Posted 11/18/09 at 03:06:56 PM by Bart Salisbury

Stuff like this is why we’re told to always be wary. Not just of strangers, it appears, but of friends as well. The Senate Committee on Commerce, Science and Transportation held a hearing on Tuesday, where it laid out the ‘questionable’ marketing practices of Vertrue, Webloyalty, and Affinion, web merchants that sign up users to “web loyalty programs,” to the tune of $9 to $12 a month, without the user being aware. How? By riding on the coattails of respected e-retailers such as Orbitz, Buy.com, Fandango, and Continental Airlines.

How’s the alleged scam work? At the end of a transaction at a legitimate web site a pop-up appears asking the user to enter an email address if they are interested in receiving cash back or a coupon. Simple enough, except buried in the fine print is enrollment in the web loyalty program, along with permission to charge the user’s credit card a monthly fee. Where’s the credit card information come from? The legitimate web site sells that information to the loyalty program. The user never knows about the transaction until a charge appears on their credit card statement. The user gets double-pwn3d: by the unscrupulous web loyalty program, and by a trusted merchant.

Overall, the Senate Committee estimates the three loyalty programs generated more than $1.4 billion from the scheme, with $792 million kicked back to the web retailers who provided the user’s credit card information. (Classmates.com, for example, raked in $70 million.)

It would be easy to lay the blame at the users feet: you really should read the fine print. (Although the vast majority of us never do.) But the Senate Committee reported that managers at Affinion, Vertrue and Webloyalty knew full well that people were completely unaware of what they were signing up for, and that their programs were specifically designed to mislead people. The ‘legitimate’ retailers who enabled this were also aware of what was going on, but turned a blind-eye because of the revenue it generated.

Webloyalty and Vertrue stated during the hearing they’ve changed their business practice, and now require additional information for enrollment. Others aren’t convinced, arguing that the only way to curb the practice is to make it illegal for retailers to sell customer’s personal information.

Read More

Posted 11/06/09 at 09:05:57 PM by Ryan Whitwam

Facebook is the king of social networking with more users than any other web 2.0 site. With all those users, it’s also an attractive place for scammers that want access to lots of eyeballs. After a few embarrassments, Facebook is promising to take a stronger stance against deceptive advertising.
 
Facebook has gotten a bit of a black eye in the press lately after some companies using the platform were accused of scamming users. These scams often come in the form of special offers and surveys within games. Facebook’s Nick Giano wrote in a blog post that the site was aware of the problem and was actively working on it.

Users of the site also encountered a rise in stimulus scam ads earlier in the year; Facebook notes that they were quickly removed from the site. Hopefully this new wave of scams can be dealt with in the same manner. Facebook claims that over 100 developer applications have already been removed or “brought into compliance" so far. Have you noticed any fishy behavior on Facebook?

Read More

Posted 10/29/09 at 12:15:44 PM by David Murphy

What a wonderful world that open and closed platforms have created on the World Wide Web. I can have an untold number of features and applications inserted into my Web browser without having to lift much more than a finger to access them. I can take my favorite Web platforms and expand their usefulness by linking them to other Web-based services. I can even download a variant of my Web browser of choice that bridges the best of two worlds under one new roof: new innovations mixed with standard familiarity.

So, what happens when these architectures fight back?

It's a stupid thing to say on its face, because I don't believe that it's up to a particular program or application to breach your defenses and fight its way into your cyber-life. Most, if not all instances of malware, spoofing, and hijacking (to name a few) can be directly traced to user stupidity in some fashion. Either a person leaves the ol' back door unlocked, fails to frisk the guests as they enter the home, or actively invites a heap of trouble to come on over for a party.

Simplified examples, perhaps, but the underlying fact remains a constant: You are the gatekeeper for your PC. Unfortunately, as we begin to adopt an "everyone's allowed" mindset for Web integration, we're only making it easier for the bad guys to do what they do best. Unfriendly, if not downright hostile bits of malware can be pushed back with but a few simple changes in behavior--are you as security-focused as you should be in today's cross-platform world?

Read More

Posted 10/23/09 at 10:45:00 AM by Paul Lilly

Nigeria has long been a hotbed for scams - either that, or we've all made a terrible mistake by not wiring over thousands of dollars to unknown recipients for a multi-million dollar payout down the line. Believe it or not, people still fall for it, so we're pleased as punch that Nigeria's anti-corruption police force has stepped up to the plate with some major busts.

