For many of us, it's the season of giving. For cybercriminals, it's a perfect time for taking. McAfee, a leading security software and services company, says 'tis the season for those more naughty than nice to swindle naïve web surfers out of their shopping money.
Amid the frenetic holiday shuffle, it's easy to let your guard down when shopping for those last minute gifts online. But hackers are waiting with many scams and tricks that will turn that stocking stuffer into a lump of coal. Many new scams (and new spins on older ones) have surfaced this time of year with the intent to steal one's identity for financial gain.
A popular scam is the free iPad giveaway scam. The offer might come in the form of email spam, asking users to first purchase other products to receive the free iPad. The crooks when learning what your credit card info is, hen use that information to either make another credit card in your name or use the information to order stuff online in your name.
Facebook users, on the other hand, might be asked to take a quiz to win the free tablet, and are then asked to provide a cell phone number. Victims of this scam inadvertently sign up for a cell phone scam that can cost them $10 a week on their wireless bill until they discover what has happened to them.
Speaking of cell phones, "phishing" scams familiar to computer users are messages from legitimate-looking institutions such as your bank or cable company are now hitting mobile devices. Called ‘smishing’ attempts, these SMS (text) messages appear to come from your financial institution or cable companies or an online retailer, requesting to confirm account information by text or phone. In actuality, these cybercriminals will try to use your information for identity theft.
Smishing is what you get when you mix SMS texts with phishing. With the rising popularity of mobile banking, hackers are sending texts to users that appear to come from their bank or an online retailer informing them that there was an error in processing a transaction. The hackers then request that the user call in to verify account information. Of course, these antics are a ruse to obtain valuable personal data that can later be used in identity theft schemes or sold on the cyber underground.
This kind of scam will likely increase in the coming weeks as users worry about the status of online gifts they purchased, as well as their account balances.
Here is an example of what I received in my email recently.
Dear valued Rogers member:
It has come to our attention that your Rogers account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website If you could
Please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online Services. However, failure to update your records will result in account suspension Please update your records immediately.
Once you have updated your account records, your Rogers account session will not be interrupted and will continue as normal. To update your Rogers Account You must provide your password of your Rogers account to enable us finish it on time.
User Name:
Password:
Sincerely,
Rogers Management,
customeronlineservice@live.com
Hotline : 1000
Service Hours: General Enquiry (0900 - 2100)
Technical Support (0900 - 2400)
* 24-hour privilege hotline service for Rogers One customers*
As you can see, what the scammer really wanted from me was my user name and my password. Someone got access to my username and password many years ago and then that person wrote a blog in my name that resulted in me being threatened to be sued. I was able to convince the lawyer that it wasn’t me that made the entry in the blog. The defamatory blog is still on the Internet and since I didn’t put it in the Internet, I can’t remove it. I don’t have to worry about it however but this shows you what can be done by hackers who have access to your username and password.
I knew that this message sent to me was a scam because the technical support number listed is not the real number that Rogers has for its Technical Support.
Lately, cyber crooks are using social media to promote fake gift card scams, in exchange for stealing users' personal information and money, which is then sold on the black market and used for identity theft activities.
Fake gift cards are an easy way for thieves to prey on gullible web users. One such scam promises a "free $1,000 Best Buy gift card" to the first 20,000 people who sign up for a Best Buy fan page on Facebook. These offers are not from Best Buy, but malicious types are asking users to reveal their personal information and take a quiz or two in order to qualify for the phony gift card. Instead, this information is used to sell to marketing companies or for identify theft purposes and naturally, the victim doesn’t get the gift card.
McAfee reported that a recent Facebook scam offered a free $1,000 Best Buy gift card to the first 20,000 users who signed up for a Best Buy fan page which, of course, was spoofed. However, in order to receive their promised gift card, users were required to provide personally identifying information and take a series of quizzes. But instead of a gift card, users just received a big headache get from under their identity theft mess.
This time of year, everyone could use a little extra cash. That fact has not been lost on the hackers. Subsequently, Twitter scams have been floating around containing malicious links to sites that promote phony job offers that promise high-paying, work-at-home jobs. All users have to do is fill out a detailed application to be considered.
In reality, the phony jobs are just a hook to trick users into submitting personal and sensitive information, such as e-mail addresses, home addresses, cell phone and Social Security numbers. In the end, users are left with an identity theft scheme to clean up, instead of a job or extra holiday cash.
One popular holiday activity is sharing a rental cabin or hotel with friends and family. As such, hackers are expected to capitalize on users' rush to find an available space by advertising fake holiday rental sites. While they appear legitimate in photos, these sites often ask users to submit down payments on properties with credit card numbers or wire transfers. And instead of a holiday getaway place, users will often find themselves dealing with the aftermath of identity theft; complete with canceled credit cards, lower credit scores and depleted bank accounts.
A word to the wise. Stick with trusted, reputable sites or agencies when booking online. It never hurts to do a little homework.
The holidays are a prime time for charitable donations. But that gift-giving spirit also makes generous users a prime target for fake charity scams.
