MySpace Scams

Consumer Affairs Minister Tony Robinson yesterday warned people using networking websites they could expose themselves to scams.

“As more and more Victorians join social networking services, they need to be aware that there is an increasing number of con artists taking advantage of the popularity of these services to steal information and money,” Mr Robinson said.

“Frauds can use personal details listed on these sites to personalize their scam attempts.”

Some scammers use personalized emails persuading victims to give out their bank details, making their claims more believable by allowing their victim to view their MySpace, Facebook or Bebo page.

Frauds also use social networking sites to encourage users to unwittingly download spy ware software, which can be used to record online banking passwords.

Mr Robinson said users of social networking sites could protect themselves by only accepting “friend requests” from people they knew and trusted.

Tereca Ford saved herself a lot of heartache, hassle and thousands of dollars by not falling for an Internet scam.

“I listened to my gut,” the aspiring 35-year-old model said in an interview. “The whole thing just didn’t feel right and I called police.

“They told me to cut off all contact with those people and I did.”

Now, a little wiser, the Brantford woman wants to share her close encounter with online scams so that others don’t become victims.

“Everything seemed to be on the up and up,” Ford said Tuesday. “But when I got the (modelling) contract, I and a couple of other people read it over and it got us to thinking.

“It said that once I was on the shoot, the photographer was in control and that I would have to do what the photographer said.”

That set off alarm bells because it raised the possibility of her being forced to pose nude. In all previous online correspondence, Ford was told she would be modelling clothing, such as jeans and jackets.

There were other issues that caused her concern. In one e-mail correspondence, Ford wanted to know the identity of the client, the name of the catalog the shoot was for, as well as the shoot’s time and place.

“But when I asked about when and where the shoot would take place, I never got answers.”

alarm bells

The alarm bells became even louder when she received $3,200 worth of money orders from those associated with the modelling job. “It was supposed to be a $9,000 shoot and I was supposed to get paid $2,000 for it,” she said. “I’d get $1,000 up front and the other $1,000 after it was over.

“When they sent me $3,200 - a lot more than I had expected - I began to wonder why.”

When she enquired about it with her online contact, she was told to cash the money orders, take her cut and send the balance to the studio manager.

The envelope the money orders arrived in also bothered her because the lettering appeared to be Russian or Eastern European.

Suspicious, Ford didn’t cash the money orders. Instead, she called police.

The money orders were fake.

If she had been able to cash them, she may have been responsible for the entire $3,200. Once the fraud was uncovered, she would have had to pay back all the money, including the cash she had forwarded to the studio, which probably couldn’t be traced. She could also face criminal charges.

Ford’s close encounter with the modelling scam began when she wanted to upgrade her MySpace account, which features her picture. She received a message asking her if she was interested in modelling. When she said she was, Ford was asked to provide her name, address, phone number and another photo.

She was also told someone would contact her if she was accepted. Details about payment and what the modelling shoot entailed were also discussed over a series of e-mails.

scams becoming more common

Online scams such as the one Ford became embroiled in are becoming quite common, police say.

The scams usually involve a pretense of a legitimate business transaction involve the purchase and sale of merchandise or a service. Police often see this type of scam used to obtain money from people who are selling cars in want ads or for paying for dance lessons.

One of the hallmarks of the scam that almost ensnared Ford is the targeted victim is always given access to more money than they expected and more than what the service or product is worth. They are then asked to take the money they are owed and send the balance elsewhere, usually through a money forwarding service.

The victim, almost inevitably, has a choice between grabbing some easy cash in what appears to be a good deal or listening to their instincts and backing away.

Police always say that if a deal sounds too good to be true, it probably is - and likely a scam.

Ford, meanwhile, still wants to pursue a modelling career but she’s become even more careful about who she deals with and what she does online.

“This has made me a lot more wary that’s for sure.”

Police arrested a man they say was meeting young girls on MySpace and scamming them.

Because his picture was on TV, Police say they got a tip that led them to Jeff Ipson.

His Scam: he got women to cash bad checks for him, then he took off with their money.

Ipson was arrested Wednesday morning and will face five different charges of theft by deception.

