This Phish will Bite your Butt

Here’s a youtube video from Sophos that shows how you can get infected from a Google Ad advertising Norton.  Note how on the fake Norton website the colors are yellow like Norton Antivirus or Symantec, but there’s no real name, only the word “Anti-virus,” a clue you’re not getting the real deal, but a rogue antivirus. Be aware when going to unfamiliar sites. In the meantime, I’ll try to let Google know this is a fraudulent website. We call that a phish website. Try not to go phishing, the phish ARE biting, but are biting right in the ol kazoo, meaning where it hurts most: your wallet and computer.

If you did buy the fake Norton from the phish website, it wouldn’t work, and would infect your computer with more viruses and spyware.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

And the Answers Are …

Clients and friends (a recent one is my friend Joyce) often ask me three questions, “(1)Just who are these people who spend their time creating malware and spyware?” And this is usually followed quickly by, (2)”Don’t they have anything better to do?‚”and “(3)Why do they do it?” Now, after a recent article in the Calgary Herald by Jan Ravensbergen of Canwest News Sevice, I can give you three more concrete answers.

1. 17 kids from Quebec. 2. Obviously not. 3. For the money.

The 17 kids were from Quebec aged 17 to 25, all male but for one 19-year-old female. They were computer-savvy young adults who took over 1 million computers in 100 different countries. They turned these computers into very, slow unresponsive “zombies” they commanded for their own ends: identity theft, data theft, and fraud. They put the zombies on a botnet, which makes these youthful perpetrators “zombie herders.”

Botnets are big networks of the zombie computers which are herded or commanded to perform various illegal tasks such as sending spam e-mails; collecting and storing private data such credit card numbers, account numbers, and passwords; or serving pornography.

You’ve probably received a phish e-mail purporting to be from Paypal, e-bay, or a bank or other financial institution. If you clicked on a link in the e-mail, it took you to a fake or “phish” website that looked like the real thing, Paypal or a bank etc., but actually, was a phony copycat. If you were unfortunate enough to have typed in your data, it gave whatever you typed such as your user id or account number and passwords to the people running the botnet.

Trojan horses and worms are usually the means to taking over computers, so it is imperative that you run both anti-spyware and anti-virus software on your system. Many people believe they are safe if they run anti-virus software alone, but the zombie herding used by the 17 kids and other computer fraudsters, is mostly carried out with Trojan horses, a form of spyware. So you need the anti-spyware.

Prevention is so much cheaper and easier than reformatting your hard drive and dealing with identity theft and fraud. So don’t wait until its too late, install anti-spyware and anti-virus software today!! If you live in Calgary, Ducktoes can help you do it. Or you can learn how to do it yourself.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

More about Phishing

Yesterday, I talked about Phishing, and how to watch out for it. Interestingly enough, today I read in the Virus Bulletin about a US supermarket chain that almost lost 10 million dollars to a phish scam. Read the article here.

Everyday I receive phishing e-mails. Today I received one pretending to be from PayPal. They asked for my credit card number and pin. Right now some unsuspecting person probably is putting in his or her information on that fraudulent site.

To blow the whistle on the phishers, and prevent more potential victims from getting scammed, there is a site called Phishtank, where you can post phish websites. I posted the Paypal phish on it. When you get phish e-mails you too can post them and the websites they link to on Phishtank

Get your web feet wet, safely, with Ducktoes!


Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Phishing Lures

Phishing is a scam that comes by e-mail. The e-mail claims to be from a bank or other financial service such as Western Union, Pay Pal, e-Bay, or on-line stock broker. Often it is from an institution where you don’t even have an account, but sometimes, by chance, it’s from a place familiar to you.

The e-mail is designed to trick you into clicking a link to the phishing website, that is, a forgery of a website you trust, and entering your credit card, social security/social insurance number, password, account number, or other personal information. Sometimes the e-mail threatens that your account will be limited or other penalty if you don’t go to the phoney website, other times it promises money or other benefit. Ironically, like a self-prophesy, some e-mails warn that someone is trying to access your account, and they are right, someone is trying to access your account: they are!

A few years ago I received my first phishing e-mail; it was supposedly from Pay Pal. I clicked the link to the website and was asked to enter my account number and debit PIN. I knew Paypal would never ask for my PIN, so immediately I realized it was a phish, before I knew the term.  In other words, it was a scam.
My dad once entered his credit card on a phishing site. A few days later, his bank called and asked if he’d been shopping in Czechoslovakia. He was lucky his bank recognized a “phishy” purchase and contacted him.

Yesterday I received an e-mail, supposedly from the IRS, but in reality from fraudulent criminals attempting to lure me to a phoney IRS website and claim a tax refund. The creators of this phish e-mail were in such a rush they even left telltale signs of the “<" characters that happen when you copy and paste an e-mail. They couldn't be bothered to delete them. If the IRS does send e-mails to people about refunds, which I doubt, they would send more professional-looking ones. The phishermen were counting that my greed for the $300 refund would surmount any misgivings about the shoddy-looking e-mail. But it went directly into my "Bulk" folder in my Yahoo mail. And even if it hadn't, I can recognize a phish e-mail right away. So, protect your identity, be aware and learn to recognize phish too, and don't get lured into any "phishy" sites. Get your web feet wet, safely, with Ducktoes!


Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather