Category Archives: Phishing Scams

Email, Hotmail, Keep Safe Online, Phishing Scams, Security

Viruses, Malware and Worms, Oh My! – Part 1

November 11, 2013 Computers Made Simple Leave a comment

All this week we’re posting tips on ‘safe computing’; how to keep safe online. While we write about PCs mostly, these tips will apply to Macs too, most of them anyway. If you use an Apple computer (a Mac), don’t assume that you’re safe from these exploits. You’ll need to stay on your toes no what what type of computer you use.

Email – Threats in your Inbox:

We all get large amounts of spam email every week. Normally any junk email easy to spot. Some types of phishing emails are a little bit harder to pick out. Here’s an example of a phishing email in one of our junk folders:

Photo of Phishing Email 1 — **We don’t have a Discover card but if we did, we just might open this.**

Out of the millions of people who receive an email like this, a certain percentage would almost certainly have a Discover card, right? Let’s see what the email is all about:

Photo of Phishing Email 2 — **Oh no! ‘Irregular activity’ on our non-existent Discover card.**

Whether these emails mention Discover cards or bank accounts or airline tickets, there is one simple way to check if they are phishing emails. Aside from the fact that your credit card would call you on the phone to report ‘irregular activity’ on your card or account, don’t you think they would know your name? Any emails from these kinds of institutions, and they don’t send out many at all, would always have your name in the subject line as well as in the body of the email.

We get a notice once a month about our account statement being ready, complete with our name in the subject and our name in the salutation of the email. We also get emails from PayPal about different specials they are running and, again, our name is right up front in the subject line.

Obvious Clues:

Aside from the name issue, this email has a couple of other clues that it’s a fake. At the top, you’ll see that it purports to be from ‘discover@email.discover.com, which is probably a legitimate address. If that’s the case, why would the link in the body of the email lead to ‘cicfif (dot) cn’? That .cn is the top level domain for China, in case you didn’t know. When did Discover start using a domain in China for their security office?

Besides that, as we mentioned before, credit card companies don’t email their customers when there is a problem. Speed is of the essence in these situations. The companies don’t want to interfere with their customers activities but they do want to minimize any fraudulent use of the credit card in question. There’s nothing faster than a phone call to settle these issues. An email would never be used.

Phishing. What the heck is it?

Any unofficial (fake) email or website that asks you to fill in your personal information is said to be phishing for that information. While a virus is bad and malware can really slow down your computer, phishing can hit you right in the purse or wallet. If someone gains access to your bank account or credit card details, they can clean you out in a matter of minutes. Depending on which bank or credit card company you are with, you may or may not be liable for these losses. It’s always a good idea to check out the fine print before something like this happens.

How to Protect Yourself:

1. We strongly suggest that you use an online email account, as opposed to one that is with your ISP (Internet Service Provider). We use outlook.com (formerly hotmail), gmail and yahoo for our various accounts. Why is this important? Primarily because none of the emails from your online accounts are actually stored on your computer. Since you have almost unlimited storage space with these companies, as opposed to the limits set by your ISP, you don’t have to download the emails to read them. As a matter of fact, outlook doesn’t even let you download your inbox. Dangerous or phishing emails never reach your computer, they stay on the online servers.

All of these online email companies have very strong anti-virus/malware filters in place, far stronger than what your ISP probably uses. Before an email gets into your inbox, it must pass through very strict screens. If you have set up your account correctly, most junk emails will end up in your junk folder. You will not be able to click on any links contained in them until you certify that they are safe.

2. Don’t click on any link in email that is not from someone you know or a company that you do business with and has mentioned you by name in the email. Even if the email is from a friend, we’d suggest not clicking on it until you can verify that they actually sent you something. If their email account has been compromised, whatever form of malware that did it will now be accessing your contact list and sending out emails as soon as you click on the link.

