Wednesday, April 27, 2016

Disneyland 4 Free Tickets: Facebook Scam

Scam Score: 100 (Severe Risk)

Background
Recently I found this being shared on Facebook. It appeared quickly as an obvious scam but I followed the link to see more evidence of the scam.

You can see quickly that the coupon was composited in a hurry and without much thought to design. The most important parts to Disney is going to be their logo, which is obviously skewed in this picture. This picture also happens to be click-bait as it does not appear on the landing page.

http://www.disneyland.com-present.com


The landing page greeting the clicker displays all the common elements of a scam. A poorly designed web site, which Disney would never put their name on. A tickets remaining countdown (which randomly resets to one of several different numbers on refresh) to encourage quick action by the user, but is nothing more than some JavaScript.

While the site appears to be on behalf of Disney, there is no listed responsible party of who would handle the prizes.

The button for redeeming your exclusive gift card is set to alert that you have not completed step 2.

Looking at the source of the page is appears that the developers were German.

The URL (http://www.disneyland.com-present.com) is meant to be deceiving as well. The root of the domain is actually com-present.com which is obviously not owned by Disney and has private registration.




Tuesday, November 3, 2015

Amazon.com Scam: ChiekoLtd@gmail.com

Background:
As I was looking through various items on Amazon, I came across a very nice and expensive camera that was listed at $3,000 less than all other postings. The description said the camera was new and never used. The grammar and punctuation were terrible. The description concluded with specifying that all buyers should contact ChiekoLtd@gmail.com before ordering.

Seeing as how this is not normal Amazon behavior and in fact violates their policies, I decided to look up the company online (they appeared reputable and have been around for a while) and contact their support staff directly.

Their staff later responded saying that the listing was in fact due to their Amazon.com account being hacked. The company regained access to their Amazon account and removed the product.


Curiously I used a junk email to contact ChiekoLtd@gmail.com asking about the item and why it was listed with such a large discount. I got the following email in response:

Hello,
I will explain in this email all terms and condition
The [Item Listed] is BRAND NEW, never used, ( US model, not grey market),
but Amazon does not let us list it as new. The product is Sealed in its original box and comes with full Warranty,
receipt, all manufacturer supplied accessories...
The total price is $1,400.00 including all shipping taxes if you are in US and for international shipping you have to
pay extra 29,99 $ (outside US) .
If you want to buy, send me your phone number, full name, shipping address and I will contact Amazon asap to process
your order. Dispatch is by normal UPS Services, which takes 1-3 days depending on where in the US you are.
My return policy is full money back in 30 days.
For more information don't hesitate to contact me!
Many Thanks
As you may notice, the grammar and punctuation continue to be very unprofessional. The English is broken and they can't make up their minds how to write currency amounts. If this was a legitimate sale, Amazon would provide the information the company needed following the purchase through Amazon.com. They would not need to request it by email.

Last, the author if the email failed to provide any kind of professional footer. No name, no position, and no website.  Make sure you always keep purchase and communication within the sale platform! 

Thursday, January 8, 2015

Prescription Assistance Services: Is it a scam?

Background: 
In the mail recently, I received a letter and pharmacy discount cards for a company called Prescription Assistance Services. The letter spells out the terms of these cards as pre-activated, and no fee discount cards. We've seen something very similar before with RX Relief Pharmacy Discount Card / Healthcare Alliance.

My words of caution still hold true as I mentioned in the RX Relief Pharmacy Discount Card / Healthcare Alliance article, be weary of how your information is being used. Companies don't spend a lot of money marketing these for nothing.


Monday, November 24, 2014

Email: Center Security (noreply@facebookalert.com) Scam


Scam Score: 85 (Severe Risk)

Background: While reviewing emails in my inbox, I came across an email that was intended to look like Facebook warning me that a charge had been made on my account for 22.34 USD.

The link provided for me to login to "Facebook" actually resolves to http://74.7.88.163/aboutes.php which is obviously not Facebook. This server also appears to be hosting the websites: websiteincomesuccess.com, www.leidschdagblad.nl, and www.tweetprocesor.com which are obviously not owned by Facebook and seem sketchy themselves.

