MySpace Scams

Consumer Affairs Minister Tony Robinson yesterday warned people using networking websites they could expose themselves to scams.

“As more and more Victorians join social networking services, they need to be aware that there is an increasing number of con artists taking advantage of the popularity of these services to steal information and money,” Mr Robinson said.

“Frauds can use personal details listed on these sites to personalize their scam attempts.”

Some scammers use personalized emails persuading victims to give out their bank details, making their claims more believable by allowing their victim to view their MySpace, Facebook or Bebo page.

Frauds also use social networking sites to encourage users to unwittingly download spy ware software, which can be used to record online banking passwords.

Mr Robinson said users of social networking sites could protect themselves by only accepting “friend requests” from people they knew and trusted.

Tereca Ford saved herself a lot of heartache, hassle and thousands of dollars by not falling for an Internet scam.

“I listened to my gut,” the aspiring 35-year-old model said in an interview. “The whole thing just didn’t feel right and I called police.

“They told me to cut off all contact with those people and I did.”

Now, a little wiser, the Brantford woman wants to share her close encounter with online scams so that others don’t become victims.

“Everything seemed to be on the up and up,” Ford said Tuesday. “But when I got the (modelling) contract, I and a couple of other people read it over and it got us to thinking.

“It said that once I was on the shoot, the photographer was in control and that I would have to do what the photographer said.”

That set off alarm bells because it raised the possibility of her being forced to pose nude. In all previous online correspondence, Ford was told she would be modelling clothing, such as jeans and jackets.

There were other issues that caused her concern. In one e-mail correspondence, Ford wanted to know the identity of the client, the name of the catalog the shoot was for, as well as the shoot’s time and place.

“But when I asked about when and where the shoot would take place, I never got answers.”

alarm bells

The alarm bells became even louder when she received $3,200 worth of money orders from those associated with the modelling job. “It was supposed to be a $9,000 shoot and I was supposed to get paid $2,000 for it,” she said. “I’d get $1,000 up front and the other $1,000 after it was over.

“When they sent me $3,200 - a lot more than I had expected - I began to wonder why.”

When she enquired about it with her online contact, she was told to cash the money orders, take her cut and send the balance to the studio manager.

The envelope the money orders arrived in also bothered her because the lettering appeared to be Russian or Eastern European.

Suspicious, Ford didn’t cash the money orders. Instead, she called police.

The money orders were fake.

If she had been able to cash them, she may have been responsible for the entire $3,200. Once the fraud was uncovered, she would have had to pay back all the money, including the cash she had forwarded to the studio, which probably couldn’t be traced. She could also face criminal charges.

Ford’s close encounter with the modelling scam began when she wanted to upgrade her MySpace account, which features her picture. She received a message asking her if she was interested in modelling. When she said she was, Ford was asked to provide her name, address, phone number and another photo.

She was also told someone would contact her if she was accepted. Details about payment and what the modelling shoot entailed were also discussed over a series of e-mails.

scams becoming more common

Online scams such as the one Ford became embroiled in are becoming quite common, police say.

The scams usually involve a pretense of a legitimate business transaction involve the purchase and sale of merchandise or a service. Police often see this type of scam used to obtain money from people who are selling cars in want ads or for paying for dance lessons.

One of the hallmarks of the scam that almost ensnared Ford is the targeted victim is always given access to more money than they expected and more than what the service or product is worth. They are then asked to take the money they are owed and send the balance elsewhere, usually through a money forwarding service.

The victim, almost inevitably, has a choice between grabbing some easy cash in what appears to be a good deal or listening to their instincts and backing away.

Police always say that if a deal sounds too good to be true, it probably is - and likely a scam.

Ford, meanwhile, still wants to pursue a modelling career but she’s become even more careful about who she deals with and what she does online.

“This has made me a lot more wary that’s for sure.”

Police arrested a man they say was meeting young girls on MySpace and scamming them.

Because his picture was on TV, Police say they got a tip that led them to Jeff Ipson.

His Scam: he got women to cash bad checks for him, then he took off with their money.

Ipson was arrested Wednesday morning and will face five different charges of theft by deception.

