How To Avoid Being Caught By Phishing Scams

What exactly is a phishing scam? Phishing is a process that can occur in many forms. Usually, the most common example is the e-mail, when ask the recipient to enter specific personal information. This allows the Scammers to “catch” the resulting data.

Phishing activity started 15 years ago. It’s enough young, but, according to Business Week, with the current recession, the intensity and frequency of these scams will increase more and more. Also, according to research, Phishing attacks are targeted in brands like PayPal and eBay.

Usually, most attack are a simple username/password(for example  PayPal username and password). Often, thieves are able to steal many other accounts for a single victim when user use only one standard password across many accounts.


Image Credit: skp psc scp

However, there are other attacks to steal broad personal information such as:social security number, date of birth, banking PIN numbers, driver’s license number. These information is used to open fraudulent accounts or creating a profile on a specific individual.

Here, my tips you need to know to be protected against any attack:

1. Never log into an e-mail with unusual formatting, or contain poor English. 

2. Never log into an e-mail that ask you ” log within 24 hours”. This is an strategy used by scammers in order to increase the chance you respond.

3. If an email will urgently prompt you to follow a hyperlink to log in to your account, then no open it, or delete it. These link redirecting you to a clone of your bank site, so once you log into the site, a phishing attack will copy your login client data.

4. Some attacks use phrasing such as  “to prevent your account from being closed” or “to restore access to your account” and ask you to access to your account or soon will be closed.

5. I get phishing emails from “my bank” every few weeks. Remember, the banking institutions will never send you email to ask you for your account information. Make sure to visit the original website and log into a secure platform.

6. Some phishing scam ask you to log in to your account to receive a bonus or special promotion such as a cash bonus or a free upgrade to a premium account.

If you have other tips, please leave me a comment below.

How To Recognize Online Fraud And General Phishing Trends

In this edition of the Brandjacking Index, we look at brand abuse trends in the financial vertical, focusing on four major financial services brands and four terms associated with the financial crisis – foreclosure, mortgage, refinance and unemployed.

As the economy has worsened over the past months, we found that con artists have exploited consumers’ financial fears and uncertainties, and have rushed in to hijack well-known brands for their own profit.

There has been a profound increase – 36 percent in one quarter – in the level of phishing attacks as well as in cybersquatting.

We identified more than 7,300 questionable domains that were registered using the four financial brand names. Fraudsters registered domains that combined the financial brands that we studied with its four focus terms at the rate of more than one domain per day between September 2008 and the end of our study period in April 2009.

Scams continue to be complex and sophisticated to lure in unsuspecting victims; in fact, cybersquatted domains registered since September 2008 were 50 percent more likely to use the focus terms than domains registered earlier.

MarkMonitor created the Brandjacking Index to measure how pervasive brand-based attacks are and to identify the potential threats to the world’s strongest brands.

As in our previous reports, this edition of the Brandjacking Index tracked millions of emails and billions of web pages, including pages featuring online advertising, eCommerce, auctions and social networking.

Summary Financial Brand Findings

As our economy has worsened, brand abusers have sharpened their focus and created schemes to lure consumers into their trap for mortgage refinancing and phony get-rich-quick investments. Sadly, the only ones who are getting richer are the fraudsters. They are using a variety of simple yet creative techniques to misrepresent themselves.

Here are two examples of websites: the first shows you a phony mortgage refinancing site that exploits paid search listings to bring in traffic and a second site for a spam scam based on another bank brand.

financial phishing scams

 

Imager credit: Pertusinas

Then there is this page that has so much brand abuse going on, it could be one of those find-the-hidden-picture Sunday supplement puzzles.

The fraudster who created this page exploits trusted TV and newspaper media brands and has the page designed to look like an online newspaper, all with the goal of obtaining personal identity information. To add insult to injury, the page uses encryption technology to give it a greater air of legitimacy!

While many of the suspicious domains that we discovered tried to extract personal information, very few went so far as this site in offering encryption; 52 percent of the domains that we identified did not encrypt any data.

Finally, there are new efforts that make use of social media to lure victims.

Here is “Jessica’s Money Blog” which on the surface looks like thousands of other legitimate blogs that participate in conversations about managing finances or running a small business. But “Jessica” is selling a “home business kit” that promises steep rewards in exchange for a small amount of effort and some personal information, including a credit card number.

 financial phishing scams

These are just a few of the sites that we have discovered that may be exploiting the financial crisis.

