Well, they might be, but if you get a Direct Message (DM) telling you about it, it’s probably a phishing attack.

What’s it all about?

At Scam Detectives HQ we received an email from Twitter advising us of a DM from one of our followers.

It looked like this:

So, was someone really saying horrible things about us? No.

This is a classic phishing scam.

Clicking on the link took us to a fake twitter login screen where we were told that our Twitter session had expired and we needed to login again.

If we’d fallen for it, our followers would soon be receiving similar DMs from us and wouldn’t exactly be happy about it!

What should you do if your account has already been compromised?

If you can, change your password. Log in to your Twitter account, (by typing www.twitter.com into your browser, NOT from a link in an email) and click on your name in the top right hand corner. Click “Settings” and change your password to something that you’ll remember but won’t mean anything to anyone else (remember to include numbers, letters and special characters). That’s it, job done.

If you can’t change your password (because the spammer has already locked you out) you’ll need to reset it. To do this, visit https://twitter.com/account/resend_password

Remember to be very careful about clicking on links you find on Twitter and especially in DMs, even if they come from someone you know and trust.

We’ll give the last word to Twitter, who offer this advice in the help centre.

Evaluating Links on Twitter

Lots of links are shared on Twitter, and many are posted with URL shorteners. URL shorteners, like bit.ly or TinyURL, create unique, shortened links that redirect to your longer link so it can be more easily shared. URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.

Some browsers have free plug-ins that will show you the extended URLs without you having to click on them. Here are links to plug-ins for Internet Explorer and Firefox (which is a free-to-download browser):

URL Expanders for Internet Explorer
URL Expanders for Firefox

In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don’t give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.

Following pressure from Internet Safety Consultant Charles Conway, a “dangerous” loophole in popular social game Pet Society has been closed.

Addressing a group of foster carers and social workers in North Wales last month, Internet Safety trainer Charles Conway from Clear as Crystal Training highlighted a potentially dangerous loophole in the popular Facebook game Pet Society which meant that players of all ages were rewarded for adding complete strangers to their Facebook friends list, putting them at risk of grooming and other forms of inappropriate contact.

To demonstrate the risk, Charles took his pet “BunnyPig” to a social area of the game, the “Pet Society Cafe”, where other pets were sitting round drinking coffee and socialising. A large poster on the wall encouraged him to “CLICK ON A PET TO VISIT THEIR HOUSE” and Charles selected one at random, a purple cat in a fetching stetson and cowboy boots.

“By visiting this pet, I’m earning coins to spend in the game” he explained. “I can also earn extra points by leaving the pet a small gift, such as a frisbee, football or other toy, enclosing a note at the same time. Again, this seems like harmless fun as long as the pet I’m visiting belongs to one of my “real life” friends, but in this instance, it doesn’t. This pet belongs to a complete stranger, and by clicking on an icon on the screen I can visit that person’s Facebook profile, see their profile picture and “add” them as a friend, bringing their pet into my pet’s ‘village’ so I can visit them again and earn more coins. Unfortunately, by adding this person as a friend, we don’t only become connected in “Pet Society”, but on Facebook as a whole, so this person can then send me private messages, see when I’m online for chat sessions and view everything on my profile including photographs of me, my family and my friends. Bearing in mind how attractive this games are to kids, the risk of inappropriate contact becomes very obvious. It also starts to explain how parents can find that instead of the 50 or 60 close friends that they know in ‘real life’, their child has a Facebook friend list that numbers in the hundreds or even thousands”

On October 3rd, social gaming website Games.com reported on Charles’ concerns about this feature in this article

Playfish have yet to comment publically, yet sometime between the publication of this article and yesterday, they quietly removed the “Go to Profile” link from the game.

Charles is understandably pleased at this latest development.

“This is fantastic news, and makes the game safer for every one of it’s 6.5 million monthly users” he said today. “It shows that Playfish have listened and reacted positively to what was a potentially dangerous situation. I applaud them for stepping up and taking the safety of their users seriously.”

Playfish isn’t quite off Charles’ radar yet though. This week he’s brought another of their games into the spotlight, accusing the company of rewarding players for having “cybersex” with virtual cash in the hugely popular Sims Social game.

