WebProNews

Tag: Scam

  • Scammers Are Abusing the Microsoft Edge News Feed

    Scammers Are Abusing the Microsoft Edge News Feed

    Scammers are abusing Microsoft Edge’s news feed, running malicious ads in an effort to direct users to tech support scams.

    Edge is Microsoft’s Chromium-based web browser that replaced Internet Explorer. Like many browsers, Edge provides a news feed for users. The feed also contains various advertisements, which scammers have figured out how to abuse.

    Malwarebytes researchers outlined how the scam works:

    When a user clicks on one of the malicious ads, a request to the Taboola ad network is made via an API (api.taboola.com) to honor the click on the ad banner. The server will respond with the next URL to load.

    This scheme is meant to trick innocent users with fake browser locker pages, very well known and used by tech support scammers. What’s worth noticing is the cloud infrastructure that is being leveraged here, making it very difficult to block.

    Malwarebytes said this particular scam is one of the biggest it has seen, and has been active for at least a couple of months. Users should use an ad and malware blocker, and may be better off using another browser until Microsoft addresses the issue.

  • IRS Warns of New Stimulus Scam

    IRS Warns of New Stimulus Scam

    The Internal Revenue Service is warning taxpayers of a new scam that uses promise of a stimulus payment to get bank information.

    According to the IRS, scammers are texting individuals asking for their bank account information. The scammers claim they need the back account info to set up a direct deposit. The text message the scammers send includes a URL that takes the victim to a phishing site that collects their information.

    “Criminals are relentlessly using COVID-19 and Economic Impact Payments as cover to try to trick taxpayers out of their money or identities,” said IRS Commissioner Chuck Rettig. “This scam is a new twist on those we’ve been seeing much of this year. We urge people to remain alert to these types of scams.”

    The IRS also reminds individuals that it never sends unsolicited texts or emails. In addition, anyone receiving one of these text messages should take a screenshot of it and email it to phishing@irs.gov. The email should include the date, time and timezone when the message was received, as well as the number that sent the text and the recipient’s number.

  • FCC Sets Deadline For Carriers to Fight Robocallers

    FCC Sets Deadline For Carriers to Fight Robocallers

    The FCC has set a deadline for phone carriers to support the STIR/SHAKEN protocol, in an effort to fight robocalls.

    The STIR/SHAKEN protocol helps combat number spoofing, a favorite tactic of robocallers, whereby they make their number appear as though it is in the same exchange or area code as the recipient. When a call is placed, the carrier uses the protocol to confirm the authenticity of the call. If the call is placed to a number on another network, the carrier passes that verification on to the next carrier, who performs their own verification. Ultimately, when the receiving phone receives the call, if the number is verified, it will display that in the caller ID.

    The FCC had previously asked carriers to implement the protocol, but Chairman Ajit Pai was not happy with the level of adoption. As a result, the FCC has adopted new rules requiring carriers to implement the protocol no later than June 30, 2021.

    “The FCC estimates that the benefits of eliminating the wasted time and nuisance caused by illegal scam robocalls will exceed $3 billion annually, and STIR/SHAKEN is an important part of realizing those cost savings,” reads the press release. “Additionally, when paired with call analytics, STIR/SHAKEN will help protect American consumers from fraudulent robocall schemes that cost Americans approximately $10 billion annually. Improved caller ID authentication will also benefit public safety by reducing spoofed robocalls that disrupt healthcare and emergency communications systems. Further, implementation of STIR/SHAKEN will restore consumer trust in caller ID information and encourage consumers to answer the phone, to the benefit of consumers, businesses, healthcare providers, and non-profit organizations.”

    This is good news for everyone sick of being on the receiving end of robocalls and scam attempts.

  • PSA: Beware of FedEx Tracking Texting Scam

    PSA: Beware of FedEx Tracking Texting Scam

    Gizmodo is warning of a new scam involving text messages posing as FedEx tracking notifications.

    Android and iOS users (including this writer) have received text messages including what purports to be a FedEx tracking number and a link to set delivery preferences. Clicking on the link, however, goes to a fake Amazon listing and survey.

    As Gizmodo highlights, this is where the scam takes a turn. “If you proceed any further, the survey will then ask users for a range of personal information including their credit card information, which for anyone who hadn’t already started feeling suspicious, should set off serious alarms.

    “Apparently, by entering in your address and credit card number and agreeing to pay a shipping fee for your “prize,” you are also signing up for 14-day trial that turns into a $100 recurring subscription for a range of products, which you will continue to get billed for every month until you figure out how to cancel the payment.”

    One way to spot the scam is the alphanumeric nature of the supposed tracking numbers. FedEx tracking numbers are almost always exclusively numbers, whereas the fake ones include letters as well. Similarly, FedEx tracking numbers are 12 or 15 digits long, as opposed to the 10-digit fake ones.

    Police departments are warning citizens of the scam and encouraging individuals to check any tracking numbers they receive directly on FedEx’s website, rather than following a link in a text message.

  • Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Security firm Sophos has once again warned of the dangers of “fleeceware” on the Google Play Store.

    Fleeceware is a term for apps “where users could be charged excessive amounts of money for apps if they don’t cancel a ‘subscription’ before the short free trial window closes.” Sophos had previously warned of the dangers of fleeceware but, rather than improving, the problem has only gotten worse.

    Following Sophos’ initial report, Google removed the apps that were highlighted, but unscrupulous developers have continued to create and release new fleeceware apps. In fact, “the total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.”

    To make matters worse, uninstalling the app does not cancel the subscription. Many publishers of these apps have a complicated process for canceling, designed to extend the “subscription” as long as possible. Sophos recommends keeping copies of all correspondence with one of these publishers so it can be shared with Google if needed.

    600 million downloads spread out over less than 25 apps is a shocking number of malicious downloads and illustrates the need for Google to do a better job of vetting apps. Apple is often criticized for its ‘walled garden’ approach but, in light of Sophos’ report, Apple’s approach doesn’t look too bad.

    If you are an Android user, there’s the list of known fleeceware apps, courtesy of Sophos:

     

    Play Store Fleeceware Apps via Sophos
    Play Store Fleeceware Apps via Sophos

  • 19 Kids and Counting: Duggar Petition Site a Scam To Collect Email Addresses?

    When the Duggar’s show 19 Kids and Counting was finally officially cancelled by TLC, fans of the show were livid. They took to comment sections of blogs, Twitter accounts, and Facebook pages by the score to vent their displeasure that their favorite show had fallen victim to its bad press.

    Now comes the news that there is a petition out there that fans can sign in an effort to bring the show back. The petition that is getting so much press is found at SupportTheDuggars.com.

    The text of the petition reads as follows:

    While the Duggar family may not be perfect and they’ve had difficulties like so many other families, their show WAS one of the few clean, family-friendly shows on TV. Sadly, there isn’t much a family can watch together any longer. The airwaves are full of terrible, trashy television! It isn’t right that the Duggars must be forced off the air while the filthy shows remain!

    We want our voices to be heard! We all know the power of standing together—just ask A&E what happened when they cancelled Duck Dynasty!

    It seems that every day in America our values and way of life are disappearing. We must all stand together.

    Please complete the petition form below to tell the Duggar Family we support them and to tell TLC that we want the Duggars back on the air!

    There is then a simple form where fans can enter their name, state, and email address.

    Just a side note: Duck Dynasty was never canceled. Phil Robertson was suspended from the show, but it was never termed as permanent, and he was brought back.

    But there is a bigger concern with this site.

    Why wasn’t this petition hosted somewhere like change.org, where many such petitions are started and seen? In fact, a petition hosted there got almost 200,000 supporters asking for 19 Kids and Counting to be canceled. Others there, asking for the show to be brought back, have 500+ supporters.

    The site, though, is hosted at Godaddy and registered through a service called Domains by Proxy, which many use to keep their ownership of a site anonymous. Nothing shocking there.

    But a look at the “fine print” terms you have to agree to in order to submit your name as wanting the Duggars back on TV.

    I knowingly and voluntarily add my name and other personal information to this petition. I understand that, by doing so, I am indicating my support for both 19 Kids and Counting and the Duggar family. I am over 18 years old and agree that any personal information collected through this site, including, without limitation, my name, geographic location, email and/or support for 19 Kids and Counting and/or the Duggar family, may be shared with TLC and/or other third parties for any purpose; and that such parties may use such information in any manner, including, without limitation, to communicate with me.

    By signing the petition, you give permission for the anonymous owner of this site, which was wholly unnecessary in the first place, to collect your information and sell it to anyone they wish.

    If this was a legitimate effort to get the 19 Kids and Counting show back on television, why would that be a requirement? Does the wording of these terms sound like a simple fan wanting their show back on?

  • Unlimited Data Plan Scam Causing FTC To Sue AT&T

    AT&T is being sued by the Federal Trade Commission (FTC) for misleading their customers into believing that they were receiving an “unlimited data plan” when they were really having their internet speeds decreased by up to 90 percent.

    On Tuesday, October 28, the FTC filed a complaint against the company at the U.S. District Court in San Francisco, California, explaining that they were convincing customers to take part in a more expensive unlimited plan and then would decrease the Internet speed to resemble that of dial up.

    The customers were not being notified of the change in Internet speed and the decreased speed caused many of their smartphone apps- GPS, streaming videos and music, and Internet browser- to run slowly or not at all.