The Mega-D botnet has overtaken Storm Worm as the world’s biggest purveyor of spam, according to Marshal. This news highlights the lax security on some social applications and networking sites - something you can help us defeat!

The Mega-D botnet has surpassed the infamous Storm Worm as the world’s largest source of spam, according to IT security company Marshal. Mega-D, which promotes male sexual enhancement pills such as Herbal King and VPXL, uses emails to trick people into installing the spam product. It now accounts for 32 per cent of all spam, Secure Computing reports.

It also uses news headlines to get people to open the spam, even using the recent death of Australian actor Heath Ledger as a hook. This tactic is similar to that used by the Storm Worm. “[Mega-D] probably started about four months ago and it’s been steadily increasing since then,” said Marshal’s Bradley Anstis.

“It is possible that the individuals behind the Storm botnet are responsible for one or more of these other botnets.” He added that Microsoft had done a good job with its malicious software removal tool that has helped to tackle the Storm Worm. Given the widespread nature of Microsoft’s software and their increasing acquisitions on the internet, it’s nice to see they’ve upped their game and their anti-malware is effective.

Meanwhile, it emerged last month that spam purveyor Sanford Wallace had made $555,000 through a scam on MySpace that pushed users through to porn and gambling sites controlled by Wallace.

While we realise Microsoft aren’t everyone’s favourite firm, compared to the likes of Facebook, Bebo and MySpace, at least they take their security seriously. For the benefit of all the online community, it’s totally worth fighting for better security on third party social applications and social networking sites or going white hat to help application developers to fix loopholes.

If you want to continue to enjoy the internet safe in the knowledge that your privacy isn’t being violated then we really need to encourage companies like Microsoft in this regard and rally round with initiatives like Stopbadware.org.

So how do we fight this together?

We’re just asking you to blog, talk, post on forums, write emails, ‘soft spam’ Facebook by getting all of your friends to set the same status – anything to raise awareness of the lack of privacy present on some social networks and to make it secure. In the words of the great Jerry Springer: “Take care of yourself, and each other.”

After wrapping up his work in the Star Wars saga, Darth Vader settled down in Allentown, Pa. At least, that’s what his MySpace page says.

Actually, there are at least a dozen people on the popular networking site claiming to be the famous villain-turned-hero, which tells us two things: There’s a lot of obvious lying going on and there’s not much being done to discourage it.

Both Facebook and MySpace have rules prohibiting participants from pretending to be someone else. But with droves of users — MySpace alone says it has more than 70 million — neither site is in the business of aggressively policing identity.

And they don’t have to. Sites like MySpace can’t be held liable for the actions of users, according to a ruling last year by a federal judge in Texas. The only time people come close to getting in trouble for using a false identity is when they commit a crime — usually it’s sexual predators stalking kids. But it’s the sex crime that brings charges. Using a fake persona is not a crime.

But soon it could be.

This month, federal officials in Los Angeles revealed they are investigating whether fraud was involved when 13-year-old Megan Meier hanged herself in 2006 after being taunted on MySpace by someone using a fake identity.

The account was linked to a neighboring Dardenne Prairie, Mo., family. Local authorities declined to file charges, saying the circumstances — various people had access to the account — made it difficult to assign blame. Creating the fictional Josh Evans, Megan’s tormentor, was not considered a crime.

The L.A. investigation — in the district that includes Santa Monica, the home of MySpace — is drawing attention across the country and the industry.

At the heart of the Megan Meier incident is a larger issue of honesty on the Internet, and why sitting in front of a computer makes it so easy for some people to stretch the truth, sometimes maliciously.

“It’s just so much easier to pretend to be someone else online. People are very eager to try it out,” said David Whittier, a professor at Boston University’s School of Education. “There’s really nothing wrong with that. In a way, it’s a wonderful thing.”

Unless, he said, it goes too far or is done to hurt someone, as in the Megan Meier case.

“There should be an appropriate penalty for what these people did,” Whittier said. “I’m hoping our civilized societies will work together to develop laws and guidelines to make cyberspace more civilized.”

But that’s where it gets sticky, some experts say. How do you regulate the Internet — a medium that promotes the quick flow of ideas of information — without strangling its creativity?