Internet safety consultant Charles Conway accuses popular Facebook game “The Sims Social” of rewarding kids for engaging in underage “cybersex”.

“Create unique Sims and live out their dreams—or stir up trouble by pulling pranks. Develop deep relationships to unlock new features and advance: befriend and fight, date and cheat, love and betray. Play with life in a whole new way—with your real friends, for free!”

That’s the hype on the latest version of Electronic Arts’ popular “Sims” franchise, bringing the game to Facebook in the form of “The Sims Social”.

On the face of it, the game looks like fun. Players can create an online alter-ego, build a house, buy furniture, take care of their personal hygiene needs and socialise with other players. By building your character’s social life, you earn points which help you to unlock new features, buy more stuff for your character and advance in the game environment.

Charles Conway, a consultant at Internet safety training firm Clear as Crystal Training and the editor of online security website Scam Detectives says that the personal relationships that can develop between players should give parents cause for concern.

“When playing “Sims Social” players can interact with other users in a lot of different ways, but they are rewarded for entering into romantic relationships with other players. These romantic relationships can develop quickly into sexual relationships, with options to have sex in different locations, including the bedroom and the shower. Sex between players is rewarded with “social points” which are then used to advance within the game environment” he said yesterday

Charles has some tough questions for the game’s developers, who he says should restrict access to more adult features of the game to “adults only”.

Even if Facebook did verify the age of it’s users (which it doesn’t), at what age does it become acceptable for a child to engage in “virtual sex” for rewards? Does it ever become acceptable? Isn’t sex for rewards the very definition of prostitution?

How is playing this game different to children having “cybersex” in a chatroom?

Doesn’t encouraging and rewarding sexualised behaviour between “avatars” encourage underage “offline” relationships of an inappropriate nature?

Is there a risk of bullying when two players enter into a same sex relationship?

Shouldn’t sexual activity within the game environment be restricted to those who are at or above the legal age of consent for “real life” sex?

“I’m also very concerned about the opportunities this game opens up for online grooming” said Charles.

“When 40% of kids admit that they have Facebook “friends” that they don’t know in “real life”, there’s a real risk of a predator using a game like this to build a relationship with a child that could lead to real world abuse. Paedophiles rely on their ability to break down a child’s inhibitions and get them to talk about sex, which is why we as parents teach our kids that talking about sex in the online space is not acceptable. So why does a game like this actually enable children to explore sexual relationships without warning of the dangers?”

In conclusion Charles says that, whilst parental control and supervision is vitally important to online safety, online content developers have to play their part too.

“By restricting access to this game to over 18′s, or at the very least creating a “child friendly” version of the game that does not allow sexual relationships, Playfish and Electronic Arts could demonstrate a commitment to keeping teens safe online. By not doing so, they’re potentially putting kids at risk of grooming, cyberbullying and confusion about where “real world” boundaries lie”.

Editors Note: We’re waiting for a response from Electronic Arts and we’ll update this article when we receive it

Last month security firm RSA revealed that their systems had been hacked and highly sensitive data relating to their widely used “two factor authentication” technology had been compromised. If you haven’t read the story, our report is here.

Last week, the Company revealed that the hackers had gained access to it’s systems by way of a “back door” installed on the terminals of several employees. Once they had “remote control” of these computers they were able to search through data across the network to steal the information they were looking for.

So how did the hackers get in?
GeekSpeak on
Several employees received an email with an Excel spreadsheet named “Recruitment Plan 2011″. The spreadsheet contained an embedded Flash object which exploited a known vulnerability (now patched) and installed a remote access program called “Poison Ivy”, which then allowed the hackers to gain control of the computer. GeekSpeak off

OK, so how did they know who to target?

This is where the whole social networking thing comes in. The hackers carefully researched their targets through analysing publically available information on social networking websites. Once they had their names, contact details and crucially what department they worked in, it was easy to launch an attack that would have the best chance of success. Reading between the lines, it would seem that in this case, the targetted individuals had some function in the HR department, hence the “Recruitment Plan” spreadsheet containing the trojan.

So could they target you?

The simple answer is “probably”. If your business uses email or the Internet for any purpose, you could be the next target. Just because RSA was a high profile “mark”, it doesn’t mean that all victims of this sort of attack are huge Companies. In this instance, the hackers were after sensitive data. They could just as easily have taken control of the network to host illegal websites, send spam or collect usernames and passwords for online banking accounts.

By posting details of their job, employer and corporate contact details on social networks, your staff could be making it easier for scammers and hackers to target them at work, using carefully crafted emails to lower their defences and trick them into opening virus-laden attachments.

What can you do to protect your business?

Train your staff in spotting and dealing with phishing emails and other email scams (and if you don’t know enough about them yourself, contact us or buy our book!). The first rule is this: Don’t open email attachments unless you are expecting the email, the attachment is referred to in the body of the email and you have verified with the sender that they intended to send the attachment.

Consider talking to your staff about the information they share publically to avoid becoming a target. Do they REALLY need to be on that business networking site? Is it essential to their function or just an ego-trip collecting “connections”? Do their Facebook friends not already know where they work and what they do?

Remember that RSA is a major provider of security solutions, with 90% of Fortune 500 Companies using their products and services. If they can fall for a simple “social engineering” scam, then so could you.

Blatant Sales Pitch: “Spammers, Scammers & Social Engineers: A Scam Detectives guide to keeping your business safe online” is now available in paperback for only £9.99 plus p&p (or to download for £7.99) here. It’s written in plain English with a minimum of “geek speak” and will help you and your staff to recognise and avoid common scams and ripoffs that could affect your business. For less than a tenner you could save your business thousands.

When your web browser offers to remember your password for Twitter, Facebook, Google or any other website, it can be very convenient to click “yes” and trust that your data will be safe, especially if you’re the only one who uses your PC.

It also helps to avoid keyloggers storing and transmitting your passwords to nasty hackers.

HOWEVER, even if you click “log out”, anyone using the PC after you can log in to your account and do anything they want to, including posting updates, changing your password or stealing your contacts list.

You might think that the risk is minimal. Even if a visitor does access your Facebook account and post a silly update, they don’t get your actual password, do they? So they can’t go home and snoop around your account without having access to your computer, can they? And you’d know if they changed your password, wouldn’t you?

You’d probably be right. However, a free piece of software which can be installed on a USB stick is now being distributed via social networking websites like Twitter and Facebook, as well as on hacking forums everywhere, and it promises to decrypt Facebook passwords stored in any browser or application.

From the website:

{software name removed} is a FREE software to instantly recover stored Facebook account passwords stored by popular web browsers and messengers. Most of the applications store the Login passwords to prevent hassles of entering the password every time by the user. Often these applications use their own proprietary encryption mechanism to store the login passwords including Facebook account passwords. {software name removed} automatically crawls through each of these applications and instantly recovers the encrypted Facebook account password. It has been brought to us from the guys that got us tools like the {software for cracking Google passwords}, {software for cracking Opera passwords} and {software for cracking Twitter passwords}. So, you know that this tool works.

So DOES it work?

We’re sorry to report this, but it does. Installing the software on a USB key, I visited a friend and (with permission) instantly recovered his Facebook username and password from a supposedly secure store within Internet Explorer 8. We tested it on Firefox 3 as well. Because the Facebook one works, we have no reason to presume that the other tools mentioned on the website wouldn’t work too.

So basically, anyone with more than a few seconds of unsupervised access to your PC can get hold of your passwords for Google (including Mail, Google Checkout, Adsense etc), Facebook and Twitter.

What can I do about it?

This software is a dream come true for stalkers, cyberbullies, abusive partners or anyone who wants to snoop on your online activities without you knowing it. With it, they can read your private messages and track your activities without you having a clue. So how can you secure your passwords and stop this software revealing them?

Firstly, NEVER let your browser remember your password. Whilst it may be convenient, this software has shown that it’s certainly not secure.

Next, you need to tell your browser to forget any passwords it’s already remembered.

Internet Explorer

Click Tools then Internet Options
On the “General” tab, under “Browsing History” click Delete
Click “Delete Passwords”
Click “OK”

Firefox

Click Tools then Options
Select “Security” tab
Uncheck “Remember passwords for sites”
Click “Saved Passwords”
Click “Remove All”
Click OK

DO IT NOW! And NEVER let your browser remember your passwords again!!

If you’re tempted to Google this software and try it out for yourself, you should remember that accessing online accounts without permission is a criminal offence punishable by up to 10 years in prison. Don’t do it!

