As you can see in the screenshot from Sophos, this specific scam advertises “One Free Amazon.com Gift Card (limited time only)“. The link comes with one of several Amazon icons, one of which implies that the offered gift card is for the outrageous amount of $500. If this is not suspicious enough, the link also states that “Amazon is currently giving away gift cards to all Facebook users” and urges you to click it to get yours.

According to Sophos, if you do click the link, you will be asked to first share it with all your friends, and then be redirected to another webpage where you will be tempted with some premium rates mobile phone service, and will also be asked to complete a service. All of this will serve the people behind this scam nicely, as it will bring hits to various webpages, and may cause some people to part with some money. But there will not be a gift card in sight.

$500 from Amazon sure is tempting, so if you’ve fallen for this or if you’ve seen this post on a friend’s wall, be sure to erase, unlike and evoke any permission from apps you don’t know. To remove apps from your Facebook account, go to Privacy Settings, scroll all the way down to Apps and Websites and click on Edit Settings. You can then remove apps from Apps you use by clicking Edit Settings again.

What do you think about scams like this? Should it be Facebook’s responsibility to get rid of them, or should people simply be more alert?

Source: Sophos Naked Security

If you’re shopping for certain items, you may need to go elsewhere for the best selection and prices. That causes another problem, however. How can you trust smaller online businesses that you’ve never heard of?

Google It

Search is one of the best ways to arm yourself against potential scam websites. There are places set up for people to post if they feel they were ripped off, or given generally poor customer service. If you Google the name of the business, followed by the word “scam”, you’ll often find the complaints – if any – against it.

Please keep in mind that a single nasty report about a website may not be representative of a business, but when a illegitimate site appears, it rarely takes advantage of one person and then fades away forever. There will likely be many complaints from many sources. So keep things in perspective.

One issue with doing this, however, is time. If a site is new, there may not have been time for complaints to surface. That’s why you should use at least one other means of checking for a legitimate online business.

Use Retailer Search

Besides looking for scam reports, you can also use Google to check for general reviews through Google Shopping. A large number of retailers are found on this service, and users can rate their experiences. In addition, Google lists reviews from some major review sites.

Strangely, Google doesn’t seem to make any effort to organize these reviews, so you’ll usually have to find them by searching for the store’s name or by searching for an item the store sells, and then finding the merchant on the price comparison page.

If you don’t want to do that, or you can’t find the merchant, try BizRate.com. This site is another online shopping search website, and it does offer you the chance to browse and search retailers to find what others thought of them. If you still haven’t found what you’re looking for you might also try Reseller Ratings, which unlike Google Shopping or BizRate, exists only to rate online retailers.

You can also try older organizations, like the BBB, or local and national consumer affairs websites. Sometimes they have useful data, but usually you can find information about a retailer far quicker from BizRate or ResellerRatings.

Install Web Of Trust

Web of Trust is one of the most useful extensions for any browser, and it is available for all the most popular options. It catalogs user experience data to develop a profile for a site, which is then shared with all WOT users, giving every user access to the experience of all users.

After you install the extension, you will be able to see the rating of a website in Google search and when directly visiting the site directly.The extension has a specific “Vendor Reliability” section, and also ratings for privacy. If anyone else in the extensive WOT network has had a problem, they’ll downrank the site, and that will show up in your browser.

Better still, you can open the scorecard for specific sites which, in turn, will give you specific details about how well the site ranks and provide you with any reviews that have been written about the site. All of this information helps you determine not just how reliable the business is, but also how long it’s been around. If it is a new site, it won’t have many WOT entries, which will show up in the extension and in the site’s scorecard.

Conclusion

If you use the tactics above, you should have no trouble verifying a legitimate online business. The only sites you may need to be wary of are those that are new, since few people will have used them. If a site is new, ask yourself what you’re really saving by using it. $5? $20? $100? And is that saving worth more than the risk?

Similar to real-life fishing, phishing scams aren’t always best when they rely on advanced tactics, but there are many new techniques motivated by social networks. So what is phishing, and what should you be wary of?

The Basics of Phishing

According to Microsoft’s Safety & Security Center, phishing can be summed up as:

“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information”.

In other words, phishers are the Loki of the Internet. They’re tricksters. Often, the techniques used by phishers have absolutely nothing to do with exploiting zero-day threats. Instead, they exploit human psychology.

There is one point on which I disagree with Microsoft, however, and that’s their description of phishing as “a type of online identity theft”. This isn’t always the case. As I’ll explain in some examples of recent scams, phishing tactics are often used to simply harvest data or to trick people into purchasing a product.

