Cyberphunkz Tech Blog » scams

ADVISORY: Scam Application on Facebook

Freak — Sat, 30 Jan 2010 12:07:29 +0000

There is a new facebook application doing the rounds by the name of Photas, it will say that a frnd of urs commented on a photo of you, and when u try to check the photo, it will take u to this page: http://www.facebook.com/apps/application.php?id=448829670716 , goign there will send this trojan to all your friends and thus spread exponentially.
Do not fall for this.

In General, dont take everything for granted on sites like facebook etc, look before you add apps, u may never know what you might give away.

Forward this to your friends so that they also dont fall for this.

Fake job offer emails smart, specific and almost real

Freak — Fri, 04 Sep 2009 20:02:25 +0000

By: Shashank Shekhar

Mid Day, Delhi

2009-08-20

Online job frauds just got bigger, smarter and more authentic.

A new batch of fake job offer letter emails specifically targets young IT professionals, and is being circulated by scamsters posing as HCL and Wipro employees.

The emails, promising job-seekers interview calls from these two IT giants, carry seemingly authentic employee codes, hologram of the companies and even the designation of the persons who have sent the letters.

The mails direct interested employees to deposit a nominal fee as ‘refundable interview security’ in a specific bank and also include the account number to make it look real.

Be warned: The advisory against fake job offers posted by HCL on its website.

Mail order

The email being circulated offering jobs at HCL, a copy of which is with MiD DAY, comes with the subject: “HCL Direct Recruitments Offer.” It reads, “The company has selected 32 candidates’ list for IT, Administration and Production departments, as well as is offering you to join as an executive/manager post in respective department.”

The email carries the contact details of two people K Rangnathan and Vikas Mehta who mention the mail is ‘confidential’ and is being sent to ‘candidates chosen from a well-known job portal’. The mail also mentions the two are part of the ‘HCL Human Resource Department’ and includes an employee code ID-11538 as well. “We are sending this mail on behalf of the IT company,” the letter adds.

The email asks professionals to deposit Rs 5,250 (in cash) as ‘refundable security’ in favour of the company’s senior Human Resource Department official Ajay Kumar Jha at any branch of the Punjab National Bank. The account number mentioned is 7200002466100.

It instructs job seekers to inform the department about the payment made by writing in at hcl.appointment@dr.com

The mail says after the fee has been deposited, the applicant will receive an offer letter with air tickets for the final interview at the HCL headquarters in Noida on August 24.

The alleged mail from Wipro says, “Wipro has 45 job vacancies in its facilities in Delhi, Bangalore, Noida and Pune.” This mail too includes similar cash deposit instructions. It also promises to repay expenditures the candidate incurs during the direct interview with company officials.

Almost real

Cyber security experts are alarmed at this smart duplicity. They point out that fraudsters have created a database and are selectively targeting a specific audience, in this case, software engineers.

“Scamsters are cashing in on the economic slowdown. But they have become smarter. These mails are so authentic it is hard to make out they are fake.”

Worried firms

While the emails fool youngsters, the companies being framed are worried as well. The two IT firms have strongly condemned the mails. A senior HR official from HCL confirmed they have received complaints and queries about fake job offers. “Criminals are tarnishing our image even though the company has no role in it. We welcome people to approach us to complain against such nuisances. We take such matters very seriously and are working with the police to curb such malpractices,” said the official.

A vice-president of Wipro’s Talent Acquisition department, said, “Wipro advertises job openings on its career website, on registered job portals, staffing partners and through media advertisements.

The advertisements carry the Wipro logo and the Wipro email ID.”

Even HCL has posted an advisory warning against fake job offers on its official website. The advisory says, “It has been found that unscrupulous individuals/ placement agencies have been enticing candidates with job opportunity at HCL. HCL wishes to state that the company has never charged money for recruiting candidate nor does the company have authorised agency or firm for recruiting candidate.”