Move over Brad – Angelina wants to be my friend….

Wow! Hollywood star and Mrs Brad Pitt Angelina Jolie wants to be my friend on Facebook!
For those who can’t see the image, the text reads:

Hi,
The following person invited you to be their friend on Facebook:
Angelina Jolie
Invite sent:
Tue, 8 Jun 2010 17:15:33 +0200

Facebook is a great place to keep in touch with friends, post photos, videos and create events. But first you need to join! Sign up today to create a profile and connect with the people you know.
Thanks,
The Facebook Team

Now, I’d love to think that Angelina really wanted to connect with me on Facebook, (although Mrs C probably wouldn’t be too happy about it…) but let’s face it, why would she?

The link at the bottom, which ostensibly directs you to Facebook, actually leads to an online pharmacy selling Viagra and other “enhancing” medications, along with a nasty bit of malware that would allow hackers to take control of your PC and harvest your personal details.

Remember:

Facebook friend requests show up on your profile. If you receive an email including a friend request, then log in to Facebook.com and accept it that way. DO NOT click on the link in the email.

If you don’t already have a profile on Facebook (Hi Mom!) and a friend invites you to join, go to Facebook.com and create your account. DO NOT click on the link in the email.

If a major Hollywood celebrity wants to be your friend on Facebook (and you don’t usually bask in the company of the stars) then the chances are it’s a fake profile or a phishing attempt. DO NOT click on the link in the email.

And finally

Just for good measure – DO NOT click on the link in the email.

Facebook is a great social network. Alongside other sites like Myspace and Bebo, it allows us to keep in touch with our friends and relatives both at home and abroad, find and reconnect with classmates and old work colleagues we’ve lost contact with, and businesses can connect with their customers in a way that they’ve never been able to before.

Unfortunately, as with any socially connected technology, it can also provide a public stage for those with extreme and socially offensive viewpoints to reach a wider audience and influence them under the pretext of “free speech”, as well as an opportunity for online predators to contact, groom and eventually meet their victims, as was tragically demonstrated by the case of 17 year old Ashleigh Hall, abducted and murdered by a 33 year old serial rapist who posed as a teenage DJ on Facebook to lure Ashleigh into meeting him “in real life”.

Charles Conway, the editor of Scam Detectives, recently spent an evening with a group of parents at a North Wales primary school who were concerned about their children’s online activities and wanted to know how to keep them safe online.

One of the questions asked by parents at the event was this:

“Why is it so easy for kids under the age of 13 to create a profile on Facebook, even though they’re supposed to be 13 or over to join?”

According to OFCOM’s annual “Children’s Media Literacy Report” 25% of children aged between 8 and 12 have a profile on social networking sites Facebook, Myspace and Bebo despite the sites imposing a “no under 13′s” rule.

These kids are not only exposed to the risk of contact from online predators, cyberbullies and fake “celebrities”, but they also have unrestricted access to pages and groups that promote illegal and unhealthy activities as acceptable, rebellious, desirable and fun.

Facebook “Values free speech”

Anyone can create a fan page or group on Facebook to promote their business, charity, hobby or interest, and there is no moderation in place to ensure that the site complies with Facebook’s terms of service before they go live.Once a user joins such a group, they give the creator of the group the ability to send them private messages through the site, which again are unmoderated and uncontrolled and can contain links to external websites, photographs and videos. There are no controls to ensure that inappropriate language is censored or that inappropriate images are blocked.

We found Facebook pages dedicated to (among other topics), advocating the use of illegal drugs, underage drinking, anorexia as a healthy and desirable lifestyle and “sending muslims home”.

When we asked them about these pages, a Facebook spokesperson said:

“Facebook values free speech and enables people to express their feelings about a multitude of topics, even some that others may find distasteful or ignorant. However, when these feelings violate our terms, they will be removed once reported to us.”

Kids “rewarded for contacting strangers”

Games such as “Pet Society” can also present dangers to our kids when using the site. Apart from the privacy concerns of such applications using our kids data to present targetted advertising and invitations to join groups related to their interests, these “cute” games (where users care for a ‘virtual pet’ in cyberspace) encourage interaction with strangers.