    “AT&T promised its customers ‘unlimited’ data, and in many instances, it has failed to deliver on that promise,” FTC Chairwoman Edith Ramirez said in a statement. “The issue here is simple: ‘unlimited’ means unlimited.”

    “Even as unlimited plan consumers renewed their contracts, the company still failed to inform them of the throttling program,” the statement continued. “When customers canceled their contracts after being throttled, AT&T charged those customers early termination fees, which typically amount to hundreds of dollars.”

    AT&T, the second largest cellular carrier, has of course denied the accusations.

    “The FTC’s allegations are baseless and have nothing to do with the substance of our network management program,” AT&T senior executive vice president and general counsel Wayne Watts said in a statement.

    “It’s baffling as to why the FTC would choose to take this action against a company that, like all major wireless providers, manages its network resources to provide the best possible service to all customers, and does it in a way that is fully transparent and consistent with the law and our contracts,” he added.

  • ATM $37,000: A Man’s Get Rich & Lose it Quick Scheme

    A Maine news website tells us how a homeless man in South Portland, Maine– with an ATM card and 140 dollars in his account –somehow found a way to make a quick profit and had his hands on $37,000 all for five minutes.

    As he maneuvered the ATM to do his bidding, the woman waiting behind him got impatient suspicious and called the police. As the police rolled up, he was seen shoveling copious amounts of greenbacks into a shopping bag in sure efforts not to look completely like a bank robber.

    The unnamed man started with withdrawing $140, which he apparently actually did have in his account– but something signaled him to keep going. And keep going he did until he reached up to $37,000. There is a possibility that he might have gotten more if the lady behind him was not so impatient that she called the police about his dawdling.

    The bank, for obvious reasons, will not detail what made this glitch occur and the machine was put down all day Friday. They did not press charges on the man, although it was pretty obvious that a little finagling was used to receive the large amount of funds. The police have also divulged that they have dealt with this man before, but they decided to just promptly return the money and leave it at that.

    A bank ATM can hold up to $200,000. It makes one wonder if the kinda-a-bank robber-but-not guy knew this and was banking on signing a new lease on life that early Thursday morning.

    Image via Wikimedia Commons

  • Sara Ylen Fakes Cervical Cancer, Sentenced to One Year for Fraud

    On Wednesday, a 38-year-old Michigan woman was sentenced to one year in prison for money fraud against a healthcare insurance company and generous local supporters.

    Sara Ylen of Lexington, Mich., accepted thousands of dollars in donations for years by publicizing false claims of cervical cancer.

    According to NY Daily News, her story first reached local media coverage in 2003 when she submitted a series of accounts called “Sara’s Story” to The Times Herald. 

    Ylen created a false story detailing how she developed the ailment in 2001 after alleged attacker, James Grissom, raped her in the parking lot of a retail store. She also claimed that she was cared for by Cancer Treatment Centers of America in Zion, Ill.

    For many years, Ylen forged the names of specialists on her medical records in order to receive care. Additionally, a nurse from Michigan Mercy Hospice treated her for two years. The “great pretender” received $100,000 in donations to fund her hospice care.

    Ylen even played the part. According to witnesses, she wore a scarf on her head and used a wheelchair.

    It was not until 2011 that the facility terminated her treatment. The hospice said that they couldn’t find her name in the system or evidence of cervical cancer.

    Oddly enough, her story received immense support even without the confirmation of a doctor’s diagnosis.

    One of her many victims included Blue Cross Blue Shield of Michigan. Ylen owes the insurance company $122,000. Croswell Wesleyan Church and employees at Sandusky State Police Department were among others that donated money to support Ylen’s phony medical expenses.

    “All of these fraudulent acts that you perpetrated on so many people, and the extent that you went to perpetrate them, is almost mind-boggling,” Sanilac County Circuit Judge Donald Teeple said on Wednesday, according to NY Daily News. “You took advantage of the goodwill and generosity of people who were more than willing to assist you, all based on lies.”

    In a separate sentencing by a St. Clair County Judge, Ylen will serve additional five years in prison for falsely accusing Grissom and another man of rape.

    Fortunately, Grissom was released in 2012 after a judge decided to throw out his 15-year sentence. He had already served nearly 10 years in prison.

    Image via YouTube

  • Cancer Scammer Brittany Ozarowski Pleads Guilty

    Turns out Brittany Ozarowski was not suffering from cancer at all. The drug addict shocked the Long Island community back in April when it was revealed that she had been scamming sympathetic folks out of their money to buy heroin.

    Ozarowski pleaded guilty Monday to the charges filed against her, including third-degree grand larceny, first-degree fraud scheme and first-degree offering false instrument. The 22-year-old had been going round telling people she was battling cancer. Her emaciated face left little doubt for some residents that she had cancer, but sadly, she lied.

