Scams & Hoaxes
by Peter Jorgensen (August 25th, 2009)
- – Scammers Exploit Swine Flu Fears
Unsuspecting users are receiving a Word document attachment sent by
scammers posing as a Center for Disease Control update on the global
spread of swine flu. If you open the document, it releases a Trojan,
dubbed Agent-AVZQ, which can give control of your computer and the
information stored on it to a Bad Guy.
More information: http://homelandsecuritynewswire.com/single.php?id=8378
http://www.f-secure.com/weblog/archives/00001734.html
- – Adobe Flash Player Scams Abound
If you visit a website that asks for Adobe Flash Player in order to play
a video and you see a handy button nearby for downloading Flash, think
before you push it. You may be falling for one of the most common ploys
used by hackers to infect computers with malware. Other Adobe Flash
Player scams employ salacious or provocative headlines in emails, on
websites, social media sites, and in instant messages. These messages
will often have misspellings, bad grammar or even broken English, but
to make things look more convincing, they feature the official Flash
Player button, hijacked from the Adobe website. The safest place to get
Flash Player and updates for it is from the Adobe Update site:
http://www.adobe.com/products/flashplayer/
More information:
http://www.lockergnome.com/windows/2009/07/17/avoiding-adobe-flash-player-scams/
- – “Neopets” Under Attack by Identity Thieves
The popular website Neopets has a reputation for being kid-friendly and
kid-safe. Neopets lets its members- roughly 25 million people-”adopt”
cyber pets and earn points by playing games. Nearly half of players are
between the ages of 8 and 12, some are as young as 6, and they
communicate with each other while at play. But Neopets has been hit by
Internet pirates and a scam that takes advantage of kids willing to pay
big for a “magic paintbrush.” Kids are sent a seemingly innocuous email
or private message on the Neopets bulletin boards telling them about a
secret website that will let them make their own “magic paintbrushes.”
But when the child browses to that third-party website, he or she is not
downloading and installing a magic paintbrush, but malware.
More information:
http://www.foxnews.com/story/0,2933,530684,00.html
- – Work-At-Home Scams Make Their Way to Twitter
Through tweets, email and websites, job hunters are being told that they
can make lots of money from the comfort of home using Twitter, and
falling prey to Twitter-based job scams. The Better Business Bureau
warns that although the large print for such offers may promise big
returns, the fine print can cost them every month.
More information:
http://www.sanantonio.bbb.org/article/work-at-home-scams-make-their-way-to-twitter-11445
- – Information-Stealing Phishing Email Targets Chase Customers
The Consumer Protection Board (CPB) of New York State has issued a
warning to Chase Bank customers that they could be attacked by a
phishing scam involving emails that seek personal information on the
pretext of upholding new security measures. Customers receive a phony
email that asks them to fill in a form with details including personal
identifiable information. Citing fresh security measures ostensibly
launched by Chase, the fake email explains that it is important that
recipients complete the form. Additionally, it displays a web-link and
asks the recipients to click on the link. However, the link leads to a
fake website where personal information is stolen from the consumers.
More information:
http://www.consumer.state.ny.us/pressreleases/2009/july012009.htm
From SANS Ouch Vol. 6 No. 8