A summary of results is shown below for each of the four banking brands studied:

Brand Cybersquatting eCommerce False Association PPC
US Bank Brand 1149 130 334 131
US Bank Brand 998 115 280 303
UK Bank Brand 2947 384 105 274
Intl. Bank Brand 2276 332 838 266
Total 7370 961 1557 974

Of the almost 7,400 suspicious domains identified, 16 percent were registered since September 2008 and 17 percent of the total used the focus terms – foreclosure, mortgage, refinance and unemployed – in the site content.

When we examined the more-recently registered domains, the team found evidence of opportunistic abuse.

  • Domains registered since September 2008 were 50 percent more likely to use the focus group terms.
  • Fraudsters registered domains that combined the financial brands that we studied with our focus terms at the rate of more than one domain per day between September 2008, and the end of our study period in April 2009.

In general, many of the suspicious domains are newly created, as you can see from our analysis of the domain registration dates in the table below:

2007 or Before 1H 2008 2H 2008 2009 (Jan – Apr)
58,00% 13,00% 18,00% 11,00%

In terms of geography, 49 percent of the abuse domains were hosted in the United States, while six percent were hosted in the United Kingdom, four percent in Germany, and Australia and Canada tied at three percent each.

Phishing attacks against the financial brands that we studied saw a big jump, with 10,000 attacks in Q1 2009, which was a 36 percent increase compared to Q1 2008.

General Phishing Trends

Interestingly, when we observe phishing trends overall, we found that phish attacks against the payment services category grew more quickly than the financial services category in Q1 2009, with a 40 percent growth from the previous quarter and 285 percent annual growth.

Phishers continue to target different industries, shifting their focus from quarter to quarter as the chart below demonstrates. They sharpen their focus using standard direct marketing methods – identifying the most profitable segments and then continuously harvesting new targets within those segments.

A total of 502 organizations were phished in Q1 2009, which is a 14 percent increase compared to the last quarter of 2008, and a 24 percent annual increase – a large jump from previous observations.

We also saw 93 organizations being new targets in the quarter; the vast majority of them were financial services-related businesses. This could signal that phishers will be redoubling their efforts against this segment going forward.

We also observed how phishers are adjusting their techniques targeting the retail segment.

  • On the left is an older example of a phished retail site, using the oft-used ploy of masquerading as a trusted site, with familiar logos and credentials.  
  • On the right is a more recent example of a phish against the same brand. In this case, a phony user survey purportedly offered by a trusted retailer promises a $90 credit for its completion, once your credit card number has been given.

 

Evolving marketing techniques for phishers

Imager credit: Vladimir Popovic

And as legitimate sites beef up their defenses, the phishers are following right behind by using similar techniques to make their efforts seem more plausible.

The first example below is a site that uses the ‘ captcha’ method of typing a series of numbers to thwart subscription bots, and the second example is a Brazilian site that puts up a warning like a real credit card site.

While both of these sites are aimed at the payment services vertical category, neither is legitimate.

Imager credit: Vladimir Popovic

And while the US continues to widen its lead in the hosting of phishing sites, with a ten percent increase from last quarter, Canadian hosted sites have moved up to be the second most popular host country.

Social Media Phish Targets

We continue to see that cybercriminals are targeting new communication platforms like micro-blogging, virtual worlds and social networks.

Phishers are creating phishing sites to collect passwords, conduct identity theft schemes and carry out online advertising scams.

Phish attacks targeting social networks have grown 241 percent from Q1 2008 to Q1 2009 and have grown 1,500-fold since we first started tracking the category in 2007.

Phishers have also expanded their reach to web infrastructure sites such as domain registrars and hosting services. Economic reasons for exploiting these sites include redirecting traffic, holding a domain portfolio ransom or hosting further phish scams or pirated content.

Registrars

Hosting

 

Phishing attacks targeting web infrastructure

Conclusions

Brand abuse is increasing, but more important than the sheer volume is the increased sophistication and the opportunistic nature of brandjackers, who are quick to take advantage of current events and popular concerns.

Brandjackers continue to exploit the confusion over the financial markets that began in the last quarter of 2008 to prey upon vulnerable consumers.

Wielding a wide variety of techniques from more established abuses like spam, cybersquatting and phishing, brandjackers are also taking advantage of newer avenues like blogs and social media sites to find their victims.

Published on March 1st, 2009 as ” MarkMonitor Brandjacking Index: Spring 2009“.

About the author

MarkMonitor, offers comprehensive solutions and services that safeguard brands, reputation and revenue from online risks. With end-to-end solutions that address the growing threats of online fraud, brand abuse and unauthorized channels, MarkMonitor enables a secure Internet for businesses and their customers.

