Cesar Ortiz Information Security Blog

The Role of AI in Detecting and Preventing Internet Fraud

noreply@blogger.com (Cesar Ortiz) — Sun, 30 Jun 2024 19:29:00 +0000

By Cesar Ortiz

June 30 2024

Title: The Role of AI in Detecting and Preventing Internet Fraud

In the digital era, technology has transformed the way we live, work, and communicate. However, as advancements in technology continue to grow, so does the risk of internet fraud. As more transactions and interactions occur online, criminals are finding new ways to exploit these systems for their gain. This is where artificial intelligence (AI) steps in to play a crucial role in detecting and preventing fraudulent internet usage.

AI technologies have revolutionized the field of cybersecurity by providing powerful tools that can analyze vast amounts of data in real-time. This capability enables AI systems to identify patterns and anomalies that may indicate fraudulent activities. By using machine learning algorithms, AI applications can learn from past incidents and continuously improve their ability to detect suspicious behavior.

One common use of AI in combating internet fraud is through the use of anomaly detection algorithms. These algorithms can monitor user behavior, transaction patterns, network traffic, and other data points to identify deviations from normal activity. For example, if an AI system detects a sudden spike in transactions from a specific account or location that is inconsistent with previous behavior, it can raise an alert for further investigation.

Furthermore, AI-powered fraud detection systems can also help prevent unauthorized access by implementing advanced authentication methods such as biometric recognition or behavioral analysis. These additional layers of security make it more difficult for cybercriminals to gain access to sensitive information or conduct fraudulent activities.

Additionally, AI can be used to analyze text-based data such as emails or chat messages to detect phishing attempts or social engineering schemes. By scanning for specific keywords or linguistic patterns commonly used in fraudulent communications, AI systems can identify potential threats before they cause harm.

Overall, the use of AI for combating internet fraud is essential in today's digital landscape. By leveraging advanced technologies like machine learning and anomaly detection algorithms, organizations can enhance their cybersecurity defenses and protect their assets from malicious actors. As cyber threats continue to evolve, AI will play an increasingly critical role in securing our online environment and ensuring a safe digital future.

In conclusion, while internet fraud poses a significant challenge in today's interconnected world, AI provides innovative solutions that empower organizations to stay ahead of cyber threats. By harnessing the power of artificial intelligence for fraud detection and prevention efforts, we can create a more secure online ecosystem for all users.

References:

1. https://www.ibm.com/cloud/learn/anomaly-detection-ai

2. https://www.mckinsey.com/business-functions/risk/our-insights/global-threats-to-global-threat-detection

3. https://www.forbes.com/sites/forbestechcouncil/2020/07/10/how-ai-can-help-combat-cybersecurity-breaches-in-the-age-of-covid-19/?sh=494969623427

4. Created using Chat GPT

Smartphones with GPS can tag your pictures with the exact PIC location

noreply@blogger.com (Cesar Ortiz) — Sun, 09 Jan 2022 04:30:00 +0000

Article Re Published By Popular Demand

Originally Published January 20 2012 in Yahoo News

Author's comment:

Due to recent 2021 court cases, both criminal and civil, this subject is more relevant than ever. Follow the instructions given in the article and you will be able to edit the picture metadata. I just checked the Exif Tag Remover link in the article and is alive and working, January 2022.

By Cesar Ortiz

Smartphones GPS chips can tag your shared pictures with the precise location where your picture was taken. Most of the features comes as default "active" on smartphpones and digital cameras. This also applies to pictures taken with modern digital cameras who have GPS features built in. On older digital cameras, geotagging, as it is called, is also used but will provide mostly details of the camera who took the picture, information about the picture name assigned in your PC and date and time the photo was taken. Do you want to share that information with others? If not, use one of the free geotagg or metadata viewing software available to see what your camera is tagging in hidden form., I use the one from "Jeffrey's".

If you don't like the hidden information in the picture, remove the metadata or geotagg function from your digital stand alone camera by checking your user manual or vendor.On digital photos already taken, you can edit your picture using a Windows or Mac built in photo editor and remove the metada by hand or buy any of the many #metadata removing tools available in the web. I use the EXIF Tag Remover Free Trial, if you decide to buy is $19.95. Your pretty picture taken in your home and posted in Twitter, Facebook and other social media may be telling the world where do you exactly live. Always assume that a picture you are "sharing" with friends can be intercepted and compromised by posting it somewhere by your friend.

Sadly, there are bad people that look for that type of information. If you comment the photo with "I will be away for such and such days" you are providing an invitation for a burglary. Please notice that disabling Location Services will affect any application that uses GPS. Personally, I don't disable the "Location" option in my devices, I just edit the pictures taken and remove the Geotagg info inserted by Location Services. To remove the geotagging option or function, (to prevent the device from inserting the info in your picture at all times), on smart phones follow the steps below:
On the Iphone= Go to Settings, General, Location Service and turn off Geotagging.
On Android= Go to Options, Device, Location Settings, Location Services, select "Location Off".

On other smart phones the instructions to remove the geotagging function permanently are similar. Check with your phone provider.
(c) Cesar Ortiz

noreply@blogger.com (Cesar Ortiz) — Mon, 25 Nov 2019 23:15:00 +0000

Technical Details in The MLB Baseball Players Signals Hacking

By Cesar Ortiz (c)

November 24, 2019

The Mayor League Baseball (MLB) organization is updating the ongoing investigative effort on the 2017 baseball games signal hacking issue. The Houston Astros organization is leading the pack of baseball teams under the investigative radar. Astros front-office employees, on-field staff and the Astros manager, AJ Hinch have already been interviewed. Other players allegedly involved are the current Boston Red Sox manager Alex Cora and the New York Mets manager Carlos Beltran.

The SNY TV Network on November 14, 2019, is quick to state that the MLB has no evidence yet for imposing sanctions to Cora and Beltran, further stating, “ The league does not have either accusations or evidence that would point to severe discipline for either”.

For years, stealing signals from players was considered an art. It is not illegal, but officials become wary when they find reports of the activity when it is done using banned technology.

The use of technology to intercept or relay the signals is forbidden. The New York Times reported in 2017 the use of an Apple watch as a means to electronically relay signals to the Red Sox team partners by a Red Sox trainer. The Apple watch use was revealed in a detailed official complaint filed by Brian Cushman, the New York Yankees general manager. Among the exhibits in the complaint was a video shot of the Reds Sox dugout in Boston during the 2017 three-games series. The Red Sox team was fined by the MLB.

Recently, USA Today ran an article explaining how Manny Machado was caught stealing and relaying signals in game two of the 2018 World Series. In the Machado event, there was no violation of any rules because all the signal intelligence was acquired and relayed by Machado using manual signaling skills. No mechanical or electronic devices where used.

The Athletic ran an article detailing how the Astros in 2017 ran a hacking operation using a video camera and drum beats to relay signals from the catchers to everyone in the stadium, only the hacking partners knew the meaning of the beats and how to decode them.

Some suspected means of stealing baseball signals are:

(1) The use of a realistic-looking medical bandage-like device worn by the player at bat that receives a buzzing signal with a predetermined pattern, for example, one buzz for a fastball.

(2) Hidden catcher aimed mini cameras that feed data of catchers signals and sends out information on the type of pitch.

(3) Extended range antennas for radio devices to hear the pitcher-catcher-manager conferences at the mound.

(4) Lips reading text interpreters for conferences between players (that is the reason players cover their mouth with the gloves when they speak to each other).

(5) Monitoring of the live video broadcast of the game (MLB mandated a delay in the video monitors that are used in the dugouts and nearby areas).

Most of the suspected technical equipment techniques used are detectable by specialized equipment and manual signaling stealing can be detected by a trained eye.

The fact that we may find such hacking practice, even when they can be detected, tends to show the high amounts of monetary rewards involved, that in the eyes of the perpetrators, warrant the risk of detection. So far, no one has been charged with any criminal or civil offense. MLB is offering leniency to those who speak up on the subject and, as of this date, all technical equipment use events are related to the 2017 year.

The MLB hacking using information technology techniques and equipment brings to the field a new form of platform to think about, perhaps some Silicon Valley entrepreneurs will design custom hardware and software to detect the hacking devices.

Target Data Breach Unveiled

noreply@blogger.com (Cesar Ortiz) — Thu, 31 Jul 2014 06:41:00 +0000

How It was done. You will be surprised that all the tools used where known!

