When Apple introduced its Voice Memo feature as part of iOS, it gave iPhone users reason to rejoice. This was an easy-to-use dictation app that saved your memos on your phone as voicemail, and were backed up offline as MP3 or AAC files on iTunes.

Apple also introduced its “Shared Library” feature on iTunes a while ago. This allows users to share their iTunes library for legal listening purposes across a network. This can be great at workplaces with lots of creative types who have great music collections.

Just one small problem. Put these two features together and you have a potential security nightmare. And we don’t mean in the theoretical edge-case way. This is a very real possibility we have encountered “in the wild” more than once.

Here’s the issue. Once your library is shared across a network, so are your private voice memos. That may not be a big deal at home or if you work at a small company, but if you happen to be on a shared network like a coffeehouse or a hotel, or work with confidential data? Now you have a real problem.

Conversely, this could be a simple method for corporate espionage. Find out what hotel your competitor is staying at and log in to the WiFi. Granted, this assumes your competition uses iTunes at work (uncommon) and has sharing on (common).

Our advice: if you use the Voice Memo feature on your iPhone, turn off iTunes Library Sharing! It’s not worth the risk of others hearing—or worse, sharing— your private memos.

There’s a great writeup on the Bobijou phishing scam over at Purple Car.

This scam popped up on Facebook this week. I saw it on my profile this morning. The scam looks harmless enough. A friend of yours has posted what appears to be a video of a laughing baby on your Facebook Wall. Clicking the link will trigger most modern browsers to throw up a phishing site warning.

Do not click on this link! Simply delete the post. Your friend is not a spammer. Their account was likely highjacked. Be a good friend. Tell them their account has been highjacked and encourage them to change their password, log out and back in under the new password.

TIP: Many of these scams originate in Eastern Europe and English is not their first language, hence the poor grammar and occasional misspellings.

According to CNET, criminals are using fake LinkedIn invite email to scam people into clicking links that lead to the Zeus botnet. The scam targets Windows users only and may be the first time the Zeus botnet has targeted LinkedIn users.

According to CNET, “Researchers saw tens of billions of messages related to the attack yesterday, Henry Stern, a senior security researcher at Cisco Systems, told CNET. “There have been some bursts today, but nothing like yesterday,” he said. “The botnet responsible for this is still in operation and it’s just doing something else right now.”

Two weeks ago, a particularly nasty scam made the rounds on Facebook and according to sources, has not been stopped by Facebook yet. It’s called, “WOW IT WORKS” and is delivered via Facebook’s Events app.

I myself, was hit by it on my own Facebook page. I hadn’t been on the page all day but started receiving dozens of texts from friends that I was spamming them.

Here’s how the scam seems to work:

1. A victim (in this case, me) is randomly chosen from Facebook. Well, not quite randomly. It seemed to target members with more than 1,000 friends.
2. The victim’s name is added to the WOW IT WORKS app as a creator on Facebook’s Developer section.
3. The victim’s name is used to send out an invite to a fake event called WOW IT WORKS. The invite is sent to all of the victim’s friends; in my case, over 1,300 people received the scam invite.
4. The victim’s name is shown on the event as “attending”.
5. The event location is a short URL to a scam Web site that will infect the user’s machine with malware.

TIP: Always check the link and reviews of any app before adding it. If an app has thousands of players, but only a few fans, or hundreds of negative reviews, it’s a scam. It did not come from your friend. Your friend’s account was either unknowingly compromised, or they were tricked by it as well.

 

Have you seen this scam on Facebook? How did you react?