The Mega-D botnet has overtaken Storm Worm as the world’s biggest purveyor of spam, according to Marshal. This news highlights the lax security on some social applications and networking sites - something you can help us defeat!

The Mega-D botnet has surpassed the infamous Storm Worm as the world’s largest source of spam, according to IT security company Marshal. Mega-D, which promotes male sexual enhancement pills such as Herbal King and VPXL, uses emails to trick people into installing the spam product. It now accounts for 32 per cent of all spam, Secure Computing reports.

It also uses news headlines to get people to open the spam, even using the recent death of Australian actor Heath Ledger as a hook. This tactic is similar to that used by the Storm Worm. “[Mega-D] probably started about four months ago and it’s been steadily increasing since then,” said Marshal’s Bradley Anstis.

“It is possible that the individuals behind the Storm botnet are responsible for one or more of these other botnets.” He added that Microsoft had done a good job with its malicious software removal tool that has helped to tackle the Storm Worm. Given the widespread nature of Microsoft’s software and their increasing acquisitions on the internet, it’s nice to see they’ve upped their game and their anti-malware is effective.

Meanwhile, it emerged last month that spam purveyor Sanford Wallace had made $555,000 through a scam on MySpace that pushed users through to porn and gambling sites controlled by Wallace.

While we realise Microsoft aren’t everyone’s favourite firm, compared to the likes of Facebook, Bebo and MySpace, at least they take their security seriously. For the benefit of all the online community, it’s totally worth fighting for better security on third party social applications and social networking sites or going white hat to help application developers to fix loopholes.

If you want to continue to enjoy the internet safe in the knowledge that your privacy isn’t being violated then we really need to encourage companies like Microsoft in this regard and rally round with initiatives like Stopbadware.org.

So how do we fight this together?

We’re just asking you to blog, talk, post on forums, write emails, ‘soft spam’ Facebook by getting all of your friends to set the same status – anything to raise awareness of the lack of privacy present on some social networks and to make it secure. In the words of the great Jerry Springer: “Take care of yourself, and each other.”

With an increase in the number of phishing-related Web sites popping up on the Internet, protecting personal and financial information is becoming more of a challenge.

The scam occurs when an e-mail is sent by a hacker pretending to be from a business or bank and instructs the reader to click on a link that leads to a counterfeit Web site of the business. Upon clicking that link, the reader is asked to provide sensitive information, such as account or Social Security numbers.

The scam continues to evolve and improve. One of the more recent developments is the inadvertent downloading of information-stealing “crime-ware” onto your computer once the link in the phishing e-mail has been clicked, according to the Anti-Phishing Working Group, which includes hundreds of banks, online retailers, technology companies and government agencies and works to spread the word against phishing.

Other recent phishing attempts have involved the Internal Revenue Service. In some of those scams, an e-mail was sent during tax season and instructed the reader to click on a link to receive a refund. The link sent readers to a Web site that looked identical to the IRS site, where they were instructed to provide their Social Security number and credit and bank account numbers.

A computer worm in 2006 took over pages on the social networking Web site MySpace. The worm altered links to direct surfers to sites that were designed to steal login information.

According to computer security company McAfee, the top brand that is exploited by phishing scams is PayPal, at 45 percent, followed by eBay at 27 percent. The most common phishing subject line, according to McAfee, is “Question from eBay Member regarding Item.”

While the number of phishing Web sites has increased, there is a silver lining to this scam: The United States is actually now second in the world in the number of phishing scams reported, slightly behind China — by 1 percent. In addition, the number of days phishing Web sites are up and illicitly collecting information has decreased from nearly a week in October 2004 to 3.6 days by July 2007, according to the Anti-Phishing Working Group.

A million US victims lost “billions of dollars” to email phishing scams in the past two years, new research has warned.

According to Consumer Reports’s latest State of the Net survey, American consumers lost more than $7 billion over the last two years to viruses, spyware, and phishing scams.

Additionally, the survey shows that consumers face a one in four chance of succumbing to an online threat, a number that has slightly decreased since last year.