This email fails our tests by first, not identifying me personally. If anyone knows my name, it is Facebook (or at least the name I provide them). Second, the grammar and punctuation in the email are not professional. Third, the email is supposed to be from Facebook but the message ends with a reference to PayPal Security. PayPal and Facebook are not the same company. Purchases notifications from PayPal will never be from a Facebook email.







Net-Scams Scam Scores

New Scam Scores!

To quickly summarize the legitimacy of scam, we will now be supplying a Net-Scams Scam Score. This score builds on top of the existing rules we previously established and sums a score from those rules.

50 pts ~ Responsible Party
In all legit offers and giveaways, there will always a person or company held responsible for fulfillment of the prize. This company may or may not also handle inquires of possible participants. This responsible party must uphold their end of the agreement.

20 pts ~ Regulations and Tax Requirements
Do not account for US tax requirements and regulations

10 pts ~ Professional Conduct
Poor grammar used through out the site

10 pts ~ Server Location
Servers located outside the United States are not able to be governed by US law. This applies a sense of distrust.

10 pts ~ Other
This includes usage of Non-English languages in an English
Russian language used on the site


By adding points of each qualifying rule, we can derive a risk score of each potential scam:

 0 - 20 pts - Low risk
20 - 40 pts - Medium risk
40 - 60 pts - High risk
60 - 80 pts - Extreme risk
80 - 100 pts - Severe risk, extreme caution advised!

Facebook: 2014 Chevrolet Camaro SS Scam

Scam Score: 80 (High risk)

With the progressing popularity of social website, there has also been an increase in social scams.

One such scam is this one:

2014 Chevrolet Camaro SS Facebook

This page fails to provide a responsible party who will be fulfilling the offer. In addition, they make no reference to regulations (i.e. excluded regions, etc.) or tax requirements. Prizes over $600 in value must be reported to the IRS for tax purposes (the winner will be required to pay taxes on the value car).


Friday, December 27, 2013

Check.me Website Review

Recently, my dear mother went to pay a bill online to pay her internet bill and ended up on Check.me, a website that appears to pay your bills for you. Knowing that sometimes companies will intentionally redirect their eCommerce transactions to be handled by a third-party site, my mom completed their forms and supplied her credit card number. Afterward she realized that she may have made a mistake and asked me to find out more. With a little research in her browser history, I realized that she had clicked a link from a Google search page.

Looking at their cancellation policy and their BBB rating with 52 complaints in the last 12 months. I realized what this company was actually doing.

Their Game: 
This company makes their money on convenience fees and short cancellation windows. Their website is set up wizard style, where they guide you through the process one question as a time with each question asking for more and more sensitive information by asking you the billing number and then credit card information. Up until now, you don't know that they are going to want to charge you a convenience fee until the next screen which shows you the totals and payment methods. They will default select the "fastest" payment speed which costs a little more and then bill your card once you click to submit the order.

The Fine Print:
This company does not make it obvious that it is an independent third-party service not directly tied to the payee. In fact, you will only notice this if you read the fine print at the bottom of the web page or dig through pages on their website.

Cancellation Nightmare:
They don't want to refund your money so they make cancellation next-to-impossible. In fact if you don't cancel before 10:00 AM or 4:30 PM the same day (depending on the next time after completing the order), you can't cancel at all. They might say this is because your bill payment is being transacted and can't be halted, but I doubt the company has that quick of a turn-around time (hence why they have to payment speeds; neither one being same-day or next-day). With the situation with my mother, she tried to contact someone to cancel within that window and wasn't able to get a hold of anyone. I've encouraged her to talk with the credit card issuer about a reversal as they did not uphold their cancellation policy.

Honest Business? Sure, by somebody's standards...:
This site does not appear to be a scam or illegal, but I wouldn't call their practices ethical either. Just like with your bank or credit-union, it is a bill-pay service. They cut and mail the checks on your behalf and you pay a little more for it. And regardless of tactics, it is the user's responsibility to do their research when using any website including understanding their terms and conditions.

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Review