By Cesar Ortiz- Trojan. POSRAM Identified As the RAM Scraper in the KAPTOXA Operation That Infected Target Stores

Article first published 1/23/2014 as "Target Data Breach Unveiled: Technical Details Are Known" in Yahoo! Contributors/ABC News Network.

This article won the "Best General Interest Article in 2014", General- Category by Yahoo Contributors Users.

The US government in an effort to warn other point of sale merchants of the potential danger of more attacks that will provide another wave of "Target like" customer victims, have released an internal document where detailed insight of the methodology used by attackers of the Target data breach is revealed. The consulting firm iSIGHT Partners was one of the investigative contracted forensics experts. The US Department of Homeland Security released to merchants a joint Department of Homeland Security, USSS, FS-ISAC and iSIGHT report titled "KAPTOXA POS Report" where we get a look at an insight of the methods and tools used to hack Target. Hopefully, merchants will take notice and immediately take preventive measures.

The methodology used at Target was almost exactly as I predicted in our original exclusive December 26, 2013 “ The Target Stores Data Breach ” Yahoo! article, right after the hack. Journalist Brian Krebs was also right on target when he mentioned at that time that the hack might have been based on a known trojan virus called BlackPos that is readily detected by all anti-virus software. The updated modified version of BlackPos trojan used in the Target breach is named Trojan.POSRAM, this derivative is highly sophisticated in stealth features in order to hide to prevent detection. POSRAM is believed to have originated in Russia.

When we compile the information given by the report and the media, specially an article in the Wired publication named “The Malware that Duped Target Have Been Found”, we come close to figure out the order of events in the Target data breach. First, the merchant network system is infiltrated with the malware, possibly remotely, exploiting an opening in the system or by executing a simple human engineering exploit. The malware is a data scrapping tool that takes data from the memory of the point of sale terminal (POS) or what we know as the cash register. This tool will reside in the system and will store the stolen data inside the merchant’s servers. The tool will monitor the data in the files named “pos.exe" and "PosW32.exe”; these files contain the memory space that includes magnetic strip data of your bank card. In the Target's breach event it remained still for six days. That inactivity period is excellent to prevent detection.

The residing malware in the merchant creates a connection to an out of the premises server that receives and transmits data to the victim server. The outside server, can be located anywhere, in the world, and, queries the victim server at specific time intervals. This one was located in Russia. Some of the malicious scripts used have references in Russian language. If the local merchant time is for example between 10 AM and 5 PM, as it is used in the old BlackPos tool, then the data is deposited in an a temporary NetBIOS share “host” folder created by the malware. This share folder is then accessed using file transfer protocol (FTP). Many more complex technical details have been found by the media in just a few hours after the release of the KAPTOXA POS Report. All the details follow the same pattern; surprisingly, modified known exploits where used at all times.

KAPTOXA is the name given by investigators to the specific operation methodology and compilation of hacking tools in the Target data breach. Nothing in the KAPTOXA operation is out of the ordinary. Probably the other tools used in the hack are already known in the trade. It is not that the criminals used super sophisticated malware, it is the way and the timing they where used. The fact that known hacking tools where used will open the doors to a wave of lawsuits that will claim that the merchants could have prevented the hack; this is one of the reason that the government has taken the unprecedented steps of releasing some of the facts and data about the crime before even finishing the investigation. Merchants should verify their systems immediately. Victimized stores should consider making public their breach ASAP. The more time the notifications to affected customers passes by, the higher the lawsuit figures will be and more damage to the customer is made.

Two individuals from Mexico were arrested in McAllen, Texas with ninety six fraudulent bank cards in their possession. The suspects had used bank cards with account information matching the Target stolen cards of South Texas residents. After the shopping spree, the suspects left for Mexico. They entered the US again possibly, for another shopping spree. They where detained upon arrival. This event confirms that the stolen data is sold in the illicit market by regions. Criminals are maximizing the use of the stolen data by being very creative. Regardless of Target's downplay efforts to minimize the impact, a customer can be a victim of identity theft with the specific data stolen at Target.

The Target Stores Data Breach Update

noreply@blogger.com (Cesar Ortiz) — Wed, 30 Jul 2014 17:35:00 +0000

A Provocative View of the Event From an Industry Outsider

By Cesar Ortiz - (Article originally published on Yahoo! Contributors/ABC News). Many legal, commercial and social questions regarding the Target data breach will come to see the light after all the dust is settled. The answer to the technical side of one of the biggest security breaches in the United States history is as complex as these other questions. The breach, which was first reported Wednesday by Brian Krebs, a security blogger, began the day after Thanksgiving.The giant merchant said Thursday that about 40 million credit and debit card accounts may have been compromised in U.S. stores between Nov. 27 and Dec. 15, 2013. Included in the hack are Target's own credit and debit REDcards. One interesting note is that cards used for purchases made in the company web site were not affected.

Target advises at their web site in a page named; "Notice: unauthorized access to payment card data in U.S. stores" that "we began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code) ". This is what Target said originally. In reality, there are several "CVV's" and the one with the printed numbers on the card is called CVV2.

The industry regulates the use of credit cards by following several guidelines and standards. Everyone must follow the standards in order to maintain systems compliance. One standard is the PCI Data Security Standard Council (PCI DSS) that deals with security and operational payments handling methodology and the ISO/IEC standard 7811, which is used by banks. ISO/IEC 7811 specifies the hardware and methodology used to handle the transaction and specifies that the bank cards must have a magnetic stripe on the back of a credit/debit card, often called a "magstripe". This magnetic stripe must have three tracks. Your credit card normally uses only tracks one and two. Track three is a read/write track, which includes an encrypted PIN, country code, currency units and amount authorized, Use of track three is not mandatory and its contents is optional. The PIN is encrypted in a data base. It is never in clear text in the magnetic stripe. The Target stolen personal identifier information and financial data was taken from the magnetic strips read out.

The Card Verification Value CVV2 (a three or four digit) number is not included in the magnetic stripe because it will defeat its main purpose, that is, to validate the card manually when using on line, phone purchases and high value transactions. We know that some merchants in North America require the code at the POS to protect the customer by making sure the card is legitimate since it can be a fraudulent card made from information from some stolen data base that does not include the CVV2.

This is a professional well studied attack that must had taken many weeks of planning and careful design to the point that it started one day before the Black Friday major sale event. Breaking encrypted data is a very hard process that requires massive computing facilities and resources. By design, in all retail stores, all data flowing outside of the merchant's stores should be encrypted heavily and it is handled by an independent payment processor facility, a communications carrier(s) and marketing analysis facilities. The possibility of a remote access job to a weak point in the systems is very high.

According to NBC News, Target Spokeswoman, Molly Snyder, released a written statement on Friday that downplayed the initial impact from the event and advised that "To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation,". "the stolen information was limited to data stored on the magnetic strip", "The hackers did not obtain PIN numbers used to access ATM's or the three or four digit that are printed on cards to verify online purchases", Snyder said. The fact is that reports of fraudulent usage of Target stolen cards sold in the Internet are showing up all over the nation, and in the world. JP Morgan Chase & Co is not downplaying the attack. On Saturday 12/21/2013 the bank sent an email to 2 million Chase debit card holders who used the Chase card at Target during the breach period limiting the bank debit card usage and will issue new debit cards, a costly measure. Chase also posted a notice in the bank web page.

If we take into account all the personal identifiers parameters that Target says was compromised, we must conclude that we have three possible alternatives where the hack took place (1) the Point of Sale Module (POS) card scanner (2) in a central card processor system at the merchant and (3) when it arrives at the authorization system processor for approval.

We are ruling out a job at the outside (external) payment processor because they all provide very secure modules, they will not accept unencrypted input from their merchants, that's their business after all, and they service many other merchants. This hack was to Target only. What probably most likely happen, is that the hackers were able to intercept, remotely, using malware scripts, the swipes of cards from the Target hardware card reader devices to the POS modules or from the credit cards in house gateways, specially if it was unencrypted (clear text) or poorly encrypted and the thieves had gotten the encryption key somewhere in the system, the later had happened before to other principals in other hacks. This is a very serious criminal monumental detrimental event, for the banking industry and the business society as a whole, taking into account that it was done to all the stores in the United States and possibly affecting in some way or another 40 million credit card holders, all at the same date time frame, nationwide.

