Tag Archives: scam \ phishing attack

Mozilla auto disables Microsoft .NET add-on due to security vulnerability

Posted on by
1

Mozilla announced that the recent update of the .NET Framework Assistant which was updated during the recent auto updated had serious security vulnerability, and Microsoft is recommending that all users disable the add-on.

mozilla disables .net add-on

The popup announcing this said that the ‘following addons have been known to cause stability or security issues with Firefox and hence will be disabled.’ Thanks, Mozilla team, for hitting the kill switch and hopefully this will get Microsoft to release a patch sooner.” Mozilla explains on its security blog that they have gotten in touch with Microsoft. In the mean while Firefox team has put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after the Mozilla team added it to the blocklist!)

How does this attack work? “All that is needed is for a user to be lured to a malicious website,” Microsoft said. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application).

Microsoft says “The flaw is a bad one, but users who have installed the MS09-054 IE update, released Tuesday are protected from this attack, “regardless of the attack vector,”

To protect users who may not have installed Microsoft’s patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation.

Alert – Gmail, Hotmail, Yahoo and AOL Accounts Compromised too

Posted on by
1

gmail, yahoo, hotmail

It was revealed that 10,000+ Hotmail accounts were compromised and all of the usernames and passwords of these accounts were posted online. It was a major security and scam issue, but it was thought to only affect Hotmail users.

Unfortunately, Hotmail was only the beginning. Google has now confirmed that thousands of Gmail accounts were compromised by an “industry-wide phishing scheme.” According to the BBC, the login data of over 30,000 Hotmail, Gmail, Yahoo, AOL, Comcast, and Earthlink accounts have been posted online.

Phishing attacks are designed to steal your password. Here are the signs that it’s not real:

1. Google, Yahoo or Microsoft won’t ask you for your password in an email. No legitimate company will. Ever. Don’t give your password to anyone via email.
2. Even if it contained a link to a Google, Hotmail, Yahoo-looking site that asked for your password, I would be skeptical. There are some phishing sites that look very convincing.
3. It doesn’t make sense. Google, Yahoo, AOL or Microsoft has a ton of data storage capacity, they won’t be running out of space or asking your password.

Related: 10 tips to stay safe on twitter!

10 tips to stay safe on Twitter

Posted on by
Reply

twitter

scams target you

Not very long ago we discussed about 5 phishing scams on twitter, and now its time to write some quick tips to help you avoid Twitter scams:

1. Be very careful signing up for work-from-home services connected with Twitter, and make sure you know exactly what you’re signing up for.

2. Don’t sign up for services that claim they’ll get you more followers.

3. Before entering your Twitter password on any sign-on page, check that the address bar shows http://twitter.com/. Beware of anything that uses another word on either side of “twitter.”

4. Change your password frequently, and immediately if you think your account may have been compromised.

5. Be wary about clicking on links, even ones that appear to come from people you know. Get to know those you are newly following before trusting any of their links.

6. Make sure your Internet security software is up to date so that if you do click on a bad link it will alert you if it takes you to a malware site.

7. Don’t automatically follow people who follow you. Visit their profile page and beware of anyone whose tweets consist mainly of links, or who appears to be following lots of people but has hardly posted any messages.

8. Never give away confidential information about yourself in a tweet, even if it all seems perfectly innocent.

9. Carefully check out programs that sign on to Twitter for you and fetch your messages. They can increase your security but they also need your password — so make sure they’re legit by doing a search first. Popular legit services includes TweetDeck and Twhirl.

10. Simply don’t believe any message that says you won something. You didn’t.

Hope this helps… Any tips comments, please post them below!

5 types of prominent Twitter scams and how-to protect yourself

Posted on by
1

twitter scam

How to protect yourself as Twitter scam rise alongside the popularity of microblogging site Twitter.. 2009 has turned out to be “The Year of the Twitter Scam.” The growing popularity of microblogging sites like Twitter has sparked the rise in social networking scams.

warning scam ahead

I’m sure many of us know what twitter is all about, but for all newbies, simply put, Twitter is an Internet service where you can register for free to get your own page where you post comments and messages up to 140 characters long and that’s What is ‘twitter’ in short.

Here are the main types of Twitter scam and cures if you are affected:

1. “Easy-money, work-from-home” schemes

With this Twitter scam, firms claim they can show you how you can make money by promoting other people’s products to them. They charge a modest sign-up fee, typically a couple of dollars, but when you pay (with your credit card) you’re also signing up for a recurring monthly membership fee of around $40 for ongoing tips.

Now, there are many legitimate membership sites that charge recurring monthly fees. However, what makes these Twitter scams is that the membership explanation is either completely hidden or non-existent — and it’s almost impossible to cancel and get your money back, the only person making money from this is the twitter artist :D

Tip\Cure: There are many legitimate work from home jobs available, but this one is a fake – You don’t have to believe.

2. The Twitter phishing scam

Well, what did you expect? Anyplace where there’s a chance of netting someone’s personal details is a haven for phishing — the technique of fooling people into disclosing things like passwords, Social Security numbers and other confidential information. Even Facebook was not spared of the phishing scam.

