Blog Hoax-Slayer

Chinese Earthquake Malware

2008-06-25T08:46:00.002+10:00

Inboxes are currently being inundated by emails that supposedly link to important news about a devastating earthquake that hit China. However, the supposed news is entirely untrue. Clicking the links can open a bogus website that can trick the user into downloading and installing malware.

The malware emails capitalize on the earthquake that recently occurred in China by pretending that another such event has occurred. They also use mounting public excitement about the upcoming Olympic games as a ruse to entice people to click the bogus links. Some of the emails falsely claim that the Games may be canceled or postponed due to the supposed earthquake:
The emails have a number of subject lines and text, including those listed below.

Subject:The capital of China were collapsed by earthquake
Destruction in China continue [MALWARE LINK REMOVED]

Subject:2008 Olympic Games are under the threat
Death toll in China exceeds 1000000 [MALWARE LINK REMOVED]

Subject: Death toll in China is growing
Chinese people are horrified by new earthquake [MALWARE LINK REMOVED]

Subject:Earth tremors in China is going on
Destruction in China continue [MALWARE LINK REMOVED]

There are many other similar emails being distributed. If you receive any unsolicited email claiming to have news about an earthquake in China, do not click on any links or open any attachments that come with the message.

For more information, see:
New spam campaign targets Olympic Games fans

Yet another "Hacker" hoax version

2008-06-23T14:19:00.002+10:00

A series of fake "hacker" alert messages like the one below have been circulating via email and social networking websites such as Facebook. Many versions are virtually identical except for a change in the specified name and/or email address. The information in these warnings is untrue and should be disregarded.

For more information about these hacker hoaxes and a related "virus warning" hoax, refer to the Hoax-Slayer articles listed below:
Simon Ashton Email Hacker Hoax
Bum_tnoo7 Hacker Warning Hoax
MSN Contact List Virus Hoax

Subject: HACKER

If somebody called adam.slaney@ hotmail.co.uk adds you to their facebok account/invites you to be their friend DON'T accept it because it's a hacker. Tell everyone on your list because if somebody on yours adds them, you get them on your list and he'l figure out your ID computer addesss. So copy and paste this message to everyone even if you don't like them and fast..because if he hacks their mail, he hacks yours

US Marine Advance Fee Scam

2008-04-27T10:37:00.011+10:00

A favourite ruse employed by Internet fraudsters is to include a link in their initial scam email that leads to a reputable news website. When a potential victim clicks the link he or she will be taken to a news article that seemingly confirms the claims in the scam email. In this case, the link leads to a 2003 BBC news report about a large stash of money found in Baghdad by the US military. The article notes that several US soldiers were questioned after a portion of the funds was allegedly stolen. The BBC article itself is perfectly legitimate and reports on true events. However, the claims in the scam email are fictitious and have no connection whatsoever with the real incident described. The scammer poses as one of the soldiers questioned over the alleged theft and implies that he is still in possession of these stolen funds. Those who fall for the ruse and reply to the scam email will be promised a large percentage of the money if they are willing to help the "soldier" transfer the funds. However, to complete the "deal" the victim will be asked to provide upfront fees, ostensibly to cover transfer and banking expenses. The victim may also be asked to provide a substantial amount of personal and financial information which may later be used to steal his or her identity.

Don't be fooled by unsolicited emails that promise lucrative deals, even if they contain links to news articles that supposedly relate to the scammers claims. For details about Advance Fee scams, see:

Nigerian Scams - 419 Scam Information

An example of the scam email:

Subject: CONFIRM WHAT I WANT TO SHARE WITH YOU

Attn dear,

Good day to you,I know you would be surprised to read from someone relatively
unknown to you before now. My name is Master Sgt. Edward Ramirez, a soldier in the U.S. Marine, deployed to Iraq in the beginning of the war in 2003. I would like to share some highly personal and classified information with you regarding my personal experience and role which I played in the pursuit of my career serving under the U.S ARMY which was at the fore-front of the war in iraq

However, I would like to hold back certain information for security reasons for now until you have found time to visit the BBC website stated below to enable you have insight regarding what I intend to share with you, believing that it would be of your desired interest in one way or the other. Here is a BBC news listing that confirms what I share with you

http://news.bbc.co.uk/2/hi/middle_east/2988455.stm

I need your assistance to secure a certain deposit of funds which originated from the source mentioned in the webpage above. My proposal is of mutual benefit to us and should be treated as such. I must say that I'm very uncomfortable sending this message to you without knowing truly if you would misconstrue the importance of confidentiality in this regards and decide to go public.If you are interested and willing to assist, please contact me immediately to enable me
provide you with further details.Thank you for your understanding.

Kindest regards,
Master Sgt. Edsummer Ramirez

Beware of Malicious April Fools Emails

2008-04-01T12:16:00.000+10:00

Inboxes are currently being hit by April Fools Day malware emails similar to the following:

Subject: All Fools' Day
Surprise! http:[Link removed]

The messages have a number of subjects, including those listed below:

I am a Fool for your Love
Join the Laugh-A-Lot!
One who is sportively imposed upon by others on the first day of April
Surprise!
Surprise! The joke's on you.
Today's Joke!
Today You Can Officially Act Foolish
Wise Men Have Learned More from Fools
All Fools' Day
April Fools' Day
Doh! All's Fool.
Doh! April's Fool.
Gotcha!
Gotcha! All Fool!
Gotcha! April Fool!
Happy All Fool's Day.
Happy All Fools Day!
Happy All Fools!
Happy April Fool's Day.
Happy April Fools Day!
Happy April Fools!

