There’s a great writeup on the Bobijou phishing scam over at Purple Car.

No related posts.

This scam popped up on Facebook this week. I saw it on my profile this morning. The scam looks harmless enough. A friend of yours has posted what appears to be a video of a laughing baby on your Facebook Wall. Clicking the link will trigger most modern browsers to throw up a phishing site warning.

Do not click on this link! Simply delete the post. Your friend is not a spammer. Their account was likely highjacked. Be a good friend. Tell them their account has been highjacked and encourage them to change their password, log out and back in under the new password.

TIP: Many of these scams originate in Eastern Europe and English is not their first language, hence the poor grammar and occasional misspellings.

No related posts.

According to CNET, criminals are using fake LinkedIn invite email to scam people into clicking links that lead to the Zeus botnet. The scam targets Windows users only and may be the first time the Zeus botnet has targeted LinkedIn users.

According to CNET, “Researchers saw tens of billions of messages related to the attack yesterday, Henry Stern, a senior security researcher at Cisco Systems, told CNET. “There have been some bursts today, but nothing like yesterday,” he said. “The botnet responsible for this is still in operation and it’s just doing something else right now.”

Fake LinkedIn email links to the Zeus botnet.

No related posts.

Scam Spotting, No. 9: WOW IT WORKS scam
Click image for full-size version

I myself, was hit by it on my own Facebook page. I hadn’t been on the page all day but started receiving dozens of texts from friends that I was spamming them.

Here’s how the scam seems to work:

Scam Spotting, No. 9: WOW IT WORKS scam. Event Page
Click image for full-size version.

1. A victim (in this case, me) is randomly chosen from Facebook. Well, not quite randomly. It seemed to target members with more than 1,000 friends.
2. The victim’s name is added to the WOW IT WORKS app as a creator on Facebook’s Developer section.
3. The victim’s name is used to send out an invite to a fake event called WOW IT WORKS. The invite is sent to all of the victim’s friends; in my case, over 1,300 people received the scam invite.
4. The victim’s name is shown on the event as “attending”.
5. The event location is a short URL to a scam Web site that will infect the user’s machine with malware.

TIP: Always check the link and reviews of any app before adding it. If an app has thousands of players, but only a few fans, or hundreds of negative reviews, it’s a scam. It did not come from your friend. Your friend’s account was either unknowingly compromised, or they were tricked by it as well.

Scam Spotting, No. 9: WOW IT WORKS scam. App Page
Click image for full-size version.

Have you seen this scam on Facebook? How did you react?

No related posts.

The Stuxnet worm has been followed by several security experts for weeks now, but only this week are the results coming in and they aren’t good. The worm is far more advanced than anyone suspected. In fact, Roel Schouwenberg, a senior anti-virus researcher at Kaspersky said of the worm, “These guys are absolutely top of the line in terms of sophistication.”

According to Symantec:

Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.

Read more at Krebs.

No related posts.

A strange email scam is making the rounds. It appears to be coming from Evite.com, but none of the recipients know the sender. Sounds like it could just be a case of mistaken identity, but there’s more to it. People who have received the emails have received several in a row, each one addressed to a different person about a different event. The links go to a 404 error page not run by Evite.com.

We’ve only heard of small numbers of people receiving this and no damage has been reported, but we’re keeping our eyes on this one.

No related posts.

Yesterday morning, an hour before the sun rose, my wife was on her way to fly to Los Angeles. We live in a somewhat affluent neighborhood (Grosse Pointe) which is situated next to one of the most depressed parts of Detroit. Right on the border of these two different worlds is a Marathon gas station that we often stop at, and it is here that my wife was robbed. Mack and Alter, for those who know the area.

She drove a small Toyota pickup and noticed a man wearing a hoodie at the pump across from her was staring at her purse. Instinctively, she threw her purse on the passenger seat and locked up the truck. Just as she was putting the hose back in the gas pump, she heard a smash behind her. She swung around to see the man in the hoodie pulling her purse out, dive into his car and squeal out of there. All in the course of about 2 seconds.

One of the many things I love about my wife is her ability to keep her head when all about her are losing theirs. She ran after the car long enough to memorize his plate (turned out, the car had been stolen earlier that morning). Then she ran into the gas station and yelled for a paper and pen to write it down. American Express was great. They told her that within the last 15 minutes, the robber had already made three purchases at as many gas station and she would not be responsible for them.

Let me add at this point, that the guys who run this Marathon station are the nicest you’ll ever meet. Always smiling and considerate. They let my wife borrow their phone for as long as she needed as her iPhone was in her stolen purse.

The next thing she did was brilliant. She made a mental walkthrough of her purse and wallet, visualizing each card, piece of jewelry, everything. Within 30 minutes in a dangerous gas station parking lot at 6AM, she had canceled every card, her travel plans and contacted myself and her parents. The first thing I did was dial 611, which on AT&T will allow you to remotely cancel an iPhone. Since the iPhone was under my account, I was able to do this. Don’t worry—you can’t just randomly cancel someone’s phone as a prank!

Then we contacted Scott (co-creator of Social Threat) as he deals with identity theft a lot. We weren’t sure if this would happen, but never assume. He gave us the link to an identity theft protection service run by Experian. We signed up immediately and feel much better about our safety.

Then I treated my wife to a new iPhone 4.

TIP: If you are robbed, think like my wife:

1. Try and get any details you can: license plates, color, make and model of vehicle, physical descriptions of people. Tattoos are great identifiers.
2. Shut your eyes and visualize what was stolen. What did it look like when you last had it? What was in it? This will come in handy later for the police report and your insurance company. This may be one of the most important things you can do.
3. Cancel cards immediately. Do not wait until you get to safety. They will be putting charges on your cards within minutes if they are pros.
4. Always keep paper copies at home of everything: photocopy your cards, your drivers registration, etc. Buy a safe (you can get great fireproof safes at most office supply stores) and keep these copies in there. You’ll thank me later.

Have you been robbed? How did you handle it? Any additional tips?

No related posts.

According to the brilliant Jeremiah Grossman, a severe vulnerability exists in Safari 4x and 5x allowing a malicious Web site to invade via the Autofill feature. More frightening, this vulnerability exists even if you haven’t filled out anything on the page.

TIP: Safari users are recommended to turn off Autofill immediately until Apple posts a patch or update to Safari. To turn off Autofill:

1. Safari Menu > Preferences > Autofill
2. Uncheck all Autofill options
3. Close Preferences

UPDATE: Looks like a variant idea was posted by Patrice Neff back in 2009. Still hasn’t been fixed! Also, Jeremiah suspects this may be a Webkit issue, which means Chrome, Konqueror and a few other browsers such as OmniWeb, iCab and possibly even the Android mobile browser will be affected.

No related posts.

We will be speaking in Ann Arbor, Michigan at Connor O’Neal’s at the LA2M. Scott and I will both be there to talk about privacy, Facebook, Apple, Google and where the Hell Micro$oft is these days. Come see us!

If you’re unable to attend the event, you can see it live online here.

Event details
Location: Conor O’Neills
Address:
318 South Main Street
Ann Arbor, MI
Phone: 734.272.4698
Email: info@la2m.org

No related posts.

WTF. You’d think after the humiliation and financial risks caused by social sharing site Blippy.com that we reported earlier this week, they would have either fixed it right, or shut the service down until they were certain everything was secure. But as reported on Blippy’s own blog, another four credit card numbers showed up in Google search results yesterday.

Possibly more disturbing is that Blippy is claiming only four individuals’ accounts showed up altogether, whereas other reputable sites like Mashable are reporting the number is closer to 200.

No related posts.