Scam Detectives » Viruses & Malware

QR Codes-Business Opportunity or Criminal Abuse?

admin — Thu, 12 Jan 2012 14:35:16 +0000

Caution has been urged by Security Experts over the increasing use of QR Codes on smartphones, claiming that they could become a likely target for hackers and malicious users actively seeking to steal your personal data.

The strange black squares that have been cropping up in increasing numbers in magazines and newspapers; on posters, tickets and websites are likely to become even more commonplace in 2012 with many companies utilising them in increasing numbers.

However, presuming they are harmless could be playing into the hands of cyber criminals.

According to a recent study around 50% of the 1,200 consumers surveyed interacted with a QR code when they saw one, with 21% then going on to share personal information.

Curiosity and information-gathering were the primary reasons for wanting to scan a code, and the promise of discounts and special offers seemed to be the most effective way to generate interest.

A QR matrix barcode can store alphanumeric characters in the form of text or URLs – all you need to “visualise” such a code is a smartphone with a camera and a QR reader application to scan it.
The code would typically direct you to a website, however, it can also promote online videos, send text messages and e-mails, or install and launch apps.

Fast, easy and very popular, QR codes are clearly a convenient way to stay informed anytime, anywhere. But the downside is that you often don’t know the content of a QR code until you scan it.

For this very reason you should take the same degree of care when scanning a QR code as you would when downloading an unknown file on the internet.

Cyber-attackers might use these codes to redirect you to malicious websites that ask you to download applications that may be infected with malware.
These, in turn, could:
Make your calendar, contacts and credit card information (if you shop or bank online using your smartphone) visible to cybercriminals.

Attempt to steal your Google or Facebook password – many apps are integrated with various social networks.

As a result, some users may enter their information without suspecting that it is being sent to an illegitimate source.

Track your location.

Install keylogging software.

Send an SMS to a premium number, racking up your phone bill.

“Jailbreak” a device and distribute additional malware.

Redirect users to malicious applications.

So if you care about your mobile security, you’d be wise to stay away from malicious QR codes!

One notable attack via QR code took place in Russia in 2011, and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” started to send a series of expensive text messages (which cost £4 each), racking up unwanted charges.

This is just one of the ways malicious users can take advantage of these codes in order to gain control over a smartphone, so it goes without saying that users should take particular care of what they’re scanning and be aware of what they’re expecting to find.

So how can you spot and avoid malicious QR codes:

1. Educate children on the nature of QR codes – with many youngsters now sporting smartphones it could be all too tempting for them to scan these codes simply out of curiosity, which could leave them at risk of attacks similar to those described above. Better yet, installing a mobile security suite can help protect them against hidden threats, offering you significant peace of mind.

2. Use a mobile QR code-/barcode-scanning app that previews URLs. Avoid scanning suspicious codes and links that don’t seem to match the ads they’re incorporated in; also avoid shortened links.

3. Don’t scan QR codes in the form of stickers placed randomly on walls or billboards. QR codes can be generated by anybody and placed in public places with the intention of peaking an individual’s curiosity, and unless the message gets out there that these may not all be from legitimate sources, scammers will look to take advantage of this relatively new technology to further their own ends.

4. Be extra careful if your smartphone works on the Android mobile operating system. Android is an open platform, which means that its source code can be examined by criminals and exploited more easily when they find a weakness in, for example, the Android browser. That’s why most malicious apps transmitted via QR codes target the Android-based smartphones. So, make sure your Android browser is always up-to-date and only scan QR codes from trusted sources.

5. Be particularly wary of QR codes that are linked to monetary and transaction services – these direct links to money are typically prioritised by malicious third parties when choosing how and where to attack.

6. Consider installing a mobile security app.

So be careful out there folks; the world of technology is rapidly evolving, mostly for the better, but we must remain fully aware of possible misuses and abuses & apply our common sense whenever possible…

Norman Feiner, Managing Director – SimplyFone Ltd

(Idea for Blog, Source: Comms Business)

About SimplyFone Ltd

Simply-Fone was established to provide competitive telephone services to UK Businesses & Residential Clients…

For over 20 years we have been providing low-cost, innovative, cost-effective telephony solutions to residential and business customers in the UK and beyond.

Today, Simply-Fone is one of the fastest growing telecom companies in the UK and a recognised brand name with a loyal customer base and a wide range of reliable and competitive products on offer.

Our mission is to provide home and business users superb value but without compromising on quality.

We offer amongst the lowest phone rates and line rentals in the UK

Simply-Fone currently provide telecoms solutions to 1000′s of home & office users and are a UK leader in the provision of low-cost international call services from mobiles and landlines with 100,000′s of regular users.

UPS virus emails with a twist!

admin — Mon, 28 Mar 2011 14:46:17 +0000

We warned readers a while ago to be aware of emails from UPS/DHL/Parcelforce advising that a parcel could not be delivered and asking you to either download a “shipping invoice” or click on a link to track your parcel. The link/attachment contained a variety of nasties and readers were advised to delete the email without clicking the link or opening the attachment.