In the original statement , Target's Molly Snyder said the breach had compromised the "CVV". Target has retracted now. Now they claim it was not compromised. Investigators are looking overseas for possible perpetrators. Stolen credit cards are showing up all over the world and many in the United States. Regardless of the downplay efforts by public relations people, this is a serious threat. If you used any debit/credit card at a Target store in the United States during the breach date time frame, including cards issued by non U.S. banks, don't take the matter lightly, act immediately and contact your bank first and then contact Target.

Comment by Cesar Ortiz, 7/30/2014: Looks it was right on the money when I categorized the Target Stores Data Breach as a “very serious criminal monumental detrimental event” in my article in Yahoo! above. Now, several weeks later after my article was published, we are finding out that the customer names, mailing address, phone numbers and email addresses were also compromised and that the impacted customers figure is now 70 million. Now more than ever contact your bank if you used any payment method other than cash at target during the date time frame and if you did, beware of postal letters, emails, phone calls and IM’s, even if they don’t mention Target.

noreply@blogger.com (Cesar Ortiz) — Wed, 30 Jul 2014 16:33:00 +0000

How to Protect Your Identity from PlayStation Network Hackers

By Cesar Ortiz- (Article first published on Yahoo! Contributors/ABC News) This article still applies because hackers wait a long time to act, sometimes years, giving users time to forget to take measures against the original hack on April 27, 2011, As Sony finally broke the silence on why its PlayStation Network had been down for a week, new questions arise regarding the potential damage to the 70 million users. The illegal, unauthorized intrusion compromised members' real name, complete address, birth date, email, Network ID, password, user handle and security question/answer. All the personal, identifiable data previously mentioned has been breached and, as a matter of fact, confirmed by Sony. Sony warns that, at this time, the credit card names, billing addresses, card numbers and the expiration dates may have also been breached, but the company does not know that information presently.

The Sony PlayStation Network had been in several previous hacker-related incidents, none as serious as this one. Some facts come to light; the site was down for a week without anyone being told that it had been hacked and personal data had been compromised. This gave Sony and forensic criminal investigators time to research, detect and perhaps apprehend the criminal(s), but at the same time left member identities in a compromised mode for a week, and, worse, without the users' knowledge. It all now depends on what the hacker(s) has done with the stolen data.

Sony itself, in a blog post, warns users to prepare for a worst-case scenario. That's the same thing I advise my readers. If you are or know someone who is a member of the PlayStation Network, even if you have not used your account but provided the credit information, we recommend that you take the following steps immediately:

(1) If you are using the same PlayStation Network password and security question/answer at other websites or offline places, including banking outlets, change it.
(2) Be extremely careful when opening emails and clicking links in emails, Facebook or Twitter messages related to this breach; they may be a malicious scam.
(3) Monitor your bank account regularly
(4) If in the United States, consider using one of the free alert services provided by Expedia, Trans Union or Equifax. See the Sony blog post for phone numbers and email addresses.
Cybercriminals wait a reasonable amount of time before they begin to scam the victims using stolen personal information. That period of time may tend to make potential victims forget about the event.

Don't expect lots of online purchases, purchases by phone and scam emails to flow immediately. When the time comes, those who did not change their passwords, monitor their bank accounts and stay alert to email scams will be the victims.

noreply@blogger.com (Cesar Ortiz) — Wed, 30 Jul 2014 16:17:00 +0000

Google: "Your Computer Appears to Be Infected" This Warning is Not a Scam, But, Beware of Where it Shows and What May Come Next

Google's Virus Warning is NOT a Scam, But, Look Out for Future Postings, They May Be Look-alike Scams

By Cesar Ortiz - (Article first published in Yahoo! Contributors/ABC News). This article is based on a Google blog page posting, this issue has been covered in many publications as a news item, including my own blog and my own article published worldwide on Yahoo!/ABC News. In this opinion I express my concern of what will be coming next as a result of Google bringing up the subject matter in the way they did. In other words, Google is using the same procedure that scammers use every day to get users to link to malware,but this time the link they will click is a real help page. Scammers will copy-cat the virus warning and hit the users with a malware link instead of a help page.

We received a Google Blog posting from Damian Menscher, a security engineer at Google, describing how he identified that infected computers were sending search traffic through proxies to the search engine. When you do a search, it sends you to a Google proxy IP then, just before doing the search, changes the search string and shows malware pay per click sites in a very "professional looking" graphics to trick you to think that you are going to legitimate sites.

Mr. Menscher explains the following "As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or "malware."

Google added that "As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections"

This is a Google's first. They had never done this type of notification before. The notification will ONLY show at the top of the main Google page and it will be a page wide window with a black bar at the top. A similar black bar was seen when Google was testing to launch their Google+ service recently. The body of the window is in yellow and it will read in black letters:
"Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this [Link]"

This message is for real. More than two million computers have been infected worldwide so far. If your receive the message, Google has detected that your PC is infected with a malware that appears to have gotten onto users' computers from one of approximately a hundred variants of a fake antivirus, or "fake AV" software that has been in circulation for some time. This time, one of the variants uses the Google service to scam users, therefore prompting Google to step in. When users click on the "Learn how to fix this" link, they are taken to a real Google page that will help users to get rid of the AV virus.

Up to now everything is running smoothly, but, now comes the catch, we know that scammers will design or copy the warning window that Goggle has been running since July 21, 2011 and that in the "Learn how to fix this" link in the fake window they will send users to an scam malware page. We can expect that Google will make sure that no one will be able to insert a fake message to replace the real one that they are posting in good faith, but no one can prevent hackers to insert a fake look alike window, with a malicious link, somewhere else, including a full fake Google main page.

Users must be alert that when they connect with the Google main page the address bar will show the proper address such as http://www.google.com/. There will be variants because Google routes users according to their detected geographical location. Make sure you have your anti virus software up to date and that is running in real time mode and be aware that Google will post this warning message ONLY at the top of their main page. If it shows somewhere else, it is a scam, no matter how real it may look.

noreply@blogger.com (Cesar Ortiz) — Wed, 30 Jul 2014 15:52:00 +0000

facebook “Eat for Free at Pizza Hut!” Internet Scam is Spreading Virally

By Cesar Ortiz- (Article first published in Yahoo! Contributors/ABC News) Thousands of facebook users are receiving the following message "Eat for Free at Pizza Hut!" from one of their friends who unwillingly posted this scam message to all his or her friends. The scam leads to at least a one "Work at Home advertising" that is designed to steal a user's personal information. The scammers change the contact link so fast that when we did a test, several schemes of pay per click and user information request show up, but all use the "Free Pizza Hut Eat for Free" scheme. Users that fall into this trap receive the following message: Beginning of quote
Eat for Free at Pizza Hut!
[LINK] changes to avoid facebook ban detection
Take advantage of this special Pizza Hut offer! Receive a FREE pizza coupon today! Act quickly before the supply runs out. With only a few coupons left, they'll go fast!
xx minutes ago
End of quote

The scammers went with very professional looking Pizza Hut Logos and graphics that will deceive someone that is in a hurry, don't read security blogs to know what is ahead, or is not very suspicious of scams. Users who receive this message from one of their friends will be taken to a very professional looking web page with a super pretty Pizza Hut logo that explains "that the offer will expire in a certain date or when the remaining xxx offers have been given out!".
In the same graphic, users are then presented with a two step option:

Step 1 is to click the "Share" button. At that point and time victims are sending the scam to all their friends, therefore propagating the scam all over the Internet.
Step 2 is to type "The greatest food!" at the "comments" window. Doing this step redirects your browser to a third party page (pay per click money for the scammers). Users are then taken to a "Work at Home" advertising page that before you make "Tons of Cash" you have to give the following data: Fist Name, Last Name, Address, Country, State, City, Postal Code, e-mail and Phone. After you provide all the information, there is no more communications from the web page and of course, there is no free Pizza Hut offer. As the saying goes, "There is no such thing as a free lunch."

What the scammers do with all the personal information provided is anybody's guess.
Users who fall into this trap should do the following steps:

(1) Remove any related items from your Facebook newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real-time scanning.