3. Since email links can be faked, think about alternative ways to access your credit card or bank account online. Type the address into your browser yourself if you feel the email might be legitimate. Here’s how a link in an email can be faked, in case you didn’t know. Click on this link (it is totally safe, believe us): www.freestuffforyou.com What? No free stuff? Not today, just free information.

4. Here’s a trick for you, one that might keep you safe in the future. Your browser has a cool feature in it that you probably never use. Hover over any link that you see, no matter if it’s in an email or on a website. Don’t click on it, just hover over it with your cursor (mouse). Down on the lower left, right at the bottom of your screen, you’ll see where the link really leads. Try it with our fake link just above this.

That’s it for today, just some simple tips on keeping out of trouble with email scams and phishing. These are things that you actually have to try to get stung with. Your actions in these situations control whether you get into trouble or not. Later on this week, we’ll deal with things that are out of your control. Stick around. Better yet, like us on Facebook and keep up with our tips, tricks and posts: Computers Made Simple on Facebook

Thanks for reading!

Fake Search Results in Shake, Free Software, Phishing Scams, WeChat, WeChat.WeChat Voice, Weixin

WeChat Shake Virus – a solution to a very real problem

September 30, 2013 Computers Made Simple 13 Comments

We’ve had a huge jump in the comments on one of our WeChat posts. Here is a link to the post: Weixin/WeChat – Shake your way to new friends Lately, the comments have focussed on what readers think are search results using the Shake feature that are skewed somehow. We think we’ve found the reason for this. Check out some of these screen caps. Maybe you can see where we’re going with this:

Photo of WeChat Virus 1 — **WeChat plus 54 other apps related to it.**

We have both apps on our devices; WeChat and WeChat Voice. Both are made by TenCent International, the company that created WeChat. Can you trust these two apps? Sure you can. No problem. Let’s look at what other apps are available to ‘enhance’ your WeChat experience:

Photo of WeChat Virus 2 — **Same two at the top but lots more below.**

Let’s see what we’ve got here. Find Friends for WeChat? Huh? Isn’t that what WeChat is all about? Why would you need to use an app to find friends for an app that finds friends? Something’s fishy here, folks.

Photo of WeChat Virus 3 — **Some of these are pretty sketchy, aren’t they?**

One more, just in case you are missing the point:

Photo of WeChat Virus 4 — **Don’t even think of adding any of these. OK?**

Just the same as on your PC, you’re at risk when you add software from companies that you are not familiar with. You have to ask yourself, why is this free? What will these people get from offering me free apps? Some get money from advertising. Others, unfortunately, have found a way to hijack WeChat’s Shake results. Instead of showing you other people who are shaking their phones, these apps will show you something else, usually spam ‘contacts’ who will try to get you to spend money on a product or service.

If you add any of these apps, you’re just asking for trouble. Remember those ‘free screensavers’ from a few years ago? Same thing there. After you installed them, your computer would start to act differently or would slow down to a crawl. Adding apps to your mobile device is reasonable safe, as long as you think about what you’re doing.

TIP: All you need is WeChat, nothing else. These add-on apps will do nothing but cause you problems. Some of these may actually hijack your mobile device, meaning that you won’t be able to remove them, even by reformatting or resetting your device. Your flash card would be toast, even your ROM (the brain of your device) might be attacked.

Install WeChat, maybe add WeChat Voice but nothing else. You’ve been warned.

Thanks for reading! Like us on Facebook and we’ll like you. Here’s the link: Computers Made Simple on Facebook

Email, Facebook, Facebook Tricks, Phishing Scams

How to Recognize Fake Facebook Emails

September 3, 2013 Computers Made Simple Leave a comment

In a previous post, we showed you how to cut down or eliminate email notifications from Facebook. That article is here: Stop Facebook Email Notifications Today, we’re going to show you how to recognize fake emails that seem to originate with Facebook. These emails can be spam or they can be what are called phishing attempts. Phishing is the act of stealing personal information, things like passwords and log-in information, through the use of various devious tricks, usually in email form.

