Archive for scams

Spam aimed at Office 365 Users

I had this email through this morning. For about a second, I almost believed it! I know that currently Microsoft are making a number of improvements to Office 365.

 

Of course, it began “Dear Enquiries” and of course Microsoft know my name. It purports to come from my own business domain Coras.it. I can see the psychology here: –
Let us imagine that a person called George works for Acne Services, and his email address is george@acmeservices.com It would begin ‘Dear George’ and appear to from “acmeservices.com” and hence probably the IT department. If you are an Office 365 user you need to alert your staff or colleagues to this type of scam.

Note the bit about “trusted sender” as well. 🙂

I obviously didn’t try the link, but it doesn’t point to Microsoft instead the link shown is this:
[https://octverve.ml/upaed/]
Although I have copied the link it is disabled. By the way ‘.ml’ is the top-level domain name for Mali. But don’t blame them; these baddies will hijack a domain or website often without the genuine owner knowing.

Parcels Parcels!

The spammers are active again; this time it is the old Parcel Delivery one which first cropped up about 18 months ago. I also referred to them in an earlier post http://blog.coras-it.co.uk/payment/

I have had 2 in recent days; the first purported to come from UPS and took the form: Read More →

Quick Resolve

(Updated – for information on how to report fraud scroll to the bottom)

A senior citizen couple whom I know were phoned the other day by a company called Quick Resolve; although initially they introduced themselves as ‘Windows Maintenance Department” or similar (see Phone Scam).

They stated that my friends’ computer was infected with a virus; and directed my friends to the Quick Resolve website, which looks quite impressive and has a Manchester phone number prominent on the home page.  This gave them an air of credibility.  At the request of the company my friends phoned this number and the conversation with the Asian gentleman continued.

He requested payment to fix the problem and my friends paid about £150 using a debit card.  Then following his instructions they gave him access to their PC.  The Asian gentleman had control for about 90mins, following which he said that he had cured the problem and installed security software.

Realising that they had been victims of a scam, they phoned the bank who informed them that it was a scam and cancelled their card. However, the payment couldn’t be stopped.

Subsequently they asked me to have a look at their PC.  I could identify 4 changes made to their PC.  Two of these were examples of freely available security and PC clean up software namely:  the “Microsoft Security Essentials”, and “CCleaner”.  As they are available for FREE from the internet, the service provided was minimal and to my mind probably not necessary.

The two other items were a file called runHTML.reg sitting in the ‘My Documents’ folder; and a seach of the web led me to conclude that it was aimed at modifying the startup programs in the registry (to run what?) .  But I also noticed that the recovery partition which a typical feature on any Dell and other home PCs had been made inaccessible and hidden.  The recovery partition is there to enable the PC to be restored to its factory state, so this act alone amounts to criminal damage.  In addition during the time that they had access to the PC personal data and other information could have been stolen.  {Thankfully, unlike myself,  my friends didn’t hold that much on their PC).

I performed a “System Restore” to a date prior to the intrusion, and ran some security tools before reconnecting the PC to the internet, and testing further.

Further checking of the Quick Resolve website shows that although they list 2 Manchester numbers and a US one, the only address given is in Kolkata (India). This is also the location mentioned in a Guardian article last year on the topic of these phone scams.

From a legal point of view it is almost certain that crimes have been committed under the Theft Act  (1968) – because money was obtained by deception – as well as the Computer Misuse Act 1990; and possibly the Data Protection Act of 1998.

What baffles me is that the banks are obviously aware of these scams yet continue to allow banking system to be used so that these criminal proceeds are collected and passed on.  Having followed ‘The Wire’ avidly when it was shown on BBC2, I recall the frequently used line – ‘follow the money trail’.

Update

Action Fraud is the UKs main centre for reporting fraud.  They don’t in themselves take action but they aim to gather information and build a picture of fraud which they pass on to the police forces.  Obviously with fraud of this type which consists of lots of instances of small fraud but on an industrial scale, pursuing individual cases is not an option.  But having a picture of the extent of the problem will allow police forces to take action; or at least convince law enforcement agencies in the country (or countries) concerned that they need to do something.

