Be warned, there's some nasties out there !

Hi

Another "nasty" arrived in a friend's mailbox yesterday.

The e-mail read:


I've disabled the link and confirmed that it is a recognised "nasty" but thought you might like to see what our Nigerian friends are getting up to these days

Ron
Fuller details here:
https://isc.sans.org/diary.html?storyid=4946

Ron,

I believe the City of London Police or the Met are still welcoming these emails (one's from Nigeria and the like) as they have a major on going operation into this.

Cheers
Andy

 

Ron,

I believe the City of London Police or the Met are still welcoming these emails (one's from Nigeria and the like) as they have a major on going operation into this.

Cheers
Andy
Andy,

This particular scam is already known in security circles, it dates back to 2007. The wording changes, the one Ron's friend received first surfaced in August 2008.

PeterG

 

Yeah I know Peter but I was under the impression before I left that they wanted all emails forwarded to them as the ISP's keep changing and it was all part of a evidence gathering exercise.

I'm no IT expert so I maybe wrong-If anyone is that bothered their local force should have an appointed 'IT guru type' that should have the details of where to send them if the Op is still on going.

Cheers

 

Nice one ref the links Adam, I had enough trouble figuring out the Anti-Social Behaviour let alone computer stuff

 

This particular scam is "shady" rather than "nasty" but I thought that forum members would like to be warned.

I've got a very large e-mail folder under the title of "Scams or Suspicious" and this particular sender's address keeps on popping up.

If you receive an e-mail sent by:

Plaza Neptuno, local #7
Via ricardo J Alfaro, Tumba Muerto
Panama Ciudad
Republica de Panama

DONT click on any links !

This includes their latest offering regarding GOOGLE Earth.

To read more about this scam simply paste the address into a search engine, adding the word "scam", then take your pick.
This site is as good as any: Suspicious e-mails - Urban Legends


Cheers !

Ron

 

Its me again with another nasty just received

This one looks like this:

Security Center Advisory!
PayPal is constantly working to ensure security by screening accounts daily in our system. We recently reviewed your account, and we need you to verify information to help us provide you with secure service.Until we can collect this information, your access to sensitive account features will be limited or terminated. We would like to restore your access as soon as possible, and we apologize for the inconvenience
Why is my account access limited?

Your account access has been limited for the following reason(s):

June 09, 2009: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have placed limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection

.
Then follows a link that says "Click here to remove access limitations"

Do NOT click on that link

There are lots of sites around that report on scams like this, here's one of them:
» PayPal scam email » Xavier Media Blog

 

Another nastie in my Junk Mail postbag this morning:

Disarmed by me and shown just to warn others,

Ron

----- Original Message ----- From: BT
Sent: Saturday, January 23, 2010 7:38 PM
Subject: IMPORTANT: Alert About Your BT Account!





Dear Customer,
This e-mail has been sent to you by BT Internet to inform you that we were unable to process your most recent payment of bill. This might be due to either of the following reasons:

1. A recent change in your personal information. (eg: billing address, phone)
2. Submitting incorrect information during bill payment process.

Due to this, to ensure that your service is not interrupted, we request you to confirm and update your billing information today by clicking here (This has been disarmed)

If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.

Regards,
BT
Billing Department


Thanks for your co-operation.

Accounts Management As outlined in our User Agreement, BT (r) will
periodically send you information about site changes and enhancements.

 

Well spotted, Ron. More on that particular BT scam here Confirm & Update Your Billing Information. - BT Phishing Scams - MillerSmiles.co.uk

 

I read my email through Yahoo Mail. They're so effective in filtering rubbish that I get only a couple of" interesting" emails like those per week. I have to look into their bustbin to see if they threw away any legitimate mail, which sometimes happens

 

Just received an e-mail purporting to be from Adobe Reader offering an update.

Although I am an Adobe user, something smelt fishy about it so I Googled "Adobe Reader Scam" and this popped up on the official Adobe site:


It has come to Adobe’s attention that email messages purporting to offer a download of a new version of Adobe Reader have been sent by entities claiming to be Adobe. Many of these emails are signed as “Adobe Acrobat Reader Support” (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf.
The Adobe Reader is free software available for download directly from the Adobe Reader download page on the Adobe website at Adobe - Adobe Reader download - All versions; it is not available in any other manner via download, including via email.
Customers receiving one of these emails should delete the email immediately without clicking on any of the links.