What to look for:

Facebook usually uses your name in the subject line. Here’s an example:

Photo of Fake Facebook Emails 1 — **Four emails. Three are real, one is not.**

In this photo, we can pick out two real Facebook emails immediately. Why? They used the real name of the person they were sent to, that’s why. That leaves two suspicious emails. Let’s see if we can determine which of these are real.

Photo of Fake Facebook Emails 2 — **This email has a username in the subject line AND it comes from facebookmail.com.**

When we hover our mouse over one of the two real emails, we see that it really does come from ‘facebookmail.com’. Let’s see where the others come from. Resting our mouse over the one with ‘Gina’ in the subject line we see this:

Photo of Fake Facebook Emails 3 — **First, we don’t know anyone named Gina. Second, check out the email source.**

What on earth is ‘8kEyhjIP.com’? Obviously a spoofed email address from a non-existent dot com site. That leaves one email that may or may not be from Facebook. It doesn’t have a username in the subject line. Again, hover your mouse over the email to see this:

Photo of Fake Facebook Emails 4 — **Although there is no username in the subject line, we know this is from Facebook.**

Now, we can’t generalize here. Just as the phishing email had spoofed an address, the photo above shows what could also be a spoofed address. We’re pretty sure it isn’t but let’s open it, just in case.

Photo of Fake Facebook Emails 5 — **Well, turns out that this is really from Facebook because it has the user’s name in it.**

What’s in the phishing email? Let’s see.

Photo of Fake Facebook Emails 6 — **A link to a Russian dating site…maybe. Two other phishing links at the bottom.**

When you see something like this, delete it immediately. It’s not the ‘intimatehotdating’ link that is dangerous. That link may or may not be real but the two links at the bottom are very devious. See the ‘.php’ at the end of each link? That’s the giveaway. Should you happen to click on either one, we suspect that some kind of script would run. If you are logged in to your Facebook account, we assume that your credentials could be snagged. We also suspect that these links lead to sites which may install something akin to a trojan that would send the same message to everyone on your contact list.

The solution to all of this is fairly simple. Turn off all of your Facebook notifications. That way, you’ll know immediately that any Facebook emails that you receive are fake. If you are a regular Facebook user, you’re probably on your account almost every day. There’s no need to be hounded by emails about every little thing that you or your friends do there.

Thanks for reading! Questions, comments, suggestions are always welcome. Like our Facebook page to get all of our updates. Here’s the link: Computers Made Simple on Facebook

Domain Registration, Phishing Scams, Rip Offs, Spam

Domain Name Scam – look out for this one

November 19, 2012 Computers Made Simple Leave a comment

We own quite a few domain names here at Computers Made Simple. All are registered with one company, all are up to date and all are set to automatically renew on their respective anniversary dates. We get substantial amounts of email from our domain company but we also get emails from the vulture service that is known as ‘Domain Service’.

This particularly loathsome outfit scours the web for domains that are about to expire. Once they find such a domain, they send out an email, from a hotmail account if you can believe it, that looks like this:

Photo of Domain Name Scam 1 — **This looks vaguely like a domain renewal notice.**

Next, farther down the email, comes the prices:

Photo of Domain Name Scam 2 — ***Ridiculous prices for nothing, absolutely nothing.***

Lastly, here is a description (in fine print) of what this email is actually soliciting:

Photo of Domain Name Scam 3 — ***This is a ‘search engine submission’, something that is completely unnecessary these days.***

Once you read the fine print, you’ll see that this is just another scam. With the likes of Google and Bing, there is no need for ‘search engine submission’ at all. Additionally, this looks vaguely like a domain registration renewal, doesn’t it? Even if it it was, the prices are at least three times higher than any other company out there. There is no ‘lifetime’ renewal, by the way.

The big clue in this would be the originating email address. We can guarantee that no reputable company uses a hotmail address. The web is full of scams like this. We’ll try to help you identify them as they come to our attention.