Opinion by the author - facebook bans scamming addresses (URL's), but scammers change them so fast that is very hard to cope with; incidentally, someone is using the Pizza Hut Logo in an illegal scam all over the Internet, Where is Pizza Hut or parent company Yum! Brands, Inc. the world's largest restaurant company? There is no mention of the scam on the Pizza Hut Facebook page. At least, they can publish a disclaimer or a warning regarding the scam. They sure have the money to hire resources to track this people using their trademark's logo in illegal internet scams. Are they waiting for someone to sue? If someone uses the Pizza Hut logo illegally in a newspaper or a media outlet outside the Internet, it will be a matter of hours before an army Yum! Brands, Inc. lawyers jump into action, why not do the same when it is on the Internet? Pizza Hut and other brands that know that scammers use their trademarks may not be legally bound to do anything, but practically and morally they are.

How Google Tracks Apple iPhone Users Browsing

noreply@blogger.com (Cesar Ortiz) — Wed, 30 Jul 2014 03:10:00 +0000

By Cesar Ortiz - Google and other advertising companies have been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. By default, Apple’s Safari browser accepts cookies only from sites that a user visits; these cookies can help the site retain logins or other information. Safari generally blocks cookies that come from elsewhere, but Google, Vibrant, MIG, and PointRoll circumvented Safari cookie blocking, according to tweets by Stanford researcher Jonathan Mayer and his subsequent Wall Street Journal article, and to related research done by the Wall Street Journal Staff.

When a user “googles” contents related to sites that have Google generated advertising in the web and clicks for anything related in the search engine results, it starts a user tracking sequence. As long as a user clicks in the results for any reason, Google detects the clicks using their code embedded in their “+1” button in the browser.

In software development terminology, the word container is used to describe any component that can contain other components inside. Examples of containers include Java applets, frames and windows. Some are visible, others are not. In our scenario it is a frame with an invisible form to be filled out. Google's invisible container is called “iframe” (InLine FRAME).

This iframe structure is very common in the industry and allows content from one web site to be embedded into another. As a general rule iframes are visible windows or ads. As we have explained before, In Google’s scenario iframe is created as an invisible container with a “form to be filled out”. The invisible iframe that was received in the user’s computers sent a flag to Google that identified the user as an Apple Safari user in a PC, laptop, iPhone or iPad Touch. This is not usual. When someone wants you to fill a form, it is sent as a visible form, of course. But this technique tricked Safari.

When Google received the ID flag identifying Safari as the browser, it sent the invisible form to the user device. The user did not see the form, let alone fill it out, it was blank anyway, but Google code sent the blank invisible form to the user device Safari browser nevertheless. Once the form was sent, Safari behaved as though the user had filled something out intentionally, and the browser allowed Google to put a cookie on the user’s machine. One cookie, in invisible form was sent back blank and the other invisible cookie form had user traffic data capture code (not personal data). The cookies were temporary; the blank one was set to expire in 12 hours, and the other expired in 24 hours. The end result is that users wind up visiting sites that they did not selected.

Google’s Rachel Whetstone said the temporary cookie served to create a “temporary communication link between Safari browsers and Google’s servers.” She said “the goal was to ensure that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between a user’s personal information and the web content they browse”. Google said the company tried to design the +1 ad system to protect people’s privacy and did not anticipate that it would enable tracking cookies to be placed on user’s computers.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.” An update to Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update.

Facebook Feud Takes Tragic Turn

noreply@blogger.com (Cesar Ortiz) — Fri, 10 Feb 2012 18:19:00 +0000

By Cesar Ortiz

It was a matter of time, now we are facing a double murder and two detained suspects. Although this is not the first time that people have been killed with events regarding social networks, this is a flag that sour events involving social media are escalating and that we have to take the matter more seriously as a society and as parents. In this instance two suspects have been charged with the killing of two victims. The motive? Removing a person from the facebook friend list.

According to the Johnson City Press, in Mountain City, Tennessee a father who was upset after a Tennessee couple deleted his adult daughter as a friend on Facebook has been charged in the shooting deaths of the couple, authorities said. The victims had complained to police that Marvin's Potter's daughter was harassing them after they deleted her as a friend on the social networking site, Johnson County Sheriff Mike Reece stated. Potter, 60, has been charged with two counts of first-degree murder in last week's slayings of Billy Payne Jr. and his girlfriend, Billie Jean Hayworth. The couple was shot to death in their Mountain City home in the far northeast corner of the state.

Facebook does not issue a direct notification message that someone has removed you from his or her friend list but provides, of course, means for a facebook user to know who is in the user friends list or that someone had made a change (if you have the option enabled). Normally, if we are removed from a facebook friend list we take the removal as an action taken by the account holder exercising his or her privilege. That is the sensible and logical way to take it. The reasoning being, is that if I or my relative was removed, the user must have had some valid reason for the removal. It is the user facebook account after all. The reasoning is that if we or a relative are removed from a facebook friends list, the person that removed us or a relative will be missing all the attributes we, a relative or a friend have to offer to social media and to the specific news feed.

This sad event must serve a warning that we have to be more sensitive to our peers and close relatives concern that someone has done a detrimental action affecting their lives using social media. We have to project that Internet Social Media is just another form of communications like newspapers, radio or TV and as such, people have the right to express themselves, even if they are wrong. The event teaches us that we have to dig deeper into the effects of social media related to human nature and conduct. It also teaches us how variable the values are in our society.

Get 1 F.R.E.E. Walgreens Gift Card! (limited time only) ” IS A VERY SERIOUS facebook CRIMINAL SCAM

noreply@blogger.com (Cesar Ortiz) — Thu, 29 Dec 2011 03:55:00 +0000

By Cesar Ortiz - Thousands of facebook users are receiving this message on their message post. This message is originated by one or more of their own friends that felt into the trap of the scam and will send them a copy of the message unwillingly. In the scam, users will receive a very, very professional looking post from a friend that claims to offer the certificate in a very professional looking Walgreen’s logo message box that requires users, as the first step in order to get the certificate, to “click Post to Profile” bottom to get the certificate. Please assume that you are the victim for clarity exposure purposes. The moment you click to the blue “Post to Profile” button, you will be sending the scam to all your friends in your facebook account. The scam was reported on the Hoax Slayer Web Site.

In our own tests, in the second step of the scam, in what the criminals call the “last step” you are then asked to “like” the post. You are then presented with a very real looking offer congratulating you and advising that you qualify for “the $50 Walgreens Gift card” and in order to claim the certificate you are asked to enter YOUR E-MAIL ADDRESS and the click the red “CLAIM NOW” button.

The script then changes and now you are required to, as a requirement to get the certificate, to complete a survey and a total of four sponsor offers. Let’s say that up to now, this portion of the scam have been able to get your e-mail so far. But now things gets worse, now the hackers are requiring that you provide your NAME, ADDRESS, PHONE NUMBER and DATE of BIRTH in order to get the Gift Card. Needless to say you will never receive any Walgreen’s $50 dollars Gift Card. The facebook security group is busy blocking the URL’s, but, the scammers are also busy switching to other URL’s (Internet addresses) to avoid blocking.

This is a VERY SERIOUS CRIMINAL hack. Users who fall into this trap are in serious problems and should do the following:
-Remove the post from your profile news feed, if you move the mouse to the right corner of the first line of the message, an “X” will show up, click on that “X” and delete the post, .. But first report to facebbok using the “report option” that shows up, and then, remove the post.
-Notify all your friends that you sent them the post unwillingly and help them remove it from their profile.
-Subscribe to one of the identity theft alert sites.
-Notify your phone provider.
-If in the USA, report the incident to the FBI and other US Agencies as a group by going to:
http://www.ic3.gov/complaint/default.aspx

Vulnerability in a Browser(s) and Users Tricked to Copy-Paste a JavaScipt May Explain The Facebook Wave of Pornographic and Violent Spam.

noreply@blogger.com (Cesar Ortiz) — Wed, 16 Nov 2011 23:25:00 +0000

Article first published as "Browser Vulnerability, Tricked Users May Explain Disturbing Facebook Spam" on Technorati.
By Cesar Ortiz
Facebook claims to have found an explanation of the current wave of spam attacks, including explicit hardcore porn images, videos, photo shop created photos of celebrities like Justin Bieber in sexual situations, pictures of extreme violence and even photographs of animal cruelty. These are among many gross pictures being propagated. Users tend to see the images posted on a friend’s account, visible to everyone but the friend in question. Facebook’s latest statement says the root of the attack is a malicious JavaScript that some users were tricked into copy and then paste to their browser URL address bar. Facebook released this statement:

Beginning of quote

“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this spam attack users were tricked into pasting and executing malicious java script in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

End of quote

Hackers are tricking users to manually do a copy-paste. This cross-site scripting mainly allows an attacker to execute JavaScript code in your browser that can access and control the website you are interacting with. Facebook says that users were being tricked to copy and paste the offending JavaScript into their address location bar in the affected web browser, but does not identify the specific browser.

