Well, they might be, but if you get a Direct Message (DM) telling you about it, it’s probably a phishing attack.

What’s it all about?

At Scam Detectives HQ we received an email from Twitter advising us of a DM from one of our followers.

It looked like this:

So, was someone really saying horrible things about us? No.

This is a classic phishing scam.

Clicking on the link took us to a fake twitter login screen where we were told that our Twitter session had expired and we needed to login again.

If we’d fallen for it, our followers would soon be receiving similar DMs from us and wouldn’t exactly be happy about it!

What should you do if your account has already been compromised?

If you can, change your password. Log in to your Twitter account, (by typing www.twitter.com into your browser, NOT from a link in an email) and click on your name in the top right hand corner. Click “Settings” and change your password to something that you’ll remember but won’t mean anything to anyone else (remember to include numbers, letters and special characters). That’s it, job done.

If you can’t change your password (because the spammer has already locked you out) you’ll need to reset it. To do this, visit https://twitter.com/account/resend_password

Remember to be very careful about clicking on links you find on Twitter and especially in DMs, even if they come from someone you know and trust.

We’ll give the last word to Twitter, who offer this advice in the help centre.

Evaluating Links on Twitter

Lots of links are shared on Twitter, and many are posted with URL shorteners. URL shorteners, like bit.ly or TinyURL, create unique, shortened links that redirect to your longer link so it can be more easily shared. URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.

Some browsers have free plug-ins that will show you the extended URLs without you having to click on them. Here are links to plug-ins for Internet Explorer and Firefox (which is a free-to-download browser):

URL Expanders for Internet Explorer
URL Expanders for Firefox

In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don’t give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.

At Scam Detectives HQ we often ask ourselves just how low scammers will go before they truly hit the bottom of the barrel.

Today, they’ve come pretty close.

We received this email in one of our “catcher” accounts today:

DEAF LOTTERY ASSOCIATION
WINNER NOTIFICATION

Dear Winner,

CONGRATULATIONS!! You have won the Deaf Lottery!!

Your e-mail address was drawn at random from 300,000 registered deaf people around the world , You are therefore to receive a cash prize of £2.8 Million (TWO MILLION and Eight Hundred Thousand Pounds) from the total payout.Your prize award has been insured with your e-mail address and will be transferred to you upon meeting our requirements, statutory obligations, verifications, validations and satisfactory report.

Draw Details:
Ref Number: PW 9520 ES 9414
Batch Number: 575881545-NL/2010
Draw Date: Sat Jan 21 2012

To claim your prize please contact our claims agent giving these details:
——————–
Names:
Address:
Telephone/Fax number:
Nationality:
Age:
Sex:
Country:
Occupation:
State:
E-mail:
————————
Claims Agent:-
Mrs Angela Lott
Email: (lottangle@aol.com) or (deaf_lottery@rediffmail.com)
———————–
Draw Details:

Draw Details:
Ref Number: PW 9520 ES 9414
Batch Number: 575881545-NL/2010
Draw Date: Sat Jan 21 2012

Yours Faithfully,
Mrs Angela Lott
Lottery Coordinator.
HOT LOTTO.”

It’s a pretty standard “lottery” scam, and anyone who responds will be asked to pay a fee to claim their prize.

Of course, there is no prize, and the victim will lose every penny that they send chasing the fictional millions.

If you have any deaf family members, friends or colleagues, please make them aware of this scam.

Thank you.

At Scam Detectives HQ we’re always keen to help a friend in trouble.  If they really are in trouble that is….

This morning we received an email from one of our clients which read as follows:

 

Hi there.

I’m really sorry to reach out to you this manner and I’m sorry for not informing you about my urgent trip to Scotland. I am here for a Seminar and to complete a project.

I want this issue to be confidential between You and I because I don’t want people to get worried about my situation.

Everything was fine until I got robbed on my way back to the hotel and I lost my Wallet, mobile phone and some valuables during this incident. I had to block my account and bank cards immediately.

I am facing a hard time here because I have no money on me to clear Hotel bills and some expenses. I’m sending you this message because I need your help with a loan of £3350 to pay up the bills and make arrangements to get back home.

Am sorry for the inconvenience this message might cause you but please understand that am in a very bad situation right now and would appreciate if you could help me out.