Traditional Phishing

In many cases, Microsoft is correct. Many phishing attacks are attempts to steal personal information. Often, they do so using link manipulation and website forgery. The traditional example is an email that seems to come from a legitimate source, like your bank. It claims that there’s been some problem, or perhaps offers you a lower interest rate on a credit card. All you need to do is log in via the link in the email, which appears legitimate.

But it’s not. The link has been manipulated to look correct, but it actually redirects you to a forged website. Once you enter your login information, the phisher has it, and can use it to log in and use your account. Sometimes, the attack will go further and request you to fill in personal information like your social security number, credit card number, address, and so on. Identity theft is just a hop, skip and a jump away from there.

Traditional phishing can be combated by refusing to follow links in such emails. If you receive something from your bank that claims you need to log into your account, simply go to your bank’s website by entering the URL manually and then log in. In fact, some banks and other organizations no longer even send links to users precisely because doing so makes phishing attacks more effective, as users become confused about what is and is not legitimate.

You can also combat phishing using an Internet Security suite with anti-phishing features. These monitor your browser and look for signs that a website is a forgery. Extensions like Web of Trust can also be effective.

Phone Phishing

Within the last few years, phone phishing has become a popular tactic. I myself received a phone call last month claiming to be from the Federal Credit Union Administration, which said my debit card had been locked due to potential identity theft. All I had to do to rectify the situation was give them my debit card information so my account could be verified. Of course, it’s a total scam, and one that’s been going on for years. If you enter your information, it can easily be used for fraudulent purchases.

There’s no software solution to this particular threat, so you simply have to be skeptical. If you receive a call from an organization that wants personal information, call them back at a publicly listed number, rather than the one provided for you in the voicemail.  Phone phishing also tends to give itself away by being vague – usually, it won’t claim to actually be from your credit card company or bank specifically, but something more general, such as the “Federal Credit Union Administration” call I received.

Social Network Phishing

The rise of social networks has given phishing new life. After all, social networks are all about sharing. It’s not at all unusual for a friend to post a link to a nifty article, so users are less likely to be skeptical, and more likely to click on a phishing link.

That’s the bad news. The good news is that phishing on social networks usually isn’t as severe. Usually, the deception will be something like the recent Steve Jobs’ death scams, which are simply looking to harvest email addresses or send people to affiliate links. You might be annoyed by additional spam, but that’s it.

Still, some of these attacks can be fairly harmful. Banks have Twitter feeds and Facebook pages too, and fake ones can be used to try and lure users to forged websites, just like a bogus email. These accounts can be hacked, too. The Bank of Melbourne experienced this, although as is often the case with phishers, the messages sent by the compromised account weren’t of high enough quality to fool many people.

Phishing on social networks can be combated the same way as phishing through email. Security software and extensions can help. You can also use a link preview extension to see if an abbreviated link is sending you where it claims.

Conclusion

Phishing will always exist, because there will always be ways to trick people. It’s easy to look down upon the victims as being stupid, but often the people who fall for the tricks simply lack proper education about computers, or are in a situation that compromises their judgment (don’t check your email while drunk, or excessively tired).

In this case, knowledge is power. With skepticism and a few security tools, you can avoid phishing threats and shut down one of the most common methods of identity theft.  Have you been a victim of phishing?

Image Credit: Pro Team Sport Fishing

As a general rule of thumb: if it looks too good to be true, it probably is – and this advice is well worth remembering.For extra peace of mind you can also do your own research and investigate the current threats yourself.

The more prepared you are, the easier you’ll be able to spot a scam and steer clear – so without further ado here are some resources to keep you, your friends and family wise to online fraud.

USA.gov – Consumer Frauds and Scams

Probably the best governmental resource for US citizens concerned about fraud, this section of the country’s main online political portal contains a bounty of information about scams in the wild. There is plenty of in-depth, easy-to-understand information on a huge variety of schemes designed to trick and steal.

News is provided courtesy of other sources at the foot the page, and while more regular updates would be nice, the service is a fantastic resource for anyone concerned that they have been hit with fraud. Detailed descriptions of known scams will also help you identify potential dishonesty.

LooksToGoodToBeTrue.com

The aptly named LooksToGoodToBeTrue.com tracks known scams and reports the findings in their Action Centre. The website comes recommended by several government portals (including USA.gov above) and contains more advice for those concerned about fraud.