"Over 800 fraudulent email addresses have been identified and shut down,"Economic and Financial Crimes Commission (EFCC) boss Farida Waziri said in a statement. "There have been 18 arrests of high profile syndicates operating cyber-crime organizations."

This doesn't mean you'll never see another Nigerian scam mail in your spam box, but hey, at least it's a start. And going forward, the EFCC feels pretty confident it can make a dent. Rather than rely on raiding cyber cafes and waiting for complaints to trickle in from the public, the EFCC said it is using smart technology in conjunction with Microsoft to actively track down fraudulent emails.

The EFCC hopes this is the just beginning. Working at full capacity, the crime unit believes it can forewarn about a quarter of a million potential victims within the next six months.

Read More

Posted 08/26/09 at 08:05:31 PM by Paul Lilly

As another reminder that crime doesn't pay, 23-year-old Nicholas Woodhams, also known as the "iPod Mechanic," faces 13 months in prison after pleading guilty to mail fraud and money laundering charges. Woodhams was also ordered to pay $648,568 in restitution to Apple and $8,066.85 to the U.S. Postal Service, Arstechnica reports.

According to the lawsuit, Woodhams ran a scam of exploiting Apple's advance replacement system for the iPod shuffle and reselling them through his own website. He also allegedly exploited Apple's iPod Warranty Service Program to get Apple to repair out-of-warranty iPods.

Woodhams' scam proved rather lucrative, but it's all going back. In addition to the above jail time and fines, Woodhams must forfeit about $750,000 worth of criminally acquired assets, including his house in Michigan, an Audi S4, an Ariel Atom 2, a Honda motocyle, and over $500,000 in cash. Ouch.

Read More

Posted 07/05/09 at 03:24:23 PM by Justin Kerr

How much is a Twitter account or Digg vote worth? uSocial.net thinks they have the answer to that question with a recently announced new service that will sell social media accounts or votes to companies or individuals having trouble doing it the old fashioned way. $87 USD buys you (or your company) 1,000 followers added over 7 days, or as many as 100,000 over a one year period for $3,479. It turns out money really can make you popular both online, and in real life.

I have to admit however, I find it somewhat doubtful that companies would find these “purchased masses” very responsive, and in fact, uSocial itself claims “we'll Tweet our followers three times a day, every day for a month to go and check out links directly to the content that you'd like promoted.” This type of ad spam would have any normal user searching frantically for the unfollow button, but it certainly points out how modern social media is just as vulnerable to abuse as telephones, or the post office.

uSocial.net is also responsible for launching a program last year that allowed companies to buy votes on Digg and StumbleUpon. Both companies have issued cease-and-desist orders to uSocial, which according to a statement from Digg, have been ignored.

Is this the ugly side of social networking? Let us know what you think.

Read More

Posted 04/29/09 at 05:01:52 PM by Andy Salisbury

If you thought that the television news networks were the only ones trying to get the best out of a panic, you thought wrong. Those ever-persistent cretins that inhabit the Internet are fast at work, scheming their way to a quick buck, all thanks to the Swine Flu.

It looks like most Swine Flu related scams that have been circulating by means of email that typically contain a link to a phishing website, or have an attachment with malicious code. One such email features an Adobe PDF named “Swine influenza frequently asked questions.pdf,” according to representatives with Symantec. This PDF contains Bloodhount.Exploit.6, which is known to place InfoStealer code onto the victim’s computer.

So, aside from watching your real back, make sure to watch your virtual one as well. The Swine Flu is no joke, and neither is your personal information.

Read More

Posted 01/09/09 at 06:12:25 PM by Pulkit Chandna

Internet shenanigans are keeping abreast with the latest developments around the world and using it to their advantage. An email doing the rounds around the internet hoodwinks the recipient into believing that it is from CNN. The clandestine email ostensibly contains a link to a “graphic” video of the ongoing Israel-Hamas conflict. However, it leads to a fake website that contains a Trojan that betrays the user’s sensitive data, according to the RSA.

The author of the phishing attack has tried to make the website as plausible as possible. Upon visiting the link, the user is greeted with a message asking him to update his Adobe Flash Player. If the user lends his countenance to the download, a Trojan is downloaded instead of the latest version of Flash

Read More