Today, we received this variant:

From: UPS Shipments

Dear client
Your package has arrived.
The tracking# is : 237UPS374628463428 and can be used at :
http://www.ups.com/[link removed]
The shipping invoice can be downloaded from :
http://www.ups.com/[link removed]

Thank you,
United Parcel Service

*** This is an automatically generated email, please do not reply ***

In a clever twist, the scammers have inserted a link to the genuine UPS tracking website. The tracking number is bogus, but their hope is that, having clicked on the first link and arrived at the genuine site (and found the tracking number to be incorrect), you will click on the second link to get the “shipping invoice” and find out what’s happened to your parcel. It’s this second link that will result in nasties being downloaded to your computer.

Never click on links in emails of this nature. If UPS (or any other courier) has attempted to deliver a parcel, they’ll put a note through your door asking you to re-arrange the delivery. They will not email you.

Scam Detectives – Facebook friend to the stars?

admin — Tue, 08 Jun 2010 14:29:23 +0000

Move over Brad – Angelina wants to be my friend….

Wow! Hollywood star and Mrs Brad Pitt Angelina Jolie wants to be my friend on Facebook!
For those who can’t see the image, the text reads:

Hi,
The following person invited you to be their friend on Facebook:
Angelina Jolie
Invite sent:
Tue, 8 Jun 2010 17:15:33 +0200

Facebook is a great place to keep in touch with friends, post photos, videos and create events. But first you need to join! Sign up today to create a profile and connect with the people you know.
Thanks,
The Facebook Team

Now, I’d love to think that Angelina really wanted to connect with me on Facebook, (although Mrs C probably wouldn’t be too happy about it…) but let’s face it, why would she?

The link at the bottom, which ostensibly directs you to Facebook, actually leads to an online pharmacy selling Viagra and other “enhancing” medications, along with a nasty bit of malware that would allow hackers to take control of your PC and harvest your personal details.

Remember:

Facebook friend requests show up on your profile. If you receive an email including a friend request, then log in to Facebook.com and accept it that way. DO NOT click on the link in the email.

If you don’t already have a profile on Facebook (Hi Mom!) and a friend invites you to join, go to Facebook.com and create your account. DO NOT click on the link in the email.

If a major Hollywood celebrity wants to be your friend on Facebook (and you don’t usually bask in the company of the stars) then the chances are it’s a fake profile or a phishing attempt. DO NOT click on the link in the email.

And finally

Just for good measure – DO NOT click on the link in the email.

Scareware virus alert

admin — Wed, 26 May 2010 14:42:38 +0000

Windows Security Center Alert

The screenshot above is from an email urging us at Scam Detectives HQ to download “Spyware Remove” because:

Windows has detected an internet hack attempt

Someone’s trying to infect your PC with spyware or harmful viruses

Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware

This is a “Scareware” email which hopes to frighten you into downloading malware to your computer. Nobody has tried to hack into your computer (yet) but they may do if you download the file suggested

Antivirus failed to pick up the email as a virus attempt and it made it through my spam filter.

A quick Google search identifies the most likely virus contained in this attack as the “Vundo” virus, which can result in degradation of your computer’s performance as well as denial of service to such sites as Google and Facebook. It hides well from antivirus scans and has been known to attack anti malware solutions by removing essential components.

If you have been infected, our friends at Bleeping Computer have some great tips on how to remove it.

UPDATE 2nd June 2010: We received another of these today, with a new picture and wording.

For screen readers the text reads: Your computer is infected by spyware – 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate Realtime secure protection against future intrusions.

Facebook Porn. It won’t send you blind but could harm your computer

admin — Tue, 25 May 2010 09:48:28 +0000

Internet security specialists Sophos have today urged social networking site Facebook to set up an “early warning system” after hundreds of thousands of Facebook users were targetted by a new wave of fake porn video hacking attacks.

Sophos warned users to be on their guard if they receive any messages promising a video of “distracting beach babes”, accompanied by a picture of a scantily clad beauty.

Clicking on the link will result in the user being directed to an application that will prompt them to download a “new version of video software” that will allow the video to play. Downloading the software will install a package that will display advertisements on their computer and automatically spread the link to their online contacts.

Graam Cluley, a senior consultant at the firm said “A simple message appearing on all users’ screens warning them of the outbreak would have helped in halting the attack. Unless something is done, it won’t be surprising if there is another widespread attack this coming weekend, affecting thousands more users”

The latest attack comes hot on the heels of the video tagged as the “sexiest video ever” which masked similar malware.

The simplest advice – Don’t click on links that promise funny vids, insightful quizzes or even the sexiest of bikini clad babes . You won’t go blind, but it could harm your computer.