Users are encouraged to take their ‘Pets’ to a virtual Cafe, go back to each others ‘houses’ and give gifts to each other pets, which are accompanied by unmoderated and uncensored messages. Each pets house contains a link to it’s owner’s profile, so connecting with the real life person behind the ‘pet’ is further encouraged. Giving gifts and visiting other pets is rewarded with coins which can be spent on game upgrades.

Our kids know not to go with a stranger to their house to see “fluffy little kittens” or “cute little puppies” but by hosting this application on the website, Facebook actually rewards them for doing exactly that. As grownups, we take responsibility for our own actions and know the risks of contact with strangers. Kids only see the cute little fluffy pets, not the potential for abuse that lies behind them.

“No straightforward way to get proof of age”

Creating a Facebook account is easy, requiring only a valid email address. Anyone who can count back 13 from the current year can create an account and start adding their friends, joining groups and playing games with strangers immediately.

Facebook agreed to answer a couple of questions about their policy on underage users and how they enforce the “no under 13′s” rule.

Bearing in mind that pages and groups exist which (among other undesirable topics) advocate the use of illegal drugs, underage drinking, anorexia as a healthy and desirable lifestyle and “sending muslims home”, does Facebook have plans to introduce meaningful age verification systems to ensure that children are unable to access the site?

The Facebook spokesperson replied:

“When users sign up to Facebook, they agree to use the site according to our Statement of Rights and Responsibilities. One of these terms states that users must be over the age of 13 when they join the site and we encourage people to report anyone they think is violating this. They can either do this through the report links on that person’s profile or through the form in our help centre. Anyone that is using the site under the age of 13, as well as users or content that violate any other terms of use, will be removed from the site when reported to us.”

“We have a lot of resources available on our newly redesigned Safety Centre and we have recently invested in a £5 million safety campaign to promote safe interaction online. On Facebook, we also have reporting tools across the site and our users can and do report questionable or offensive content, such as underage users, illegal substances and self harm. We feel we have created one of the safest environments on the web and having the tools to report content and block people gives users far more control over what they are exposed to than over the wider web where no such controls exist.”

If so, how will this be achieved, and if not, why not?

“There is no straightforward way to get proof of age across the web. For young people in particular, it is important that teachers, parents, educators and web services work together to help keep young people safe online and we will continue to invest in tools to keep our users safe. People don’t need to provide proof of age to sign up for a free email address, to buy a pay as you go mobile phone or to register for numerous other services across the internet so this issue is not unique to Facebook. However, the robust reporting infrastructure we have in place on Facebook means that any content that our 400 million active users see that they find offensive or questionable can be reported to us from every page on the site. The trained team of reviewers will then review each report to remove anything that violates our terms. “

So you can report an underage user to Facebook and they’ll remove their profile. That’s great, but what’s to stop them from signing up again within minutes of their profile being deleted? Nothing at all (except a clause in their terms and conditions that says they shouldn’t.)

You can report an offensive group or fan page and it’ll be deleted. Fantastic, but what’s to stop them starting up a similar group immediately? Nothing.

A website like Facebook cannot rely upon it’s user base to police the site for them. By opening their doors to 400 million users they must take at least some responsibility for the safety of those users, including those that seek to circumvent the rules by signing up when they shouldn’t.

The “Honour system” is just not good enough

It is not enough to have a clause in your terms and conditions which simply says “You will not use Facebook if you are under 13″.

Imagine a similar system in pubs and off licenses -”Bottle of vodka please”, “Have you got any ID?”, “No, but I’m 18, honest”, “What’s your date of birth then?”, “erm, what year is it now.. (counts back on fingers)…. erm…. 23rd May 1992?” “Oh, Ok then, that’ll be £15″

Wherever there are rules in place to protect children from inappropriate content or contact, there must be appropriate measures to enforce those rules. Without those measures, the rules are meaningless. Not providing these measures because there’s “no straightforward way” of doing so is a copout. Child protection is not straightforward, but Facebook has generated enough revenue to invest in developing a way, straightforward or otherwise.