The modus operandi of the hackers is to entice you to do a copy- paste. Users are manually spreading the scam unwillingly. Users are told to “"Erase everything in your address bar, copy and paste the code below, and press enter" this is not just any URL, its full-fledged JavaScript code that will initiate the posting of the porno and violent spam to your friend’s news feed. Why the scammers use the “copy-paste” option? Scammers are using a java script. Users are in fact entering and executing the script for the scammers. The “click to a link” method makes the whole task very hard and leaves ID traces, therefore the use of the copy-paste option. The hook to prompt users to do the copy-paste is changed constantly, may be “free Starbucks coffee for a month” or to warn fellow media users of “some danger”, etc. If someone, even a friend, in any social media asks you to do a copy-paste, beware!

Who is behind this campaign? Facebook uses the word “coordinated” to describe the attack. It could mean several servers, possibly in several locations, at the same time. This time is not that a hacker or a scammer wants to steal your hard earned money or your identity. This is a concerted sophisticated effort to harm and disgrace facebook.

Users who are victims of this scam should do the following (1) Remove any related items from your facebook Newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.

Name Brands Question My Comments Regarding a Brand Lax Attitude When Scammers Use Their Company Logo On The Internet

noreply@blogger.com (Cesar Ortiz) — Sat, 22 Oct 2011 01:50:00 +0000

By Cesar Ortiz
An exclusive article that I wrote on the Yahoo-ABC News Network titled “Facebook Eat for Free at Pizza Hut! Scam is Spreading Virally” has stirred an out cry from some companies. In the article I comment that Pizza Hut or its parent company, Yum! Brands, Inc, the world's largest restaurant company, had done nothing to warn its clients of a major Internet scam using their company logo. Some other companies jumped into the bandwagon all claiming the same posture as follows; it is not the major brand responsibility to get into the act. It is the Internet Social Network carrier i.e. facebook, twitter or Google+ responsibility to handle the scam. “We are not in the IT business”. These corporate entities might be right on their assertion, but, may I ask, Why not then warn the public that their name brand is being used in a scam in their corporate and social web pages? The more users that are warned, the fewer victims we have. After all, users will curse the social carrier and the brand if their personal identifier data is stolen. One exception is Starbucks who always warns its clients of scams. That was the main objective of my article and still it is. We stand by what we commented on the article regarding some name brands attitude.

facebook: “ Facebook Charging in 2011 ” is a Scam. " Facebook Is Deleting Accounts " is Another Scam

noreply@blogger.com (Cesar Ortiz) — Mon, 26 Sep 2011 20:02:00 +0000

By Cesar Ortiz

Now that facebook, suddenly without a major hint, in the f8Conference in San Francisco, dropped a major change to the way they present their interface to the users with a new platform concept, scammers are having a field day taking advantage of the sweeping change in the facebook interface. Facebook introduced its Open Graph platform, including the Timeline front end. Facebook does not need to charge for their portal, they make plenty of money on advertising, game sales and other paid for commission and value added services. This is another scam. A similar scam is that “ Facebook is Deleting Accounts ”.

Friends that fall into the trap will unwillingly send you a message post that reads:

Beginning of quote

“IT IS OFFICIAL. IT WAS EVEN ON THE NEWS. FACEBOOK WILL START CHARGING DUE TO THE NEW PROFILE CHANGES. IF YOU COPY THIS ON YOUR WALL YOUR ICON WILL TURN BLUE AND FACEBOOK WILL BE FREE FOR YOU. PLEASE PASS THIS MESSAGE ON, IF NOT YOUR ACCOUNT WILL BE DELETED IF YOU DO NOT PAY”

End of quote

If you take a look at the facebook login page- below the word “Sign Up”- you will see a statement in small blue type that say “It’s free and always will be.” Enough said. Users who fall into the “ Facebook Charging in 2011 ” trap will be contributing to spamming or worse. According to HUFFPOST, these are the top nine worse case scenarios to this date that a user will fall into this “Facebook Charging In 2011” or similar scams.

(1) Clickjacking: Clickjackers on Facebook entice users to copy and paste text into their browser bar by posting too-good-to-be-true offers and eye-catching headlines. Once the user infects his own computer with the malicious code, the clickjackers can take control of his account, spam his friends and further spread their scam.

(2) Fake Polls or Questionnaires: If you click on an ad or a link that takes you to questionnaire on a site outside Facebook, it's best to close the page. When you complete a fake quiz, you help a scammer earn commission.

(3) Phising Schemes: Phishers go after your credentials (username, password and sometimes more), then take over your profile, and may attempt to gain access to your other online accounts. Phishing schemes can be difficult to spot, especially if the scammers have set up a page that resembles Facebook's login portal.

(4) Phony Email Or Message: Facebook warns users to be on the lookout for emails or messages from scammers masquerading as "The Facebook Team" or "Facebook." These messages often suggest "urgent action" and may ask the user to update his account.

(5) Money Transfer Scams: If a friend sent you a desperate-sounding Facebook chat message or wall post asking for an emergency money transfer, you'd want to help, right? Naturally. That's what makes this scam so awful.

(6) Fake Friends Request: Not all friend requests come from real people, despite Facebook's safeguards against bots. Some Facebook accounts exist purely to establish broad connections for spamming or extracting personal data from users, so watch out whose friend requests you accept.

(7) Fake Page Scam: Malicious pages, groups or event invitations aim to trick the user into performing actions that Facebook considers "abusive."

(8) Rogue Applications: Oftentimes, the apps look convincingly real enough for users to click "Allow," as they would do with a normal Facebook app. However, rogue apps use this permission to spread spam through your network of friends.

(9) The Koobface Worm: Koobface spreads across social networks like Facebook via posts containing a link that claims to be an Adobe Flash Player update.

New OnStar Policy Raises User Concerns About Privacy

noreply@blogger.com (Cesar Ortiz) — Mon, 26 Sep 2011 17:09:00 +0000

Article first published as "New OnStar Policy Raises User Concerns About Privacy" on Technorati.

By Cesar Ortiz

Last week, General Motors supported OnStar system subscribers began receiving an e-mail with a change in their Terms of Service Agreement. The changes are mainly related to cancellations and to the use of the data collected by the device. The OnStar system collects, stores and sends vehicle and location data to the provider command center. Some of the services are Automatic Crash Response, Emergency Services, Turn-by-turn Navigation, e-Nav, Stolen Vehicle Tracking and Roadside Assistance. The system is available on GM and Non GM vehicles.

Two changes in the policy are raising privacy concerns:

(1) If a you cancel the service and leave the unit installed in the car, OnStar will stop monitoring the vehicle for the featured charged services but will still be receiving your location tracking and vehicle technical data using the OnStar two way cellular device built- in the unit. Until now, when OnStar service stopped, so did the vehicle’s two-way communications system. As of Dec. 1, however, that will not be the case. Vehicles of users who no longer subscribe will still be sending data via the system’s still-active two-way cellular link. In other words, you will not receive any benefits but will still be sending your vehicle location tracking and technical data to OnStar. The good news is that if you cancel and request that your two-way link be shut down, OnStar will comply. As a default however, users who do not call requesting the two-way cellular shutdown will keep on sending user data.

(2) Under the new terms, OnStar reserves the right to share the information it collects with other companies and organizations. Vijay Iyer, an OnStar spokesman, said in a telephone interview with the New York Times that “OnStar maintains the cellular connection after the subscription is canceled, as a practice intended to collect data that could be useful to municipalities, for example, trying to improve traffic flow or to first responders attempting to determine the severity of a crash before arriving at the scene”. Does this last statement means that OnStar will keep providing emergency services even when a user cancels the paid monitoring service? If it does not, there is no reason to leave the cellular two-way unit active when canceling.

The GPS-Two Way cellular communications type of technology in vehicles may raise some concerns about user privacy but the safety advantages and life savings features that comes with a paid subscription are worth the risk, this happens all the time with cellular phones, laptops, tablets and with vehicle navigation systems. OnStar must be very careful how they handle this issue of the changes in policy and to whom and how they provide the acquired data or they may be adding fuel to the user privacy concerns fire.