    It seemed that Ozarowski played the role of cancer victim quite well. She hobbled gingerly with a cane and weighed a meager 80 pounds. Of course, her victims attributed her frail body to the effects of radiation treatment and chemotherapy.

    Neighbors and friends rallied to help her.  They gladly offered to put donation tins on store counters, organized fundraisers and pulled cash out of their own pockets. These combined efforts helped to raise tens of thousands of dollars. Moreover, Ozarowski ran a website in which she was pictured in a wheelchair next to the request, “Help Save My Life.”

    But then, such things as why she didn’t lose her hair after chemotherapy, why she hung up on a man who offered $10,000 in treatments, and why she didn’t show up for a free exam at a neurologist began to raise doubts. Another thing that might have raised a red flag is the fact that her stories of cancer became too amorphous—sometimes it was bone cancer, at times it was brain cancer. She had also mentioned stomach and ovarian cancers.

    Since she pleaded guilty to the 24-count charge against her, her attorney was allowed to negotiate with the judge to counter the prosecutor’s call for 7 years imprisonment. Well, many people would say she got off easy. Judge John Iliou agreed to sentence her to 2 years in a drug treatment program and 1 year of probation.

    (image via YouTube)

  • Teen Pays $735 For A Photo Of An Xbox One On eBay

    Teen Pays $735 For A Photo Of An Xbox One On eBay

    For only £450 ($735), Peter Clatworthy, a 19-year-old student of Bilborough, Nottingham, United Kingdom, thought he was going to get an Xbox One. He didn’t.

    Instead, Clatworthy ended up paying the hefty price on eBay for a picture of the new video game console.

    The console was intended to be a surprise Christmas gift for his four-year old son, McKenzie, Clatworthy saved up enough money to buy the limited edition.

    “I’ve had to make a joke out of it because I was that angry. At least we’ve now got something to laugh about in the years to come,” Clatworthy said.

    “I always buy stuff on eBay and this had never happened before.”

    Mr Clatworthy made the purchase on November 28, paying £450 plus £8 ($13) packaging.

    Although the listing stated that it was a photo of an Xbox One Day One edition console, Clatoworthy expected he would receive an actual console, as the listing was placed in eBay’s video games and consoles category.

    “It said ‘photo’ and I was in two minds, but I looked at the description and the fact it was in the right category made me think it was genuine.”

    “I looked at the seller’s feedback and there was nothing negative. I bought it there and then because I thought it was a good deal.”

    “It’s obvious now I’ve been conned out of my money.”

    Last Monday, Clatworthy received the photo in the eBay posting; it had a little message on the back of it.

    “They’d written on the back of it ‘thank you for the purchase’. I was fuming.”

    With the help of eBay, Clatworthy ended up getting a full refund, and the seller of the picture was banned from the internet auction site.

    According to the Nottingham Post, an eBay spokesman said: “The seller has been banned from eBay. We have also contacted the customer directly to arrange the refund as promised.”

    “We don’t allow listings which mislead.”

    On November 22nd, the Xbox One was released in the UK with a special Day One edition for those who picked up the console on its first day of sale.

    Like most new video game console premieres, there have been misleading sales all over the internet where people wind up with packaging or pictures of the machine.

    (Images via YouTube)

     

  • Fire Department Charges Family $20,000 After Their Home Burns Down

    A family in Surprise, Arizona certainly got the shock of their life after their home burned down and they received a bill for almost $20,000. Even though their home was a total loss, they are still expected to pay $19,825 to a private fire department the family says showed up after the fire was put out. The family didn’t have a subscription for fire coverage from the private fire department, something they say they were never even offered.

    Justin and Kasia Purcell’s home caught on fire in August while they were away from the home preparing for the birth of their child. After their neighbor called to let them know their home was burning, they drove back to their house as the fire was being put out. “Everything was completely gone,” said Purcell.

    A couple weeks later, the family was delivered a real punch in the stomach after they got the bill for almost $20,000. The itemized bill the private Rural Metro Fire Department sent the family included charges of $1,500 for each of the two fire trucks that showed up. The family was also charged $150 per hour for each of the six firefighters on the scene, a figure Purcell finds awfully high.

    “They weren’t even the first responders,” Purcell said. “We arrived 45 minutes after the fire started, and it was pretty much extinguished by Surprise. Rural Metro showed up after we were already there. They basically did a mop-up–saturated the hotspots with water. They are milking it. I was there the whole night, and there was probably two of their men actually doing any work. The other ones were standing around bulls***ting.”

    The Purcell family lives in an unincorporated area that doesn’t have fire coverage. Residents in the area pay a fire district assistance tax, but it only covers volunteer fire departments. The private fire department says that the Purcells could have avoided their five-figure bill had they subscribed to their coverage. Their service is around $300 per year. Colin Williams, public information officer for Rural Metro, says that the bill covered the Surprise firefighters that showed up as well.

