Saturday, March 30, 2013

Scam Alert - Beware Of Scams Using The Publishers Clearing House Name.




Make sure you are on guard for two (2) scams currently making the rounds. These scams involve unsolicited emails and phone calls from people claiming to be with PCH (Publishers Clearing House).

PCH Scam Type 1: Fraudulent Emails In The Name of PCH
Avoid all unsolicited emails that claim your email address has been selected a winner of the "PCH! Finance Bonanza". The emails instruct you to contact a Mr. Paul Anderson and provide personal information such as, Name, Date Of Birth and Social Security Number in your response, to claim your prize. An example of the email has been provided below.

Example - Fraudulent Email and Header. (Click To Enlarge)

It's quite obvious that this email is not from Publishers Clearing House and is an attempt to Phish personal information and money from those who reply to it. The email header shows quite clearly that the email did not come from the PCH domain and the reply email address isn't in that domain either. Publishers Clearing House does not hold contest in which random email addresses belonging people who never entered a contest with them, are selected as winners. They also do NOT send e-mails requesting personal banking, financial information or Social Security numbers in connection with a prize.

PCH Scam Type 2: Fraudulent Phone Calls In The Name of PCH
In the last few days there has been an increase of people receiving unsolicited phone calls from scammers claiming to be from Publishers Clearing House. The callers state that you have won a prize and must provide them with personal information and a payment to receive the prize. Publishers Clearing House does not charge individuals to claim prize awards. If you receive an unsolicited or "Out-Of-The-Blue" phone call claiming to be from PCH and the caller states you have won something but need to pay to receive the prize, hang up immediately.

Avoid These Types of PCH Scams By Remembering These helpful Tips.
  1. Publishers Clearing House does not charge individuals to claim prize awards.
  2. Publishers Clearing House does NOT send e-mails or make unsolicited phone calls requesting personal banking information, other financial information or Social Security numbers in connection with a prize.
  3. If you have not entered a sweepstakes with PCH you will not be selected as a winner by them.
What to Do If You've Fallen Victim to a PCH Scam.
If you believe you have fallen victim to a scam using the Publishers Clearing House name and or logo contact PCH immediately by calling 1-800-645-9242. You are also advised to contact your local consumer protection office or the National Fraud Center at www.fraud.org. If you have made the mistake of handing over a Banking information or a credit card number, you should call your bank or credit provider as soon as possible to have them remove or dispute the charges that have or maybe made to the card. 

Resources:
PCH Learning Center - Fraud Protection
http://info.pch.com/consumer-information/fraud-protection

PCH Blog - Don’t Get Fooled By Sweepstakes Scammers!
http://blog.pch.com/blog/2012/03/30/dont-get-fooled-by-sweepstakes-scammers/

Stay Safe
~Black Knight

Friday, March 29, 2013

Phishing Scam - Visa And Master Card Customers: Avoid the Database Upgrading Email.




Visa and Master Card customers should avoid a Phishing campaign currently targeting them by email. The email bares a subject line of "Credit/Debit Card Users" and tries encourage customers to open a "Database Upgrading" html file that is attached to the message. If the attachment is opened it displays another message that claims the customer is required to update their card details due to a security maintenance upgrade. The link provided transfers intended victims to a Fraudulent website that ask them to provide information such as their name, card number, bank name and other personal information. See Samples below.

Examples - Email, Headers, HTML File & Phishing Website
(Click to Enlarge)

Visa and Master Card do not send out messages asking their customers for personal information, bank names or card numbers and they never send attachments. If you receive any emails that claim to be from either company and are requesting this type of information, forward the messages to phishing@visa.com or consumer_inquiries@mastercard.com. After you have forward the fraudulent messages, mark them as spam and then delete them. 

Safety:
As a general rule of thumb you should never click the links or open attachments found in emails such as these. The links can easily point you to websites that have Malware on them and the attachments can contain Malware. It is also a good idea to get out of the habit of logging into your online accounts through emails. It is always better to open your web browser and navigate to websites directly, before you log into them. If there are problems with your accounts, most websites will generally notify you of them after you have logged in.

