Maximum PC fraud RSS Feed

Online Scammers Taking Advantage of Swine Flu Scare

Pulkit Chandna — Mon, 16 Nov 2009 19:41:26 -0600

Online scammers tend to cash in on people's sense of alarm. By that token, the ongoing H1N1 flu pandemic is like a blank check for online criminals. And they seem to be in no mood to let this opportunity slip past them. According to a report published by web security firm Sophos, the sale of counterfeit antiviral drugs meant to combat H1N1 flu symptoms is going on unabated on the internet. Hundreds of millions of spam adverts and websites are being used by these fraudulent online pharmacies to lure unsuspecting, flu-fearing people.

According to the report, a vast number of such fraudulent online pharmacies are based out of Russia, while the bulk of their victims are from the United States, Germany, Britain, Canada and France. A lot appears to be at stake as online charlatans are earning thousands of dollars each day by selling drugs like Tamiflu and Relenza online. "The criminals can be members of more than one affiliate network, and some have boasted of earning more than $100,000 per day," Sophos said in a statement.

Image Credit: TopNews.In

A-DATA Using DNA Authenticated Tech to Counter Against DRAM Fraud

Ryan Whitwam — Thu, 22 Oct 2009 20:36:28 -0500

DRAM maker A-Data has decided to begin using a new anti-counterfeiting system they are calling “DNA Authentication”. According to the company, the fraudulent selling of fake RAM is a “serious and growing problem" in the tech world.

It seems A-Data has had a lot of troubles with the selling of fake DRAM chips with A-Data logos. According to the company, “…we adopted the DNA authentication technology to protect our intellectual property and our consumers’ interests."

So what does this mean? When you cut through the marketing speak, it’s basically just a new type of ID label on RAM sticks. To verify the authenticity of the chips, consumers can use a black light to reveal the unique code on the sticker. Like many of these ID systems, the label is designed to tear itself to shreds if removed. Will it do much to stop fraud, or will the fraudsters just fake these labels too?

Postal Worker Steals 2,220 GameFly Rentals

Justin Kerr — Sat, 17 Oct 2009 23:40:06 -0500

What do pacifistic mailmen do when they “go postal”? Well, if we limit our sample group to a single mail handler from Philadelphia, then you turn to a life of crime by stealing the easily identifiable video games shipped by online rental service GameFly. The disks come in an easy to spot bright orange package, and Reginald Johnson stole every envelope that he could get his hands on, a tally which would add up to more than 2,200 disks over a six month period. After jacking the disks, he would turn around and sell them to a local Gamestop for a tidy profit.

After being confronted by Police, Johnson led local authorities on a high-speed chase which ended with him crashing his SUV, and being tracked down on foot. When he was finally apprehended, police found 81 stolen games in a duffel bag he was carrying with him. For his crimes, Johnson is likely to receive 12 to 18 months of jail time, and will likely be in search of a new career upon release.

2,200 video games would fetch a tidy sum, but he is still pretty far from beating the record for disks stolen. That honor falls to Myles Weathers, a mail handler from Springfield Massachusetts who managed to swipe over 3,000 DVDs before he was caught.

Did these guys actually think they could get away with this?

New Malware Rewrites Bank Statements to Cover Its Own Tracks

Paul Lilly — Wed, 30 Sep 2009 11:15:27 -0500

Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.

Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.

"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."

A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.

While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.

Cybercrime Intelligence Report, Issue No. 3, 2009 (PDF)

Image Credit: Finjan via Wired.com

Twitter Spam a Result of Phishing Scheme

Jason Barry — Thu, 24 Sep 2009 18:29:46 -0500

A Twitter phishing scam tore across the micro-blogging site over the past few days. It all started with direct messages sent to Twitter accounts saying “rofl this you on here? http://videos.twitter.secure-logins01.com.” The link leads to seemingly innocuous Twitter login page. However, to the keen observer of the URL you can see that it is obviously not an official Twitter site.

Once on the fake login page, if you entered credentials you were taken to a “Too many tweets page” explaining that Twitter is having technical trouble (is it that hard to believe?).