The number of consumers responding to email phishing scams has remained constant at eight per cent. The research projects that one million US consumers lost billions of dollars over the past two years to such scams.

The study went on to warn that many underage youngsters are at risk on social networks such as MySpace and Facebook. In households surveyed with minors online, 13 per cent of the children registered on MySpace were younger than 14, the minimum age the site officially allows, and three per cent were under 10. And those were just the ones the parents knew about.

Based on the survey, Consumer Reports projects that problems caused by viruses and spyware resulted in damages of at least $5 billion over the past two years.

The poll was conducted by the Consumer Reports National Research Center among a nationally representative sample of more than US 2,000 households with internet access.

Based on survey projections, computer virus infections prompted an estimated 1.8 million households to replace their computers in the past two years and 850,000 households to replace computers due to spyware infections in the past six months.

Additionally, 33 per cent of survey respondents did not use software to block or remove spyware. And the study projects that 3.7 million US households with broadband remain unprotected by a firewall.

Researchers are warning of a widespread MySpace drive-by exploit attack meant to compromise machines so more profitable phishing schemes remain successful.

MySpace users become infected when they visit a profile page containing malicious JavaScript and then are silently redirected to an Internet Explorer exploit, which was patched in April.

The exploit installs a common proxy network bot, known as a flux bot, which is used to hide phishing sites behind constantly changing proxy servers, Ullrich explained. The cybercriminals, in other words, use their newly compromised PCs to hide the tracks of unrelated phishing scams targeting banks and other financial institutions.

“It’s lends some secrecy to the scam and it makes it harder to shut down,” he said. “Now, the actual machine (the victim) is connected to get to the phishing site changes by the minute. You can’t easily block them. It’s not that obvious.”

The botnets are also being used to send spam, Ullrich said.

Potentially thousands of MySpace pages could be infected with the malicious worm, but the infected profiles are “being shut down really quickly,” he said.

A spokesperson for MySpace, which has more than 100 million members, could not be reached for comment.

Ullrich said cyberthieves traditionally tailor their worms for MySpace and other social networking sites because of the younger demographic that use them.

“It has a lot of non-technical users who do not patch their browsers,” he said. “People are not that careful. They may visit MySpace thinking [it’s] a big a company and not realising the content of the pages comes from the average user.”

MySpace has been the victim of a number of attacks over the past year. Vincent Weafer, head of Symantec’s Global Security Response, said MySpace users are often easily fooled into giving up their credentials.

“If I can get into your trusted group, I may be able to get information out of you,” he said.

Colin Whittaker of Google’s Anti-Phishing Team wrote on the company’s security blog recently that many users are tricked into giving their usernames and passwords so crooks can send spam from their account or – worse – use that same log-in information to access their bank accounts.

written by: Dan Kaplan

Have you seen the Tractor Supply Company commercial about the free puppy?

A man says “My neighbor gave my daughter a puppy,” and then describes how they’re now buying toys, food, dishes, etc. The actor smiles and says “It’s like my dad always said: there’s no such thing as a free puppy!”

Well, this couldn’t be closer to the truth when it comes to the latest Nigerian ‘email’ scam: pets. Even worse, this genre of scam is rearing its ugly head on MySpace.

The American Kennel Club and the Council of Better Business Bureaus issued a joint press release on May 29th regarding this situation. A victim in Pittsburgh has described her experience in news stories in the LA Times and on WTAE Channel 4 Action News.

Here is an example ad that has been determined to be fraud by the Council of Better Business Bureaus.

“Lovely English bulldog puppy needing a loving and caring home, full of wrinkles, she is up to date on all her shots. Fine with kids and other pets, AKC and will come along with all her papers and toys, she will make the best house pet, will bring much love and joy to your home or family. Contact for more if you want to add her to your family.”

Chances are, there will be pictures included.

The rest of the scam goes like this:

1. There are shipping fees to get the puppy to the US (usually a couple of hundred dollars). You will be asked to wire these funds.

2. The seller will inform you they can’t ship the puppy because apparently there are also shots that are required for international travel. You will be asked to wire these funds.

The list goes on. The money flows out. And the dog? It doesn’t exist.

Written By Tina Parcell