Without fail, the holidays will bring a slew of fake charity scams, requesting donations for everything from food and clothing drives to sponsoring children in developing world countries. The fake charities will solicit individuals with e-mails and phone calls, while sporting legitimate-sounding names that resemble well-known organizations.
Many users, not stopping to discern the fake from the real, will give blindly, thinking that they're helping out those in need. Subsequently, users are advised to be cautious when giving during the holiday season, and do a little fact checking to ensure that the charity of choice is on the up and up.
In one iPad scam delivered via e-mail, McAfee Labs found that users were asked to buy additional products, as well as provide their credit card numbers, in order to receive their ‘free’ iPad. Not surprisingly, victims never actually receive an iPad, free or otherwise. But they did get an additional debt added to their credit cards.
Some scams never seem to die and here is a scam that is one of them. The tried and true help scheme sends a phony distress message to friends and family or anyone else on the victim's contact list, requesting money be transferred so they can make it safely home.
The scam takes on a new dimension with the rise of social networking. Hackers are increasingly exploiting the social networking trust factor by sending victims' help requests from spoofed profiles from their contact lists, thus adding to the credibility of their scheme. Victims are then more compelled to send money to the scammer, thinking that their friends are actually in trouble.
Travel-related ‘distress’ scams, such as the "Help! I've Been Robbed!" plea on social networks like Facebook, are also expected to be on the rise during the holiday season. Some cases, the message appears to be from someone you know, while in most instance it's from a stranger; both requesting money to be wired or transferred ASAP so they can get home for the holidays.
I have never received such a message in my email. If a relative or friend were in need of money to get home with, they would know to phone me.
As many people plan on traveling during the holidays, McAfee also warns of ‘rogue’ Wi-Fi connections at airports and hotels. You might be tempted to log online to a ‘free’ wireless network your laptop found in the vicinity, but it could be a tech-savvy scammer out to steal your information. Instead, McAfee suggests you stick with well-established and trusted networks and websites, preview a link's web address before you click on it and don't respond to offers that arrive in a spam email, text or instant messages.
Here is a message sent to me recently by email scammers.
Dear Winner we are Pleased to inform you that your email just won a prize
money of (1,000.000.00 GBP)From the UK Online Promo last draw held this
week,
Contact For Claims,
1.Full name......2.ContactAddress.....3.Age........Sex.....4.Telephone Number.....5.Occupation.....6.Country.....
(CONTACT EVENTS MANAGER)
Dr. Pinkett Griffin
Email : draws@nationwide-lot.co.uk
Here is another one
Annual Income: $24,000USD and 10% of payments received from
our clients.Job Description: RECEIVING PAYMENTS AGENT who
will act as medium of reach between our customers and
us.reach us at(onlinejobservice.kraftfoodsukltd@w.cn)
1.)Your Full Name........
2.)Your complete Adress...........
4.) Age............
5.) Phone number...........
6.) Country .........
7)ocupation ........
Work with us.Mr.Frederick Thomas
The dummy doesn't even know how to spell Address and Occupation
This next one is as phony as a three-dollar bill.
My name is Mrs. Mellisa Lewis.I will be going in for an operation later
today.I decided to WILL/donate the sum of $14 million USD to you for the good work of the lord.quoting my personal reference number LLP/953/900//316US/UK
please contact my pastor with the email address below Email:
pastorfredwaldronphelps07@mail.mn
Regards
Mellisa Lewis
If I called Pastor Fred Waldron, you can be sure that he would pump me for information about my bank account.
You have just been awarded, ?800,000.00 GBP in the BBC Online Promo,
for claims send email to kateandersondesk@xtra.co.nz, send your response only to
kateandersondesk@xtra.co.nz
Why did the stupid scammer put a question mark in front of the sum instead of the Euro sign?
Here is another similar one.
Your Mail ID has won £1,000,000.00 (ONE MILLION POUNDS).in the Uk Award PROMO. Send
Names.
Nationality.
Tel.
If I gave them my telephone number, the scammer would want to know my bank account number so that he could deposit my winnings in it.Yeah sure. And chickens have lips.
This next one is a real doozey.
Dear Comrade,
It's my pleasure to acquaint you with this proposal for a financial and business assistance. I know my message will come to you as a surprise. Don't worry. I was totally convinced to write you in reference to the transfer of USD$10.5M to your account for onward investment (Elecrical parts industries and estate building management) or any profitable business in your country.
Please, if you are interested, Email me so that I can give you more information. Remain bless while expecting your prompt co-operation.
Regards
From Hassan Adama
(Officer in African Development Bank)
When ever I see anything sent to me from an officer of a bank or a corporation, I get real suspicious. I mean, REAL SUSPICIOUS. Note that he spelled Electrical as Elecrical. Is that the message from an educated officer of a bank or is it a message from an uneducated scammer? Also, whenever you see the word 'bless' 'blessed' or 'Lord' , you will know that it is a scam.
The tried-and-true adage applies in situations like what I have just shown you. If it looks too good to be true, it probably is.
Wednesday, 1 December 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment