In The News‎ > ‎

Summer Scams

posted Jul 20, 2014, 9:43 AM by Craig Cox   [ updated Jul 23, 2014, 6:09 AM ]
Hacksurfer presents a high-level overview of some summertime scams; some may come through the computer, others may arrive at your front door.  The usual advice applies:  Beware of things that seem too good to be true, and don't be rushed or emotionally manipulated into committing money.

Update July 22:  There are now alerts of Facebook scams with false profiles of Flight MH17 victims, and an alleged link to news of Miley Cyrus' death.  Although the recent spate relates to Facebook, other services such as Twitter, Instagram, Pinterest -- any you can name -- could also be used to spread rumors and malicious links.  The payload in the Miley Cyrus prank is a "survey" which collects your personal information, and a request to re-post so they can harvest your friends' data as well.  In the case of the Flight MH17 profiles, scammers want to flood your browser with pop-ups; this probably earns the scammers some money under a shady advertising arrangement.

A similar advertising scam came in to a Delaware Tech email account yesterday; the bait was "Someone ran a background check on you!  Click here to find out more!"  Clicking the link* brought the browser through a referral service to a background check web site; but no information was offered on who supposedly ran the background check.  Since it makes no sense for such services to tattle on their paying customers, and because the link went through a referral service, the most likely scenario is that the background check service contracted its advertising to a scammer**; the scammer, who is paid per click-view, spammed a list of addresses with the alarming, and false, bait message.  Victims click because they're alarmed about being checked, not because they want a background check service, so the web site essentially wasted their advertising money.
__
*I check suspect links on a special, sacrificial VM.  Please don't try this at home.

** Hiring a shady advertiser doesn't speak well of a background check service's ability, does it?

Update July 23 Fake Facebook Mails lead to Pharma Spam, from MalwareBytes; Facebook scams now lead to exploit kits from net-security.org.  I have no idea why Facebook is suddenly the big target.  For all of these scams, the best first defense is to just remember to be skeptical of claims that are sensational, or too good to be true.  That goes for any other scams that haven't been caught and announced - be skeptical!