Clicking the link in these malicious emails can open a seemingly funny webpage that is designed to trick the visitor into downloading and installing a trojan. Be very cautious of clicking links in emails related to April Fools Day.

For more information, see:
April Fools Dorf

Virus in Digital Photo Frames

2008-01-26T16:17:00.000+10:00

Digital photo frames are becoming more popular and make excellent gifts. The frames allow users to transfer digital images from their computers and display them either individually or as dynamic slide shows. Many have other functions as well, including calendars, clocks and video playback.

Recently however, it was discovered that a number of Insignia brand digital frames sold by Best Buy were infected by a computer virus. This presented the possibility that the user's computer could become infected by the virus when the device was plugged into a computer to transfer photos. It seems that some frames somehow became infected with the virus during the manufacturing process.

Insignia recalled the infected frames as soon as it became aware of the problem and has issued a statement about the incident on its website.

Luckily, the virus is an old one and virtually any reliable and up-to-date anti-virus program should be able to deal with it before it causes problems on the user's computer.

So, although it may have affected some users, this cannot be considered a serious problem and is an isolated incident. What it does illustrate, however, is that, when it comes to computer security, we must remain constantly vigilant. Security threats can sometimes originate from the most unlikely of sources.

Valentine Malware Emails

2008-01-24T08:10:00.001+10:00

Criminals are now using love-themed Valentine's Day email's to trick recipients into installing a trojan. The emails contain a short message and link like the one included below:

Subject: Sending You My Love
Hugging My Pillow http://72 .[removed]

The emails have a number of subject lines, including the following:

Magic Power Of Love

A Toast My Love

You're In My Thoughts

Sent with Love

Our Love Will Last

Our Love is Strong

Your Love Has Opened

You're the One

Special Romance

The short message in front of the link also varies.

Clicking the link opens a web page which prompts the user to download what is supposedly a Valentine's Day Greeting Card. However, the download actually installs a variant of the Storm worm.

Be wary of any email message that supposedly leads to an online greeting card. The tactic has been used continually for months and has previously targeted different holidays such as 4th July, Christmas and New Year.

A screen shot of the malware website:

USS New York Launches

2008-01-15T12:38:00.000+10:00

Since mid 2006, a message has been circulating that claims that steel left from the World Trade Center is being used in the construction of new navy assault ship, USS New York. The information in the message is true.

And, according to recent news about the vessel, USS New York has now been launched. The following report from the USS New York website gives details about the launch:

USS New York Update 1/1/2008 HERE SHE COMES !

The future USS NEW YORK LPD-21, (USSNY) the fifth ship of the San Antonio-class of amphibious ships was launched (get wet) on December 19th at Northrop Grumman Ship Systems facility (www.ngc.com) in Avondale, LA. As the USSNY nears 75% completion, final plans are coming together for the Chris-Comm Events. The Christening will be held on the 1st of March. It is a invitation only event, you must contact (www.ss.northropgrumman.com) for invitations if you would like to attend. The ships sponsor, Mrs. Gordon England, wife of Deputy Secretary of Defense Gordon England, (www.defenselink.mil) will break the ceremonial bottle of champagne across her bow and “Christen Thee New York”. Following that the ship will continue through sea trials and final fitting out until the Commissioning in New York City (www.nycvisit.com), Fall 2009. Preparations are underway for these events, which are expected to span an entire week. The Commissioning Committee (www.ussnewyorkcommissioning.com) web site coming in March 2008) comprised of volunteers from a broad spectrum, has the awesome responsibility of raising 1.5 M for these events as well as other USSNY projects. The commissioning is expected to be the memorial event of the century and draw many top political and public figures as well as huge crowds. The USS New York’s importance to this City, State and Nation cannot be underestimated. There is no other ship in world history that will carry the import and prestige that this vessel carries. She will become America’s greatest naval ambassador and will carry our flag to the 4 corners of the world throughout the 21st century.

Many milestones will occur this year like main engine light-offs, powering up on her own diesel generators and completing and testing of the various ships systems. Each system creates its own vibration in the hull that makes the ship feel as if it has come to life. Many sailors will awake when that vibration stops for any reason. It’s as if she was singing you to sleep.

As she awakens… A nation awaits

For more info or to keep up on the USSNY’s news blog
www.ussnewyork.com

Name Dropping Nigerian Scammer

2008-01-15T12:36:00.000+10:00

This bloke is really out to impress me! Rather than just naming a single entity as the one supposedly handing over the millions, he throws several high-profile names into the pot. According to his message (see below), I've been awarded the princely sum of $20 million from – wait for it – the United States Government, the World Bank, the United Nations, and – last but not least – the British Prime Minister. Moreover, the message has been sent by no less than a British Knight in the person of one "Sir Benson Gilbert".

With such powerful entities backing the payment, it must be true right? After all, would a "Sir" lie? But, hold on, why would Sir Benson, being an agent of such a mega-group, use a free Yahoo webmail account for his messages? And why would Citibank use a free Gmail account? Come to think of it, why am I being given 20 million dollars anyway? The message is not too clear on that, for some reason. And Sir B's grammar and spelling seem a little off as well. Does he really want me to "bellow" my details? I'm not sure he'll hear me! Couldn't I just email them? Also, he mentions something about a "wining payment". I wonder if he'd mind if I swapped it for beer instead of wine.

Jokes aside, it hardly needs to be said that this is just one more in the seemingly endless parade of Advance Fee scam emails that darken inboxes the world over. Scams this transparent might seem amusing until you realize that they actually work. New victims fall for scams just like this one every day.