UPDATE:

On September 27, 2011, I received an e-mail from OnStar Vice President, Public Affairs. The e-mail is regarding an original article published by me as "New OnStar Policy Raises User Concerns About Privacy" on Technorati.

Immediately after receiving the e-mail, I contacted Technorati and published a second article titled "OnStar Reverses Decision to Change Terms and Conditions" We think the decision announced by Mr. Iye in the e-mail is a savvy move. An hour after I received the e-mail, the OnStar reversal was a major media event world wide.

Tue, Sep 27, 2011 3:16 pm
From : (e-mail) Vijay Iyer│OnStar Communications
Vice President Public Affairs & Corporate Communications
To : (e-mail) Cesar Ortiz, Technorati
e-mail title: OnStar Reverses Decision to Change Terms and Conditions

Facebook: “ Man in Wheel Chair Falls Down Elevator Shaft ” This Click Jacking Scam is Spreading Very Fast Worldwide

noreply@blogger.com (Cesar Ortiz) — Tue, 13 Sep 2011 23:51:00 +0000

By Cesar Ortiz
Scammers intending to click jack your facebook account to force you to take surveys and take you to malware sites are using this latest attempt to incite facebook user’s curiosity on watching a specific video that in fact, you will never see. This scam is based in a real life incident that happened in Korea, The incident, which happened in August, was caught on security cameras in a shopping centre in Daejon, South Korea. The photo used in this scam appears to have been taken from that news clip. The scam begins when one of your friends sends you a post with what appears to be video with a play button embedded in a still photo of an elevator shaft security camera with the date-time stamped. The following text will appear:

Start of quote

“Man in wheelchair falls down the elevator shaft *SHOCKING VIDEO*
apps.facebook.com[LINK]
This Video is really shocking. a man in a wheelchair is falling down the elevator shaft.”

End of quote

Users who click on the “Play” button of the video are sent to a facebook page with all the looks of a real facebook page. A blank black background of a video with a “Play” button is in the center of the page with the title “Man in wheelchair falls down the elevator shaft “SHOCKING VIDEO1”. As soon as a user clicks on the “play” button, a malicious malware script in the facebook page will tag the post as if you have “Like” it and will send the same message that you received to all your friends from your account, therefore propagating the scam.

After clicking the “Play” button on the “Shocking Video” screen something strange happens; another page will load with the elevator picture video in the background but in front of the video there is “facebook looking” message that says “You will not be allowed to continue until you have completed a survey” “Win an Ipad2!” and a “Complete” blue button for you to go to the survey or surveys or perhaps a high monthly fee cellular phone plan or worse. As I always say, you where taken there by deception, therefore, expect the worse. These guys are not angels.

Users who are victims of this scam should do the following (1) Remove any related items from your facebook Newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.

Facebook: ‘ AWESOME Video Nicole’s Baby Kicking – The Belly View – Unbelievable " Scam is Spreading Virally

noreply@blogger.com (Cesar Ortiz) — Sat, 10 Sep 2011 19:59:00 +0000

By Cesar Ortiz

Scammers are now using a real YouTube Video of a real life Nicole with a baby kicking inside her belly while at the beach as an inspiration for a scam. The real video reached viral proportions and when we saw the real video it had 3,754,503 views. There is nothing wrong with that video. The lady is dressed in a two piece bikini type swim suit. In the scam, users will receive a post from a friend in her or his News Feed wall. The picture shown in the post appears to be a copy- paste of the original real Nicole picture. The post will have the following message:

Start of quote

"AWESOME Video "Nicole's Baby Kicking - The Belly View - Unbelievable"
video.caxbee.com[link]
An amazing view of a baby kicking and moving his way out of the belly while at the beach."

End of quote

If you click on the "video.caxbee.com[link]" to see the video, you are directed to a page with three advertisings (money per click for the scammers) and an embedded video that looks very much like the original YouTube video. The first indication that this is a scam is that the page we are facing is not a YouTube page. The next indication of a scam is that in this page, there is a statement that says:

"To watch the video" "Click Share and then click on the Share link button"

A big blue "Share" button is shown as the only option. Users who click on this "Share" button will immediately send this message to all the user friends, therefore propagating the scam. YouTube nor Vimeo or others video portals require that you share anything to view a video. There will not be any real video shown anywhere. So far, at the time of this writing, the only damage done is that you are taken to pay per click advertising sites without your consent. Beware that you have been presented this page by deception and that the deception may continue and escalate to more serious damages if you click on one of the advertisings that turns out to be a trap.

Users who are victims of this scam should do the following (1) Remove any related items from your Facebook Newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.

Facebook: “ATTENTION EVERY FARMVILLE NEIGHBOR - THERE IS A WHITE GIFT BOX” Virus Hoax is Spreading Wild

noreply@blogger.com (Cesar Ortiz) — Mon, 05 Sep 2011 16:26:00 +0000

By Cesar Ortiz
Facebook Farmville users are hereby warned not to waste their time clicking or forwarding this message post. It is a hoax. There is no virus anywhere. Users will receive this message:

Beginning of quote

“ATTENTION EVERY FARMVILLE NEIGHBOR - THERE IS A WHITE GIFT BOX ...surrounded by a blue lace. It says "someone has sent you a gift" ... IT ISN'T BEING SENT BY FARMVILLE !!! IT'S A VIRUS!!! PLEASE DO NOT OPEN.. PLEASE COPY A PASTE THIS ON YOUR WALL SO THAT WE CAN ALL PROTECT EACH OTHER...........Very important KEEP IT GOING”

End of quote

Nothing evil on the contents of the post. No harm is done. We and all security experts that have researched this post agree that there is no malware related to the message. Since this message is reaching almost a million hits, you can imagine what a waste of time and resources this one is. We are glad that so far, as of this date, there is no harm involved. Those critics that say that we only publish malware related items, take note, this one is not a malware. Just ignore it or delete it from your desktop wall to save space and avoid that others will re-post to friends.

Twitter: “ Twitter Might Start to Charge in October, Sign This Petition to Keep the Service Free ” Scam is Spreading Fast

noreply@blogger.com (Cesar Ortiz) — Fri, 19 Aug 2011 04:22:00 +0000

By Cesar Ortiz
In this variation of the “scares” scam, hackers are attempting to steal your user name and your password and in turn, your private credentials, and in effect, take control of your account for hidden criminal actions. Users will receive a message from one of their friends passing up the “news” of a possible monetary charge for the social service. Hackers are using human social engineering in making sure they are not mentioning a final determination to charge, but rather they mention that there is a “possibility”. Users will think that there is no harm to sign such a petition. The research firm Sophos warned of the scam originally. In the scam scenario,one of your friends that already have fallen in the scam will unknowingly send you a message post that will say:

"Twitter might start to charge in October, sign this petition to keep the service free! -URL- http:/bitly.zxxx[Link]”

Let’s pretend for a moment you are the victim user. When you click on the short link to access your petition, a problem “appears” to happen. You are then presented with a very, very Twitter professional looking frame with logo and perfect colors and typefaces (a fake). In the window you are warned that your session has timed out and that you need to "re-authenticate" and login again. Users will “need” to proceed and type their password and user name in the Twitter fake window. As soon as the user clicks the login button, a hidden script will propagate the same message received about the scam to all his or her friends, therefore propagating the scam. The same script will record your credentials.

Needless to say, the “petition” is not shown anywhere. Unsuspecting users that clicked the short link may expect that many other unknown actions will take place from that point on, since the criminals have the user name and password. Users who fall into this trap should move quickly and do the following:

(1) Change your password immediately.

(2) Go to the Twitter Web Site using a PC, if you can, and revoke any application with a related name to the scam and revoke and delete any unknown posts, photos, API’s and any post, friends or anything else that does not look familiar to you. Remember, the scammers had full access to your account and a malicious script can create and post anything using a hidden malware. Be on the look out for scam e-mails and scam phone calls. Take your time on this task. Twitter is aware of this scam and is taking measures to block, warn users and mitigate the scam damage, but scammers will change the location of their DNS servers and URL’s sites very fast to keep the scam alive.

(3) Notify your friends of the scam and help them clean up the mess, make sure that you mention that you did not send the scam related post willingly, but rather unknowingly.

(4) Run your anti virus in full scan mode and make sure you set the anti virus program menu to "Real Time" scan.

