Scam Watch! (+Safety First & Warnings)
Last updated: 31 January 2007
RECENT
Viruses are still coming thick and fast. Read on ...
Your 'Safe Net' policy :
-
Use a virus scan system on your computer, and keep the data files up to date. (This should stop most viruses (viri), worms & 'Trojans'.)
-
Consider also installing a (i) firewall and (ii) anti-spyware software. (These (i) should stop most 'tunnelling' assaults to get 'malware' into your computer,
which
if they were to get in, (ii) should then stop them sending anything out, such as your passwords, CC numbers, PINs, and/or other personal data.)
-
Be alert to
' P H I S H I N G ': sending of highly plausible emails purporting to come from a bank, an ISP, or any other service provider requesting you to send
personal/financial/security information, e.g., PINs, passwords, CC numbers, etc.
-
Do not click on internet addresses in emails and websites, without checking them first, e.g., http://www.lovelysoundingwebsite.com , to go to
a website
or email recipient, as the address behind it could be faked, and could be arranged to look very similar to the original to avoid a difference being noticed,
0 for O, l for1, ... . (Either cut & paste the given address into the
browser's address box in which case you should get what you see instead of what is hidden behind it, or type it in directly
carefully.) (How do you check the address a link is going to? Do 'mouse-over', i.e., put the cursor over the link, and
read what the browser interprets it as. Try it out on the one a few lines above!)
-
Bad spelling and grammar should be regarded as warning signs of a scam email or web page.
-
If your computer's operating system and/or browser, e.g., Windows XP, Internet Explorer, have systems for the installation of the latest security updates, use them!
* Do have confidence in a link to an address in your browser's address box starting with 'https://' .
Look out for this. It is a secure link, i.e.,
one over which data goes using 'strong' encryption, but note that this only ensures the link is safe and not the server at the other end!
* The server at the other end of an internet link has also to be trusted before you send any personal data. This can be done either informally or
formally. 'Informally,' you would normally trust the website of your High Street bank, for example; there are many other similar secure sites, all with
pre-published addresses. To validate 'formally' a server requires extra information and processing. See, for example in Internet Explorer, Tools\Internet Options\Content\Certificates
and ...\Publishers. You could just be excused for not going this far!
* You can easily control some aspects of the information that you send and receive over an internet link when using a reputable browser. See, for
example, Internet Explorer Tools\Internet Options\Security and ...\Privacy. These are easier to understand. Try using a reasonably 'high' security setting to start with, and reduce it
only if
necessary. Do not set the level to the lowest setting and leave there!
So it is not all bad by any means. Just be careful and on guard at all times when using the
Internet for any eCommerce transaction!
Be wise before a strike, and not sorry after!
(Yes, all this is nuisance and can be a bit costly.)
This page is intended to raise awareness of what potentially harmful email and webpage traffic might look like. It gives brief details of potentially and actually infected traffic
so that you may the better be enabled to recognise it.
There is no guarantee that an email or webpage is 100% safe, but care can reduce enormously the the chances of a virus attack being successful. Neither is there a 100% guarantee
that an apparently malevolent looking email or page is such! So check carefully what you delete, before you do it!
Recent trade press comment suggests some virus will attempt to disarm your virus protection system. To try to counter this, make sure that you have an up to date system
supplying both updates to the 'engine' of the system as well as the virus scan data itself.
VVIP: Back up your important data, and keep the backup up to date.
Please read the warning below following these scams.
Apparent SCAMs seen by your Webmaster, with some comments.
| Date seen |
|
Essential feature(s) of apparent scam(s) and some comment |
|
Jan2007 |
|
This one is potentially
very dangerous and highlights one of the problems related to HTML emails.
The opening of a recent HTML
email to your webmaster caused a script, coming with the email, to
run which put the sender's email address into the Safe Senders list.
This was correctly reported by the email program, Outlook 2003 in this case.
The potential danger comes from the next, or any subsequent, HTML
email from the same sender bypassing the guard in Outlook if the same
source email address has been left in the Safe Senders list. When
opened, a subsequent HTML email from that sender could run yet another, but
far more damaging script.
So DON'T open
HTML emails from unknown senders. Just delete them! To be even
more safe*, do not open HTML emails at all, or arrange, if possible, for
your emailer to render the HTML to a safer Plain Text.
As usual - KEEP UP YOUR VISUAL GUARD!
*
A trusted source could have been
attacked with Trojan or worm that sends out HTML emails with a pay-load.
(Your virus detection program should, if up to date, catch all past
and most recent Trojans and worms.)
|
|
Jan2007 |
|
Another Mail Return trap:-
The following is a copy of the
exact message delivered, but it can easily appear in different guises:
McAfee
VirusScan E-mail Scan has detected a potential threat in this e-mail sent by
Palmer <sugmj@fieldtechsales.co.zw> with the subject You're My Hero.
