Tag Archives: scam

LinkedIn Phishing Scam

Posted on by
Comment

Another day, another scam.

Just a quick note about yet another phishing scam, this one purportedly coming from the social networking service, LinkedIn. In this example, you’ll get an email message telling you that “your LinkedIn account was blocked due to inactivity.” As you might imagine, they provide a handy link to fix the problem.

Linked In Scam Email

Trouble is, the link does not go to LinkedIn. Instead, it opens a page designed to gather information about your account and send it back to the scammers.

The best way to avoid phishing attempts — even ones that look like real communications from a social networking service, bank, or other organization you might have an account with — is to never click a link in an email message.

If I thought this message might be real, I’d check by using my Web browser — not the link in the email message — to go to LinkedIn, log in, and check the situation for myself.

Don’t get scammed.

Yet Another PayPal Phishing Attempt

Posted on by
11

This one looks, on the surface, quite convincing.

This morning, I got the following message that appeared to be from PayPal in my inbox:

Another PayPal ScamDear PayPal Customer,

You have added andrew1987 @btconnect.com as a new email address for your Paypal account.

If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.

NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)

Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

Sincerely, PayPal Account Review Department.

As shown in the accompanying screenshot, the message included all the usual PayPal logos and even a VeriSign Identity Protection logo. (What good is a logo like that if it’s so easily stolen and reused by scammers?) Of course, it was from an address at ppal.com (not paypal.com) and it was addressed to “Dear PayPal Customer” instead of my name. That’s a dead giveaway that the message is not real.

Of course, there was an HTML file attached. Opening the file in a text editor — not a Web browser! — showed HTML code with a JavaScript that would, among other things, collect your PayPal name, password, date of birth, and mother’s maiden name. I don’t know enough about JavaScript to figure out what would be done with this info, but I can assume it gets sent back to the folks who will then use it for identity theft.

Reading the message offers other clues that it’s fake. For example, although it’s standard for PayPal to send you an e-mail message if you add or change an e-mail account, they make a conflicting request. First, they say action is only necessary if you believe your account has been compromised. Then they tell you that if you ignore the request, they’ll suspend your account. That, of course, makes no sense.

But I’m sure that many people would fall for this. After all, it indicates that a stranger’s email has been added to their PayPal account. All the talk about Internet fraud would send a person into panic mode. He’d open the file attachment and possibly go through the process of giving away information about his own account.

You have no idea how much this pisses me off. I know people who have been scammed by emails like this. One of them is an elderly man who had a bank account tapped into and partially drained before he was able to resolve the problem.

I immediately forwarded this message to spoofs@paypal.com — the address you should forward any questionable PayPal communication to.

Please help spread the word among friends and family members who might fall for phishing attempts like this. Tell them that if they get a communication from any company they do business with, they should log into their account the usual waynot by clicking a link or opening a file attachment in the message they receive.

September 3, 2011 Update:

Thought I’d mention another version of this scam. Here’s the message that arrived today:

Dear Customer,

You sent a payment of 40.90 GBP to Mobile Top-up Online
(sales@topups247.com)

If you have questions about the shipping and tracking of your
purchased item or service, please contact the seller.

Please download the document attached to this
email to cancel or forward your purchase.
————————-

Merchant
Mobile Top-up Online
sales@topups247.com
Instructions to merchant
You haven’t entered any instructions.

Shipping address – Unconfirmed
United Kingdom
Postage details

Of course, this one came with an HTML attachment, too. It’s named “PayPal Refund.html” and, to someone who isn’t actually thinking, it might seem like something worth double-clicking to fix the perceived incorrect charge.

Don’t get scammed.

November 21, 2011 Update: They’re now doing the same thing with the name sarah@comcast.com.

New Social Networking Scam

Posted on by
1

Another story from my inbox.

Yesterday, the following e-mail message from “Ben” arrived in my e-mail inbox. It had been sent using the contact form on this blog. Here’s the text with the identifying information redacted.