Victims of such scams will be asked to send money, ostensibly to allow the release of the non-existent funds. If they "bellow" enough sensitive personal information, they may also have their identities stolen.

Sir Benson's Message:

From: unitednationremitpayment4@yahoo.com
Subject: PAYMENT NOTIFICATION FOR 2008

CHAIRMAN COMMITTE ON FOREIGN
CONTRACT/AWARD WINING PAYMENT
UNITED NATION AND USA GOVERNMENT.
SIR BENSON GILBERT.

ATTEN: OWNER BENEFICIALRY

U.S.A GOVERNMENT, WORLD BANK, UNITED NATION ORGANIZATION OFFICIAL APPROVAL PAYMENT VALUED $20M

The British Prime Minister in conjunction with U.S.A GOVERNMENT, WORLD BANK, UNITED NATIONORGANIZATION do hereby give this irrevocable approval order with Release Code: GNC/3480/02/00 in your favor for your contract entitlement/award winning payment with the UNITED NATION to your nominated bank account.

Now you're new Payment, United nation Approval No; UN5685P, White House Approved No: WH44CV, Reference No.-35460021, Allocation No: 674632 Password No: 339331, Pin Code No: 55674 and your Certificate of Merit Payment No: 103, Released Code No: 0763; Immediate Citibank Telex confirmation No: -1114433; Secret Code No: XXTN013, Having received these vital payment number, therefore You are qualified now to received and confirm Your payment with the United Nation immediately within the next 72hrs.

As a matter of fact, you are required to Deal and Communicate only with MR ANDREW WOLLEY, DIRECTOR INTERNATIONAL REMMITTANCE CITIBANK OF UNITED KINGDOM, with the help and monitory team from the CITIBANK OF NEW YORK which is our official remitting bank, Committee On Foreign Payment Matters in United Nation, has look up to make sure you receive your money.

SO contact: MR ANDREW WOLLEY on his contact information, Direct Citibank Telephone No +44-700-5966547, Cell/mobile +44-7045772110 or cell/mobile +44-7045772110 Fax Number: +44 870 4861663, Telephone Number: +44-870 4861646, Email:citibank1903@gmail.com

For immediate release of your contract/inheritance/Award Winning claim be informed that you are not allowed to correspond with any person or office anymore, you are required to send bellow information for your transfer.

1) YOUR FULL NAME:
2) ADDRESS, CITY, STATE AND COUNTRY:
3) PERSONAL PHONE, FAX AND MOBILE:
4) COMPANY NAME (IF ANY) POSITION AND ADDRESS:
5) BANK NAME:
6) BANK ADDRESS:
7) ACCOUNT NUMBER:
8) ROUTING NUMBER OR SWIFT CODE NO:
9) PROFESSION, AGE AND MARITAL STATUS:
10) COPY OF YOUR INT'L PASSPORT/DRIVERS LICENSE:

NOTE: YOUR PERSONAL CONTACT/COMMUNICATIONCODE WITH CITIBANK IS (511), YOU ARE ADVICE TO SEND YOU FULL BANKING INFORMATION TO THE CITIBANK OF LONDON INTERNATIONAL REMMITTANCE DIRECTOR HEADED BY MR ANDREW WOLLEY AND MAKE SURE YOU SPEAK WITH HIM, WITH YOUR NEW
PAYMENT CODE FOR RELEASE OF YOUR PAYMENT AND SEND HIM ALL YOUR BANKING INFORMATION NOW. Regard. Senate CONTACT CODE (511) OFFICER: MR ANDREW WOLLEY.

POSITION: DIRECTOR, INTL, AND REMMITTANCE CITIBANK LONDON.
TELEPHONE OFFICE/BANK: 44-700-595644,
FAX NUMBER: +44 870 4861663, +44-870 4861646
CELL/MOBLIE, +44-7045772110or cell/mobile +44-7045772110.
EMAIL: citibank1903@gmail.com.

CHAIRMAN COMMITTE ON FOREIGN CONTRACT/AWARD WINING PAYMENT
UNITED NATION AND USA GOVERNMENT.
SIR BENSON GILBERT

Malware New Year Greeting Emails

2007-12-31T08:25:00.000+10:00

The barrage of bogus greeting card emails that have been hitting inboxes for months has now shifted its theme from Christmas to New Year.

The Happy New Year emails include links that supposedly leads to such items as a "greeting card" or a "2008 song". However, those who click on the link will be taken to a website that tries to entice visitors into downloading a malicious .exe file.

There have already been several different versions of these malware messages and more are likely to follow. Be very cautious of any Happy New Year messages that claim to contain links to greeting cards, songs, or other New Year orientated material

Examples:

A New Year 2008 song

Happy 2008!
[LINK REMOVED]

Happy New Year To (email address removed)

New 2008 Year Greeting Card
[LINK REMOVED]

The Red Rock Hikers Stranger Encounter Video

2007-12-08T07:17:00.000+10:00

A somewhat disturbing YouTube video featuring what seems to be a terrifying, and apparently deadly, encounter between a hiking couple and an alien being is currently generating plenty of speculation, and perhaps a degree of fear, among some Internet users.

Indeed, the first time I viewed the footage, it did raise a few goose bumps!

According to the information that goes with the video, the footage was discovered in a camcorder apparently left at the scene by two missing hikers, Scott Pendleton and Jennifer Fox. The obviously amateurish camera work and seemingly unrehearsed dialog in the video make it seem quite possible that it really is a home movie.

If you haven't already seen this video, can I suggest that you go have a look yourself and see what you think?