Best regards,

(name removed)

You’ll need to check that your computer isn’t infected with a backdoor virus, keylogger or other malware that has led to your password being compromised. Run a full virus scan and deal with any infections BEFORE you log in to any other online services.

1) Be very careful when using public computers or networks to log in to your email or other subscription services.  There’s a useful guide from “LifeHacker” on using public networks safely here

2) Make sure that you’re using a strong password that consists of numbers, letters and special characters (*, $, !, £ etc.) to make life difficult for hackers

3) Use a different password for every site you use.

4) If possible, don’t use webmail (hotmail/aol/yahoo/gmail) for sites that require a password. Once a hacker has control of your email account, they can request password reminders from the websites you use and compromise these accounts. Use your ISP email address for anything that requires a password.

5) Keep a list of the sites that you use somewhere safe offline so you know who you need to get in touch with if your email account is hacked

6) Keep a list of your contacts somewhere other than your webmail account, so you don’t lose them if your account is hacked

This may all seem like a lot of work, (and a pain in the arse!) and it is, but prevention is ALWAYS better than cure and a few minutes work now could save you long hours of running around if your account is ever compromised.

Another very clever social engineering scam attempting to trick you into downloading a virus to your computer.

You’ll see that the email uses my full name, but the URL is spoofed. The actual url linked to is “yesasia-payment-service.com/[removed]” which attempts to download a zip file apparently containing your invoice.

It’s a clever one, and I’m afraid that lots of people will be taken in by it.

If you receive any order confirmation for an order you haven’t placed, DO NOT click on the link, but check with your credit card provider to make sure you haven’t been a victim of online fraud. Chances are you haven’t, but it’s better to be safe than sorry.

Last month security firm RSA revealed that their systems had been hacked and highly sensitive data relating to their widely used “two factor authentication” technology had been compromised. If you haven’t read the story, our report is here.

Last week, the Company revealed that the hackers had gained access to it’s systems by way of a “back door” installed on the terminals of several employees. Once they had “remote control” of these computers they were able to search through data across the network to steal the information they were looking for.

So how did the hackers get in?
GeekSpeak on
Several employees received an email with an Excel spreadsheet named “Recruitment Plan 2011″. The spreadsheet contained an embedded Flash object which exploited a known vulnerability (now patched) and installed a remote access program called “Poison Ivy”, which then allowed the hackers to gain control of the computer. GeekSpeak off

OK, so how did they know who to target?

This is where the whole social networking thing comes in. The hackers carefully researched their targets through analysing publically available information on social networking websites. Once they had their names, contact details and crucially what department they worked in, it was easy to launch an attack that would have the best chance of success. Reading between the lines, it would seem that in this case, the targetted individuals had some function in the HR department, hence the “Recruitment Plan” spreadsheet containing the trojan.

So could they target you?

The simple answer is “probably”. If your business uses email or the Internet for any purpose, you could be the next target. Just because RSA was a high profile “mark”, it doesn’t mean that all victims of this sort of attack are huge Companies. In this instance, the hackers were after sensitive data. They could just as easily have taken control of the network to host illegal websites, send spam or collect usernames and passwords for online banking accounts.

By posting details of their job, employer and corporate contact details on social networks, your staff could be making it easier for scammers and hackers to target them at work, using carefully crafted emails to lower their defences and trick them into opening virus-laden attachments.

What can you do to protect your business?

Train your staff in spotting and dealing with phishing emails and other email scams (and if you don’t know enough about them yourself, contact us or buy our book!). The first rule is this: Don’t open email attachments unless you are expecting the email, the attachment is referred to in the body of the email and you have verified with the sender that they intended to send the attachment.

Consider talking to your staff about the information they share publically to avoid becoming a target. Do they REALLY need to be on that business networking site? Is it essential to their function or just an ego-trip collecting “connections”? Do their Facebook friends not already know where they work and what they do?

Remember that RSA is a major provider of security solutions, with 90% of Fortune 500 Companies using their products and services. If they can fall for a simple “social engineering” scam, then so could you.

Blatant Sales Pitch: “Spammers, Scammers & Social Engineers: A Scam Detectives guide to keeping your business safe online” is now available in paperback for only £9.99 plus p&p (or to download for £7.99) here. It’s written in plain English with a minimum of “geek speak” and will help you and your staff to recognise and avoid common scams and ripoffs that could affect your business. For less than a tenner you could save your business thousands.

