Phishing attacks are pretty cleverly designed, because they skip most virus checkpoints altogether and go for the true weak spot in human-computer interaction, the human. Lorrie Faith Cranor, a computer security researcher at Carnegie Mellon University, has been studying phishing attacks to identify new ways to fight them.
cons
By 12.23.08
../../../..//2008/12/23/bernard-madoffs-ponzi-scheme-was/
Bernard Madoff’s Ponzi scheme was one of the biggest, but he’s got a lot of company. Here’s a list of the “9 Most Brazen Ponzi Schemes in History,” from Charles Ponzi (yep, that’s why we call it that) to Social Security. [Neatorama]
NWV Direct Caught Pulling Bait And Switch, Tries To Backpedal
By 10.13.08
Joshua caught New World Video Direct trying to pull a bait and switch on him with a recent order, so he canceled it and gave them a bad review on resellerratings.com. They contacted him to ask if he’d remove the rating. Joshua wrote back to decline, but he reminded them that it’s actually pretty simple to develop a decent reputation as retailer: “If you want to have anyone trust you as a business you have to only list items you plan to sell for the price you plan to sell them at.”
Beware The Grannie Scammers
By 10.6.08
Watch out, grannie, there’s a new scam out there and they’ve got your number. Like we told you last week, conmen are calling up elderly folk and using social engineering to pose as their grandchildren, and they need money money fast. Usually they say they were traveling in Canada and just got in a car accident and need thousands of dollars for repairs or bail. How do the scammers fool the grandparents?
Angry Wiccan Digs Up The Identity Behind Scam Site Fastspells.com
By 9.17.08
Fastspells.com is a ridiculous website loaded with sexy young lady “Wiccans” who, for anywhere from $40 to $265, will “find you love, give you an abortion, cure your cancer, grant you immortality, and change your sex organs.” Terrific, because I need some new sex organs! These are all worn out. Anyway, Trae at TRHOnline.com was annoyed by their expensive and unrealistic promises, and the more he looked into the domain registrations, the more suspicious he became.
Bally Total Fitness Scams College Student By Swapping Contracts
By 9.16.08
Chanda signed up for a month-to-month membership at a Bally Total Fitness in Montclair, California, but when things went wrong—as they frequently do with this company—Chanda found himself signed up for a 3-year agreement. Their proof? An unsigned contract that doesn’t look like the one he was given.
Listen To These Vigilantes Scam Nigerian 419 Scammers
By 9.15.08
Last week, “This American Life” featured a 30-minute piece on people who scam the scammers—in this case, three guys who prey upon small-time Nigerian con men and try to trick them into placing themselves in mortal danger. “This American Life” tells how they almost got a guy to enter a Western Union office in Chad carrying an anti-Muslim/pro-Bush note that announces his intention to rob the place. Whether you think these stunts are funny probably depends on your level of empathy even for criminals, and whether you think the avengers ever fully succeed. But c’mon, getting someone in another country to hold up a sign that’s offensive in your language is pretty much always funny.
OnTheGoTickets Is Just TicketsMyWay In A New Skin
By 8.7.08
Back in June we mentioned how TicketsMyWay has a reputation for not actually providing tickets—”MyWay” apparently refers to the company and not the customer, and it translates into “no tickets or refunds for you.” A customer who learned the hard way about TicketsMyWay sent us an alert that the company is operating under a new banner, OnTheGoTickets.com.
EBay & PayPal Phishing Gone For Good On Gmail and Yahoo?
By 7.15.08
If your email account is with Google or Yahoo, your days of seeing phishing emails from fake eBay or PayPal addresses should be over. Google announced last week that it’s now using DomainKeys to verify messages really do come from paypal.com or ebay.com—if they don’t, they never even make it to your In Box. This is possible because eBay and PayPal are now making sure “that all their email is signed with DomainKeys and DKIM.” Since Yahoo! also uses DomainKeys and DKIM (they developed it, in fact), phishing attacks for Yahoo! Mail accounts should also disappear.
It's A Miracle! This Free Digital TV Converter Box Will Cost Me $100
By 7.9.08
We know you’re too smart to fall for this ridiculously fraudulent digital TV converter offer, but maybe you know someone who’s not wise to the facts of the upcoming switch to digital TV—specifically that converter boxes cost less than $100, and that you can get a government coupon to offset $40 of that cost. Universal TechTronics—the same scam outfit behind those “Amish” Heat Surge miracle fireplaces—is now conning the less knowledegable with their “free” converter box offer: pay nothing but a warranty and shipping, bringing the total cost to anywhere between $68 and $97. The Los Angeles Times says this is “the first large-scale [converter box] scam the Better Business Bureau has seen.”
Man Sentenced For $3.6 Million Credit Card Fraud
By 4.21.08
A Californian named Andrew Michael (not pictured at left) was sentenced to four years in federal prison last week for scamming Citibank and credit card companies by fraudulently applying for an $8.5 million commercial line of credit—some $2 million of which he spent on personal goods for himself, including “170 troy ounces of silver, 479 tubes of gold flakes, [and] a Rolex watch.”
Reunion.com Will Scrape Your Address Book, Then Spam Your Contacts
By 4.17.08
Reunion.com dupes new members into signing up by sending them an email that pretends to be from an acquaintance who’s been looking for them (on Reunion.com, naturally). After signing up, the site sucks in your contacts and immediately begins spamming them to join by sending out a similar email. If one of those people then signs up at Reunion.com, their contact list is scooped up and the cycle starts all over again, like a social engineering version of a virus or parasitic infestation. Maybe this is why Reunion.com can claim to register about 1 million new members every month.
Why You Fall For Dumb Things
By 4.10.08
The New York Times has an interesting series of tests and explanations that show why and how the human brain makes errors in estimating probability—and consequently, why we get suckered even if we think we’re overall pretty smart.
GMAC And Car Dealership Scam Old Lady For Nearly $8,000
By 4.2.08
A volunteer in Chicago claims that her client, a 65-year-old woman with dementia, was given a GMAC auto loan for a new 2007 Pontiac, even though she only makes $900 a month and has no driver’s license. Now the car has been repossessed and the car lot is saying she owes them nearly $8,000.
Watch Out For Cramming On Your Phone Bill
By 3.20.08
Josh discovered a mysterious $13 fee on his parents’ phone bill, and as he tracked down the source of the bogus charge, he learned a lot about cramming. The FCC describes it as “the practice of placing unauthorized, misleading, or deceptive charges on your telephone bill” by third party companies, who bank on you being too confused/distracted/annoyed by your hard-to-read bill to notice.
Consumer Alert: Fortune Tellers Cannot Curse You, Do Not Give Them Your Money
By 3.19.08
Two fortune-tellers in Chicago are in being held in jail in lieu of $750,000 bail each for defrauding customers by convincing them they were cursed, then selling them expensive curse-removal/protection services. Remember, folks, fortune tellers cannot curse you, see your future, turn you into a werewolf, or make you lose horrific amounts of weight. They can, however, take your money.
Animals Bring Phishing Call To Life
By 2.27.08
Chris went ahead and added some animal pictures to make a video of that phone call between a scammer and a Southern gentleman. A weasel plays the Indian phisher, a houndog plays the gentleman, and a goose plays his wife. Go back to the post and watch it, it’s even funnier than the original.
Man Records Phishing Call
By 2.26.08
–> A man in Virginia who apparently likes to record suspicious phone calls captured a very funny 10-minute talk with the world’s clumsiest phisher who called his house trying to get his bank account number. His local news station reports, “Howard says he recorded it because he wanted to help people by putting it on the news.”