Click Here to Watch Video

If you are happy to believe that the encounter featured in the video is genuine, then good luck to you and thanks for stopping by. But if the skeptic in you comes to the fore, you can read my further analysis of the video by scrolling down past the following, scary, but completely unrelated ghost picture:

If you've read this far, you've probably guessed that the video is actually a clever piece of cinema, not genuine footage.

The couple in the "mockumentary" are actors Kyle Rankin and Karen Zumsteg. The short film, called Case Tape 347 was made by New Born Pictures in 2005. The piece is quite reminiscent of the movie, The Blair Witch Project.

And, by the way, if you are curious about the "ghost" in the picture I've used as a spoiler-block above, you can read more about her here:

Sundarbans Ghost Chain Letter

Send Cards to Wounded US Soldiers via Red Cross

2007-12-06T11:10:00.000+10:00

In another article, I discussed an email forward that claimed that people can send Christmas greetings to wounded soldiers by addressing cards to "A Recovering American soldier" care of the Walter Reed Army Medical Center.

This claim is false in that, due to security issues, cards sent to "A Recovering American soldier" or similar will not be accepted by Walter Reed Army Medical Center and no soldiers will receive them.

However, on 5th December 2007, the American Red Cross and Pitney Bowes announced an initiative that allows people to send greeting cards and messages to soldiers via the Red Cross. The following press release provides details of this new initiative:

America's wounded soldiers are always grateful for supportive cards and notes – especially during the holiday season.

This season, communities across America are invited to mail holiday greeting cards along with personal messages of support to wounded service members at military hospitals around the country through a unique partnership between the American Red Cross and Pitney Bowes Inc.

With the support of the Department of Defense, Walter Reed Army Medical Center and with help from Pitney Bowes Government Solutions, the American Red Cross will collect, review and disseminate holiday greeting cards to wounded military personnel. For security reasons, the Red Cross will only be able to accept holiday cards, not packages. Red Cross volunteers will receive and bundle the cards to be shipped by Pitney Bowes Government Solutions. Then, Red Cross volunteers at military medical facilities will distribute the cards to patients and their families in time for the holidays.

"So many Americans want to show their support and gratitude by reaching out to wounded service members at Walter Reed and other medical centers during the holiday season," said Neal Denton, American Red Cross Senior Vice President for Service to the Armed Forces. "With the support of the Department of Defense, Walter Reed leadership and Pitney Bowes, we can bring a little cheer to those soldiers," added Denton.

"It is an honor to provide this small measure of comfort at holiday time to those who have sacrificed so much," said Pitney Bowes President and CEO Murray Martin. "We want to make it as easy as possible for all Americans to show their appreciation to the men and women who serve this nation so proudly and selflessly."

Holiday cards should be addressed to:

We Support You During Your Recovery!

c/o American Red Cross

PO Box 419

Savage, MD 20763-0419

Be sure to affix adequate postage. Cards must be received no later than December 27. Cards received after this date will be returned to sender. Senders are reminded that “care packages” are not part of the program. Cards and notes only – and please refrain from using glitter or any other inserts that would not be appropriate in a hospital environment.

Christmas malware eCard Notifications

2007-12-03T10:58:00.000+10:00

Predictably, criminals have begun using bogus Christmas eCard notification emails to distribute malware. Emails, ostensibly from 123Greetings.com, claim that the recipient has been sent an eCard from a "dear friend". The user is instructed to click a link to view the eCard.

Clicking the link runs an .exe file that displays a Christmas greeting card image on the users's computer. However, it also installs malware that can give the attacker access to the compromised computer. It can also install other malware that can then turn the computer into a zombie that can be used to distribute spam without the knowledge of the user.

As Christmas approaches, other Christmas orientated malware attacks are likely to follow. Be very cautious of any eCard notification emails that you receive.

An example of the malware email:

Dear friend,

A dear friend has sent you an ecard from http://www.123Greetings.com

Your ecard will be available with us for the next 30 days. If you wish
to keep the ecard longer, you may save it on your computer or take a
print.

To view your ecard, CLICK HERE
Your ecard number is
HF11128094935247
Best wishes,
http://www.123Greetings.com

More Information:
Merry Christmas and so on
Backdoor.IRC.Zapchast

Another Grant Scam Email

2007-12-03T10:57:00.000+10:00

In another article, I discussed a scam email that purported to be a grant offer from the Freemasons in the UK. This grant tactic is one that is increasingly be used by scammers. The messages claim that the "lucky" recipient has been awarded a large cash grant or donation to be used as they see fit. They usually name a real organization that does offer grants or donations to make the bogus "offer" seem more legitimate.

Of course, there is no grant and the supposed grant offers do not originate from the organizations named in the messages. Those who fall for this ruse and reply may be tricked into sending money and sensitive personal information to the scammers, ostensibly to allow the non-existent "grant" to be processed. All money sent will be pocketed by the scammers and the personal information may be used to steal the victim's identity.

Be very cautious of any message that claims that you have been awarded a grant that you never even applied for. Legitimate organizations DO NOT award grants out of the blue to individuals for their own personal use.

The version of the scam included below claims that the recipient has been awarded a grant of $1,350,000.00 from Fondation De France(FDF):

Subject: FDF GRANT AWARD
THE FOUNDATION DE FRANCE(FDF)
http://www.fdf.org

The Fondation De France(FDF) would like to notify you that you have been chosen by the board of trustees as one of the final recipients of a cash Grant/Donation for your own personal, educational, and business development.

The FDF, established 1977 by the Multi-Million groups and now supported by the Economic Community for West African States (ECOWAS), United Nations Organization (UNO) and the European Union (EU) was conceived with the objective of human growth, educational, and community development.