Credit card issuer MBNA has today sent out emails to it’s customers launching it’s improved Card Services website.

We’re all for financial institutions keeping their clients up to date and encouraging them to use online services for convenience. That’s what the Internet is there for.

HOWEVER, the email flies in the face of the bank’s own security advice. On MBNA’s “Online Account Security” page users are advised:

When logging on to banking and membership websites, ensure that you type in the web address rather than by clicking on a link-especially in emails.

This is good advice and something that we fully endorse at Scam Detectives. So why does today’s email from the bank contain not one, not two, but three links encouraging users to log in to their account directly from the email?

A “Giant leap backwards”

The entire banking community, as well as online security websites like Scam Detectives, spend a lot of time, money and effort advising Internet users not to click on links in emails to log into their online accounts. Ever.

The reason for this is to help you to avoid “Phishing” scams, where scammers set up websites that look exactly like your bank or credit card issuer’s website to trick you into entering your security details and logging into their fake site so they can then gain access to your real account and steal your money.

In our opinion, this email campaign from MBNA represents a giant leap backwards in online security and we urge the bank to contact every customer that has been sent this email to apologise and reinforce the following advice:

NEVER click on links in emails that ask you to log into your online accounts.

Editor’s note:
When we first saw this email, we were convinced it was an elaborate phishing exercise as we were sure that MBNA wouldn’t be so careless as to include “log in” links in their email. However, a few simple checks showed that it was in fact genuine:
1) The email is hosted at customerservice.mbna.co.uk (a genuine MBNA domain)
2) The “Log In” links point to the genuine MBNA website

We have approached both MBNA and UK Payments Administration for comment and will update this post with their response.

We received an email from a Scam Detectives reader this morning warning mobile phone users to be on the lookout for text messages promising large cash prizes. The reader would like us to tell his story to help other readers avoid falling victim to the same scam.

The reader (who wishes to remain anonymous) said:

“I received an sms through this phone number (+447586519251) informing me I won a great prize and asking for my email address to start the claims process”

Understandably, the reader was keen to find out more and replied to the text message giving his email address.

“I was contacted by a person named Lloyd Alexander IVANOVICH (who designed himself as a prize administrator of Samsung Electronics UK). This person informed me that my Samsung mobile won £ 550000 (Five hundred and fifty thousand Britain Pounds). He sends to me a certificate of award signed by the CEO of Samsung Mr. Geesung CHOI and told me that the fund is detained in a temporary account at the NATwest Bank plc and urged me to take contact with it.”

After making contact with the bank as directed, the reader received an email requesting a copy of his passport and the claims certificate and a “Fund Release Order” from the Financial Services Authority. He was instructed to contact the FSA to obtain this document.

“So I took contact with the FSA and I received mails from Mr. SANTOS HECTOR PEDRO (Chief executive of the FSA) who send to me a copy of his international passport and an application form and asked me to transfer an amount of £ 950 Pounds by Western Union in his personal name. I did it. After obtaining a fund release Order, I sent it to the NATwest in order to receive the fund. I tried to contact Mr. IVANOVICH as he phoned me on Friday, 11 a.m. to enquire about the transfer of the amount of £ 950 Pounds, but curiously after he knew about the transfer of the £ 950 Pounds I have made, his phone fallen out of order and also his email. “

As you’ve probably guessed, there was no prize from Samsung, no fund at the Natwest and the Funds Release Order from the FSA was fake. The reader lost his £950 and has been unable to contact any of the scammers since he sent the money.

How does the scam work? Surely the reader would have found out he was being scammed when he called the bank?

As is common with this type of scam, each time the reader was directed to contact another party to further his prize claim, he was furnished with an email address to facilitate contact. As such, the scammers ensured that he would only contact other members of the gang, and not the actual organisation with whom he believed he was getting in touch.

How can I avoid being taken in?

We spoke to NatWest to let them know that their bank’s name is being used in the perpetration of this fraud and a spokesperson told us:

“NatWest would NEVER contact a customer by email or SMS asking them to contact us in this manner, regardless of the nature of their business with the bank. If you are asked to contact NatWest by any party, you should visit our website at Natwest.com and call us on the most appropriate telephone number for your enquiry.