Catherine Dwyer, a professor at Pace University’s Seidenberg School of Computer Science and Information Systems, doesn’t think it can be done.

Like others, she doubts the Internet will ever be able to guarantee the person on the other end of your digital line is who they say they are. Imagine, she said, the difficulties of forcing every online user to prove their identity when signing up for sites like MySpace.

MySpace has launched a free ad funded mobile version of itself.

MySpace Mobile had primarily been a service based on subscriptions available to Helio and AT&T subscribers until now. However, the new version will work on all the networks in US. MySpace users will be able to carry out the normal functions such as sending and receiving messages and friend requests, searching for friends, updating blogs, posting bulletins and commenting on pictures.

In the initial stages, banners and sponsorships will form the base of the ads. In due course, there will be more focus on targeted advertising and location based ads.

The launch can be seen as an initiative by Fox Interactive to expand the reach of MySpace. Social networking sites are increasingly being banned in educational institutes and work places, and this has prompted users to turn to their mobiles for accessing these sites. In addition, the number of users turning to their mobiles for web access and social network users on the move has increased significantly. MySpace too wants to tap in these users with its free ad funded mobile version. This might not have been possible if the services would have been confined to only Helio and AT&T subscribers.

As companies move to restrict Web surfing at work, more of them are blocking access to MySpace than to Facebook, according to a survey released Wednesday by Web security company Barracuda Networks Inc.

While 44% of companies using Barracuda’s Web filtering technology block access to MySpace, only 26% are doing the same to Facebook, according to an analysis of data contributed by several thousand customers, Barracuda said. While 19% of companies blocked both the sites, half said they block one or the other or both, the analysis showed.

Barracuda also conducted a separate survey of 228 IT security workers. It showed that 53% of businesses restrict Web surfing with automated Web filtering systems and almost two-thirds (65%) expect to enforce Web surfing restrictions in 2008. That would represent a 23% increase in the number of companies doing so. The top two reasons companies cited for enforcing Web surfing restrictions were virus or spyware protection (70%) and employee productivity drain (52%).

More than a third of the companies (36%) pointed to bandwidth concerns, while 28% cited liability issues as prompting them to restrict employee Internet access, the survey noted.

The analysis of the data from the Web filters shows that companies consistently block Web sites with content related to hacking, illegal drugs, intolerance and hate, phishing and fraud, offensive content, terrorism, violence, weapons and spam.

Companies had varying approaches to Web surfing, with 21% actively monitoring employee Internet activity and 6% enforcing time restrictions on employee use of the Internet.

“Businesses are increasingly applying content-control mechanisms to protect their networks and maintain maximum organization productivity,” Dean Drako, president and CEO of Barracuda Networks, said in a statement. “With the changing face of the Internet, companies need the flexibility to continuously monitor and customize Internet policy enforcement while providing their employees optimum use of the Web.”

The week that Skype has announced its big deal with MySpace, the world’s largest social network, it has been hit by a major Trojan virus, the second in just over a month.

Researchers at McAfee have found the Trojan PWS-Pykse, which advertises itself to users as “Skype Defender”. It works by tricking users into executing the malware.

The “Skype Defender” Trojan is classified as an infostealer, according to Skype Security. It appears as a plug-in confirmation window, saying “Skype-Defender(TM) Installed! Please login to your account to apply new plugins”.

If users click “OK”, it beings up what looks like the Skype login screen, although apparently the button design is slightly different.

If a user enters their name and password, they are informed that they have not been recognised, but the malware has collected them by that point ? along with all their other usernames and passwords stored in Internet Explorer.

Skype has issued information about the problem: “To remove the malware, please update your anti-virus software. At this time, we have notified F-Secure, TrendMicro, Symantec, WebSense, and FaceTime Security Labs. For manual removal it is enough to delete the 65404-SkypeDefenderSetup.exe file.”

This is in stark contrast to the bold claims on Skype’s website, that states that “Skype is free of Adware, Spyware and Malware” and goes on to boast: “We will not display unwanted and intrusive advertising, or allow any malware or spyware to operate”.