The company’s exclusive access to data combined with its patented real-time prevention, detection and response capabilities provide wide-ranging protection to the ever-changing online risks faced by brands today. �

Death Switch, Getting Your Passwords When You Die

If you have need catering service for a business event or meeting, the Web offers many solutions to satisfy your strictest dietary needs.

Imagine you die with computer password in your head. Now, if you want to send any important data to your loved ones after your death, a new company called Death Switch is offering you the chance to do this. A deathswitch is an automated system that prompts you for your password on a regular schedule to make sure you are still alive.

How Does It Work

First, you need to send an email message with what you want to say to your family. With the free account, you get 1 recipient and no attachments.

You can also choose the premium account to sending 30 messages plus files such as videos, pictures and documents, as mail attachments. In this case you have to pay a fee . Then, send it to Death Switch.

Then You receive for some period of time a regular email to see if you are not dead and you will respond them via email. If you don’t respond, they will continue send out several more email to make sure that you are live and if you don’t reply to those, Death Switch reaches the conclusion you are dead and the system will then send out your email to those you have specified.

Seems Good, But……

In my view it sound like a good idea. With a lots of passwords in my head(contacts, skype, important data like bank account), my partner don’t know how to access. Thus, an automatic system like this would be a good idea.

Of course, there’s always a but… I wonder, if you need to trust of a service like this to send your important password via email.

Secondly, what if you receive the emails into the spam folder accidently and the system deduced you are die?

There are other better ways to make sure your passwords get out when you die. The simply and direct way is to put a list of your data inside of a fireproof safe and tell where you keep the key to your loved ones.

How To Protect Your Home Business, Using Home Security Surveillance

If you work from home like me, you probably have one or more than a pc on your home office. Also, more probably you have other devices, such as scanner, printer, digital camera, cell, etc. All devices that cost a lot of money.

protect home business
Image Credit: Llandudnoandy

I always talked on my blog of how your business has need to be protected by attack of virus, email spam, and other malicious programs. But can we be one hundred percent certain that the our home is protected, as well. How would you feel if you receiving a burglar into your home and takes all your work?

Protecting your home business and your work is becoming more and more important these days. Crime rate is at an all-time high in the world today. To protect your business you need of a strong action against burglars or could destroy year of hard work.

 

Infrared are perfect to cover wide areas of ground. It sending out a beam of light, once this beam is broken the alarm will be sounded.

Whether you want use modern alarms to cover large rooms without having separate units on each individual door and windows, infrared detectors is the right solution.

If you using visible light sensor, burglars can identify where the light is coming from, and avoid the beam quite easily. Thus, another solution is that to conceals the units inside walls, the only thing you need to do is to leave a hole so that the infrared beam can pass through.

In general, a common solution many people use is a combination of infrared security system with other form of security in order to make sure the property is completely protected.

Protect Your Home Business With GE Security System

GE home security is one of the better companies selling wireless home security systems in the United States with affordable costs.

Although a recent company, the leaders and founders of GE home security system have over 25 years of experience in the security business from owning, in numerous video surveillance and alarm companies operating.

They be enought popular in the home security system, and have a partnership with one of the most well-known alarm companies in the United States. GE Security is able to provide video surveillance, security cameras, with the next generation easy-installation systems.

One of the main features of GE Security is their interactive monitoring. The interactive monitoring, allows you to know what’s going on at your home regardless of where you’re at.

Make Money With USAlarm Affiliate Programs

Publisher earn up to $300 per each Sale they do. Affiliates have the opportunity receive the same commission by driving sales online or over the phone.

Once you join the GE alarm system program, you’ll automatically receive your dedicated phone number. Affiliates can pull full data reports to real-time on calls, sales, and payment information.

Alert: AdWords Phishing Email

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Many people know too little on how recognize fraud and dangers, yet. Few people, know the real dangers, risks of malicious software online, or apparently normal web pages or emails.

This fakes scenaries are traps for web users with the purpose to attack their pc machines.

With these system hacker are able to get access to your computer, and take any type of private information you have archived.

Recognize fraud and deception is time consuming and extremely difficult.

Becomes risky have trust of a business vendor, when we don’t have clues to discover these fraud.

For example: Yesterday I received a suspicious piece of email sent by someone here at the3dtechnologies.com.

After an accurate analysis (or at least a really strong gut feeling) I’ve determined it to be totally bogus.  In little words: The email is phishing scams!

Here the email:

Renew Your Account Now !

Dear Advertiser,

This is your official notification from Google AdWords that the service(s) listed below will be deactivated and deleted if not renewed immediately.