    “In this case, firefighters responded, they did receive mutual aid from other departments…once fire is knocked down and brought under control, Rural Metro units provide the overhaul and do essentially the mop up, if you will–that takes a significant amount of time and resources,” Williams said.

    Kasia Purcell says they would have paid the $300 for fire coverage had they known about it. “We would have paid it in a heartbeat,” she said. “We never received a letter from them.” The Purcells’ neighbors say they hadn’t been offered coverage from Rural Metro, either, until after the Purcell home burned down.

    “Coincidentally, we all received a bill from Rural Metro fire informing us we have no fire coverage in our area, so they highly suggested we finally begin paying some fire coverage that we didn’t currently have,” said neighbor Kelly Miller.

    So far, it looks like the Purcell family will be stuck with the bill, which they say they can’t afford.

    Do you think they should be responsible for the $20,000 or do you think this is a scam since they say they were never offered coverage? Add your comments below.

    [Image via YouTube]

  • Virtual Kidnapping: Four Charged in Virtual Scam

    It seems that virtual kidnappings are on the rise. Recent investigations led to the arrest of four virtual kidnappers from Mexico.  According to a federal indictment unsealed on Friday 8, the kidnappers were using telecommunication tactics to collect money from the people they could pick under the guise that loved ones had been kidnapped while crossing to US illegally.

    In reality, no one had been kidnapped and the ‘virtual’ kidnappers did not even know whom they were calling. But the kidnappers figured out that if they made enough calls, a few would result in a hit. When someone took the bait, they usually paid between $1,000 and $3,000. But in a small percentage of successes since 2007, the “virtual kidnappers” collected at least $500,000, federal investigators said.

    According to Business Insider, the kidnappers targeted families in WashingtonDC because a large number of people residing there are immigrants and their migrant relatives are often out of contact during the long journey north.

    It is reported that the kidnappers picked people to call at random. “They would just randomly run through a sequence of numbers, like 1 to 100,” said Daniel Page, assistant special agent in charge of U.S. Immigration and Customs and Enforcement’s Homeland Security Investigations unit in San Diego. “They’re just like your professional telemarketer. They have a script. ‘You need to pay this money. If you don’t, something’s going to happen.’”

    The callers from Tijuana, Mexico used about 30 different San Diego phone numbers to make the calls, sometimes up to 5,000 calls a day demanding that money be wired. Most payments were made in San Diego area and taken to Tijuana, Mexico.

    Virtual crime is very common on Latin America, particularly in Brazil, Mexico and Guatemala. It is the high crime rates in those countries that lead people to believe it when a stranger calls them to inform them that a loved one has been kidnapped.  Many calls are often placed by inmates in prison and they use social networking to convince the family members that indeed their family members have been kidnapped.

    (image via Wikimedia)

  • Irving Fryar & Mother Indicted in New Jersey

    It was not a happy hump day for former NFL wide receiver Irving Fryar and his mother.

    Fryar and his mother, Allene McGhee, were indicted on Wednesday by a grand jury in New Jersey for a mortgage fraud scam. The pair worked together to steal more than $690,000. They were indicted for theft by deception and counts of conspiracy.

    According to prosecutors, Fryar and his mother were planning to steal the money via a “sophisticated mortgage fraud scam.” Allegedly, during a six-day period, McGhee turned in false information about her home to receive five loans.

    So where exactly does Fryar come into play you ask? The former NFL player gave false wage information on applications for the loans. Fryar and McGhee wrote false information that McGhee was earning a hefty income as the event planner of Fryar’s church in New Jersey. It was also noted that Fryar himself spent more than $200,000 of the money received from the loans.

    Acting Attorney General John Hoffman said, ”It’s disappointing that someone with an illustrious career in professional sports who now is a minister and coach in the community is charged with this crime, but he must face justice like anyone else.” Added Hoffman, ”This is not a case in which Fryar and his mother simply omitted or misstated information on loan applications. ‘This indictment alleges that they engaged in an elaborate criminal scheme that was designed to defraud these banks of hundreds of thousands of dollars.”

    After retiring from the NFL in 2001, and playing for the New England Patriots, Miami Dolphins, Philadelphia Eagles, and Washington Redskins, Fryar became the pastor of the New Jerusalem House of God, which he founded, in Westampton, New Jersey. He also became the head coach of the Robbinsville High School football team.

    The news has many people, including those in the area, disappointed in Fryar’s actions.

    Image via YouTube.

  • Bernie Madoff Accountant Charged with Fraud

    NBC News reported this week that Paul Konigsberg, an attorney and accountant, was charged yesterday with falsifying records and related securities connected to the Bernie Madoff Ponzi scheme. Konigsberg is the only non-Madoff family member who owned a controlling interest in the investment fund.