This e-mail
has been quarantined.
We strongly
recommend that you report this suspect activity.
to Palmer <sugmj@fieldtechsales.co.zw>.
This email,
although delivered in 'safe' plain text and without an attachment,
came from a non-defined email address, and
is asking you to send an email to an address.
By sending the email requested, you would be letting the spammer know
your email address.
So DON'T reply; just delete the email.
KEEP UP YOUR VISUAL GUARD.
|
|
Oct2006 |
|
Another Mail Return trap:-
The typical message is:
The original
message was received at Sun, 22 Oct 2006 06:44:01 -0500 from
c1m32.emaildefenseservice.com [216.40.36.65]
----- The
following addresses had permanent fatal errors ----- <olsonfam@cetnet.net>
(reason: 550
sorry, no mailbox here by that name. (#5.7.17) )
-----
Transcript of session follows ----- ... while talking to
hcp2.srsengine.com.:
>>> DATA
<<< 550
sorry, no mailbox here by that name. (#5.7.17)
550 5.1.1 <olsonfam@cetnet.net>...
User unknown <<< 503 RCPT first (#5.5.1)
This email is saying your supposed email to
<olsonfam@cetnet.net>, which most likely is FAKE, wasn't delivered. We
have seen these before, but the slightly new twist here is that you are NOT
asked to look at the attachments coming with it. It is this that the
spammer is hoping will disarm your attention.
So DON'T OPEN THE
ATTACHMENTS; just delete the email.
You might be receiving this
kind of scam that contains email addresses very similar to your own.
Don't be that concerned, as there are millions of these going around at the
moment. Your email address has been picked up from somewhere and
programmed into a spamming program. It's just another trick to disarm
your vigilence. KEEP UP YOUR VISUAL GUARD.
|
| |
|
|
|
Sep2006 |
|
Another trap:-
'From: Technical Support - Laura C. [LauraC@ceilingcarpet.com]'
'Sent: 13 September 2006 09:35'
This email says that it is noticed you have
not run diagnostic tests previously sent to you to identify 'Windows file
errors'. The links in the email are potentially very harmful to your
computer, so delete it. Certainly do not follow up the links.
All known problems with Windows software can
be followed up on the Microsoft web site. The best option, if you are
running XP is to subscribe to the regular download of information about
recent fixes/updates/... Microsoft is publishing itself. Go to their
website for this. Trust NOBODY
else! |
| |
|
|
|
Jun2006 |
|
UGLE is reporting a 'Masonic'
scam at
http://ugle.org.uk/news/scam.htm |
| |
|
|
| Jun2006 |
|
Phishing - just another example.
Watch out for things like (note the
errors in the text
which can help spot a scam):
.... To securely confirm your PayPal
information please click on the link bellow:
https://www.paypal.com/......./webscr?cmd=_login-run
We encourage you to log in and perform the steps necessary to restore your
account access as soon as possible. Allowing your account access to remain
limited for an extended period of time may result in further limitations on
the use of your account and possible account closure.
For more information about how to protect your account please visit PayPal
Security Center. We apologize for any incovenience this may cause, and we
apriciate your assistance in helping us to maintain the integrity of the
entire PayPal system. ...
I have disguised the address with the '.......' characters. In its
original form it all looked very plausible, but it is scam. The
link would have taken you to a completely different site:
http://www.boutique-insi........index.html. (This link is not live, so
you are safe reading about it.)
You can only be on the alert and very cautious
with such messages. They will be as devious as possible into getting
you to click on their links. If you are in doubt
about your e-account with any company, then always go
into the company's web site from the address you know to be safe and by
typing it yourself into your browser's address box. By doing this, then
you are assured you will go to the website you intend to.
Remember also that most responsibly constructed
web sites will always be using pages with an address starting with https
when dealing with sensitive information, like names, passwords etc.
Look for this. |
| |
|
|
| Jan2005 |
|
A recent email purporting to be from Microsoft and promising to deliver
an update for all Microsoft's products to make them more safe against
malware was seen.
This email was
an extremely good mimic of a typical generic Microsoft update
page style. However it was not from Microsoft at all, and opening the
link promising the update would have had disastrous effects on your
computer!
If you are not
sure about whether you have a genuine update from Microsoft,
then visit their site and obtain the downloads from there.
|
| |
|
|
| Oct2004 |
|
Emails contained the messages:
remove@friendsreunited.co.uk
Comment by Webmaster:
This asks you to check an attachment; Don't - payload = the NetSky
virus. Delete!
play@play.national-lottery.co.uk
Comment by Webmaster:
This asks you to go to a site to gamble. The stakes here are
more than just money; the attachment to get to the 'lottery' will be loaded with the NetSky virus - at least. Delete!
