Showing posts with label scam. Show all posts
Showing posts with label scam. Show all posts

11 Jul 2018

Alert - Beware of hoax messages about copying your contact list if you dial a number on your phone

Here's a message I received, it is a hoax (fake, false, not real), let's have a look at it and I'll explain why it and any similar message you might receive is nonsense.

>>>
Very Very Urgent ...*

Please pass this message to your family and friends.

People have been receiving calls from
tel:+375602605281,
tel:+37127913091
tel:+37178565072
tel:+56322553736
tel:+37052529259
tel:+255901130460
or any number starting from +371 +375 *381


These guys only ring once and hang up.
If you call back,bthey can copy your contact list in 3sec and if you have a bank or credit card details on your phone, they can copy that too...

+375 code is for Belarus.
+371 code is for Lativa.
+381 Serbia
+563- Valparaiso
+370- Vilnius
+255- Tanzania
These calls maybe from the ISIS terrorist organization
*Don't answer*
or *Call back.*

Also, Don't Press
#90 or #09
on your Mobile when asked by any caller.

It's a new trick which terrorists use to access your SIM card, make calls at your expense and frame you as a criminal.

Urgently forward this message to as many friends as you can, to stop any intrusion
<<<

Stop!
If you see any message that says "forward this to..." you should STOP! Think about it, is this genuine? How do you know? If you forward nonsense to others are you not just spamming them? Wouldn't it be a good idea to check first? 


Read it carefully
It says it is "very very urgent" and immediately tells you to "pass this message to your family and friends" - no, don't do what they say! 

How can someone who calls you on the phone access the data you have on your phone? The part about dialling a number; how can that be the case that a simple number can provide access to someone remotely? It is unlikely. Think it through, is this probable? Even if you are not sure, don't jump to the assumption that this message must be telling the truth, be sceptical!

The part about "terrorists" is there just to scare you, to reinforce the urgency. It's classic social engineering, be wise to such tactics! 

Again at the end it urges you to send it to others, this is always the biggest warning sign. 


Investigate
After a few seconds on Google I found the following article explaining how this is a hoax:
Yes this Hoax Slayer website is trustworthy and very helpful.

Or if you have an IT department at work, ask them for advice to be sure. 


Where do these messages come from?
Such messages can be found on social media like Facebook, they can be sent through Telegram, Whatsapp or by e-mail. Just because a friend, family member or colleagues sent it, doesn't mean it is true. Remember they just sent it on too. If the message is from a completely unsolicited sender, then that's even more reason to be concerned. Yes, not everything is trustworthy, especially if you find it in the depths of Instagram, Facebook, a chat room, etc.


Chain letters
Before the internet there were chain letters. A letter would arrive on your doorstep. You'd read that you must copy and send the letter on to others. If you do not do this then something bad would happen to you. It was the same as the hoax explained here. It relies on scare tactics to spam everyone and scare others. That's the only purpose, it's disturbing why anyone would start a chain letter of any kind. There are definitely some sad people out there.


Conclusion
Please remember not to forward or copy/paste such messages to your friends and family. No one wants to be spammed or scared. Always take time to review such messages. Perhaps ask a trusted friend before re-posting such a message. Take care out there! 

Posted by at No comments:
Labels: , , , , ,

3 Jul 2018

Alert - Beware Fake UBS Bank e-mails

Please be careful and do NOT click any links or open attachments of any e-mails before reading them carefully first. Here's a good example, it's a fake e-mail that I received recently:

>>>
Subject: Wir haben ein Problem mit Ihrem Konto festgestellt

Hallo!

Einen kurzen Validierungsprozess durch zufhren, um Ihre Rechnungs- und Zahlungsdetails zu ber prfen. Wenn Sie den Validierungsprozess nicht abschlie en, wird Ihre UBS-Mitgliedschaft gesperrt.

Wir unternehmen alle notwendigen Schritte, um unsere Nutzer automatisch zu validieren. In diesem Fall konnten wir leider Ihre Daten nicht best tigen.

Der Vorgang wird nur ein paar Minuten dauern und es uns erm glichen, unseren hohen Standard der Kontosicherheit beizubehalten.

UBS 1998-2018
<<<


Here's the same text translated to English using Google Translate:

>>>
Subject: We have detected a problem with your account

Hello!

Perform a short validation process to verify your billing and payment details. If you do not complete the validation process, your UBS membership will be suspended.

We take all necessary steps to automatically validate our users. In this case, unfortunately we could not confirm your data.