Thanks for reading!

Email, Phishing Scams

Track Down a Suspicious Email

November 15, 2012 Computers Made Simple Leave a comment

We received a very suspicious email this morning. On the surface, it looked innocent enough but the clue that told it was a ‘phishing’ email was simple. The email was from Air Canada, Canada’s national airline but the person who received it does not fly…ever. Here’s how we figured it all out. This is the email we received:

Photo of Email 1 — ***Here is the subject line.***

Photo of Email 2 — ***Here is the email itself. Hotmail has prevented some of it from loading.***

If we had recently booked tickets, this email might have tricked us into clicking the links in it. Where do the links lead? Let’s check. If you hover your cursor over each link, you will be able to see the actual link that it leads to. Please don’t make a mistake and click on the link. Ever! This is what we saw when we hovered over the links:

Photo of Email 3 — **Look down that the very bottom of your browser. See where it says ‘www.lakewoodpool.com/PDF/ticketRX749CA.zip ? Nothing to do with Air Canada there.**

Photo of Email 4 — **This one has a contact PDF file which probably has a piece of malware in it.**

Neither link leads to the Air Canada website. We didn’t click on the links but we did open up a new browser window and typed in ‘www.lakewoodpool.com’. This is what we found:

Photo of Email 5 — ***This website is real but it’s out of date. It hasn’t been updated since January 2010.***

We showed you how to check the IP address of a suspicious email here: Check IP Address First we checked the email source by right clicking the closed email in the junk mail folder. (This is how to do it in Hotmal/Outlook/Live but your email system may vary. It may not be the same as this but EVERY email system allows you to check the source of any email you receive.) Here is the menu you’re looking for:

Photo of Email 8 — **Choose ‘View message source’.**

This is what you see next. Yes, it looks like gibberish but all you have to look for are the numbers that are marked in blue here. Highlight them (click just to the left of the first number, keep the mouse button pressed and drag to the right until you get to the end of the last number, then release your mouse:

Photo of Email 6 — ***Near the top, look for ‘(sender IP is …) That set of numbers is the sender’s IP address.***

Next, we headed to http://whois.net/ip-address-lookup/ to find where that IP address is in the world. Whois is a Unix term which is a command, asking literally ‘who is this?’ Here’s what we found:

Photo of Email 9 — **This IP address is in France…a long way from Canada.**

We went through this exercise to prove to you that the email in question is a fraud, a phishing email. The senders expected us to click the links and subsequentlydownload their malware. Once our computer is infected with the malware, they could either take control of our computer or gather information about our identity. Identity theft is much more common now than any other kind of criminal activity.

Besides all of this, the email had many clues in it that, hopefully, would make you suspicious.

Clues that an email a fraud or a phishing scam:

1. If indeed we had purchased a ticket from Air Canada, they would have our name, right? Air Canada or any other company would not send us an email with the opening line: Dear customer.

2. We hadn’t purchased a plane ticket. That’s simple but important. If you haven’t purchased anything from a company but they send you an email which says you have, you can be pretty sure that it’s spam or a phishing scam. This goes for banks, shipping companies and ticket outlets.

3. The links in the email did not lead to an Air Canada site. Hover over any link in the email, then look down near the bottom of your browser window. The real link address will be there. Whatever you do, do not click on any link in any email that you think is suspicious.

4. One of the links contained a zip or compressed file. Malware can be sent via PDFs but usually it is sent in a zip file.

The Lakewoodpool.com site has been hacked by someone, that’s obvious. It hasn’t been updated for two years but someone has guessed the administrator’s password and taken control of the site. Once inside the host server, the criminal is able to send out emails such as this from anywhere in the world.

Hopefully, we’ve educated you a bit in figuring out what an fraudulent email looks like. If you have questions or comments, use the form at the bottom.

Thanks for reading!

a little bit of hi-tech, a little bit of common sense and a lot of fun