"Verified by VISA" ... 'your credit/debit online card protection from
fraud' ...
Comment by Webmaster:
This very plausible email, 'phishing' asks you to go to a site to get your 'VERIFIED BY VISA protection system
password'. I STRONGLY suggest you do not. The site does not respond to a standard message call to identify itself - a bad sign!.
Even if not present at the moment, it site could re-appear
at any time, and if you were to go there you could be invited to send your CC/DC number, etc., as part of the process. Alternatively, you could be addressing a site with extremely
unpleasant content. (See below for further information.) A reminder from VISA obtained by your
webmaster: if you have any problems / questions about your card, contact only the issuing bank of the card using only
the method(s) set out in their literature.
Important bill - see attachment.
Comment by Webmaster:
This one has already been seen, see June 2004 below. As usual when checked, the attachment contained a virus - Netski, in this case.
Never open these attachments; just delete the email.
|
| |
|
|
| Jul2004 |
|
Emails contained the messages:
You have a voice mail in your attachment.
Returned mail (failure): see transcript for
details.
Bad gateway - see attachment for details.
Comment by Webmaster:
As usual, ruses trying to trick you into opening the attachment; Don't; just delete the email.
|
| Jul2004 |
|
Emails contained the messages:
Important bill!
Comment by Webmaster:
As usual, trying to trick you into opening the attachment; Don't; just delete the email.
|
|
May2004 |
|
Emails contained the messages:
Your_doc.pif.
Mail failed. For further assistance, please contact!
Are you a spammer? (I found your email in a spammer website!)
Important details! (Or something similar, like 'Important
Information'.)
Cartoons.
Comment by Webmaster:
As usual; trying to trick you into opening the attachment. Do not open the attachment and don't ever contact the sender. Don't look at the
supposed email that is in 'a spammer website'. Also, these won't be very funny cartoons - don't be tempted! Watch out for automatic replies back to this type of sender; always block
them. (Consider, on the other hand, always acknowledging a legitimate email - it doesn't cost much!) |
|
19apr2004 |
|
Email contains the message:
Is that your password? Please confirm. (Or something similar.)
Comment by Webmaster:
This message is trying to trick you into opening the attachment to 'confirm' that you password is correct. Do not open the attachment, but instead
DELETE the email completely! If you are legitimately going to be sent a password to access an online service, which can happen (but probably
won't!), you will have already requested it in which case you will know it's coming. Any request for confidential information that comes 'out of the blue' should be treated with the
utmost caution, erring on the side of rejection. If you are the slightest bit suspicious, reach for the delete key! |
|
16mar2004
|
|
Email contains the message:
If the message is not loading
try this
(Or something similar.)
Comment by Webmaster:
This kind of message often appears quite legitimately in some e-mail advertising, so look hard at the sender before opening. If you do not
recognise the sender, certainly delete the email. ( The above 'try this' link has been rendered harmless and need cause you no concern that it is appearing on your
computer. )
|
| 06mar2004 |
|
Email has the subject: Your credit card has been successfully charged for $.....
Email contains the message:
Administration of www . acompany . com online store would like to thank you for your purchase of ... . ...
(Or something similar.)
Comment by Webmaster:
The trick here is to put you momentarily off guard hoping that you will be panicked into opening the given address to a company web site. At best, it will be harmless advertising, but more likely
it will be a malware page of some kind.
As a reminder: never never send your credit, or any other, card number over the internet unless you are using a
'secure' connection, and preferably to a seemingly reputable e-commerce vendor. A 'secure' web page connection will have 'https://' at the beginning of its address and you will often be told that you are about to be using one
as part of a sequence of payment pages for the online purchases you are making. A secure email will be strongly encrypted; and again, it is likely that you will be informed this is
happening.
There is no 100% safety when using cards on the net. or anywhere, but by observing the above simple rules, you will almost certainly avoid your card number
being read and decrypted by another computer between yours and that of the company to which you are sending the information.
|
| --- |
|
Several emails have been seen with beguiling subjects and messages, all with the same object in view, i.e., to persuade you to
open an attachment. A few examples follow:
Subject: try this patch!
Body: is that criminal?
Subject: Thanks
Body: Please read the attached file.
Subject: Here is the document.
Body: Your file is attached.
Subject: Your music
Body: (empty)
Comment by Webmaster: Be on your guard. Your Virus Scan system may, or may not, automatically alert to you to a virus or other potential problem
with an email with an attachment. If in doubt, delete the email which should remove the attachment as well. Remember that viruses, can wipe out your computers data after it
has sent itself on to others named in your address book.
|
|