In conjunction with the ECOWAS, UNO and the EU, We are giving out a yearly donation of US$1,350,000.00 (One Million, Three Hundred And Fifty Thousand United States Dollars)each to 100 lucky recipients.These specific Donations/Grants will be awarded to 100 lucky international recipients worldwide; in different categories for their personal business development and enhancement of their educational plans. This is a yearly program, which is a measure of universal development strategy.

You are required to contact the Executive Secretary below, for qualification documentation and processing of your claims. After contacting our office,you will be given your donation pin number, which you will use in collecting the funds. Please endeavor to quote your Qualification numbers (FDF-444-6647-9163)in all discussions. You are also required to contact the executive sec. with the following requirements

DONATION REQURIEMENTS:

1. Full names:
2. Residential address:
3. Phone number:
4. Fax number:
5. Occupation:
6. Sex:
7. Age:
8. Nationality:
9. Present Country:
10.Next of kin name/address

Executive Sec. Mr. Arthur Dion
Email: contact_arthur_dion@yahoo.fr

You are by all means hereby advised to keep this whole information confidential until you have been able to collect your donation, as there have been many cases of double and unqualified claim, due to beneficiaries informing third parties about his/her donation.

Regards.
Mrs. Maria Riccardo
(Foundation officer)

PayPal Phishing Scams Continue

2007-11-15T08:11:00.000+10:00

Online payment company, PayPal is almost continually targeted by phishing scammers. Usually, the scammers send out emails that try to trick recipients into following a link to update their PayPal account details. The emails may look quite legitimate and include PayPal logos and formatting.

Many of the scam emails claim that the recipient's PayPal account access will be restricted unless he or she updates account details. Those who fall for the ruse and click on the included link will be taken to a bogus login page that closely resembles a genuine PayPal web page. The unwitting victim may enter login details and other personal information such as credit card numbers on the bogus website. Scammers will then be able to collect all of this submitted information and use it for fraudulent activities.

PayPal has extensive information about phishing scams on its website.

See also:
Phishing Scams - Anti-Phishing Information

A typical example of a PayPal phishing scam email:

Dear PayPal Member,

This e-mail was sent to you because we have detected an error in your billing information on file with Paypal during our regular schedule account maintenance and verification. This might be due to either following reasons:

A recent change in your personal information (i.e. change
of address).
Submitting invalid information during the initial sign up
process.
An inability to accurately verify your selected option of
payment due
an internal error with our processors.

Click or copy into your browser the link below and confirm your Paypal account information, otherwise your Paypal account access will become restricted:

[Link to bogus website removed]

Thank you for your patience as we work together to protect your
account

Sincerely,

--------------------------------------------------------

PayPal, Security Advisor. Please do not reply to this e-mail.
Mail sent to this address cannot be answered.

2007 Paypal Corporation. All rights reserved.

PayPal Email ID PP562

Lottery Scams - Short Version

2007-11-13T11:26:00.001+10:00

Of late, I've been receiving a number of quite primitive lottery scam emails like the example I have included below. Scammers usually go to at least some effort to make their bogus "winning notification" emails seem legitimate. In fact, some lottery scam emails are quite sophisticated and even include official looking graphics and formatting.

However, these "quick and dirty" versions are so amateurish it is hard to see how even the most gullible recipient would fall for them. With such poor grammar and formatting, the messages barely make sense.

Perhaps this particular scammer is new at the game, or just plain lazy.

That said, some naive recipients might just be curious enough to reply to the message asking for more information. Of course, once contact has been made, the scammer may be able to convince his victim to send upfront fees, ostensibly to allow the release of the non-existent prize money. Or he may gradually collect enough information to steal his victim's identity.

Sadly, the criminal would only need to con one or two victims to make this primitive scam attempt pay off handsomely.

For details about lottery scams, see:
Email Lottery Scams - International Lottery Scam Information

An example of one of the scam messages:

This is to inform you that your email ID with your email Do email us for Clarification and Claim of your $2,000,000.00 dollars won in the lottery Award, kindly Contact on this email
addres: payagency4@netscape.net ,Mr,cole van Hans

win 106, lucky no,f3-11234p, tic no,L-44s209m, Ref no,L413979,
Tell: 0031-61-11-464- 78, Regard,mrs versloot,PRO CO-ORDINATOR
payagency4@netscape.net ,Tele: 0031-61-11-464-78

The Legendary Ekranoplan

2007-11-08T18:24:00.001+10:00

Stories about a supposedly secret Russian craft called an "ekranoplan" are regularly featured on websites, blogs and online forums. Information about the craft also circulate via email, often with the following image attached:

The strange-looking craft might seem like something from science fiction, but ekranoplans are real and the photograph is genuine. Although they may resemble aircraft, ekranoplans are in fact ground-effect vehicles that fly a few feet above any flat surface. Very basically, air compressed under a wing moving near the surface provides lift to the craft.

The ekranoplan in the photograph is a Soviet vehicle seen on the Caspian Sea during the 1960's. An article about the craft on The Register notes:

During the mid-1960s chilly height of the Cold War, US photo reconnaisance spotted a strange apparition on the shores of the Caspian Sea - a gigantic 100m-long aircraft with inexplicably truncated square wings. US Intelligence dubbed the beast the "Caspian Sea Monster", unaware that the Russians were developing not, as they thought, an enormous conventional seaplane, but rather a 550-ton water-hugging behemoth designed to use the ground effect to skim the ocean at high speed, undetected by radar.

The Russians are not the only ones to built such craft. Others have continued to develop them to this day.