On a very human level is the Victim Stories section which invites victims of fraud to share their experiences in the hope of raising awareness. The website also has a File A Complaint section which provides the links to several US government department including the FBI-run Internet Crime Complaint Centre.

419 Legal

Named after the 419 scams that once ran rampant online, 419 Legal is in fact a message board where the active community reports on scams, phishing and general fraudulent schemes. Due to the fact that it’s a community and not a news agency or government body, reports are a lot more frequent than on comparable sites.

As well as the Scam Alerts forum where users submit their own reports, there is a General News section, 419 News and archives of past scam email templates to help identify potential scam emails. 419 Legal is a fantastic site with a supportive community and years of archived scam identification techniques.

ActionFraud

ActionFraud is the UK’s national fraud reporting centre, and contains plenty of information that resonates not just in the UK but all over the world. If it’s alerts you’re after then the News & Alerts section contains a run-down of the latest known threats.

As well as news, the rest of the site serves as a useful portal for anyone who has been hit by or is concerned about the dangers of online scams. As well as being able to report the fraud, victims can find out information about what to do next, who to contact and future prevention.

MillerSmiles.co.uk

Despite being a UK-based site, MillerSmiles is a definitive resource for phishing and email scams wherever you are in the world. As well as the latest reports of known scams the website conducts a weekly analysis of all reports submitted.

It is possible to subscribe to alerts via RSS, submit your own scams and search the database of past incidents. The website also organizes threats by company, so if you have received a dodgy looking email from your bank, PayPal or email provider it’s easy to check it against the list.

ScamWatch.gov.au

The final resource on this list comes all the way from Australasia and is a joint effort between the governments of Australia and New Zealand. The ScamWatch Radar keeps track of known threats down-under and it is even possible to subscribe via email for alerts in your inbox.

The rest of the site is packed with helpful advice regarding every kind of scam you can think of, and there is an area to report local scams.

Conclusion

Even if the sites on this list aren’t specific to your locale they can still help identify known scams, phishing attempts and other fraudulent correspondence. If you do receive a suspicious email requesting personal or financial information then alarm bells should always ring. Your bank won’t ask for that information in an email, and if they do then you should always contact a local branch first. Bargains at unbelievable prices usually aren’t bargains and if you use online dating sites then never hand over money to someone you hardly know, no matter how nice they seem to be.

Good luck out there, it’s a big bad Internet!

Have you been scammed, defrauded or had information stolen? Do you know any other good websites that cover the latest frauds and scams? Share your links and experiences in the comments section!

Image Credit: Shutterstock

The application is in beta and is being offered as a free product at least for the time being as a promotion. They hope that beta users will help them to improve the service for everyone.

“Until now, there has been no way of knowing whether a Facebook link takes you to a legitimate website – or to something that has been set up by the criminals.” – F-Secure.

ShareSafe also offers an aspect of social gaming in that it rewards users for scanning and sharing links via ShareSafe. Users collect badges and points for usage, but most importantly they are offered premium products when their friends like or click on links users have shared with ShareSafe. Extra points are earned when friends accept a user’s invitation to start using ShareSafe. Points can be exchanged for copies of F-Secure Internet Security, F-Secure Online Backup, and F-Secure Mobile Security at the moment, with more products planned for the future.

Check out F-Secure’s full promotional video on ShareSafe via YouTube.

Source: ZDNet

There are a few scams known to be circulating the Internet right now. Perhaps the most widely known so far combines two powerful forces – the death of a public figure, and free stuff. It propagates on Facebook in the form of a link that claims Apple is offering free iPads, which sends you to a survey. Another scam claims that if you enter your email address, you’ll have the chance to win a free MacBook Pro.

Yet another dupe, spotted online by a Kaspersky Lab’s employee, involves a website that claims to have photos of Steve Job’s funeral and coffin, as well as other details. Again, visitors are prompted for their email address in exchange for a chance to win free Apple products.

All of these scams are relatively low on the scale of potential security threats, but high on potential annoyance. They exist to harvest email addresses and sell them to spammers, or make money through affiliate programs.

That’s not to say a scam using the death of Steve Jobs couldn’t be a security issue, however. Malicious websites containing exploits are common. As usual, it’s best to be careful, and approach unknown Facebook links with caution.

Source: Time Techland

I’m basing this article on my experience with a would-be scammer who called my parents house last week. This isn’t the first time Mr Windows Repair Guy has so helpfully graced us with his detailed instructions, and this time I was determined to find out exactly what the deal was.

