Friday, August 7, 2009

Gone Phishing (How to catch a phishing scam)

No, I didn't misspell the word fishing. Phishing is a terms defined by Wikipedia as:
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Electronic communication most commonly referred to as email. Phishers will generally pose as an important institution of some sort. For example, banks and credit unions, online merchant (PayPal), federal resources, etc. In my own experience I have received emails from banks I didn't even have accounts with.

So how you identify if a predator is phishing for your information? Here are some signs you can look for.
  1. Your information is at risk! - If an email is telling you you need to log in and verify your information because someone else has posed as you is a good sign. Especially when they provide you with a link where you can go to log in. All important institutions your a client of has several ways of getting a hold of you and in return being able to identify themselves. If something as important as someone threatening to steal your identity is really at risk, the institution will likely call you and explain the situation and your options. They will never send something as casual as an email. If you are still unsure, take the extra effort to pick up the phone and look up the number (not given in the email) and call them. Someone on the other end of that phone is going to be able to assist you or direct your call.
  2. Click here to update your account information. - As a general rule, never click links in an email your unsure about. If you need to update personal information, etc. You should open a new browser window and manually enter the correct URL in the URL address bar. This ensures that you will be where you should be and that you can securely log in and handle any disputes as well as update your information. Many times the links provided in emails will look like this www.bankname.com, but is a hyperlink. This means that even though it says your banks name on the link, that isn't necessarily where it will take you. If you mouse over the link, you might even be able to see where the link would otherwise take you. More often then not, these links reference a page that looks like your bank's (or other business's) website. The links on this page will refer you back to the actual bank's website, so they look legit but in your URL bar, you will notice it is not the right URL for your bank. The URL will be pointing to a server in some other country and therefore will probably be composed of random words, letters, and numbers.
These are two big ways to determine a phishing scam and to be able to avoid it. More signs will come soon. If you have any other suggestions, please post them in comments below, thanks.

Thursday, August 6, 2009

List of Online Scams (Internet users beware!!!)

Here is a post that I am posting because so many people fall into the whole 'online quick cash' schemes and they get suckered into it. I worked for a company and actually did several designs for the offers they use. It wasn't until later that I came to realize they were part of scams.

I want to take a second and give some information on the fake online offer I unknowingly helped to create and then talk about online scams in general and how to determine if you have one or not. I will conclude this post with a list of domains that are currently used in scamming, I would also like to invite others to post urls of scam sites in comments so users can have a comprehensive list (please note that these urls can be listed in the thousands just by one company alone, so if you are searching the list, use Control-F on your keyboard and type in the url you are searching).

The Google Money Tree Scam:
This scam was created by a company out of Utah called Invision Media Inc. They were shutdown by the FTC July 1st, 2009. Their offer enticed users to order a kit online that would teach them how to make money posting links on Google (or something similar). They would generally only ask the user to pay shipping and handling charges (because it's a once in a lifetime chance). Their testimonials have been disguised in blogs by various made up types of people including: college students, layed off employees, and stay-at-home moms.

You can read the FTC report here.


Determining the Scam:
Here are some quick ways to determine if what your seeing is really legit:
  1. Hurry! Offer ends soon! - Anything that requires you make a decision in a matter of minutes or seconds is generally because they are hiding something and don't want you to: ask questions, think it over, or research it. I would recommend doing all these things before continuing with anything that seems like a once-in-a-lifetime opportunity (google "google money tree" and the first results that show up are about how it is a scam). Offers I have seen in the past will include a timer on the page that counts down, this is just a tactic, if you wait for the timer to end, it will alert you saying you have more time which makes a person think: why is there a timer in the first place?
  2. Pictures of checks or money - If you think about it, real jobs don't show you loads of cash or fake checks. In some of the offers I have seen, ironically the pay to on the check is blurred or blacked out, but the writer of the blog has already given away his name. (i.e. this check) This is because the company running the scam doesn't want to take the time (or doesn't have the resources) to do a quality job Photoshopping the image and uses the same images for each blog.
  3. Find out the secret to making money fast! - If they found the secret to making billions, why are they giving it away? - If someone claims they have any secret and will share it for a price, that is a dead give-away. I don't think Trump is going to sit down with just anyone and tell them all his secrets to success. Those who are smart enough to figure it out, are smart enough not to share it.
  4. Product endorsements - This is actually not illegal if done properly but is very sneaky. Offers will generally show logos from well-known businesses in an effort to convince you of their legitimacy. If the offer is legal, they are required to also mention on their web page that those companies are not affiliated with the offer a.k.a. they don't know about it and they don't approve it.
  5. User Comments/Endorsement - Some blogs that are being used as testimonials for these scams will have user comments that also talk about the product being sold and how great it is. They might even have a thumbnail image of themselves next to their comment). On joshmadecash.com, they use comments to help persuade the user of the product validity. However, the comments will be closed because of spam. Looking at other websites you can see that they have effectively found ways to still allow users to leave comments and avoid spam. One of these techniques is using some form of captcha. I am guessing most internet users have run into this at least once.
  6. Read the Fine Print - Always, always, always get in the habit of reading the fine print. It is there for a reason. I know this is always a daunting task and sometime might be hard to understand but legally the company is required to specify in layman's terms the important information. For example: joshmadecash.com has this in the fine print at the bottom: Some individuals purchasing the program may make little or NO MONEY AT ALL.
  7. 100% Guaranteed - Any company that thinks it can guarantee money to it's participants is flat our lying. This is one of the many reasons Infusion Media was shutdown by the FTC.

I will continue to find and figure out what other clues these scams give away.

Note: URLs used in these offers are generally hosted by a company and therefore use odd naming structures. These paths die quick and are regenerated. As a programmer, I am hoping I can find a way to keep track of these externally to help track online scams.

Scam URL List:
  • http://www.joshmadecash.com
  • https://www.googleworkstoday.com/MTAxNjh8MTk1MnwzNzgzOTd8djI=/gsysn4b9/g
  • http://momsteethtrick.com

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Review