As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted.

Renew Now your Google Search Advertising services.

SERVICE: Google Search Advertising
EXPIRATION: Pending

Thank you for using Google AdWords service.
We appreciate your business and the opportunity to serve you.

Google AdWords Service

Please remember to input your AdWords username and password correctly NOT your email and password.

…………………………………….

Why renew my account?

Google AdWords helps you manage your search advertising campaign simply and efficiently. Renew now today to get connected with customers.

Top questions
How long will it take?
This should take you about 10-15 seconds.

What do I need?
You’ll need only your AdWords username and password.

© 2009 Google AdWords

How to Avoid Phishing Scams, Phishing Scams In Plain English

Internet is full of people clever. But even smart people that don’t keep relaxed their guard against scams can be duped sometimes. Recently, I received an e-mail from Paypal. google spam
Image credit: Zero g

I was perplexed by a notice from them, however….

Subject: PayPal Security Advisory

Military Grade Encryption is Only the Start

At PayPal, we want to increase your security and comfort level with every transaction. From our Buyer and Seller Protection Policies to our Verification and Reputation systems, we’ll help to keep you safe. We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive (sic) that your account was hijacked by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you are the rightfull (sic) holder of the account, click on the link below, fill the form and then submit as we try to verify your identity.

==> (URL that looks like it goes to the PayPal Security Center)

If you choose to ignore our request, you leave us no choise (sic) but to temporaly (sic) suspend your account. We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verefy (sic) your account in that time.

Unfortunately, I lowered my guard, and I logged to my account up to be a victim of “phishing”.

Phishing Scams In Plain English

What is phishing? Before you fall in these traps, I urge you to watch this short video Phishing Scams in Plain English, which explains how these scams operate, and help you on how to protect yourself from the scammers.

[HTML1]

This video provides some advices that help you to minimize risk of being scammed. In brief:

  • Choosing company you trust.
  • Don’t worry if you receive a e-mail scam. You have a few risk only when you respond to phishing attempts.
  • If the e-mail message contains a link or a form, then never click it or fill it.
  • Always go directly to the site.
  • Forward the suspicious e-mail to reportfishing@antiphishing.gov or spam@uce.gov.

My story was mundane mistake. The message I received from Paypal was a real spam message, and it was phishing.

Unfortunately, I’d suffered a momentary lapse. Despite my constant vigilance, and my frequent monition to others, I left my guard down, and it’s sufficient to become a victim.

Buy Blog Comments Lets You Increase Your SEO Ranking

I think this is one of the worst ideas I saw. In a era in which safety are critical factor for any business, to help increasing the spam propagation, now there is a new service called “Buy Blog Comments“.

In brief, is a new service that allows to leave comment spam on blogs for those wanting be optimized higher inside Google and other search engine. Has been developed by Jon Waraas a guy that owns a company called developer hut and has launched a blog network called BuzzBums. The company have some people in America and Canada that have the aims to write the comments.

I can not stress how bad of an business idea this is. I’m inclined to believe that ask someone to comment your blog post is poor strategy to increase your SEO ranking. There are other services and tools that do this type of works but BuyBlogComments.Com takes this a step further and is the first of its kind, giving you a complete service to create spam comment to your blog.

How Does It Work?

We have a database of hundreds of thousands of blogs, mostly of dofollow, that we will post your blog comments on when you purchase. When you order our blog comment experts will find blogs related to your niche, they will than read over the blog post and post a comment on the blog post, with your website and url in the commentators field. That way the comments will stick and you will have a quality backlink on a quality website about your niche. We do not use automated spamming in anyway. Once your comments are done you will get a txt file with all the blog posts with your comments. Its that simple. You cant get that from any other backlink building service!

The service offer users a choice between different package: 100 comments for $19.99, 5000 comments for $99.99 and 1000 comments for $199.99. For smaller sites, they usually take about a week to write comments.

Why Would Someone Pay For Fake Comment?

My own experience with spam is negative. I don’t know about you, but I get dozens-if not hundreds-of spam email a day and thanks Askismets as spam blocker, I know who do it. My competence level, and insight may not match the one of the experts, thus I would love to hear your thoughts on this and especially on the legality of this business.



THE3DTECHNOLOGIES

The3dtechnologies.com is an encouraging blog, dedicated to helping people build a business online, creating killer graphics design to increase product page conversions, as learn to save money, as extreme frugal living as well, so you can earn more and save more. I'm glad to have you here!


DOWNLOAD MY FREE EBOOK