Hi,

My name is Ben and I’m working with the [dedacted TV channel] to help spread the word about their new outdoor photography show, “[redacted name of show].” The second episode airs [redacted date/time] and follows [redacted host name] as he photographs the red rock canyons of the American Southwest.

I came across your wonderful blog and I thought you might be interested in doing a post to let your readers know about the show and help spread the awareness. Any posts that you put up will go up on [dedacted TV channel]’s Facebook Page and/or their twitter page- so it is a good way to get some publicity for your own site. I also have a copy of [redacted host’s name] ‘[redacted host’s book]’ which I could offer out to you for your time.

I’ve put some info about the show, pics, and videos below just to give you some background. If you have any questions or need more information please don’t hesitate to get in touch.

Thanks for your time and let me know if you are interested as it would be so great to have your help.

Best,

Ben

What followed was a bunch of links to content in various places that evidently showed off the show. (I admit that I didn’t follow any of them.)

Bryce Canyon DawnI received the message on my iPhone while I was stuck waiting for a tow truck (long story) and, because of that, didn’t really read it carefully. At first, I was flattered. This well-known TV channel had found my blog, liked it, and wanted to work with me on some publicity for their show. This made me feel really good because, as regular visitors here know, I do a lot of photography in red rock country in Arizona and in Utah. It looked as if I were getting a bit of recognition.

But when I got back to my office and re-read the message on my computer screen, I realized that the message was obviously boilerplate. Nowhere did it mention my name, the name of my blog, or any other identifying piece of information that might make me think it was written specifically to me. “Your wonderful blog” could be a nice way to refer to anyone’s online drivel — provided you wanted to make them feel warm and fuzzy about your project.

I’d been duped.

Or almost duped.

I then took a closer look at the domain name on “Ben’s” e-mail address. It wasn’t from that TV channel. I popped the URL into my browser and found myself looking at a Web site for a company claiming to be “social media marketing & publicity specials” that “develop strategies and execute initiatives, which generate conversations & cultivate relationships between brands and publishers.” In other words, they con active members of the social networking community to tweet and blog about their clients.

For free.

Well, the client doesn’t get their services for free. It’s Ben and his company who get the services of the social networking folks for free. Free authoring, free placement of the ads, free “buzz.” Ben and his cohorts just send out boilerplate messages to lure in unsuspecting bloggers who apparently have little else to write about. Along the way, they get these bloggers to look at the content on their clients’ sites, bumping up the hit counter to show immediate results.

I’m wondering how many bloggers fall for this strategy and how many thousands of dollars Ben & Co. rake in weekly by copying and pasting boilerplate messages on the Web.

I composed my response:

Ben,

I’m interested in this, but admit that I’m a bit put off by being ask to write what’s essentially an advertisement and place it on my own blog without compensation. Not quite sure how this would benefit me. A few additional hits to my blog would be nice, but since my blog does not generate any income for me, getting more hits is not really that important to me.

I also wonder how many dozens (or hundreds) of other bloggers you’ve contacted. Your message was very generic and could have been sent to anyone with a “wonderful blog.”

Now if I were offered compensation via exposure for my helicopter charter company (http://www.flyingmair.com/), which specializes in aerial photography over red rock areas such as Sedona and Lake Powell — well that might interest me a bit more.

Or is your message just another bit of spam to get ME to check out this site? So far, it’s a FAIL.

Any interest in making this more appealing to me?

Maria

I’m waiting for a response that likely won’t come. Why should he respond to me when he probably has dozens or hundreds of other bloggers taking the bait?

In the meantime, Ben has indeed given me something to blog about.

Is That Deal Really as Good as They Say?

Posted on by
2

Amazon misstates retail prices to inflate savings.

It’s a twist on my Safeway whine from last week. Stores — including online stores — purposely misstate the retail or regular price of items to make their own prices look better.