A day or two later, if you logged into your Twitter account you will have found hundreds of get-rich-quick, earn-money-at-home spam messages sent on your behalf.

If you are a victim, you had best change your credentials to your Twitter account and any other sites using similar login information. If you are a casual onlooker, try not to point and laugh.

Sinister Firefox Ad on Google Links to Ridiculous Scam

Pulkit Chandna — Wed, 23 Sep 2009 20:23:53 -0500

Abuse of online ad delivery platforms is becoming more rampant just as the online ads industry continues to assume more lucrative proportions. A few days ago the New York Times website was making headlines for an embarrassing reason: a malvertiser – author of a malicious advertisement – had succeeded in buying ad space on the site to drive traffic to a malicious website.

But it shouldn’t take long for the New York Times to get over the embarrassment of serving a malvertisement on its website, especially now that the most consummate player of the online ad game, Google, has repeated the paper’s ignominious feat.

It is now clear that all malvertisements need not exploit third-party ad networks. Malvertisers are fully capable of exploiting loopholes in search ad networks like Google AdWords. Yesterday, TechCrunch was shocked when Google returned a malicious advertisement just above the search results when queried about the search term “Firefox.”

Although the ad appeared to be linking interested users to the official Firefox site, it was actually redirecting them to an entirely different domain, firefox.mozilla-now.com, which doesn’t even belong to Mozilla. The landing page then tried to cozen prospective Firefox downloaders into paying $2.50 per month for “24/7 Expert Customer Support.” The ad was subsequently removed by Google.

"Google's advertising policy requires that the Web site address displayed in the ad must match the domain of the landing page for that ad in order to ensure that users clearly understand the destination Web site being advertised," a Google spokesman told InformationWeek. However, the spokesman did not comment on the Firefox ad. "We use a combination of manual and automated processes to detect and enforce these policies."

Image Credit: TechCrunch

Phishers Attempt to Attack via Bogus Live-Chat Customer Support

Pulkit Chandna — Fri, 18 Sep 2009 10:14:57 -0500

Phishers have added another trick to their copious arsenal. RSA, the security division of EMC, recently discovered a new type of phishing attack targeting online banking customers. It discovered phishing sites that contain fake live chat support for plausibility’s sake. RSA put its appellative faculties to good use to come up with a name for this new form of phishing attack: “Chat-in-the-Middle."

The attack proceeds in a routine way with unsuspecting online banking customers being led to a phishing page designed to extract their account details. After these gullible visitors are through with the first page, instead of being sent to another phishing page or to the genuine website, they are lead to a fake live-chat support window. The fraudster at the other end, posing as a customer support personnel, then tries to extract more account details from them through social engineering.

According to RSA, the fake live chat support window is powered by Jabber, an open source instant messaging protocol. “While at this point RSA has witnessed only a single instance of this attack, we are recommending extra vigilance to operators of all online banking websites and other websites where user credentials are targeted,” RSA wrote on its blog.

Image Credit: RSA

Dell Settles Fraud Case for $4 Million

Paul Lilly — Wed, 16 Sep 2009 16:15:33 -0500

Dude, you're getting a check. That is, if you live in New York and purchased a computer from Dell using a Dell-financed "no interest loan."

The OEM has reached a settlement with New York State Attorney General Andrew Cuomo in which the company will pay $4 million "in restitution, penalties, and costs to resolve charges of fraudulent and deceptive business practices that scammed consumers across New York State."

Cuomo initially filed the suit in 2007 accusing Dell of fraud, false advertising, and deceptive business practices over alleged misleading financing and failing to honor rebates, warranties, and service contracts.

"Today's announcement is the final step in ensuring New Yorkers harmed by Dell's deceptive and illegal business practices are fully compensated," said Cuomo. "Going forward, this deal means that Dell will have to clearly and fully disclose the terms and conditions of their products and services, to avoid this kind of fraud at the consumer's expense. We encourage anyone who was ripped off by Dell to come forward and file a claim to get their money back."

It should be noted that Dell admitted no wrongdoing in the settlement. Nevertheless, New York customers who think they may qualify for part of the $4 million settlement have until December 15 to file a claim, which they can do so at www.nyagdell.com.

Image Credit: adrants.com