatever. The companies list themselves under as many brand names as they can online and present themselves as the support for those brands. I would say these sites include disclaimers saying they are not associated with the Brand in question, but non-technical people seem to miss these disclaimers. I still have to excavate why my friend thought she was calling Toshiba technical support and got this other company who did NOT identify themselves as not being the official Toshiba technical support so she proceeded.

And in proceeding, they downloaded remote control software on to her computer first thing and then charged her to cover one month of technical support. She figured her computer was not under warranty so neither of these things completely got her attention, though she admitted "something didn't seem right". They accessed her computer remotely and said they could not find the problem so of course there she was, having been charged, with remote control software on her computer and she STILL had the problem. It was only when she got an email confirmation of her payment that she realized she had been taken, for the receipt came from a company called iYogi.net (also using iyogi.com as well as well as other url names). It seems iyogi was a legitimate support provider at one time but now resorts to deceptive practices in order to acquire new customers. Here is a quote from the wikipedia page:

In March 2012, antivirus major Avast severed its ties with iYogi. Under the agreement that lasted a little more than two years iYogi had been providing online support to Avast users free of cost. Avast accused iYogi of forcefully selling its online support plans to Avast users which the Antivirus maker claimed to be unnecessary and expensive.

And here is the official statement from Avast, which reveals that iyogi was trying to increase revenue by claiming users had problems they didn't have: https://blog.avast.com/2012/03/15/iyogi-support-service-removed/

This user posted this comment online, not that long ago (just at the beginning of the month):

Tony
Dec 09, 2012  from Jefferson, Georgia
I called a phone # that was supposed to be for mcafee and wound up with Iyogi on the line they advertised three tears of total protection software for my computer,and help installing any new device's that I may purchase under same contract after having problems with thier tech support,and 24 to 30 hours on the phone with them,I still had some of the same problems they were supposed to have fixed .I called them back because after 30 hours on the phone with them in remote session I wanted to terminate thier services and dispute thier charges. the next morning my computer would not even boot up and I had to start in safe mode to a prior earlier known working date. then I found out they were disputing my complaint with discover and had maliciously taken over my e-mail address ,and since I havent sent any new e-mails I was unable too recover my hotmail account

There are a number of complaints with a similar theme posted at http://www.ripoffreport.com/Search/IYOGI.aspx

iyogi tends to post a lot of "shill" articles online so that users will likely get rerouted to them in searching for technical answers. And it's been tricky, because apparently this company HAS been a support partner for legitimate brand names but has been using these slimy tactics to get money out of users.

And apparently their remote control software is almost impossible to remove off your system. Certainly can't be removed in the normal ways.

Today, another company that looks like it has the very same approach as iyogi attempted to post a message in my blog with a link to one of their shill pages. iveera.com & iveera.net. Same crap. They are pretending to provide Hotmail support. They certainly want to show up in the google search results as providing hotmail support. It confuses people because Microsoft does not provide live support for Hotmail. And Microsoft has to keep saying these companies are NOT affiliated with them. And iveera is pretending to provide Norton Antivirus support, McAfee support, etc. They have posted "expert" articles so they show up in search results. Non-technical people don't realize all the time they are calling some third party support company in India, that they will be charged, and that they then run the risk of having remote control spyware downloaded on their computer.

This type of scam will be found under many different company names and I'm sure more new ones going forward. It's always a good step to google a company first and see what comes up. I googled "iyogi scam" and pretty much saw everything I needed to know.

Okay, so what is my advice to the non-technical?

1. If you are speaking to a technical support person, do NOT purchase any software from them in order to resolve a technical support problem.

2. Always ask at the beginning of a technical support call if there is a fee or subscription fee associated with the service. If there is, hang up.

3. Never EVER give up control of your computer using remote control software unless you are ABSOLUTELY confident (100%) that the person you are speaking to is an authorized representative of that brand name for which you are seeking support (i.e. Microsoft, Toshiba, etc.)

4. Never ever provide your credit card or any financial information to anyone claiming to be a technical support person. If you are being asked this, hang up.

5. Technical support people NEVER call customers proactively to tell them they have a problem that needs resolving. Only scammers do this. If you receive a call or email offering support you didn't ask for... it is a scam.