Category Archives: Phishing Scams

WeChat Shake Virus – a solution to a very real problem

We’ve had a huge jump in the comments on one of our WeChat posts. Here is a link to the post: Weixin/WeChat – Shake your way to new friends  Lately, the comments have focussed on what readers think are search results using the Shake feature that are skewed somehow. We think we’ve found the reason for this. Check out some of these screen caps. Maybe you can see where we’re going with this:

Photo of WeChat Virus    1
WeChat plus 54 other apps related to it.

 

We have both apps on our devices; WeChat and WeChat Voice. Both are made by TenCent International, the company that created WeChat. Can you trust these two apps? Sure you can. No problem. Let’s look at what other apps are available to ‘enhance’ your WeChat experience:

Photo of WeChat Virus    2
Same two at the top but lots more below.

Let’s see what we’ve got here. Find Friends for WeChat? Huh? Isn’t that what WeChat is all about? Why would you need to use an app to find friends for an app that finds friends? Something’s fishy here, folks.

Photo of WeChat Virus    3
Some of these are pretty sketchy, aren’t they?

One more, just in case you are missing the point:

Photo of WeChat Virus    4
Don’t even think of adding any of these. OK?

Just the same as on your PC, you’re at risk when you add software from companies that you are not familiar with. You have to ask yourself, why is this free? What will these people get from offering me free apps? Some get money from advertising. Others, unfortunately, have found a way to hijack WeChat’s Shake results. Instead of showing you other people who are shaking their phones, these apps will show you something else, usually spam ‘contacts’ who will try to get you to spend money on a product or service.

If you add any of these apps, you’re just asking for trouble. Remember those ‘free screensavers’ from a few years ago? Same thing there. After you installed them, your computer would start to act differently or would slow down to a crawl. Adding apps to your mobile device is reasonable safe, as long as you think about what you’re doing.

TIP: All you need is WeChat, nothing else. These add-on apps will do nothing but cause you problems. Some of these may actually hijack your mobile device, meaning that you won’t be able to remove them, even  by reformatting or resetting your device. Your flash card would be toast, even your ROM (the brain of your device) might be attacked.

Install WeChat, maybe add WeChat Voice but nothing else. You’ve been warned.

Thanks for reading! Like us on Facebook and we’ll like you. Here’s the link: Computers Made Simple on Facebook 

 

 

How to Recognize Fake Facebook Emails

In a previous post, we showed you how to cut down or eliminate email notifications from Facebook. That article is here: Stop Facebook Email Notifications  Today, we’re going to show you how to recognize fake emails that seem to originate with Facebook. These emails can be spam or they can be what are called phishing attempts. Phishing is the act of stealing personal information, things like passwords and log-in information, through the use of various devious tricks, usually in email form.

What to look for: 

Facebook usually uses your name in the subject line. Here’s an example:

Photo of Fake Facebook Emails  1
Four emails. Three are real, one is not.

In this photo, we can pick out two real Facebook emails immediately. Why? They used the real name of the person they were sent to, that’s why. That leaves two suspicious emails. Let’s see if we can determine which of these are real.

Photo of Fake Facebook Emails  2
This email has a username in the subject line AND it comes from facebookmail.com.

When we hover our mouse over one of the two real emails, we see that it really does come from ‘facebookmail.com’. Let’s see where the others come from. Resting our mouse over the one with ‘Gina’ in the subject line we see this:

Photo of Fake Facebook Emails  3
First, we don’t know anyone named Gina. Second, check out the email source.

What on earth is ‘8kEyhjIP.com’? Obviously a spoofed email address from a non-existent dot com site. That leaves one email that may or may not be from Facebook. It doesn’t have a username in the subject line. Again, hover your mouse over the email to see this:

Photo of Fake Facebook Emails  4
Although there is no username in the subject line, we know this is from Facebook.

Now, we can’t generalize here. Just as the phishing email had spoofed an address, the photo above shows what could also be a spoofed address. We’re pretty sure it isn’t but let’s open it, just in case.

 

Photo of Fake Facebook Emails  5
Well, turns out that this is really from Facebook because it has the user’s name in it.

What’s in the phishing email? Let’s see.

 

Photo of Fake Facebook Emails  6
A link to a Russian dating site…maybe. Two other phishing links at the bottom.

When you see something like this, delete it immediately. It’s not the ‘intimatehotdating’ link that is dangerous. That link may or may not be real but the two links at the bottom are very devious. See the ‘.php’ at the end of each link? That’s the giveaway. Should you happen to click on either one, we suspect that some kind of script would run. If you are logged in to your Facebook account, we assume that your credentials could be snagged. We also suspect that these links lead to sites which may install something akin to a trojan that would send the same message to everyone on your contact list.

The solution to all of this is fairly simple. Turn off all of your Facebook notifications. That way, you’ll know immediately that any Facebook emails that you receive are fake. If you are a regular Facebook user, you’re probably on your account almost every day. There’s no need to be hounded by emails about every little thing that you or your friends do there.