Stay Safe
~Black Knight



Thursday, March 28, 2013

Facebook Scam Alert - Subway Surfers is not a Game, it's a Survey Scam.



If you are a Facebook user you will want to make sure you avoid messages, posts or invites that state a family member or friend has recently play a game named Subway Surfers.

Scam Signature:
{User Name} -  Play Subway Surfers : ---Link---

What's Happening.
  1. A users clicks or copies and paste the link provided in the Bait message.
  2. The link takes them to a website setup to look like Facebook and are encouraged to click an image to play the Subway Surfers game.
  3. Once the user clicks the picture, a Facebook dialog appears and request that the user log into the make believe game with their Facebook account.
  4. If the user clicks the "Log In with Facebook" button, a Rogue Application will install and then asks the user to "Allow" some additional permissions, such as wall posting..
  5. When the user clicks to allow these permissions the Rogue Application makes two (2) post to the users Timeline, behind his or her back.
  6. The user is then transferred to another page and told they must verify their Facebook account, before they continue, by completing surveys.
Examples of The Scam - (Click To Enlarge)
 
 
 


What makes this a scam.
There is no Subway Surfer game on Facebook. The entire ruse has been setup to trick Facebook gamers into spreading spam and completing Fake surveys. The Fake Survey pays the con-artist who made this scam a few bucks for you doing it . The scam is simply designed to make money from your actions, you will not receive anything in return.

Avoidance:
It’s very easy to make it appear as though someone you trust has endorsed something on Facebook. Just because it may appear one of your family or friends has posted a message stating they received something awesome or did something cool with their Facebook profile, doesn't mean it really happen. The best thing for you to do is: “Ask First, Click Never.” It is also highly recommended that you never install Facebook applications without reviewing them properly.

Read:
How to Protect Your Facebook Account from Rogue Applications
http://facecrooks.com/Internet-Safety-Privacy/how-to-protect-your-facebook-account-from-rogue-applications-292.html

Why you should NOT install ‘Fun & Entertaining’ Facebook applications
http://facecrooks.com/Internet-Safety-Privacy/why-you-should-not-install-fun-entertaining-facebook-applications.html

I fell for the scam, What should I do now?
If you have fallen for any scams on Facebook, the best thing you can do is clean up your account and the mess immediately. You should remove any bad Facebook applications or browser plug-ins you have installed, change your password just in case and delete any content the scam caused you to post. I've compiled this cleanup process into four easy to follow steps. You can find them in the topic shown below.

How to Thoroughly Cleanup Your Facebook Account After You’ve Fallen for a Spam Attack.
http://www.scamsniper.info/2013/03/how-to-thoroughly-cleanup-your-facebook.html

Stay safe
~Black Knight



Tuesday, March 26, 2013

It Takes Zynga & Facebook 3 Weeks To Shut Down A Phishing Scam Ring.



Or maybe someones sleeping at the wheel....

Alright, I'm not going to make this a long one. I'm just going to keep it short and sweet.

On March 2nd, 2013 I send out two emails. One to security@zynga.com and the other to phish@spamreport.facebook.com. I was just doing my part to report a Phishing Scam Ring that I had stumbled upon during a normal day on Facebook. The ring consisted of three (3) Facebook fan pages masquerading themselves as Zynga support and three (3) websites housed on different domains masquerading as the official Zynga website. I simply complied all of the links and send a quick message informing both Zynga and Facebook about them, and stating that they may want to remove them.

Below I will include both messages I sent out, which were identical, and the reply I received from Zynga, roughly 4 hours later. Facebook never replied, but I didn't really expect either one of them to reply, so,, ooooh!

Screen-caps
Emails Send to Zynga & Facebook (Phishing Scam Ring)
Click To Enlarge & Read Them



Screen-cap - Reply From Zynga
Click To Enlarge & Read It

While Zynga's reply seems very appreciative in the first paragraph, I have to say the remainder kind of made me fell bad for not Join Zygna's game kingdom. I mean the sales guy did pour it on thick, in a way. It's likely because I went through hell and high water to find a email address to inform them of a scam against their players, as a non-player, and he knows it. 