Facebook: “ This Girls Must Be Watch Out Of Her mind After Making This Video " scam uses photo tagging. The USA Law Does Not Requires a User Permission to Be Tagged

noreply@blogger.com (Cesar Ortiz) — Sun, 07 Aug 2011 00:53:00 +0000

By Cesar Ortiz

This scam is spreading virally in Facebook. The syntax errors and improper use of the English language in the title is done on purpose by the scammers to fool scam detection robots. This is a variant of the “This Girl Must Must Be Watched” scam theme widely used in Facebook. In the scam, you receive a video with the title above from one of your friends. The video will show a semi sexual explicit image. Coming from one of your friends, one wonders what is in the video and will click the “Play” video arrow. The friend video has been tagged by a malicious scam script and the video will show that it is coming from him or her. In reality, your friend did not send you the video on purpose, but rather a malicious scam script tagged his or her name to the video and originated the post. The same scam will be sent to all his or her friends and you will activate the malicious tagging script if you click on the video. Users who click on the “Play” video arrow will be taken to a permission screen before “seeing” the video. In that permission screen, users will be granting the following to the scammers:

(1) “Access my basic information” (2) “Post to my Wall” (3) “Access my data any time” (4) "Access my photos and videos”. When all is done, there is no video anywhere.

In other words, a user has given a scammer total control of his or her account, including control of video tagging. The malicious script manages to tag the victims name to the friend’s porno video post. Facebook will notify you when a friend tags you, but not as a default. Much better and safer will be if you are notified by default and be asked to approve the tag before it is accepted by Facebook. That is not the case at this time. Incidentally, even when done in good faith with no scam involved, the law does not require the taggee to be asked when it is tagged. This subject has been covered fully by Sophos IT Security experts. Please, see the example below:

(Beginning of Judge Opinion extract”

APPEAL FROM BOYD CIRCUIT COURT HONORABLE GEORGE DAVIS, JUDGE ACTION NO. 08-CI-01308

“Jessica J. Lalonde v. Adam N. Lalonde case at the Commonwealth of Kentucky Court of Appeals. The opinion of the court was delivered by: Lambert, Senior Judge Rendered: February 25, 2011; 10:00 A.M. by Lambert, Senior Judge. Jessica J. LaLonde appeals from that portion of a decree of dissolution of marriage that confirmed the report of the domestic relations commissioner and awarded her joint custody of a minor child but granted physical custody of that child to her former husband Adam N. LaLonde.

Jessica first argues the commissioner's decision was partially based on improperly admitted evidence. Adam introduced pictures of Jessica taken from the social network site Facebook. These pictures in general display Jessica enjoying parties and apparently consuming alcoholic beverages against the advice of her mental health treatment providers. Adam argued she had obviously not been truthful with her treatment providers when she indicated she had suspended or significantly diminished her consumption of alcohol. Jessica additionally argues that because Facebook allows anyone to post pictures and then "tag" or identify the people in the pictures she never gave permission for the photographs to be published in this manner.

Demonstrative evidence such as these pictures must be supported by sufficient evidence to support a finding that the pictures are an accurate representation of what is claimed. Kentucky Rules of Evidence (KRE) 901(a). While typically, such supporting evidence is the testimony of the person who took the picture that it accurately depicts the reality of the photographed situation that is not the only manner to authenticate a photograph. Authentication only requires “testimony that a matter is what it is claimed to be." KRE 901(b)(1). Here, it was Jessica herself who acknowledged that indeed, she had been drinking alcohol and the pictures accurately reflected that activity. That testimony was sufficient to authentic the photographs and they were properly admitted into evidence”.

(End of Judge Opinion Extract)

Users who where affected by this scam must take the following steps:

To remove this hack, users will have to do four things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”, “Application websites” such as “This Girls Must Be Watch Out”. (3) Make sure you notify your friends that you where infected so that they can clean up their own account (4) Change your Facebook password immediately (5) Run your Anti-Virus in full scan mode.

Twitter: iTunes Gift Card Scam Moves From Facebook to Twitter

noreply@blogger.com (Cesar Ortiz) — Tue, 02 Aug 2011 15:33:00 +0000

By Cesar Ortiz

A variant of the familiar Facebook Free iTunes Gift card scam that we covered in this Blog on July 6, 2011 is back, but now is spreading virally in Twitter. The scam begins when users receive messages from their friends with enticing text that offer free iTunes Gift Cards. The message from the unsuspecting, already a victim, friend, read like the samples below:

(Beginning of quote)

“i have got,get yrs free iTunes Gift Card giveaway today [LINK]

wow,iTunes Gift Card got just today free lol [LINK]

awesome lol,today got iTunes Gift Card [LINK]

Your Chance to choose Your Best iTunes Gift Card [LINK]

Find out how to get a iTunes Gift Card! [LINK]”

(End of quote)

Unsuspecting users who click on the friend’s message about the “Free iTunes Gift Card” will trigger the scam hidden script immediately. According to security researchers, all of the scams will show a profile of a pretty female photo, at times wearing very few clothes or a bikini. The very professional looking window will tempt users to follow the lady, sometimes called Milda Fountaine or Lucy Adams with interesting feeds of tweets like quotes of the day, but inserted in the feeds is one that says:

“[Blue letters link] Milda Fountaine2-Milda Fountaine awsome lol today got iTunes Gift Card

www.arks.in/ogtd

xx minutes ago"

Users who click on the blue link before the Milda name in the hope of receiving a Free iTunes card will immediately send the same message that they just received to all their friends, therefore propagating the scam. After clicking the blue link, users will receive an enticing advertising or form related to the user location country and city. It could be an offer for a Friends Club, Dating Club or any male oriented “pay per filled form” site that unsuspicious or shady merchants contract the scammers for. If you clicked on to “Follow” Milda Fountaine, you have given permission to the scammers to play and even hack your Twitter account. Another option is to invade you and your friends with scam offers. Please beware that a malware (virus, password, credit data hacks) link can be inserted anywhere in the scam, therefore creating a more serious problem. There is no iTunes Free Card anywhere.

To remove this hack from your Twitter account, (1) Go to the Twitter Website page, log-in to your profile (1) Click on your user window pull down arrow at the top right of the menu where your thumbnail picture is ( 2) Select “Settings” (3) Select “Applications” (4) “Revoke Access” to any related scam application (if any) (5) Delete all related tweets (6) Contact and help your friends to clean up their accounts (7) Run your Anti Virus in Full Scan mode.

Twitter: "Direct Message From The Twitter Administration" Scam is Spreading Fast

noreply@blogger.com (Cesar Ortiz) — Tue, 26 Jul 2011 02:11:00 +0000

By Cesar Ortiz
This scam is making the rounds by the thousands on Twitter. You receive a message that says:

(Beginning of quote)

“Hi,
You have 2 direct message on Twitter!
http://twitter.com/account/messages/info/LDSV6-7XZ44-522266
The Twitter Team

If you received this message in error and did not sign up for a Twitter account, click not my account.
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.”

(End of quote)

Unsuspecting users who click on the link are taken to a webpage that claims to be a Canadian Pharmacy affiliate advertising pharmaceutical drugs such as Viagra, Cialis and Levitra.

Facebook Amy Winehouse Leaked Video Scam Spreading Fast Worldwide

noreply@blogger.com (Cesar Ortiz) — Sun, 24 Jul 2011 04:58:00 +0000

By Cesar Ortiz
Just a few hours after the unfortunate death of singer Amy Winehouse, insensitive money driven scammers have began to circulate a malware scam where they claim to have a bad taste video of the singer. We hate to publish the text of the scam, but we have to in order to warn users not to fall into the scam. Reality is reality and there are some bad souls out there in the social media field that mean to do harm specially when tragedy arises.

The scam will show the following window from one of your friends in your Facebook Newsfeed:

A Facebbok real looking window and links with a sepia-green tone picture of what appears to be the late singer. The window shows the following:

“Amy Winehouse is dead!!!

Leaked Video!! Amy Winehouse On Crack hours before death

[Link]

Amy Winehouse getting high on crack just hours before she died

Xx hours ago”

Another scam derivate, with a gross picture will say:

“Video leaked of amy winehouse's death!!! Warning: Graphical Content.
[LINK]
Amy Winehouse OVERDOSE VIDEO LEAKED! - RIP AMY”

When unsuspecting users click on the “Share”, “Comment” or “Like” link, the malware will immediately send the same "Leaked Video" message received by the user to all his or her friends, therefore propagating the scam. The next step in the scam is another window that asks users to complete a survey before they see the “video”. When users complete the survey they are sent to a fake none descript page that shows nothing, of course. This is where the scammer gets the money. Unscrupulous or unsuspecting merchants will pay scammers per completed survey. The survey is one route the scammer will take. Other options are more dangerous and will change fast, like signing for expensive alerts plans, Two dollars per minute charge calls, cellular scams and outright fraud.