    The indictment released by the District Attorney for the Southern District of New York almost reached 20 pages, and claimed “Madoff directed many of his clients – including some of his most important customers, in whose accounts Madoff executed the most glaringly fraudulent transactions — to use Paul Koningsberg, the defendant, as their accountant.” Konigsberg’s duties included backdating trades and bank statements as part of keeping bogus records to cover up the fraud.

    U.S. Attorney Preet Bharara, speaking on the case, said that “As alleged, Paul Konigsberg threw aside his ethical duties as an accountant in favor of his role as a false bookkeeper, which included allegedly participating in a scheme of back-dating client account statements to show fictitious trades and conjuring profits and losses of millions of dollars. With today’s indictment, he will be made to answer for his alleged conduct as yet another player on Madoff’s team.”

    Meanwhile, the AP reported via the CS Monitor that Konigsberg’s lawyer, Reed Brodsky, is taking a different approach to his client’s defense. Brodsky insists that Konigsberg was just another victim of a “one-time high-flying financier” whose profits were so dirty, his jail sentence matches that of serial sexual murderers. “He and his family lost over $10 million,” Brodsky said. “Mr. Konigsberg was no different [than any of Madoff’s other victims].”

    On the prosecutor’s bench, Assistant U.S. Attorney Matthew Schwartz said of Konigsberg’s role that he was the “accountant of choice” for deep-pocketed Madoff clients. Konigsberg was paid $15,000 to $25,000 a month to backdate trades for years to deepen the fraud. The prosecutor also alleged that one of Madoff’s oldest clients worked directly with Konigsberg as he deposited and withdrew billions while benefiting from the fraudulent trading.

    The Bernie Madoff Ponzi scheme was broken up in late 2008 and early 2009. Madoff’s sons turned him into the FBI, and on March 12, 2009, he pled guilty to 11 federal charges and admitted his role in maintaining the largest Ponzi scheme in human history thus far.

    [Image via this WSJ YouTube video about the Madoff Scandal]

  • Who Falls For Nigerian Email Scams? The Gullible, of Course

    We’ve all gotten them. The emails from someone purporting to have a lot of money that needs help sailing through the tricky waters of international banking. The ones that need us (me!) to do the important work of banking for a prince, or deceased magnate. Those messages from Nigeria. Those scam emails.

    But why do those scammers write that they are from Nigeria or some other third-world country? They most often aren’t, and the notion makes the whole thing seem ridiculous. Also, why do they send the emails with terrible grammer and spelling issues? Couldn’t they at least proofread it once? The answer to these questions, of course, is that we are not the intended targets of the emails. Someone would have to be very gullible to fall for one of those scams, and that’s exactly the point.

    Cormac Herley, the principal researcher in the machine learning department at Microsoft Research, has actually crunched the numbers to prove that’s the case. His paper, titled “Why do Nigerian Scammers Say They are from Nigeria?”, looks at the scam from the scammer’s point of view. The scammers have a limited amount of time to scam, and must prioritize the most gullible victims quickly if they want to make money. Herley visualizes this problem as one of binary classification. Will a specific mark be profitable? If the scammers guess wrong, they either spend valuable time scamming for no gain, or dismiss what could have been a profitable mark.

    To solve the problem, Herley places all of the variables into a mathematical model of how a scammer might act. He then uses a Receiver Operator Characteristic (ROC) curve, which, he says, is how the trade-off between two types of error is usually graphed. From there, he is able to determine exactly how a scammer should choose which people to scam. The answer, of course, is to find a way to accurately identify from a large sample of people those who will be prone to scamming. From the paper:

    The initial email is effectively the attacker’s classifier: it determines who responds, and thus who the scammer attacks (i.e., enters into email conversation with). The goal of the email is not so much to attract viable users as to repel the non-viable ones, who greatly outnumber them. Failure to repel all but a tiny fraction of non-viable users will make the scheme unprofitable. The mirth which the fabulous tales of Nigerian scam emails provoke suggests that it is mostly successful in this regard. A less outlandish wording that did not mention Nigeria would almost certainly gather more total responses and more viable responses, but would yield lower overall profit. Recall, that viability requires that the scammer actually extract money from the victim: those who are fooled for a while, but then figure it out, or who balk at the last hurdle are precisely the expensive false positives that the scammer must deter.

    It seems like common sense, but now at least there is proof that these scammers aren’t all actually Nigerians with poor English. Herley’s paper can be read (and understood if you enjoy math) in PDF form over on the Microsoft Research website. One question that remains, though, is whether the “Nigerian” scam started when someone created it to filter out all of the non-gullible people, or whether it was actually from Nigerian scammers, and just happened to catch on because of this unintended effectiveness.