You have been warned !
Ron

 

Best to ignore anything which asks you to confirm your details or anything which asks you to "click on the link" , it could take you anywhere or something which asks you to download security features or invites you to have them check yours.
( You can bet your bottom $ they will find serious security threats and will ask you to buy something from them to clean it up.)

 

Thanks Ron for the warning. What amazes me is that depite all the publicity these scams are highly profitable and people continue to fall for them.
Suckers Victims lost $9.3 billion to 419 scammers in 2009

 

We have noticed quite a rise in phoney sites pretending to be "Windows Security Center" "AVG Antivirus" and "Firefox Update". They look very very convincing and usually fire off after clicking on an image from Google image search.

They run inside a firefox window and look as if they are doing a quick scan of your computer. They then "find" viruses and suggest you try their free antivirus. All these things we have seen before. Clicking either the accept or cancel buttons downloads the file... the new twist is that usually you can click on the red "X" in the top right of the window to close the accept/cancel box without pressing either of the fake buttons.

The clever (hateful) twist is that the red X button (Windows close button) has been hijacked and that too downloads whatever file the hacker wanted you to be infected with.

The only thing you can do is use Task Manager to close your Browser...

But beware if you only have one tab open. The next time you open Firefox (or whatever), it may relaunch the last tab that was opened, thus taking you back to the hackers page.
The way round this is to start Firefox in "Safe Mode" (I dont think Internet Explorer starts that way so it should be ok)

Did I ever mention I hate hackers?!?

Andy

 

To all forum members.

Please take note & be warned !!!!!!!

The latest scam that arrived in my postbag today seemed too good to be true and of course.... it was !

This is what the e-mail said (I have replaced the link with a row of Xs)
　
Tax Refund Notification
After the last annual calculations of your fiscal activity, we have determined that you
are eligible to receive a tax refund of 988.50 GBP. Please submit the tax refund
request and click here by having your tax refund send to your bank account in due time
Please Click Here xxxxxxxxxxxxxto have your tax refund to your bank account, your tax refund will be sent to your bank account in due time take your time to go through the bank we have on our list
Note : A refund can be delayed a variety of reasons, for example submitting invalid
records or applying after deadline.

Best Regards

HM Revenue & Customs
　
I did my usual of GOOGLING with HM Revenue & Customs scam, which threw up quite a few results, the best of which was one from the Revenue Department itself.

HM Revenue & Customs: HM Revenue & Customs related phishing examples

Just thought I'd pass it on.

Ron

 

Thanks Ron

There was a warning about this on the BBC last January:
BBC News - Warning over tax return deadline e-mail 'phishing' scam

Unfortunately the scam seems to be still going strong.

Peter

 

Anything which asks you for information or ask you to click on a link to confirm details which a bank already holds or to claim money should be avoided like the plague, H.M. Inspector of Taxes does not do emails to give you money back !!!!

 

Here's a perfectly honest scam:

If you want to donate £1000 quid to Za free of charge, click here!

 

While most go to my junk mail I usually see them in the reader and the big give away is usually the spelling. There is even one in Ron's latest.

 

Do any of you use Trip Advisor ?

I confess that it is my first port of call if visiting a strange city and I have been using it for years.

I was disturbed to receive the following letter from them and yes.......... it is not a scam as I have already checked it out.


To our travel community:
This past weekend we discovered that an unauthorised third party had stolen part of TripAdvisor's member email list. We've confirmed the source of the vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement. How will this affect you? In many cases, it won't. Only a portion of all member email addresses were taken, and all member passwords remain secure. You may receive some unsolicited emails (spam) as a result of this incident. The reason we are going directly to you with this news is that we think it's the right thing to do. As a TripAdvisor member, I would want to know. Unfortunately, this sort of data theft is becoming more common across many industries, and we take it extremely seriously. I'd also like to reassure you that TripAdvisor does not collect members' credit card or financial information, and we never sell or rent our member list. We will continue to take all appropriate measures to keep your personal information secure at TripAdvisor. I sincerely apologise for this incident and appreciate your membership in our travel community. Steve Kaufer
Co-founder and CEO