To clean this mess, victims should do the following:

- Go to your Facebook page and select your “Newsfeed” and delete the related post by clicking the blue “X Remove Post” button to the right of the Amy Winehouse Leaked Video entry. The button will show when the mouse cursor is moved around the top right margin of the post.

-Notify your friends to follow the same steps.

I urge users to please report this ugly scam directly to Facebook:

(1) Go to the Facebook website. Log into your account with your username and password.
(2) Click on the "Messages" link in the left navigation pane.
(3) Click on the message that you want to report as spam.

(4) Click on the "Actions" drop-down box. Choose "Report as Spam" from the list of options.

(5) Click the "Report as Spam" button to confirm.

Google: “ Your Computer Appears To Be Infected ” Warning is Not a Scam, but, Beware Of Where It Shows And What May Come Next

noreply@blogger.com (Cesar Ortiz) — Fri, 22 Jul 2011 04:05:00 +0000

Original Article Published by The Author in Yahoo Content Network as:

Google: “ Your Computer Appears To Be Infected ” Warning is Not a Scam, but, Beware Of Where It Shows And What MayCome Next.

By Cesar Ortiz

In July 21, 2011 in Google's own Blogger page there is an article signed by Damian Menscher, a security engineer at Google, describing how he identified that infected computers were sending search traffic through proxies to the search engine. When you do a search, the malware sends you to a Google proxy IP, then, just before doing the search, changes the search string and shows malware pay per click sites in a way that leads you to think that you are still being in the real Google.

Mr. Menscher explains the following “As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections”

The notification will ONLY show at the top of the main Google page and it will be a page wide window with a black bar at the top. This same bar was seen when Google was testing to launch their Google+ service recently. The body of the window is in yellow and it will read in black letters:

“Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this [Link]”

This message is for real. More than two million infected computers have been detected worldwide so far. If you receive the message, Google has detected that your PC is infected with a malware that appears to have gotten onto users' computers from one of roughly a hundred variants of a fake antivirus, or "fake AV" software that has been in circulation for a while. This time, one of the variants uses the Google service to scam users, therefore prompting Google to step in. When users click on the “Learn how to fix this” link, they are taken to a real Google page that will help users to get rid of the AV virus.

Up to now everything is running smoothly, but, now comes the catch, we know that scammers will design or copy the warning window that Google has been running since July 21, 2011 and that in the “Learn how to fix this” link they will send users to malware scam trap. We can expect that Google will make sure that no one will be able to insert a fake message to replace the real one that they are posting in good faith, but no one can prevent hackers to insert a fake look alike window somewhere else, including a fake Google main page.

Users must be alert that when they connect with the Google main page the address bar will show the proper address such as http://www.google.com/ there will be variants because Google routes users according to their detected geographical location. Make sure you have your anti virus software up to date and that is running in real time mode and be aware that Google will post this warning message ONLY at the top of their main page. If it shows somewhere else, it is a scam, no matter how real it may look.

UPDATE By the Author August 31, 2011

Update-August 29, 2011 Researchers evade Google redirect notice
Staff Report: SC Magazine-

http://www.scmagazineus.com/researchers-evade-google-redirect-notice/article/210774/

Researchers evade Google redirect notice "The Burmese YGN hacker group on Sunday detailed a URL redirect vulnerability that bypasses Google's notification to users that they might be visiting a malicious site.The flaw exists in the way that Google checks redirected URLs against a blacklist of known malicious web sites.
The attacker would send a victim a proxy server link which redirected to a malicious URL and, when clicked, would verify if the landing website was blacklisted by Google, researchers said. If it was, the server would generate a second malicious URL to infect users."

This is exactly what I predicted in the article above on July 23, 2011.

Facebook Google+ Invite Scam Can Steal All Your Personal Information Including Name, Date of Birth, Password, And Current Location

noreply@blogger.com (Cesar Ortiz) — Thu, 14 Jul 2011 23:12:00 +0000

By Cesar Ortiz

Google+ is the new rival for Facebook. Users in the thousands are receiving fake invitations as part of a rogue scam designed to steal your entire Facebook page private Information. If users fall into this trap, we can say that the hackers own their Facebook page. The scam begins as follows:

Users receive a message with the Google+ logo that says:

“Google+ -Get Invite

Unofficial Fan Page

118,500 people like this”

If the user clicks on the invite, it is then taken to a “Request for permission” fake screen frame designed to look very, very professional. In that permission page you are allowing the criminal, disguised as Google+, to “Access my basic information, Send me e-mail, Post to my wall, Access my data any time, Access my Profile information” In other words, users are surrendering their account to a third party, a criminal in this instance.

The next step in the scam is that users are taken to a very pro looking Facebook like window with a “Continue” link. Facebook never uses this type of window but users may click on the “Continue” link. Since victims already gave the scammer permission to access all his or her friends list, the hacker uses social deception techniques and presents you with a very, very professional Facebook looking page titled “Select friends for Google Plus-Direct Access requests” This page even has a photo and name of each of your friends. In theory, every friend selected will receive the same message you received therefore propagating the scam. I believe that all your friends will receive the message regardless if you choose them or not. Hackers will not give up this priceless opportunity to steal account data in the thousands.

Probably, the original hacker will not use your personal data itself; it will sell the listings in bulk in the Internet open hackers market to the best bidder, who will use it at will. To remove this hack, users will have to do four things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”, “Application websites” such as “Google+ invite”. (3) Make sure you notify your friends that you where infected so that they can clean up their own account (4) Change your Facebook password immediately.

Cesar Ortiz Information Security Blog

The Role of AI in Detecting and Preventing Internet Fraud

Smartphones with GPS can tag your pictures with the exact PIC location

By Cesar Ortiz

On other smart phones the instructions to remove the geotagging function permanently are similar. Check with your phone provider.(c) Cesar Ortiz

Technical Details in The MLB Baseball Players Signals Hacking

Target Data Breach Unveiled

The Target Stores Data Breach Update

How Google Tracks Apple iPhone Users Browsing

Facebook Feud Takes Tragic Turn

Get 1 F.R.E.E. Walgreens Gift Card! (limited time only) ” IS A VERY SERIOUS facebook CRIMINAL SCAM

Vulnerability in a Browser(s) and Users Tricked to Copy-Paste a JavaScipt May Explain The Facebook Wave of Pornographic and Violent Spam.

Name Brands Question My Comments Regarding a Brand Lax Attitude When Scammers Use Their Company Logo On The Internet

facebook: “ Facebook Charging in 2011 ” is a Scam. " Facebook Is Deleting Accounts " is Another Scam

New OnStar Policy Raises User Concerns About Privacy

Facebook: “ Man in Wheel Chair Falls Down Elevator Shaft ” This Click Jacking Scam is Spreading Very Fast Worldwide

Facebook: ‘ AWESOME Video Nicole’s Baby Kicking – The Belly View – Unbelievable " Scam is Spreading Virally

Facebook: “ATTENTION EVERY FARMVILLE NEIGHBOR - THERE IS A WHITE GIFT BOX” Virus Hoax is Spreading Wild

Twitter: “ Twitter Might Start to Charge in October, Sign This Petition to Keep the Service Free ” Scam is Spreading Fast

Facebook: “ This Girls Must Be Watch Out Of Her mind After Making This Video " scam uses photo tagging. The USA Law Does Not Requires a User Permission to Be Tagged

Twitter: iTunes Gift Card Scam Moves From Facebook to Twitter

Twitter: "Direct Message From The Twitter Administration" Scam is Spreading Fast

Facebook Amy Winehouse Leaked Video Scam Spreading Fast Worldwide

Google: “ Your Computer Appears To Be Infected ” Warning is Not a Scam, but, Beware Of Where It Shows And What May Come Next

Facebook Google+ Invite Scam Can Steal All Your Personal Information Including Name, Date of Birth, Password, And Current Location

On other smart phones the instructions to remove the geotagging function permanently are similar. Check with your phone provider.
(c) Cesar Ortiz