Tell your friends, tell your relatives – Microsoft does not call to fix your PC.

The Call

When the phone rang, the guy on the other end claimed to be from “Windows Technical Support”. Many people would probably notice that something is awry at this point, as Microsoft isn’t known for cold calling to tell you there’s a problem with your computer. Straight away I knew it was the good old “you’ve got viruses, and we can fix ‘em” scam, so instead of the “where’s the Start button on my Linux desktop?” routine I had fun with last time, I thought I’d play along.

I was informed that Microsoft had detected that I had viruses on my computer, and that if I didn’t follow his advice to remove them, my computer could “crash unexpectedly at any time” (tell me something I don’t know).

So I sat down at my parents’ new Windows 7 machine and asked him what sort of viruses I had. He told me to click on Start, right-click on Computer and choose Manage. Then I was told to click Event Viewer, Custom Views then Administrative Events.

This is where the scam gets somewhat believable. This screen displays a log of messages from various services and programs running on your PC. At first glance, there are a lot of red crosses and warning triangles, which could probably look quite serious to an average user.

Apparently, these were my viruses!

The Fix

I was then asked if I could delete any of these new-found viruses with a simple right-click and Delete. As we all know by now – these aren’t viruses. Additionally, you can’t remove the log with the right-click context menu, so I guess they’re just here to stay?

Of course the fix was only round the corner. Once I’d informed my new best friend that I couldn’t remove them, he told me to open Internet Explorer (!) and assured me there was software available to help victims like me.

The website I was told to visit was AMMYY.com (which we are not linking to), but the software didn’t seem to match up. This website claims to provide a remote desktop solution, not the malware dressed up as security software I was expecting.

At this point I had been on the phone for a good 15 minutes, with much of the conversation lost in translation as I struggled to understand the heavy Indian accent. I had words, informed him that I knew exactly what was going on and would be reporting the incident to BT (the telephone provider) as well as shaming him in any way possible and bid him adieu.

Didn’t stop him calling back immediately though did it?

The Cost

There are a plethora of reasons you shouldn’t trust a cold caller, but even more so when it comes to your PC, your personal information and suspicious software. The costs associated with someone gaining remote access to your computer could be devastating. Sensitive information relating to bank accounts, passwords for paid services and documents that could be used to forge an identity could be stolen.

Goods could be ordered via services that save your billing information and any sites that remember logins will be easily accessible. In addition to theft, safeguards like anti-virus programs might be disabled and further malicious software like keyloggers and trojans could be installed.

There is unfortunately very little that can be done to combat these scams. I phoned BT and was told that the numbers from this type of call are virtually untraceable, but calls came from “somewhere in Asia” and were a persistent problem. If the perpetrators are using VoIP services like Skype, the calls are not easy to trace, and it’s not impossible to use a ringback service to decipher the number.

Conclusion

Hopefully this article has provided some brief insight into this kind of computer support scam, which is prevalent all over the world. Unless you fancy becoming part of the big bad botnet, you’d better never trust a caller like this. Variations are common – sometimes it’s bogus anti-virus software that requires payment, or similar – so remain vigilant.

I’m not sure whether AMMYY.com are a legitimate company or not, but Panda’s Firefox plugin doesn’t rate the website and nor does a quick Google search which brings up all sorts of “scam” notices. I’m going to recommend that nobody uses an AMMYY.com product, purely on the basis that there are lots of quality proven alternatives that aren’t linked to dishonest individuals who want your money, data and bandwidth.

Have you had any phone calls like this? Do you know anyone who has? Consider sharing this article, and spreading the word. Comments and discussion are welcome below this article.

The app, named Video Calling, spreads itself through infected accounts by spamming the social networking service with links labeled “Enable video calls”. Clicking on the link takes you to the fake Video Calling page, which entices unsuspecting users with a “Get Started” button.

Upon close inspection of the permissions, however, there’s obviously something odd. The bogus app asks for access to your basic information, your wall, your news feed, and data access at any time. Those are some hefty permissions, and they don’t have anything to do with video calls.

Of course, the real service doesn’t install like other Facebook apps but is instead accessed through a particular Facebook page, so those already familiar with the service are unlikely to fall for this façade. Those who have only heard of the feature in passing, however, won’t be as suspicious.

The good news? The payload of this threat isn’t serious. Besides posting referral link spam, there’s little harm done. Still, users should be on alert for threats like this both on Facebook and on Google+, as not every social engineering attack is so mundane.

Source: CNET