The process will take only a few minutes and will allow us to maintain our high standard of account security.
<<<


A screen shot of the original message:




If you open an e-mail like this the first thing to do is STOP!
Do *not* open any attachments (I didn't have one on the e-mail I received but this is general advice)
Do *not* click any links (especially that big red one!). First read the e-mail a few times:
  • Look at the sender e-mail address, this is the biggest giveaway that this must be a fake. There's an obvious mistake in the name, it says "USB" and not "UBS" (presuming it's pretending to be the Swiss bank UBS. The e-mail address itself, it has nothing to do with UBS!
  • The message is in German, the language you communicate with your bank with is determined by your personal settings/configuration with your bank. Does this language match your selection? If not, it is suspect immediately.
  • Do you bank with this particular bank? If not then of course this is obviously fake.
  • What are those strange question marks? It looks weird.
  • Does it look anything like the usual communication from your bank? In the example above it looks amateurish. The UBS logo is missing for example. Even if the logo is there, does it look normal? Question everything!
  • Typically banks are very careful with how they communicate with you. Always be wary of any e-mail that says it's from your bank, ask yourself if this makes sense or not - if ever in doubt contact your bank directly by phone before clicking anything!


Conclusion
Please delete such e-mails.Remember to always think before clicking any link or opening attachments. Always look at the from e-mail address first, it's usually a quick giveaway that this is a dodgy e-mail.

Block such e-mails and report them if your e-mail software allows. If you receive such a mail at work, contact your service/help desk and request they add it to their black list.

Be careful out there!

Also, the following is an interesting case of a fake DHL e-mail:
https://mgxp.blogspot.com/2017/08/malware-alert-beware-fake-dhl-e-mails.html

Posted by at No comments:
Labels: , , , , , ,

24 Aug 2017

Check files for malware using VirusTotal

Recently I had a fake DHL e-mail and I was interested in the attached Word doc, I wondered what was in it, whether it really was dangerous or not. But I did not want to put myself in any danger, I definitely did not want to open the doc in Word! How could I investigate this file in safety? I saved the e-mail from Outlook as an MSG file. I scanned it using Emisoft's emergency scanner but it didn't find anything. Next I used VirusTotal and that's what I want to talk about in this article today.

VirusTotal is a website. You can upload a suspect file there. It will use many anti-malware software scanners to check for infection. It displays the results and characteristics of the file. It even shows all the different names the different anti-malware companies use for malware.


Example
Here's an example based upon that fake DHL e-mail I received in Outlook.

Open the Outlook e-mail, click File | Save As


Save

You will end up with an MSG file. The MSG file contains the e-mail message text and the attachment (in my case it was a Word doc file - will VirusTotal be clever enough to find the attachment inside the MSG file?).

Browse to https://www.virustotal.com


Click Upload and scan file

Select the MSG file

The results will be displayed...


At the top it shows you how many anti-malware engines it used and how many found something nasty inside the file. In my example above 13 out of 58 found malware in the file.

Click on Details to see more information


The above screen shot shows the Details page with the Basic Properties of the file. You can see that it has identified the Word doc and provides some characteristics. This means that VirusTotal is clever enough to read an MSG and see the embedded attachments it might have inside.

Scroll down and there's more information:


Under the OLE section I found some interesting details. The Code Page is Cyrillic. This e-mail was written in German. Why does it have a Word doc written on a PC set to use Cyrillic? It's not conclusive evidence of anything but it does raise suspicions (if we weren't already very suspicious of course!). The template it is based upon is a dotm, that means there could be macros inside - again this points toward it being a dangerous file as macros can be malware. Of course in the above you can also see that VirusTotal has listed the macros inside the file anyway, for sure this is a dangerous file that I will definitely delete.


Conclusion
VirusTotal is an excellent way to investigate possible virus/malware infected files in safety. The website is free but there are some conditions of use, please read those before using it. One thing they do is use the results from your scan in their database. This is a community approach, where they can build up a picture of threats. The best thing is that it uses so many anti-malware engines to scan for malware. You can see all the different names which could help you analyse the threat at an even deeper level. For IT professionals wishing to understand threats to better protect networks and computers, VirusTotal is an invaluable tool.

For a home user, it's also very helpful. However, I would recommend that you are always extra-cautious when handling any suspect file. Make sure you have anti-malware software installed on your computer, make sure your system updates/patches are up-to-date and the most important of all, make sure you have plenty of backups.





Posted by at No comments:
Labels: , , , , , , ,

23 Aug 2017

Alert - Beware Fake DHL e-mails and attachments

I received this fake e-mail, it's very well done, it looks almost genuine:

>>>
From: DHL Packet <info@maedchenzentrum.at>
Subject: Information uber die Sendung Nr.04128002724453

 Guten Tag!