How to Avoid Becoming a Victim of a Phishing Scam

Freak — Fri, 27 Mar 2009 14:15:30 +0000

If you receive any unsolicited email from a bank or other institution that asks you to click an included hyperlink and provide sensitive personal information, then you should view the message with the utmost suspicion. If you have any doubts at all about the veracity of the email, contact the institution directly to check.
Never click on a link in an email in order to access the website of a bank or other institutions that may be the target of scammers. The safest method is to manually enter the URL of the institution’s website into your browser’s address bar.
If you supply sensitive information on a website, always ensure that the site is secure. The address of the page should start with “https://” not just “http://” and the Lock icon should be displayed in the browser’s status bar. If these indicators are not present, it means that the site is not secure and information you enter on the site is not protected. Fraudulent web forms related to phishing scams are often non-secure sites. Please note, however, that even an apparently secure site may be fraudulent. The fact that a site appears to be secure is not by itself a guarantee that the site is legitimate. However, legitimate sites that require users to supply personal information will always be secure.
Use firewall, anti-virus and anti-spyware software to protect your computer system. Some phishing scam emails may carry trojans or other malware that may compromise your system.
Ensure that your browser, system software and other applications have the latest security updates available. This will reduce the risk of scammers accessing your system via unpatched software vulnerabilities.

Common Characteristics of Phishing Scam Emails

Freak — Fri, 27 Mar 2009 14:14:44 +0000

Unsolicited requests for sensitive information
The entire purpose of a typical phishing scam email is to get the recipient to provide personal information. If you receive any unsolicited email ostensibly from a bank or other institution that asks you to click a link and provide sensitive personal information, then you should view the message with the utmost suspicion. It is highly unlikely that a legitimate institution would request sensitive information in such a way.
Content appears genuine
Phishing scam emails are created to give the illusion that they have been sent by a legitimate institution. The email may arrive in HTML format and include logos, styling, contact and copyright information virtually identical to those used by the targeted institution. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the institution’s genuine website. However, one or more of the hyperlinks featured in the body of the email will point to the fraudulent website.
Disguised hyperlinks and sender address
Links in phishing scam emails are often disguised to make it appear that they lead to the genuine institution site. The sender address of the email may also be disguised in such a way that it appears to have originated from the targeted company.
Email consists of a clickable image
Some phishing scam emails may arrive as a clickable image file. That is, the entire email consists of an image that contains the fraudulent request for information. These are a particularly dangerous type because clicking anywhere within the email will cause the bogus website to open.
Generic Greetings
Because they are sent in bulk to many recipients, scam emails use generic greetings such as “Dear account holder” or “Dear [targeted institution] customer”. If an institution needed to contact a customer about some aspect of his or her account, the contact email would most likely address the customer by name.
Use various ruses to entice recipients to click
Phishing scam emails use a variety of ruses to explain why it is necessary for recipients to provide the requested information. Often, the messages imply that urgent action on the part of the recipient is required. Some of the most common ruses are listed below. The scam emails may claim that:
- The customer’s account details need to be updated due to a software or security upgrade.
- The customer’s account may be terminated if account details are not provided within a specified time frame.
- Suspect or fraudulent activity involving the user’s account has been detected and the user must therefore provide information urgently.
- Routine or random security procedures require that the user verify his or her account by providing the requested information.

How Phishing Scams Work

Freak — Fri, 27 Mar 2009 14:13:13 +0000

Phishing scams attempt to trick people into providing sensitive personal information such as credit card or banking details. In order to carry out this trick, the phishing scammers send a fraudulent email disguised as an official request for information from the targeted company. Generally, they also create a look-a-like website that is designed to closely resemble the target company’s official site. The fake website may appear almost identical to the official site. Style, logos, images, navigation menus and other structural components may look the same as they do on the genuine website.

Recipients of the scam email are requested to click on an included hyperlink. Once at this fake website, the user may be presented with a web form that requests private information such as credit card and banking details, and other account data such as a home address and phone number. Often, the visitor is requested to login using his or her username and password. All information entered into this fake website, including login details, can subsequently be collected and used at will by the criminals operating the scam.

A variation of the scam involves using an embedded form within the bogus email itself. Victims are instructed to enter details such as a password and bank account number into the form provided and return the email to the sender. Another variation attempts to trick recipients into installing a trojan on their computer, either by opening an email attachment or downloading the trojan from a website. The scammers can then use the trojan to collect information from the infected computer. The scam emails are randomly mass-mailed to many thousands of Internet users in the hope of netting just a small number of victims. The majority of people who receive these scam emails will probably not even be customers of the targeted institution. However, the scammers rely on the statistical probability that at least a few recipients will:

1. Have accounts with the targeted institution.
2. Will be unaware of such scams and believe the email to be a legitimate request.

The scam can prove to be a lucrative exercise for the scammers even if only a very small percentage of recipients ultimately become victims.