Scammers get smarter every day – Scam emails get personal

admin — Fri, 19 Mar 2010 09:46:43 +0000

We were very concerned this morning at Scam Detectives HQ when we received another round of “Facebook Password Confirmation” emails (containing a nasty Trojan to harvest your passwords/login details). Whilst we’ve seen them before, these were slightly different. They were actually addressed to us by name.

Why is this such a concern?

It’s always been one of the most glaring red flags with virus/scam/phishing emails. The email would be addressed to “Dear Facebook User”, “Dear Online Banking Customer”, “Dear Valued Member”. This immediately betrayed the email for what it was, a mass mailing designed to trick as many users as possible.

By addressing the email to you personally, scammers have removed this first line of defence and made it that little bit harder to spot a scam.

How did they get my name?

They didn’t. What they have done is to develop a mail merge script that takes everything before the “@” sign in your email address and insert it into the body of the email so it appears that it is personal to you.

We’ve had emails this morning addressed to “Dear Charles” (to charles@scam…..co.uk) but we’ve also had them to “Dear Sales” (to Sales@clear…co.uk) & “Dear Info”(to Info@scam….co.uk).

What can I do about it?

You now need to be even more vigilant.

Never click on a link in an email that asks you to log in to your account
Never open attachments contained in an email that purports to come from an organisation with which you have a relationship, including your bank, Paypal, Facebook or anyone else for that matter
Never click on a link that says you’ve received an e-card, or that tells you that your photo has been posted online
Always report such emails to the organisation they’re posing as by sending a copy to “spoof@YOURBANK.com

Be careful out there!

===============================================================================
We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).

Scam Detectives Live! – Online chat with BT Tradespace & Paypal

admin — Thu, 11 Mar 2010 13:44:11 +0000

We were pleased to be invited to take part in a live chat by BT Tradespace this lunchtime, along with the lovely Aline from Paypal.

We talked about safe online shopping, fake designer goods, keeping your kids safe online, viruses & malware and “phishing” scams.

The full transcript is below:

Stay safe online

If there’s anything you’d like to know that we didn’t cover in the live chat, please feel free to drop us a line

Has someone sent you an e-card?

admin — Thu, 18 Feb 2010 16:28:20 +0000

Sending someone an e-card can be a nice gesture and can be environmentally friendly

There are loads of legitimate e-card sites out there, which will help you to send your e-cards without incident.

Unfortunately, there’s also a load of viruses that are transmitted disguised as e-cards.

We received this email a couple of minutes ago

You have received an e-card

To pick up your eCard, click on the following link (or copy & paste it into your web browser):

http://kamien-grabica.**.**/ecard.exe (LINK DISABLED)

Your card will be aviailable for pick-up beginning for the next 30 days.

This one links to e-card.exe, a nasty little virus which has been reported to cause some machines to display the “Blue screen of Death” and refuse to boot in anything but safe mode.

So how do I tell if someone really has sent me an e-card?

If there’s no name on the email and it just says “Someone sent you an e-card” then delete it. A legitimate e-card site will tell you who has sent the e-card.

Email your friend (using the email address in your contacts, not the one from the email) to ask them if they really did send you an e-card. Explain nicely that you’re wary of opening e-cards because you’ve heard that some of them contain viruses. If you get a response saying “Yes, I sent it”, then you know it’s for real. If they respond “Hey, nice to hear from you, but it wasn’t me” then you can safely delete the email without fear of offending anyone!

Fake Microsoft Virus Warning – “Conficker Worm”

admin — Wed, 17 Feb 2010 10:57:51 +0000

This little gem is quite clever. It relies on a few things

That you will trust an email from Microsoft
That you will have heard of the “Conficker Worm” which is a real virus
That you will believe that your ISP will have notified Microsoft that your network is infected, rather than advising you directly

Dear Microsoft Customer,

Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

Rather than containing software to repair the infection, the attachment itself contains malware which will infect your machine. Delete the email immediately.

Points to remember

Microsoft would not contact you directly to warn of a virus infection
Even if they did, they wouldn’t send you the software to delete it
Your ISP would not advise Microsoft of a virus infection on your network. If they picked it up at all (which is doubtful) they would advise you directly
You should NEVER open an attachment sent to you by email unless you are expecting it and trust the source

Facebook Password Reset Confirmation! Customer Support.

admin — Mon, 08 Feb 2010 15:36:34 +0000

Yet another attempt to trick you into downloading a virus. The attached zip file doesn’t contain a new Facebook password, it’s another virus!

Delete the email immediately, do not open the attachment!

Remember:

If you didn’t request a password reminder from Facebook, then they would have no reason to send you one
Even if you did, they wouldn’t send it as an attachment

If you’ve forgotten your Facebook password, go to the Facebook home page and click “forgotten password”. They’ll send you a reset code to your registered email address that you’ll have to enter to reset your password.

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.