Thanks for reading! Questions, comments, suggestions are always welcome. Like our Facebook page to get all of our updates. Here’s the link: Computers Made Simple on Facebook

 

 

Domain Name Scam – look out for this one

We own quite a few domain names here at Computers Made Simple. All are registered with one company, all are up to date and all are set to automatically renew on their respective anniversary dates. We get substantial amounts of email from our domain company but we also get emails from the vulture service that is known as ‘Domain Service’.

 

This particularly loathsome outfit scours the web for domains that are about to expire. Once they find such a domain, they send out an email, from a hotmail account if you can believe it, that looks like this:

Photo of Domain Name Scam  1
This looks vaguely like a domain renewal notice.

 

Next, farther down the email, comes the prices:

Photo of Domain Name Scam 2
Ridiculous prices for nothing, absolutely nothing.

 

Lastly, here is a description (in fine print) of what this email is actually soliciting:

Photo of Domain Name Scam  3
This is a ‘search engine submission’, something that is completely unnecessary these days.

 

Once you read the fine print, you’ll see that this is just another scam. With the likes of Google and Bing, there is no need for ‘search engine submission’ at all. Additionally, this looks vaguely like a domain registration renewal, doesn’t it? Even if it it was, the prices are at least three times higher than any other company out there. There is no ‘lifetime’ renewal, by the way.

The big clue in this would be the originating email address. We can guarantee that no reputable company uses a hotmail address. The web is full of scams like this. We’ll try to help you identify them as they come to our attention.

Thanks for reading!

Track Down a Suspicious Email

We received a very suspicious email this morning. On the surface, it looked innocent enough but the clue that told it was a ‘phishing’ email was simple. The email was from Air Canada, Canada’s national airline but the person who received it does not fly…ever. Here’s how we figured it all out. This is the email we received:

Photo of Email 1
Here is the subject line.

 

Photo of Email 2
Here is the email itself. Hotmail has prevented some of it from loading.

If we had recently booked tickets, this email might have tricked us into clicking the links in it. Where do the links lead? Let’s check. If you hover your cursor over each link, you will be able to see the actual link that it leads to. Please don’t make a mistake and click on the link. Ever! This is what we saw when we hovered over the links:

Photo of Email 3
Look down that the very bottom of your browser. See where it says ‘www.lakewoodpool.com/PDF/ticketRX749CA.zip ? Nothing to do with Air Canada there.

 

Photo of Email 4
This one has a contact PDF file which probably has a piece of malware in it.

 

Neither link leads to the Air Canada website. We didn’t click on the links but we did open up a new browser window and typed in ‘www.lakewoodpool.com’. This is what we found:

Photo of Email 5
This website is real but it’s out of date. It hasn’t been updated since January 2010.

We showed you how to check the IP address of a suspicious email here: Check IP Address  First we checked the email source by right clicking the closed email in the junk mail folder. (This is how to do it in Hotmal/Outlook/Live  but your email system may vary. It may not be the same as this but EVERY email system allows you to check the source of any email you receive.) Here is the menu you’re looking for:

Photo of Email 8
Choose ‘View message source’.

 

This is what you see next. Yes, it looks like gibberish but all you have to look for are the numbers that are marked in blue here. Highlight them (click just to the left of the first number, keep the mouse button pressed and drag to the right until you get to the end of the last number, then release your mouse:

Photo of Email 6
Near the top, look for ‘(sender IP is …) That set of numbers is the sender’s IP address.

Next, we headed to http://whois.net/ip-address-lookup/  to find where that IP address is in the world. Whois is a Unix term which is a command, asking literally ‘who is this?’ Here’s what we found:

Photo of Email 9
This IP address is in France…a long way from Canada.

 

We went through this exercise to prove to you that the email in question is a fraud, a phishing email. The senders expected us to click the links and subsequentlydownload their malware. Once our computer is infected with the malware, they could either take control of our computer or gather information about our identity. Identity theft is much more common now than any other kind of criminal activity.

Besides all of this, the email had many clues in it that, hopefully, would make you suspicious.

Clues that an email a fraud or a phishing scam: 

1. If indeed we had purchased a ticket from Air Canada, they would have our name, right? Air Canada or any other company would not send us an email with the opening line: Dear customer.

2. We hadn’t purchased a plane ticket. That’s simple but important. If you haven’t purchased anything from a company but they send you an email which says you have, you can be pretty sure that it’s spam or a phishing scam. This goes for banks, shipping companies and ticket outlets.

3. The links in the email did not lead to an Air Canada site. Hover over any link in the email, then look down near the bottom of your browser window. The real link address will be there. Whatever you do, do not click on any link in any email that you think is suspicious.

4. One of the links contained a zip or compressed file. Malware can be sent via PDFs but usually it is sent in a zip file.

The Lakewoodpool.com site has been hacked by someone, that’s obvious. It hasn’t been updated for two years but someone has guessed the administrator’s password and taken control of the site. Once inside the host server, the criminal is able to send out emails such as this from anywhere in the world.

Hopefully, we’ve educated you a bit in figuring out what an fraudulent email looks like. If you have questions or comments, use the form at the bottom.

Thanks for reading!