  • Fake Apple Survey Email Making The Rounds

    A fake survey claiming to be from Apple is making the rounds this morning. It’s pretty much your basic phishing email. It offers the recipient the chance to take a survey in exchange for $115 Apple Store gift card. Of course, if you know what to look for, the email is full of red flags.

    First off, there are numerous grammatical errors in the body of the email itself. That’s always your first clue that an email like this is a fraud. Apple makes gazillions of dollars. They can afford to have people proofread the emails they send out. If you get an email from Apple – or any other major company for that matter – that reads like it was written by a sixth grade dropout, you can be sure it’s phony. Interestingly, though, email scammers don’t include grammatical errors because they’re idiots. They include them because the kind of person who catches grammatical errors is less likely to fall for an email scam. It’s a way of homing in on the easy marks. Here’s the text of the email:

    Fake Apple Survey

    Of course, if the poor grammar (“your loyalty for our products,” “eligible for buying“) doesn’t tip you off, the “opportunity” they offer should. They don’t say they’ll give you a $115 Apple Store gift card for participating (Apple gift cards don’t come in $115 increments, by the way), they say they’ll give you the chance to buy one for $10. Not only that, they offer to mail you the gift card four days after you pay for it. Right.

    If you open the survey that’s attached to the email, here’s what you see. It’s a decent but unconvincing attempt at looking like an official Apple page, but the fact that it’s attached as an HTML file you have to download (rather than a link to a site with an Apple domain), is a major red flag:

    Fake Apple Survey

    Finally, at the bottom of the survey you’ll find the section where you enter your billing information. If you’ve ever paid for anything online, you probably have a pretty good idea of what is required to complete a transaction. In this case, you may notice that there are a couple extra fields:

    Fake Apple Survey

    Yep, not only do they want your standard information – name, address, ZIP, credit card number, expiration date, and security code. They also ask for your PIN, your card’s issuing bank, and, most alarmingly, your Social Security number and birthdate. In case you’re unclear on this point, there is no reason for any online retailer to ever ask for your Social Security number. Ever. At all.

    That, of course, reveals the whole point of this email: this isn’t just a way to scam $10 out of people who think they’re getting a good deal on an Apple gift card. No, it’s a way to get enough information to commit identity theft.

    Of course, Apple is all too familiar with this sort of scam. Last month they published an updated support page to help customers distinguish legitimate Apple emails from fake ones. This email fails several of the tests they list to identify real Apple emails: it includes an attachment, it asks for your Social Security Number, your full credit card number, and your credit card’s CCV code.

    Unfortunately, scams like this are all too common. While there are all sorts of ways to identify scams, the best thing to do is to keep your wits about you and remember that if an offer – like $10 for a $115 gift card – seems to good to be true, it’s probably fake.

  • Likejacking Scams on Facebook

    Be careful who you friend and what websites you are being requested to visit because some sites employ a “Manual Sharing Scam” – better known as “Likejacking” or Clickjacking. Once users click on these scamming sites they could receive posts on their wall that say they “Like” the site, in an effort to spread itself virally.

    The scam spreads once FB friends of the victimized user click on the link that was posted on their wall, thus continuing the chain.

    Candid Wueest is an employee at Symantec and explains that in the Uncle Scam likejacking scam:

    “Even though it might appear that one of your friends has shared this link, he or she most likely did not do it knowingly. This is because whenever someone follows one of these malicious links, he or she ends up at an intermediate site on Facebook that will then load an “iframe” from a remote site. In this particular case, the remote site hosted four more scams targeting Facebook, each with different themes. The iframe loads an Uncle Sam image from a free image-hosting site and then asks the user to click on some part of the image. However, what the user doesn’t see is that the attacker has also loaded a Facebook site, but has modified it to be invisible. The hidden page that is loaded is the Facebook “Like button” page, which is conveniently placed under the mouse pointer of the user. Hence, when the user clicks on the colored bars of the image, he or she is actually clicking on the invisible Like button and consequently shares the attacker’s link with all of his or her friends on Facebook. (The same trick is attempted with an invisible “Share” button).”

    PCWorld identified fbeditionrose.com, editionroseplus.com, and nouvelleroseplus.com as some of the sites people should avoid.

    The article also detailed how there are several fake Facebook sites that request personal information for the chance to win free deals. These sights can be harmful in that they can infect your system with malicious code, recruit your computer into a zombie botnet, install software on your computer, and steal passwords or financial data.

    The following YouTube video demonstrates how a user can be tricked into sharing potentially malicious links on their Facebook profile page.

    To be safe, Facebook users are encouraged to Remain skeptical of messages posted in social networks, even if they are from friends. Users should aslo avoid downloading files or filling out questionnaires just to see a picture or a video.

    Share you likejacking stories with us.

