MoMusings

I’ve no idea how many of you out there in blog-land use Twitter, but I’d guess quite a few of you do?

As a relatively new Twitter user, I’ve not seen much of the problems that Twitter has experienced over the last year, including account hacking, phishing, 419 scams, worms and other malcode problems. One area that seems (at least to me) to have been rather quiet has been spam via Twitter.

Until the last week or so, I’ve never received any. I’d be interested to know how many of you out there in blog-land who use Twitter have seen similar things to what I’m about to discuss.

I don’t think there is a specific name for Twitter spam, so I’ve coined one; Twam.

I’m sure the more creative of you out there can come up with something better?

Let’s have a look at a couple of examples I’ve seen in the last week or so:

1. The Vote For Me Twam
I received the following notification and when I checked out the profile for that user all their tweets were requests to vote for them in some beauty pageant.

As you can see at the time I was sent this they had a fair few followers and were following (Twamming) lots of other Twitter users. when I checked this particular account again this morning, it was still active and still only begging for you to vote for her at 60P per text no less! The number of followers now stands at 343 and she is following (Twamming) 1,986 other Twitter users.

2. The Porn Advertising Twam
I received the following notification just this morning and when I checked out the profile for that user they only have one tweet with a link to a porn site! So.they seem to be using Twitter to advertise their porn site.

Shortly after receiving the above notification, I received another using the same name, but from a different Twitter account. Their feed was exactly the same as the first one I received just 30 minutes earlier.

When I just checked both of these accounts (before publishing this) that were advertising a porn website they have now been closed by Twitter.

Needless to say I have blocked these Twitter accounts, as I don’t want to see what they offer and I don’t want to give them any credibility by being seen as being followed by them.

I wonder if this is the start of a major spam (twam) attack on this social networking site? I wouldn’t be surprised as this fate has already befallen FaceBook, Myspace and many other similar sites.

For those of you who are interested in following me on Twitter (no not you spammers/twammers) you can easily find me via my name or my Twitter account which is talkytoaster.

If you spot anything interesting feel free to send me a Tweet or a Direct message.

Take care and happy Tweeting.

The 419 scammers have a decided to use Gala, a UK Bingo and on-line gaming company as their latest one to impersonate, they do this to try and get you to swallow their scam as real.

Here’s a couple of screen shots showing one copy of the emails I’ve seen so far today:

The use of a “trusted” brand name is to try and make it more believable, so that you will be willing to actually contact them to try and get the alleged winnings.

However, you’ll end up being put on a suckers list; receiving even more of these scams, even via the postal service and over the phone too. Not only that you will also be asked to pay some administrative or legal fees to release the money to you…there is no money, you haven’t won anything except the chance to be less gullible in the future.

If you want to find out more about these scams and how they work you can find other postings on the subject on this blog, and also on my published papers and articles page here: http://momusings/com/papers

If you get an email claiming that you’ve won something in a competition you never entered be very skeptical. If you want to know if it is real or not then please feel free to contact me.

Gala do appear to have a lottery game, but it is online at their website, they don’t do e-mail lottery at all….you have been warned

I’d like to start this post with an apology [yes, again] as I have been rather slack in posting for quite a few weeks now. This has been due to a number of issues beyond my control including yet another change in my role. I still hope to post material here as often as I can, but it probably won’t be as frequent as it has been. So, to try and start the ball rolling once more I have the following phishy tale for you to enjoy.

Here’s a new one I’ve not seen before, the following e-mail arrived in my ‘Phish‘ inbox late last night [screenshot below]:

That’s nice if I answer just seven questions in a simple survey I will get £25…..I smell a phish, so what do we see when I click on the link?

Hmmmmm…..looks pretty good, quite believable wouldn’t you say?

So, let me see what happens when I fill out the details with bogus data. First let me enter some bogus data for the survey and then click on submit. This is where I’m taken too next:

Aha…..Just as I suspected, this is a phish, as it wants personal data and my credit card data, including the CVV so that the promised £25 can be credited to my card, yeah right. So, let me enter in some more bogus data and click on the Submit button again.

I particularly like the mis-use of the MasterCard SecureCode,VeriSign and Verified by Visa logos, just trying to make you feel secure, how reassuring, eh?