For an in depth analysis and history of ekranoplans, see:
In search of the Caspian Sea Monster

Other ekranoplan resources:
Wikipedia: Ekranoplan
YouTube video of an Ekranoplan

The Amazing "Rock House"

2007-11-07T16:27:00.000+10:00

An email forward is currently circulating that contains an image apparently depicting an amazing house perched atop a towering offshore rock outcrop. A number of people have contacted me to ask if the image shows a real place.

Not surprisingly, the answer to that question is "no". The image is a Photoshop creation rather than a genuine photograph of a real house. It is an entry in the Bizarrchitecture 3 Photoshop contest conducted by Worth1000. The entry was created by Norrit and is titled Bond Mansion.

The image also circulates as part of a larger collection of pictures apparently depicting houses in weird places.

An example of the message:

Subject: The Amazing, "ROCK HOUSE"

Dancing Skeleton Malware eCard

2007-11-01T08:20:00.000+10:00

After months of widespread publicity about bogus eCard notification emails that point to malware websites, Internet users are hopefully becoming more aware of the potential security risks.

However, at Halloween, people expect to get Halloween related eCards. Cyberscum have capitalized on this by bombarding inboxes with eCard emails that promise "just a little Halloween fun" for those who click an included link.

Clicking the link brings up a Halloween themed web page that contains malicious javascript code that tries to download malware. The page urges the visitor to click another link to download a dancing skeleton. However, the "dancing skeleton" is a .exe file that can install still more malware on the victim's computer.

An example of the malware email:

Subject: Watch him dance

Just a little Halloween fun.[Link Removed]

Malicious PDF Email Attachments

2007-10-31T07:46:00.000+10:00

Many inboxes, including my own, have been hit with emails that carry a malicious PDF attachment. The attachments carry a PDF file expolit that can download a malicious .exe file to the compromised computer. This .exe file can in turn download other malware files.

The site hosting the malware files has now been taken down. However, users should be very cautious of opening unsolicited PDF attachments (or any unsolicited attachments, for that matter).

Users should also update their installations of Adobe Reader as soon as possible.

The email arrive with a variety of subject lines including:
* Balance Report
* Your balance report
* Personal Balance Report
* Your credit points
* Your credit report
* Your Credit File
* Personal Financial Statement
* Personal Credit Points

More Information:
Attack of the PDFs
Exploit:W32/AdobeReader.K

An example:

Subject: Balance Report
Please review your Balance report.

Attachment name:
report.2007......pdf

Pet Adoption Scam

2007-10-16T13:50:00.001+10:00

Those clever little scammers are constantly coming up with new ways to separate the gullible from their hard-earned dollars.

In the example discussed here, the scammer poses as an evangelist who needs to give away his beloved puppies because he has been transferred to the UK on a mission.

Thus, claims the message, he is looking for a "God-fearing" person to adopt the pups for free.

Of course, anybody foolish enough to express interest in the giveaway would become a prime target for identity theft and might also be tricked into sending money to the scammer.

Most likely, the scammer would request a goodly amount of personal information, ostensibly to check that the applicant could provide a suitable home for the animals. Over time, the scammer may well gain enough personal information to allow him to steal his victim's identity. The scammer would also be likely to invent a series of excuses, such as unexpected vet bills, transport fees or quarantine expenses, as to why the victim needed to send money to ensure delivery of the pups.

It hardly needs to be said that puppies described are nothing more than figments of this slimly scammer's imagination.

An example of the email:

MY NAMES ARE EVANGELIST JOHN LARRY FROM THE DENVER SEMINARY IN THE UNITED STATES. I AND MY DARLING WIFE WERE RECENTLY TRANSFERRED ON A HUMANITARIAN MISSION TO THE UNITED KINGDOM AND WE CAME ALONG WITH OUR BEAUTIFUL PUPPIES WHICH INCLUDES THE YORKIE, ENGLISH BULLDOG AND MALTESE BREED.CONTRARY TO WHAT WE EXPECTED,WE NOTICED THAT THE WEATHER OVER THERE IS TOO HARSE FOR THE PUPPIES.

DUE TO THIS SITUATION COUPLED WITH OUR NEW BUSY ASSIGNMENT,AND WE HAVE NOT BEEN ABLE TO TAKE GOOD CARE OF THEM THE WAY WE USED TO WHEN WE WERE IN THE UNITED STATES,THEREFORE, WE NEED A GOD FEARING PERSON TO ADOPT ONE OR MORE OF OUR BABIES BACK HOME TO THE UNITED STATES WHERE THEY WILL BE GIVEN LOTS OF TLC(TENDER LOVING CARE).THE PERSON WILL ADOPT OUR PUPS FOR FREE BUT WILL ONLY PAY FOR SHIPPING COST TO HIS NEAREST AIRPORT. WE ARE NOT AFTER MONEY BUT ARE VERY CONCERNED ABOUT THE PETS' WELFARE AND HEALTH CONDITIONS,THAT IS WHY WE ARE GIVING THEM AWAY FOR FREE.

IF YOU FEEL YOU ARE QUALIFIED TO DO THIS AND YOU HAVE A CLEAN AND COMFORTABLE HOME FOR THEM, THEN SEND A RESPONSE TO GOODS_WAREHOUSE2000@YAHOO.COM AND WE WILL EMAIL YOU PICTURES AND MORE INFORMATION ON THE PETS, NOTE THAT ALL THE PETS ARE VERY HEALTHY AND VET CHECKED.

I HOPE TO READ FROM YOU.
REGARDS,
EVANGELIST JOHN LARRY.
Phone : Removed
UNITED KINGDOM.