Amazon's PriceHere’s proof. I was distracted by a tweet that took me to Amazon.com and was further distracted by a “Lightning Deal” offer for the Garmin nüvi 500 GPS. Here’s the deal as it appeared on Amazon.

Wow! I thought to myself. A $499.99 GPS for only $169.99! That’s a savings of $329 or 66% off retail price!

I’m shopping for a new GPS — something with a bigger screen that still supports topographic maps — and thought this might be an excellent deal for me. So I went to the Garmin Web site to get the full details about this particular model.

Real Retail PriceWhat did I discover on Garmin.com? That the suggested retail price of this GPS is not $499.99, as Amazon advertises. It’s $299.99. That’s $200 less.

Doing some math, I calculated a savings of only $129 or 43% off the real retail price. Admittedly, that’s still pretty good, but it’s a far cry from 66%.

Not Such a DealAnd the deal isn’t so sweet when you look at Amazon’s regular (not “Lightning”) price: $232.38. Now you’re saving only $67 or 22% off retail price, despite the fact that Amazon claims you’re saving $267 or 54%.

My point? Don’t believe retail prices as advertised on reseller Web sites or in stores. Do your homework. Don’t let fantasy savings con you into making a purchase decision before you have all the facts.

Hello, Safeway? What’s with the three prices?

Posted on by
5

Fantasy pricing and imaginary savings assault the senses and insult shoppers’ intelligence.

Wickenburg has two supermarkets: a Basha’s and a Safeway. Safeway is newer, better stocked, generally cleaner, and closer to my house. It’s also generally more expensive. I deal with it.

KleenexBut what has started to seriously bug me is the price tags Safeway has littered its stores with. If you’ve shopped in a Safeway or Vons, you know exactly what I mean. Half the merchandise in the store has three different prices on it: the “old price,” the “low price,” and the “club price.”

The old price is clearly bullshit. There’s no way in hell that a box of 200 Kleenex ever sold for $2.99 in our Safeway store. It’s clearly a fantasy price dreamed up by the folks in marketing. Say it cost a bunch of money and now it’s a whole bunch less! Customers are saving $1/box, right?

Wrong, if it never cost $2.99.

Then there’s the club price. If you join “the club” and submit your club card or phone number each time you shop, you get an even lower price. Of course, you also let the folks in the Safeway home office know every single thing you buy there. What do they do with this information? One thing they do is spit out coupons at checkout for items you’re most likely to buy. That’s not terribly harmful. But what else do they do with this information? Perhaps share it with other organizations so they also know what you buy? So they can target you with their marketing, too?

Do you really want people to know if you buy things like laxatives, hemorrhoid creme, or adult diapers?

Yet providing your magic club card number knocks another 49¢ off the box of tissues. That number is part of what’s tallied up as your savings at the bottom of your long receipt.

Spring MixI’m guessing, however, that they don’t expect people to really stop and think about it. Or do the math. Instead, they expect us to simply react to the yellow tags.

What else could explain this image? Look carefully. The club price saves you a whole penny over the supposed low price. This isn’t higher math, folks. $5 ÷ 2 = $2.50. The club price is $2.49. $2.50 – $2.49 = 1¢.

It’s bullshit, all of it. Yellow tags all over the place with fantasy prices and imaginary savings.

Why do they do this? It’s simple. They’re betting that people are too stupid or lazy to do real comparison shopping. They concoct in-store savings, conning people into thinking they’re really saving money. But are they?

In reality, if shoppers went to another store, that store’s regular price may be the same or less than Safeway’s “low price” or “club price.”

Mind games, that’s what it is.

And that’s what bothers me. These yellow tags all over the place make shopping confusing. They make the store an ugly mess. They sully the supermarket shopping experience — as bad as it already is.

You can’t just go into a supermarket and pick up the groceries you need. Instead, you have to face wall after wall of ugly yellow price tags that insult your intelligence with their fantasy pricing and imaginary savings.

Why? I call it bullshit.