Twitter phishing scammers have a number of different tricks for doing this but they mostly come down to the same fatal step, getting you to click a link that takes you to what appears to be a Twitter sign-on page where you give them your password.

Once they have that, they can pretend they’re you and use your account for evil purposes — like spreading more Twitter spam or infecting other people’s computers.

Tip\Cure: Change your password and never share it!

3. Instant thousands of followers

Do you want lots of followers? You might be tempted to sign up for a service that offers to deliver thousands of followers literally overnight.

They claim to be able to do this by identifying other Twitter users who automatically follow anyone who follows them. Some even claim they have built up databases of people according to their interests, so you can be sure you are targeting the right people with your “tweets.”

Well, they may or may not be able to do all of these things but they’re really no different from people who sell email addresses to spammers. They charge for the service, of course, and if you buy, you could end up being accused of trying to send Twitter spam and be banned from Twitter altogether.

Tip\Cure: Be real, and I’m sure people would like to follow you :)

4. Spreading Spyware and viruses

This Twitter scam is in full swing, using tempting messages like “Just saw this photo of you” followed by a link that, when you click it, takes you to a site that uploads malware onto your computer.

Sometimes, by exploiting the phishing technique outlined above, the message may seem to come from one of your regular followers, perhaps even a friend or relative. In reality, their Twitter account has been hijacked. There are some clever variations of this Twitter scam. For instance, one site offered a program that, when installed, supposedly would tell you who had been checking out your Twitter profile.

It did nothing of the sort. Instead, it installed spyware.

Tip\Cure: Don’t click on unknown links or install unknown applications.

5. Don’t add applications and grant permission to access your Twitter data

Although twitter conducts routine checks while approving applications, there are some applications which turn to the bad side after being approved. They try to access your information from the twitter API (once you have given them permission). Make sure, you don’t approve \ grant unknown applications permission to access your twitter data.

Tip\Cure:  You can always revoke access in the twitter settings page for the applications which are misbehaving  :) .

Have a safe tweeting!! If you have more tips\cures for all these twitter scams, please post your comments below. And as always, if you liked this post follow me on twitter or subscribe to the mYpassion RSS feed..

New technique used by Scammers \ Fraudsters to trap the bait!! – BEWARE, SMS scam is here.

Posted on by
Reply

DO NOT reply to those messages which reads like “You won 850000$, to claim the prize send an email to xxxxx@gmail.com.” – This basically is the international lottery scam witnessing a new spin: Mobile phones are now being used as baits by fraudsters to net victims. Earlier, they used to send e-mails telling people to deposit money to claim big lottery prizes. Now, these emails have been replaced by SMSes.

spammers on the phone

It works like this: You get a message on your mobile phone with a congratulatory message for winning the lottery and an instruction to furnish details of your bank account. you do so, and cyber criminals empty your account by the time you realize the trap. This shift of modus operandi is because internet users have become more cautious. At times, the SMSes come in the name of big companies.

I recently got a message that I had won 85,000,000$ in a lottery and to claim the prize all I had to do is send an email to xxxxx@gmail.com with my name, age, phone number. Many such messages are finding their way to the mobile in recent times. Interestingly, none of these messages have a source number. Instead, they display a code number to which no reply can be sent through the phone. Some of them are ID-OTD, ID-WEBSMS and TA-OTDC.  To send the messages, they use websites which allow free SMS services and when somebody provides their number for any promotional activity, it does not remain private after all.

Stay safe!!! If you liked reading this article, please subscribe to our mYpassion RSS feed to get instant updates!

[WARNING] – linkteria.be is a Facebook Scam: DO NOT Visit!

Posted on by
1

It seems there’s no end to the Facebook phishing attacks and scam. Today I received an email notification from a friend of mine on Facebook which said “Check linkteria.be” seems like there’s another attack underway.

Most tech savvy users: I’m receiving Facebook mails with links to “.be” sites which are obviously nefarious. The subject line of the mails is “Look at This” or “Hello”.

If you receive such a mail, DO NOT click links to the following sites:

  • goldbase.be
  • greenbuddy.be
  • silvertag.be
  • picoband.be<
  • linkteria.be

These sites are basically scam \ phishing sites, which means they want to know \ steal your passwords.

Does Facebook care? Do they take legal actions against such scam \ phishing sites?

Yes, they do care… they don’t want their users to deleted their Facebook accounts now do they?.. Trust me! Not very long ago Facebook filed a federal complaint against “Spam King” Sanford Wallace in San Jose District Court and Facebook won and was awarded $873 million in spam case…

Go to http://www.facebook.com/safety/ and read about Facebook Safety tips to stay safe. You could also contact abuse@facebook.com and keep them informed about the spam \ phishing attack.

I’m scared. How do I stop it? What to do?

If you receive one of these Facebook mails, simply delete it – one of your friends is infected but not you. If you find, however, that your account is sending the mails:

- As a precaution, go to your browser settings and clear your cookies.
- Change your Facebook password
- Make sure your antivirus software is up to date and run a full system scan
- Inform your friend to do the same…