Online Safety Lesson for Shannon

2007-10-16T13:48:00.000+10:00

An email that outlines the dangers of cyberstalking for children has now been circulating for a number of years. The message tells the story of young Shannon, who inadvertently reveals a dangerous amount of personal information about herself while chatting online with "GoTo123", a person she believes is a teenager from another state. "GoTo123" is able to collect enough information to locate Shannon and follow her home. Luckily, "GoTo123" turns out to be a police officer who uses this frightening turn of events as a means of teaching young Shannon a valuable lesson.

The scenario outlined in this email certainly illustrates how vulnerable youngsters can be to online predators. However, it should be noted that the story does not describe a real event and was never intended to do so.

In fact, the article was written some years ago by two concerned Christians as a way of illustrating the potential dangers of online communication for young people. On the web page where the original article was published, the authors explained:

The story you just read was not true. Yet it could have happened; it was based on true information given out to me by kids on line. It could easily happen to the teens that chat so freely with strangers. While it is not meant to frighten you, it is a lesson in being safe.This message is for boys as well as girls. They have been victims of predators on line too.

An example of the message:

MYSPACE: A Must Read for All

EVERYONE NEEDS TO READ ALL OF THIS and HAVE CHILDREN READ IT TOO!

After tossing her books on the sofa, she decided to grab a snack and get on-line. She logged on under her screen name ByAngel213. She checked her Buddy List and saw GoTo123 was on. She sent him an instant message:

ByAngel213:
Hi. I'm glad you are on! I thought someone was following me home today. It was really weird!

GoTo123:
LOL You watch too much TV. Why would someone be following you?
Don't you live in a safe neighborhood?

ByAngel213:
Of course I do. LOL I guess it was my imagination cuz' I didn't see anybody when I looked out.

GoTo123:
Unless you gave your name out on-line. You haven't done that have you?

ByAngel213:
Of course not. I'm not stupid you know.

GoTo123:
Did you have a softball game after school today?

ByAngel213:
Yes and we won!!

GoTo123:
That's great! Who did you play?

ByAngel213:
We played the Hornets. LOL. Their uniforms are so gross! They look like bees. LOL

GoTo123:
What is your team called?

ByAngel213:
We are the Canton Cats. We have tiger paws on our uniforms. They are really cool.

GoTo1 23:
Did you pitch?

ByAngel213:
No I play second base. I got to go. My homework has to be done before my parents get home. I don't want them mad at me. Bye!

GoTo123:
Catch you later. Bye

Meanwhile.......GoTo123 went to the member menu and began to search for her profile. When it came up, he highlighted it and printed it out. He took out a pen and began to write down what he knew about Angel so far.

Her name: Shannon
Birthday: Jan. 3, 1985
Age: 13
State where she lived: North Carolina

Hobbies: softball, chorus, skating and going to the mall. Besides this information, he knew she lived in Canton because she had just told him. He knew she stayed by herself until 6:30 p.m. every afternoon until her parents came home from work. He knew she played softball on Thursday afternoons on the school team, and the team was named the Canton Cats. Her favorite number 7 was printed on her jersey. He knew she was in the eighth grade at the Canton Junior High School . She had told him all this in the conversations they had on- line. He had enough information to find her now.

Shannon didn't tell her parents about the incident on the way home from the ballpark that day. She didn't want them to make a scene and stop her from walking home from the softball games. Parents were always overreacting and hers were the worst. It made her wish she was not an only child. Maybe if she had brothers and sisters, her parents wouldn't be so overprotective.

By Thursday, Shannon had forgotten about the footsteps following her.

Her game was in full swing when suddenly she felt someone staring at her. It was then that the memory came back. She glanced up from her second base position to see a man watching her closely.

He was leaning against the fence behind first base and he smiled when she looked at him. He didn't look scary and she quickly dismissed the sudden fear she had felt.

After the game, he sat on a bleacher while she talked to the coach. She noticed his smile once again as she walked past him. He nodded and she smiled back. He noticed her name on the back of her shirt. He knew he had found her.

Quietly, he walked a safe distance behind her. It was only a few blocks to Shannon 's home, and once he saw where she lived he quickly returned to the park to get his car.

Now he had to wait. He decided to get a bite to eat until the time came to go to Shannon 's house. He drove to a fast food restaurant and sat there until time to make his move.

Shannon was in her room later that evening when she heard voices in the living room.

"Shannon, come here," her father called. He sounded upset and she couldn't imagine why. She went into the room to see the man from the ballpark sitting on the sofa.

"Sit down," her father began, "this man has just told us a most interesting story about you."

Shannon sat back. How could he tell her parents anything? She had never seen him before today!

"Do you know who I am, Shannon ?" the man asked.

"No," Shannon answered.

"I am a police officer and your online friend, GoTo123."

Shannon was stunned. "That's impossible! GoTo is a kid my age! He's 14. And he lives in Michigan !"

The man smiled. "I know I told you all that, but it wasn't true. You see, Shannon , there are people on-line who pretend to be kids; I was one of them. But while others do it to injure kids and hurt them, I belong to a group of parents who do it to protect kids from predators. I came here to find you to teach you how dangerous it is to talk to people on-line. You told me enough about yourself to make it easy for me to find you. You named the school you went to, the name of your ball team and the position you played. The number and name on your jersey just made finding you a breeze."

Shannon was stunned. "You mean you don't live in Michigan ?"

He laughed. "No, I live in Raleigh . It made you feel safe to think I was so far away, didn't it?"

She nodded.