You can phone them on 0300 123 2040; or use their secure online reporting service

If you reside outside of the UK; search your local police department’s website for information on how to report.

The Wild West

Summary

There are some similarities between the ‘Wild West’ of yesteryear and the present days internet, in term of perils to those who inhabit it and lack of law enforcement.

 At present; the internet has is in some ways similar to the West USA of the late 19th Century.  It is an exciting new frontier; instead of ‘Go West Young Man’ everybody is being encouraged to get on line by relatives, friends and even governments.

But like the frontier of yesteryear, the internet can be a dangerous place for the unwary.  Just because it is new, exciting, different and constantly evolving, the less experienced and weekend surfers can easily be persuaded to go down the backstreets off main street or venture into the ‘badlands’. 

If someone stopped you in the street and offered something for free, or suggested that you follow them as they had something of interest to show you; you would immediately be on your guard because this is not normal.

But the inexperienced users or the occasional surfers come across a unusual invitation, they regard it as just another part of this exciting new world, and fail to distinguish between dodgy and safe.  They are the ones likely to be taken in by Phishing Emails or by pop-up windows advising them that they are infected and need to install some unknown items of software.  The ‘Snake Oil Peddler’ has been replaced by spammers offering Viagra and similar wondrous cure-alls.

Lack of Law Enforcement

Again, just as in the Wild West, law enforcement is virtually no-existent.  As I covered in an earlier post on Email Blacklists; the efforts of some organisations are heavy handed.  {I would compare an email blacklist to a ‘posse’}  Likewise not all lawmakers were heroes in white cowboy suits as in the movies; they could be equally heavy handed.

This situation will continue until someone, somewhere gets a grip on it.  I know that one of the great things about the internet is that it is intended to be open, democratic, even anarchic.  The streets and highways in most of the developed world are open and democratic but not anarchic.  They are there to be used and enjoyed without constantly looking over ones shoulder (unless you go into some parts of town). 

This is a call for some form of law enforcement on the internet.  ‘People have right to advertise’ some will complain; and I don’t object to honest promotion of legitimate products. Equally, most democracies have some form of regulation regarding mis-selling of goods or mis-leading advertising.  But much spam is far worse than that – it is downright malicious; aimed at theft or gaining control over your PC. 

Take an example: An innocent user unwittingly downloads a Trojan which infects their system.  This Trojan all but stops their system from operating and through one or more messages asks them to shell out good money on removal software.  This is not marketing, it is a protection racket!  {Or possibly the aim is to obtain their credit card details}

It is not impossible to track down the servers that the spam is directing people towards or to follow the ‘money trail’.   It will probably require new legislation in many jurisdictions, with co-operation across them.  The World Wide Web does exactly what it says on the tin;  it is global and this will require a global response with co-ordinated efforts so that similar rules and standards apply across most of the world.

A ‘Phishing’ Letter

The other day the following arrived in my inbox; It was identified by Mailwasher as Spam – which it obviously was.  What intrigued me is that unlike most ‘phishing’ emails, they didn’t claim to be from such and such a bank

Dear Customer,

This e-mail was send by coras.it to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

 (C) coras.it

 

However it did invite one to run the attached file and follow instructions.  Needless to say I deleted the file via Mailwasher and didn’t perform the action requested.  Presumably had I done so my system would have become infected some Trojan or other; or maybe my system would become part of a netbot and start sending out spam itself.

It is so obviously a con (note the spelling errors ‘temporanly’ and ‘beleive’ and the ‘Dear Customer’ salutation, genuine banks and stores would address you by name.

Numbers Game.

It is safe to assume that most internet users don’t fall for this kind of thing, but a tiny percentage will do.  And that tiny percentage must be enough to make things worthwhile for the spammers, because the stuff just keeps coming!  It becomes a numbers game, it takes them little extra effort to send out 10,000 junk emails as opposed to 1,000.  Someone somewhere must fall for these and produce a fraudulent return for this scum.

Test Yourself

SonicWall run a very nice ‘self-test’ on their website, to see how good you are at spotting the difference between legitimate and ‘phishing’

http://www.sonicwall.com/phishing/index.html

Tell your friends about it!