“No reason why Facebook could not implement this technology”

We approached online verification service provider NetIDMe to get their reaction to Facebook’s assertion that the technology for “straightforward” age verification doesn’t exist. Founder and CEO of NetIDMe Alex Hewitt told us:

“….we already provide this type of verification service for Social Networking Sites who either only accept minors or wish to prevent minors accessing their site. I do not agree with the comment that there is no straightforward way to get proof of age across the web, indeed the remote gambling industry is required by law in the UK to ensure that users are over 18 when they register and this has been in place for a number of years now. I also see no reason why Facebook could not implement this type of technology.”

Access should be restricted to over 18′s

Alex D, a Scam Detectives reader, said:

As a Foster Carer I know of many occasions where Facebook has been a gateway for abuse and unwanted contact. [Facebook users] should be over 18 with proof of id required to stop fake profiles.

Our appeal to Facebook

At Scam Detectives we believe that even one child hurt, abused or worse because of inadequate measures to prove the age and identity of Facebook users is one too many. We call upon Facebook to implement a MEANINGFUL method of protecting underage kids from inappropriate content, inappropriate contact and real physical danger. Now.

Have your say:

Is Facebook doing enough to stop underage kids from using their website? Should they increase the age limit to “adults only”? Leave us a comment below….

Internet security specialists Sophos have today urged social networking site Facebook to set up an “early warning system” after hundreds of thousands of Facebook users were targetted by a new wave of fake porn video hacking attacks.

Sophos warned users to be on their guard if they receive any messages promising a video of “distracting beach babes”, accompanied by a picture of a scantily clad beauty.

Clicking on the link will result in the user being directed to an application that will prompt them to download a “new version of video software” that will allow the video to play. Downloading the software will install a package that will display advertisements on their computer and automatically spread the link to their online contacts.

Graam Cluley, a senior consultant at the firm said “A simple message appearing on all users’ screens warning them of the outbreak would have helped in halting the attack. Unless something is done, it won’t be surprising if there is another widespread attack this coming weekend, affecting thousands more users”

The latest attack comes hot on the heels of the video tagged as the “sexiest video ever” which masked similar malware.

The simplest advice – Don’t click on links that promise funny vids, insightful quizzes or even the sexiest of bikini clad babes . You won’t go blind, but it could harm your computer.

We received an email at Scam-Detectives HQ this morning from “Twitter Support”, telling us that we have 3 unread messages and urging us to click on a link to retrieve them.

Twitter does not send out emails advising of unread messages, it’s a phishing attempt to get you to enter your password on a fake Twitter login page.

Regular readers will remember that we told you a while ago that hacked Twitter accounts can fetch up to $1,000 (£650) so you need to be on your guard against this type of phishing attack.

NEVER click on links in emails that purport to be from social networks, banks or other websites where access is protected by login details. Go directly to the site in question and log in from there.

We were very concerned this morning at Scam Detectives HQ when we received another round of “Facebook Password Confirmation” emails (containing a nasty Trojan to harvest your passwords/login details). Whilst we’ve seen them before, these were slightly different. They were actually addressed to us by name.

Why is this such a concern?

It’s always been one of the most glaring red flags with virus/scam/phishing emails. The email would be addressed to “Dear Facebook User”, “Dear Online Banking Customer”, “Dear Valued Member”. This immediately betrayed the email for what it was, a mass mailing designed to trick as many users as possible.

By addressing the email to you personally, scammers have removed this first line of defence and made it that little bit harder to spot a scam.

How did they get my name?

They didn’t. What they have done is to develop a mail merge script that takes everything before the “@” sign in your email address and insert it into the body of the email so it appears that it is personal to you.

We’ve had emails this morning addressed to “Dear Charles” (to charles@scam…..co.uk) but we’ve also had them to “Dear Sales” (to Sales@clear…co.uk) & “Dear Info”(to Info@scam….co.uk).

What can I do about it?

You now need to be even more vigilant.

• Never click on a link in an email that asks you to log in to your account
• Never open attachments contained in an email that purports to come from an organisation with which you have a relationship, including your bank, Paypal, Facebook or anyone else for that matter
• Never click on a link that says you’ve received an e-card, or that tells you that your photo has been posted online
• Always report such emails to the organisation they’re posing as by sending a copy to “spoof@YOURBANK.com

Be careful out there!

===============================================================================
We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).

Tweet

]]> http://www.scam-detectives.co.uk/blog/2010/03/19/scammers-get-smarter-every-day-scam-emails-get-personal/feed/ 4