  • Man Tricks Girlfriend on Facebook, Imprisoned

    In Great Britain, a man has been jailed for seven years for tricking his girlfriend into performing sex acts online through the use of false identities on Facebook.

    Darrell Bingham, 49, posed as an American football player and subjected his 21-year-old girlfriend to a six month hoax, in which he tricked her into performing sex acts using blackmail.

    Bingham posed as “Grant,” an American football player, on Facebook, pestering the girl to send him topless pictures. When she naively complied, he began blackmailing her into performing sex acts on herself.

    She told her boyfriend, Bingham, about the blackmail, who told her to continue, telling her it might be over soon. One day, he told her he had killed “Grant”, producing fake photographs as proof.

    But Bingham wasn’t through with her yet. He then posed as “Chad”, a friend of the slain “Grant”, and continued to blackmail her, saying “Grant” had given him the photographs.

    The girl broke down in her office one day over the ordeal. Concerned co-workers called the police, who traced the source back to Bingham.

    Bingham has since been convicted of causing a person to engage in sexual activity without consent and has been sentenced to seven years in prison.

    The girl had this to say after the whole ordeal, “I feel betrayed and heartbroken. When I found out it was Darrell I was absolutely devastated. He was the only person I could turn to and that is why it makes this ordeal so hard. He tortured me for six months.”

    “From the moment I woke to when I went to bed, it was constant. I was so scared and frightened all the time I just didn’t trust anybody.”

    Facebook has been used as a tool of deceit in the past, people posing as someone else to elicit sex or scam people out of money. Recently, a Pennsylvania man was charged with 68 felony counts after tricking underage girls into sex by using fake Facebook profiles to lure them in.

  • Scammers Continue to Post Fake Facebook Videos

    It should be old news by now that if you see a questionable video on Facebook you probably should not click on it, and definitely don’t give any information or fill out a survey. But with the shear number of fake videos popping up and scammers relentless tactics, it can be difficult to discern which videos are fake and which your friends post because they actually want to share an interesting video.

    The most recent of these fake videos is one claiming to depict a roller coaster accident in California. Variations talk about it being in the United Kingdom, Australia or Universal Studios. Basically if it claims a roller coaster accident in the title it is a scam. No such video exists.

    False Video Links like this have been cropping up on Facebook for some time now. Some other ones to watch out for are claims of a sex tape involving Justin Bieber or a supposedly embarrassing video of Rihanna.

    Scammers tend to post “videos” that people will click on out of morbid curiosity. They want you to click without thinking.

    The scammers earn money by driving traffic to certain sites. They get paid for each survey you unwittingly complete, or any product you purchase, or even just by compromising your Facebook account. Many are designed to spread malware or are linked to phishing scams, whose sole purpose is to obtain your personal information.

    The best way to avoid these kind of scams it to not click on friends video shares at all, or just use some common sense to determine which videos are most likely fake. Look for videos that are designed to exploit that part of you that can’t help but watch a train wreck. If it looks gross, morbid, or involves sex, don’t click. If it links to a page that doesn’t appear to be a reputable news source, don’t click. Also watch out for the language usage in the description. Many make grammatical errors, or generally don’t sound like the way people talk.

    @fraudcafe
    Fraud Cafe    Watch Out, Rollercoaster Accident is a Facebook Scam! http://t.co/8AdVJAzq via @zite 43 minutes ago via Zite Personalized Magazine ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @gcluley
    Graham Cluley    OMG – I just hate Rihanna video Facebook scam spreading http://t.co/feIoMrFO 2 days ago via Echofon ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @McAfeeThePlace
    Robot 1337    Have you, or someone you know, fallen for a Facebook scam? Learn how to avoid Fa…: Have you, or someo… http://t.co/xdlCeD0t -from FB 4 days ago via twitterfeed ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @thedomorama
    Dominic Rios    It’s so sad too because those scam posts now probably represent about 95% of what’s posted on Facebook 6 days ago via Twitter for iPhone ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @Flavio58
    Flavio58    NATO chief targeted in Facebook scam http://t.co/mScR0EJc 1 hour ago via ifttt ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

  • Tax Season 2012: Avoid Online Scams

    For years, online scammers have been taking advantage of people at tax time. Many people look for ways to get their tax refund back as quickly as possible.

    Legitimate tax return prep offices and other businesses offers “refund anticipation loans”, whereby you have your refund sent to their bank account and they give you most of it in advance in cash. But, these kinds of services do place restrictions on who they will offer loans to, based on any tax offsets due, filing status changes from prior years, etc.

    But, since these services are highly-advertised and have become commonplace, people are falling prey to scams that offer such services. These scams are blended with high-tech methods of phishing and information collection that go further than tax season. One scam even asks for your mother’s maiden name, which is a common identifier when resetting or revealing other passwords.

    Learn more about these scams, how to spot them, and how to report them.