"I had a friend whose daughter was like you. Only she wasn't as lucky. The guy found her and murdered her while she was home alone. Kids are taught not to tell anyone when they are alone, yet they do it all the time on-line. The wrong people trick you into giving out information a little here and there on-line. Before you know it, you have told them enough for them to find you without even realizing you have done it. I hope you've learned a lesson from this and won't do it again. Tell others about this so they will be safe too?"

"It's a promise!"

The Direct Approach

2007-10-05T14:54:00.001+10:00

When corresponding with potential victims, scammers often go to great lengths to disguise their real motive - that is, separating the gullible from their money.

Sometimes, however, they apparently opt for the direct approach and just come right out and ask the recipients of their messages to send money. In the example shown below, the scammer claims that he is stuck in Nigeria under difficult circumstances after losing his money and travel papers. He asks if the recipient can "lend" him some money so that he can return home. He promises to pay the money back on his return. It hardly needs to be said that anyone foolish enough to send money will never see a cent of it again.

It seems incredible that anybody would actually fall for such a transparent scam attempt. However, people all over the world still fall for Nigerian and Lottery scams every day. And there are bound to be at least a few kind-hearted but gullible individuals who will become victims of even direct, "send me money" style scams like the one below.

After all, the scammer responsible probably distributed many thousands of identical copies of the message to all corners of the planet. If only one out of all those thousands of recipients was fooled into sending money, then the exercise would have been worthwhile for the scammer. His overheads are likely to be quite minimal, so netting even one victim will give the scammer his undeserved payday.

An example:

How are you doing today? I am sorry i didn't inform you about my traveling to Africa for a program called "Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education, the program is taking place in three major countries in Africa which is Ghana, South Africa and Nigeria. It as been a very sad and bad moment for me, the present condition that i found myself is very hard for me to explain.

I am really stranded in Nigeria because I forgot my little bag in the Taxi where my money, passport, documents and other valuable things were kept on my way to the Hotel am staying, I am facing a hard time here because i have no money on me. I am now owning a hotel bill of $ 1550 and they wanted me to pay the bill soon else they will have to seize my bag and hand me over to the Hotel Management., I need this help from you urgently to help me back home, I need you to help me with the hotel bill and i will also need $1600 to feed and help myself back home so please can you help me with a sum of $3500 to sort out my problems here? I need this help so much and on time because i am in a terrible and tight situation here, I don't even have money to feed myself for a day which means i had been starving so please understand how urgent i needed your help.

I am sending you this e-mail from the city Library and I only have 30 min, I will appreciate what so ever you can afford to send me for now and I promise to pay back your money as soon as i return home so please let me know on time so that i can forward you the details you need to transfer the money through Money Gram or Western Union.

Joseph Gerada

Security Tip: Change Passwords Often

2007-09-25T16:35:00.001+10:00

It is a good idea to get into the habit of changing the passwords you use online on a regular basis. This is especially true with regard to important passwords such as those you use for Internet banking, webmail, and other sensitive services.

Changing passwords can help you keep one step ahead of hackers and general snoops who want to poke their noses into your personal affairs. Most online services will let you change your password very easily, usually by logging in with your old password and supplying a new one.

This simple security procedure is often neglected, largely because it can be something of a hassle. Changing the password itself is usually quick and simple, but of course, then you have to go to the trouble of memorizing your new password.

A simple way around this problem is to devise a set of secret password-changing rules that only you know about. For example, you could keep a base string of characters in your password and only change the characters at the beginning. And you could pr

Save Embarrassment - Check Publication Dates

2007-09-25T16:25:00.000+10:00

Every August since 2004 I have received messages from irate site visitors who accuse me of being totally wrong in denouncing the Mars Close To Earth email forward as a hoax.

This email forward, which begins circulating anew during July and August every year, claims that Mars will be the closest to Earth in recorded history during August. This was true in 2003, but has not been true for any year since.

These visitors rather belligerently claim that they have seen evidence from a very credible source, namely the BBC, which proves that the information in the email forward is in fact true. They berate me for my lack of research and claim that my article could cause many people to miss out on this “once in a lifetime” event. However, when I gently point out that their conclusions are based on a simple error on their part, their belligerence is rapidly replaced with embarrassment.

The "proof" they speak of are BBC articles about the, factual, 2003 close encounter with Mars. These old articles are apt to come up high in the search results for people who are looking to verify information in the email forward. At face value, these articles seem to completely confirm the claims in the email forward. However, many people apparently forget to look at the DATE the articles were last updated – in this case, August 2003.

Of course, once the reader notices this date, it becomes clear that articles like mine dismissing post 2003 versions of the email forward as inaccurate and hopelessly outdated don’t miss the mark after all.

News articles have been available on the Internet for a long time now, and there is a vast and growing repository of archived news information available. But, before you use an online news article to back up a point of view or verify a piece of information that has come your way, it is important to check the date that the article was published. Although it may have been true at the time of publication, information in an outdated article may have no relevance to current events whatsoever and may cause unnecessary confusion when used out of its original time frame.

The "published" or "last updated" date is usually included at the top or bottom of online news articles and should not be difficult to locate.

Malware Campaign Changes Again

2007-09-11T13:42:00.000+10:00

The ongoing malware distribution campaign that began with bogus eCard notification emails has again changed direction. The latest malware emails claim to offer information about the National Football League (NFL). Like their predecessors, links in the messages lead to a website that can download malware components to the user's computer.

An example of one of the malware emails:

Get Your Free NFL Game Tracker
Football......Need we say more?
We can keep you on top of every single game this season.
Have all the details for every game with our free game tracking system:
[LINK REMOVED]

More information:
NFL Kickoff weekend and another Dorf malware campaign