Die Sendung soll an Ihre Adresse am 24.08.2017 zugestellt werden.Im Anhang finden Sie die erforderlichen Informationen zu dieser Lieferung.

Mit freundlichen GrĂ¼ssen
<<<



If you open an e-mail like this the first thing to do is STOP!
Do *not* open the attachment.
Do *not* click any links. First read the e-mail a few times:

  • Look at the sender e-mail address, this is the biggest giveaway that this must be a fake. It's not from a DHL address, it's from "maedchenzentrum.at" instead.
  • The attachment is a Word doc file - this is a sign of something strange because few people use Word doc files now, mostly they are docx. Also, why would DHL send a Word file at all? Usually they'd send a link or if it were a file it would be PDF (but don't open those either!)
  • Did you order anything? Are you expecting DHL to send you anything? Question it, don't just think Christmas has come early, it hasn't, it might well be the opposite.

Conclusion
Please delete such e-mails. Remember to always think before opening attachments. In this case the Word file has a trojan in it that could've done all kinds of damage if I'd opened it.

The following link is to DHL's website where they warn you against such fake e-mails:
http://www.dhl.com/en/legal/fraud_awareness.html


Posted by at No comments:
Labels: , , , , , , , ,

15 May 2017

Alert - Fake Google Notify e-mail!

If you receive a message "Undeliverable messages" that appears to be from Google or GoogleNotify:
Do NOT click on any of the links in the e-mail!
Report it as spam and delete the message from your mailbox.

Here's an example I received recently:

Fake GoogleNotify message


It looks suspicious because of course I did not have a clue as to what this e-mail was about. Normally I don't receive messages like this from Google. The logo looks a little strange too.

I selected View Details (where the orange arrow is pointing above) to show me the details of the e-mail (this is a link in my Gmail e-mail software on my phone, therefore it is safe to use it - never click links within the e-mail).


Fake GoogleNotify message

In the above screen shot you can see it says the message is from someone at "@exist.se"!!!! What's that? It's definitely not Google!

I searched for information about this and found this article:
http://www.hoax-slayer.net/fake-google-undeliverable-message-email-opens-pharmacy-spam-website/
As expected, it is definitely a malicious e-mail.


IMPORTANT!
Be very careful with e-mails, even ones that look like they come from legitimate companies like Google. Read the message carefully before you click on anything! If the logo looks a bit strange, if the e-mail address it came from is not the usual (obviously someone from Google would have a Google e-mail address!), think about the message and whether it makes any sense. If you have any doubt, delete the message. It's also easy to search on the web for news articles about fake or phishing e-mails.

Take care!



Posted by at No comments:
Labels: , , , , ,

18 Aug 2016

Alert - SMS Lotto Gewinnspiel

There are a lot of scams around these days, most come in via e-mail but the following is one I received by SMS. Here it is together with an explanation:


+447484732319 Congratulations! You have won 2,000,000. WIN No:HNNSY-251-4577509. Email: lotto.gewinnspiel@gmail.com Now Claim Your winnings.

It says I've won a lot of money and without thinking I wonder how I can get my hands on the cash! 

STOP!!!
Don't click anything! 
It looks a bit fishy doesn't it!?! 

Look carefully at the above screen shot and you'll see:
  • The mobile number it came from is a UK number (+44)
  • The prize is in euros, not pounds
  • The email address is lotto.gewinnspiel@gmail.com - the word "gewinnspiel" is German, I looked it up in Google Translator and it means "contest"
  • I didn't enter a lottery! 
  • I didn't enter a lottery where I gave my mobile number!
If you put the above observations together you can see there is no way this can be true. It is a scam! Why is it from a UK number but there's a German word in the e-mail address? Why am I being sent this, I didn't enter a lottery. If I have recently entered any lottery, did I give my mobile number, if not then how did they send this SMS to me? Wouldn't they send me an e-mail perhaps?

Think carefully when you receive e-mails or SMS text messages like this one. If the information is not consistent, if you didn't sign up for something or enter a competition, or if it's just too good to be true - it's very likely to be a scam! 
Delete such messages and stay safe!


Reference
For a very detailed look at a similar scam please see the following link:
https://blog.avast.com/2013/09/10/congrats-your-mobile-number-was-selected-as-a-winner-of-l-2000000-00/   [Last accessed August 2016]

The above page is on the AVAST website. AVAST are an established and well known anti-malware company.




Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)