The final page [shown above]informs me that my data has been entered correctly [yeah right!] and that I should see my £25 credit payment on my credit card within 3-5 businees days. More like my credit card will be misused or sold on to others to misuse within 3-5 businees days! Oh, and then I get taken to the real McDonalds UK website, nice

So, it seems that I was right to be suspicious, in fact a quick look at the link in the original e-mail made it obvious to me that this was a phishing scam.

The interesting thing about this Phishing attempt is that this is the first time I’ve seen one targeting McDonalds in the UK.

So, if you are an McDonald’s customer, or think that you’d like £25 for free, be on your guard as it seems that the phishers are now spending significant amounts of their time to finely target their potential victims and try and get you to disclose your details….

As a final note, the Netcraft toolbar plugin which works with Internet Explorer and Firefox now has the domains used for this phish in their database. So, install it and use it, it could save you from making an expensive mistake!

How many of you out there use Amazon’s Marketplace to sell items?

Well, if you do then this posting should be of some interest and I’d also be interested in how many of you have received similar emails to the one shown in the screenshot below:

Looks like a typical notification from Amazon that your item listed on Amazon Marketplace has been canceled; for those that use this Amazon service this usually happens when your item listing has expired, and is quite normal.

So, let me see where I end up when I click on the link contained in the e-mail; screenshot below:

Is this Amazon.co.uk? Looks genuine doesn’t it? would you sign-in via this page, or not?

For the moment, let us assume [quite rightly] that I’m suspicious of this page, let me have a look at the source HTML for the page above; I’m especially interested in the FORM section (the bit that deals with the login credentials; your e-mail address and Amazon.co.uk password). Here’s a screenshot of the related part of the HTML source for that function:

Hmmm…..notice anything odd?

Surely the real Amazon.co.uk doesn’t use a generic mailto CGI script [in this case a PERL script] to handle login routines, does it?

No, of course it doesn’t, the code in the screenshot above sends your now stolen Amazon.co.uk login details to the bad guys and girls via e-mail using the mailto.pl script hosted on http://www-cgi.paonline. It then goes onto send you to the real Amazon.co.uk page, sneaky huh?

So, this is another phishing scam, in this case they want to steal you Amazon login credentials, so that they can steal any personal details, including and stored credit-card data, or maybe they just want to buy things using your account, and have them sent to a drop-box to then be turned into cash. Such as ordering themselves a new MP3 player, phone, some CD’s or DVD’s or whatever, leaving you to pick up the bill and deal with the resulting mess.

Of course this type of attack is not just limited to Amazon, it would in theory work with any e-commerce site, so be careful out there especially where you have sites that store you credit-card details, as in most cases this is what the bad-guys and girls are after. If they can’t get that then they will just buy things from the site using your stored card data instead.

yet again, as with other recent examples I’ve blogged about it shows that phishers are not just interested in getting you bank details, they are just as happy to get e-commerce site credentials, game login credentials (such as WoW) or webmail account details (how many of you store e-mails which contain personal or financial  details?), amongst many others. Furthermore, do you you the same password for more than a single site? If you do then you are making it easier for the bad guys and girls to compromise your other accounts wherever they may be.

I received an e-mail yesterday asking me to take part in a survey that Walmart were apparently carrying out to gauge customer satisfaction. A screenshot of the e-mail I received appears below:

So, even though I am not and never have been a Walmart customer, let me see where we go if I click on the link provided, as if I were a Walmart customer. This is where I ended up:

Looks like a very typical web based survey, so what happens when I fill in the details and then click on the proceed button at the foot of the survey page? This is where I ended up next:

OK, so they want some more personal details now, they already have my phone number and e-mail address. Now they want my credit card number, expiry date for it and…….my CVV and ATM pin…..hmmmmm; can anyone smell something ‘phishy’ yet?

Yes, this is a phishing scam, squarely targetted at Walmart customers that will be fooled into believing that they will recive 150 US Dollars for filling out the survey and supplying their credit card details. In a few days they will get a surprise, but not the pleasent one they were expecting. Instead of having money credited to their account, they will have lost money through bogus purchases. It may even be worse, their account could be cleared out via ATM withdrawals, or even overdrawn, leaving them with a large bill to pay [unless their bank covers phishing scams and related things] . In the worst case scenario the personal details they gave could be used for identity theft so that loans or mortgages could be set up using the stolen details, leaving the victim with the bills and the resulting damage to their credit rating.