Samsung told us:

“Samsung can confirm the email relating to a ‘Samsung Mobile International Promo’ offering a cash prize of £550,000 are not legitimate and have not been sent from Samsung. Samsung therefore advises individuals not to respond to these emails.”

As with most of the scams we report here on Scam Detectives, the message is a simple one:

If it seems too good to be true, it probably is!

We received an email at Scam-Detectives HQ this morning from “Twitter Support”, telling us that we have 3 unread messages and urging us to click on a link to retrieve them.

Twitter does not send out emails advising of unread messages, it’s a phishing attempt to get you to enter your password on a fake Twitter login page.

Regular readers will remember that we told you a while ago that hacked Twitter accounts can fetch up to $1,000 (£650) so you need to be on your guard against this type of phishing attack.

NEVER click on links in emails that purport to be from social networks, banks or other websites where access is protected by login details. Go directly to the site in question and log in from there.

I just got off the phone with a scammer. Yes, another one.

What were they trying to sell me?

The call came from a young lady who identified herself as a “registrar for the internet”. She told me that a rival company had tried to register ten domain names, which were all similar to my domain and company name.

A matter of principle

Her script was well crafted to instil panic. She’d apparently received the registration request and had “smelled a rat” because she recognised my brand. “As a matter of principle” she’d decided to take it upon herself to call me and offer me the opportunity to register these domains to stop the rival firm from hijacking my brand name and passing themselves off as me. I could register the ten (.co.uk) domain names for 10 years to secure them long term for only £1,000 + VAT. All she needed was my credit card number and she’d put it in place straight away.

What’s the scam?

Most of us are fiercely protective of our brand. We’ll go to great lengths to protect it and the suggestion that someone else is trying to use our brand name to promote a rival business is enough to throw us into a flat spin panic. The scammers know this, and that’s the hook that they use for this scam. The truth is that nobody tried to register these domains, and the scammer is simply trying to sell them to you at over-inflated prices (around 300% above market value) for a period that they simply can’t offer.

Key points to remember:

• Domain name registration is an automated process. You choose your domains, pay for them and that’s it, they’re registered.
• Domain name registrars do not take responsibility for ensuring that the registrant has the right to use the brand name they are registering. If the domain is available, they’ll sell it. Under no circumstances would a sales agent for a registrar offer to sell those domains to someone else to block your registration – it would be unethical and possibly consititutes a breach of data protection legislation.
• The going rate for a .co.uk domain is around £3.00 + VAT a year and you can only register it for 2 years at a time. There’s no way to register it for longer than that.

If you get a call or an email with a similar story, hang up or hit “delete”!

We were very concerned this morning at Scam Detectives HQ when we received another round of “Facebook Password Confirmation” emails (containing a nasty Trojan to harvest your passwords/login details). Whilst we’ve seen them before, these were slightly different. They were actually addressed to us by name.

Why is this such a concern?

It’s always been one of the most glaring red flags with virus/scam/phishing emails. The email would be addressed to “Dear Facebook User”, “Dear Online Banking Customer”, “Dear Valued Member”. This immediately betrayed the email for what it was, a mass mailing designed to trick as many users as possible.

By addressing the email to you personally, scammers have removed this first line of defence and made it that little bit harder to spot a scam.

How did they get my name?

They didn’t. What they have done is to develop a mail merge script that takes everything before the “@” sign in your email address and insert it into the body of the email so it appears that it is personal to you.

We’ve had emails this morning addressed to “Dear Charles” (to charles@scam…..co.uk) but we’ve also had them to “Dear Sales” (to Sales@clear…co.uk) & “Dear Info”(to Info@scam….co.uk).

What can I do about it?

You now need to be even more vigilant.

• Never click on a link in an email that asks you to log in to your account
• Never open attachments contained in an email that purports to come from an organisation with which you have a relationship, including your bank, Paypal, Facebook or anyone else for that matter
• Never click on a link that says you’ve received an e-card, or that tells you that your photo has been posted online
• Always report such emails to the organisation they’re posing as by sending a copy to “spoof@YOURBANK.com

Be careful out there!

===============================================================================
We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).

Tweet

]]> http://www.scam-detectives.co.uk/blog/2010/03/19/scammers-get-smarter-every-day-scam-emails-get-personal/feed/ 4