June 2012 - Posts

Fri, Jun 22 2012 18:52

Dear Facebook….

How do I say this nicely…. No I will NOT give you $7.34AUD to “promote” a post.

image

Posted by sandi with 2 comment(s)
Filed under:
Fri, Jun 22 2012 16:41

Will I succumb to temptation???

image

 

Ok, so I checked out the link (only from within an isolated VM, and after checking out what the URL will do using analytical tools – don’t try this at home boys and girls).

For what it’s worth, you end up at a survey or prize win page which changes depending on what country you’re in.

As a related point of interest – the Microsoft Machine Learning Department reckons that scam emails are actually designed to seek out “stupid people” (news.com.au’s words, not mine, so please don’t yell at me).  Apparently stupid mistakes and “far fetched tales of West African riches” in scam emails are a “cost effective way of weeding out intelligent people, leaving only the most gullible to hit”, and “Since his attack has a low density of victims, the Nigerian scammer has an over-riding need to reduce the false positives. By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select, and tilts the true to false positive ration in his favour.

Gotta admit, it makes sense.

news.com.au report: http://www.dailytelegraph.com.au/solved-why-email-scammers-say-theyre-from-nigeria/story-fn6b3v4f-1226404709419

Microsoft Machine Learning Department report: http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf

Posted by sandi with 1 comment(s)
Filed under:
Fri, Jun 22 2012 12:02

Scareware makes it way to mobile devices…

image

 

Well, I suppose it had to happen sooner or later
http://krebsonsecurity.com/2012/06/beware-scare-tactics-for-mobile-security-apps/

 

Image source: krebsonsecurity

 

According to Brian’s article, the advertisement linked to in the overlay image (now gone, apparently) was hosted by mobilevisitor.org – that domain is reported as new, having been created on 6 June 2012, and with its ownership hidden behind WhoisGuard.

There are seven websites at the same IP address:

mobfreebies.com – created 19 June 2012, WhoisGuard protected
mobgifts.org – created 11 June 2012, WhoisGuard protected
mobilevisitor.org – created 5 June 2012, WhoisGuard protected
mobprizes.com – created 27 May 2012, WhoisGuard protected
mobrewards.org – created 7 June 2012, WhoisGuard protected
newnotice.org – created 14 June 2012, WhoisGuard protected
rewardstoday.org – created 9 June 2012, WhoisGuard protected

 

I would recommend those domains be treated with extreme caution.

Posted by sandi with 1 comment(s)
Filed under: ,
Thu, Jun 21 2012 12:26

Fake Intuit email…

As you will see, the hyperlinked words “enter this site” do not take you to an Intuit website.

image

Posted by sandi with no comments
Filed under:
Sat, Jun 16 2012 8:17

Fake Verizon Wireless emails

As always, please don’t click on the links.

image

image

Posted by sandi with 1 comment(s)
Filed under: ,
Sat, Jun 16 2012 8:13

Fake UPS email

Don’t click on the links!

image

Posted by sandi with no comments
Filed under: ,
Thu, Jun 14 2012 16:09

IE7 being blocked by kogan.com

image image

 

I do understand the sentiment – IE7 is long superseded, with IE9 being the latest and IE10 in development:
http://www.news.com.au/technology/kogan-wages-war-on-internet-explorer-users-taxed/story-e6frfro0-1226395298505

That being said, why doesn’t Kogan simply block access to IE7 users rather than try and make money off them – that is possible to do with appropriate scripting – and solves the problem of “burning cash on a browser that hit the market nearly six years ago”.

Imagine a workplace user who is not allowed to update IE, and is also not allowed to install other web browsers – to penalise them financially for something they have no control over seems unfair. Fairer to simply block access.

Posted by sandi with 1 comment(s)
Filed under:
Tue, Jun 5 2012 12:24

Non-English (Dutch) Mastercard spam

Rough translation…

image

 

Spam email:

image

As always, when you hover over a link, it becomes obvious that the email is not legitimate:

image

If you give in to temptation (of course, never do so unless you are working within a properly sandboxed virtual machine that you can “nuke from orbit” if needs be) you will see the following.  It’s pretty well coded, each [?] works, an error is triggered if a field is not properly completed, and you see a nag window if you try to close the window.

image

 

image

Posted by sandi with 1 comment(s)
Filed under: ,
Mon, Jun 4 2012 13:33

Twitter spam…

image

 

After bouncing through various URLs (including one in Russia) you end up at a fake Twitter log in page:

http://wepawet.cs.ucsb.edu/view.php?hash=a9f9677418fa2d11d0b6eddda93e6e3b&t=1338784045&type=js

 

Note the non-Twitter URL.

 

image

Posted by sandi with no comments
Filed under: ,
Sat, Jun 2 2012 14:29

I’m not sure how to respond to this CAPTCHA…

image

Posted by sandi with 1 comment(s)
Filed under:
Sat, Jun 2 2012 11:57

“Wire Transfer Confirmation” spam

It’s not real – honest.  And the email isn’t from LinkedIn.

image

Posted by sandi with no comments
Filed under: , ,
Sat, Jun 2 2012 11:55

Fake Linked In emails

image

 

image

Posted by sandi with no comments
Filed under: , ,