In any event, I logged out of my email that day, feeling a little good. I had helped them take out a pretty good sized scam and maybe, just maybe, helped someone I didn't know, keep their Poker Chips and Facebook accounts.

Boy was I wrong...

As of today, March 26th, 2013, this ring is still scamming Zynga game players on Facebook. They are still doing it from the same three (3) Fan pages I report directly to Zynga on the 2nd and while the three (3) original Phishing webites are gone, there is now a new one up.. 

Don't take my word for it.. See the Screenshots people...

Screen-caps - Scam Ring Still in Action 
(Click To Enlarge)



I mean I get it. I really do. You just can't clean it all up. I understand Zynga. These scammers are so good, so good in fact, they are just keeping you from phoning your pals at Facebook and having them delete the pages. Wow...

Boy do I feel bad for Zynga game players... And Boy do I feel bad for Zynga & Facebook Security..

I normally end my post, with "Stay Safe", this time however I think I'll end it with....

Gee Whiz...
~Black Knight



Sunday, March 24, 2013

Facebook - 9 Scams Currently Found In a News Feed Near You.



Quick Heads Up
If you are a Facebook user you will want to make sure you avoid the Scams shown in the examples below. None of these scams are new, they have been on Facebook for quite some time, but they are currently spreading around Facebook at a fairly alarming rate.

Example Set 1 - Profile Spies (Click To Enlarge)

 
 
 
 

There is no way for you to see who has Peeked, Viewed, Stalked or visited your Facebook profile. Knowing this one fact should be enough to keep you from falling for this type of scam. Facebook directly states in two separate help topics that they do not allow users to access this type of information.

Can I know who’s looking at my timeline or how often it’s being viewed?
https://www.facebook.com/help/210896588933875/

Can people tell that I've looked at their timeline?
https://www.facebook.com/help/205685226136386/

Example Set 2 - Various Scams (Click To Enlarge)
 
 
 

Note: You should also avoid scams offering to show you "what your name means" or something along the lines of a "Death Clock".

The above scams use various baits but all of them accomplish the same types of  malicious intent. They all promise to give you something free or show you something shocking, and if you fall for the promises you will end up compromising your Facebook account in various ways. Once you click the links provided in them you will be asked to either Copy and Paste Codes into your browser, Install A Rogue Facebook App, Add A Rogue Browser Plug-in or even worse, asked to had over your Facebook Password. Doing any of the aforementioned things will basically cause you to lose control of your Facebook account and to spread spam to the people in your friends list. None of these scams provide whats promised at the end. After you complete all of the clicking and spamming, you will be asked to fill out Fake Surveys which pay the con-artist who made these scams, a few bucks for you doing them. The scams are simply designed to make money from your actions, you will not receive anything in return.

Avoidance:
It’s very easy to make it appear as though someone you trust has endorsed something on Facebook. Just because it may appear one of your family or friends has posted a message stating they received something awesome or did something cool with their Facebook profile, doesn't mean it really happen. The best thing for you to do is: “Ask First, Click Never.” It is also highly important that you never follow instructions that ask you to copy and paste URLs or "codes" to and from your Facebook profile, and never hand over your Facebook password. Doing these types of things never end well.

I fell for the scam, What should I do now?
If you have fallen for any scams on Facebook, the best thing you can do is clean up your account and the mess immediately. You should remove any bad Facebook applications or browser plug-ins you have installed, change your password just in case and delete any content the scam caused you to post. I've compiled this cleanup process into four easy to follow steps. You can find them in the topic shown below.

How to Thoroughly Cleanup Your Facebook Account After You’ve Fallen for a Spam Attack.
http://www.scamsniper.info/2013/03/how-to-thoroughly-cleanup-your-facebook.html

Stay safe
~Black Knight