Posts

Beware of Flight MH17 Facebook Scams

How low can scammers go? The latest is phony Facebook profiles that use identities of deceased victims of Malaysia Airlines Flight MH17—claiming their credit cards were stolen from the crash debris.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813“Death hunters,” says Ukrainian MP Anton Gerashchenko on his Facebook page, are collecting jewels, cash and credit cards off of the victims. His post urges victims’ relatives to “freeze their credit cards, so that they won’t lose their assets to terrorists!”

The Dutch Banking Association assured next-of-kin that they’d be compensated for the fallout of credit card theft.

Journalist Phil Williams was at the crash site and pointed out that it was obvious that wallets and handbags had been stolen. Just about all the handbags had been opened, he reports. Looting is apparent, he says.

Mark Rutte, the Dutch Prime Minister, used the term “utterly disgusting” to describe how the rebels had treated the corpses.

But beyond the site is even more alarming activity: fake Facebook accounts. At least five phony FB accounts have been set up in the names of deceased Australians—including three kids. Facebook has since shut down the pages.

The pages provided a link to a video claiming to reveal footage of the airliner’s crash. However, users instead were directed to a website full of pop-up ads for fishy-looking services. The lure to this site was a malicious link tagline: “Video Camera Caught the moment plane MH17 Crashed over Ukraine. Watch here the video of Crash.”

You can imagine how many people—not necessarily next-of-kin, took the bait and made the click. Though these particular fraudulent pages were closed down, this doesn’t mean more won’t appear.

Is this common after a disaster?

It seems to be more common, as criminals are capitalizing on current events to perpetrate scams generally within a 24-48 hour period.

Tips for spotting these scams for consumers in general:

Thinking before you click, doing research and not being so impulsive will keep consumers from being baited by scammy links, titles and stories.

Tips for family members of the deceased:

They should cancel credit cards, create fraud alerts through their country’s credit bureaus, and once death certificates are obtained they need to submit them to the credit bureaus. Otherwise set up Google alerts with the decedents’’ names to monitor any chatter on social sites that may turn up their likeness in a stolen social media identity theft case.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food

Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait.

Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take the bait.

A phisher can send thousands of phish emails a day and eventually someone will get hooked.

Phishing is a $9 billion business. Unlike the ongoing depleting of the oceans fisheries, there are PLENTY of people out there to phish. Many of them today are from developing nations like India and China who are just getting a broadband connection to the internet and are considered fresh meat to the bad guy.

The New York Times reports “if you get an Internet appeal from Gen. Ray Odierno, the senior American commander in Iraq, asking you to pay lots of money to get your son or daughter out of combat duty, don’t believe it. And certainly don’t send the $200,000. General Odierno acknowledged that he is but one more victim of a social networking scheme offering a big — but fake — benefit, if you send big amounts of real money.

“I’ve had several scam artists on Facebook use my Facebook page and then go out asking people for all kinds of money: ‘If you pay $200,000, your son can get sent home early,’” General Odierno said at a Pentagon news conference.

Criminals may seek out military families and target them one by one or send a blast to thousands at a time and use a ruse that pulls at the heart strings of unsuspecting families who simply want their loved-one back home.

The General posted a large warning on his social networking site. “I have this big thing on my Facebook that says, If anybody asks you for money in my name, don’t believe it,” he said. “But it’s a problem.”

Frankly, I don’t like the idea of an American General having a Facebook page. It weird’s me out. Hopefully the high commander isn’t uploading pictures of himself doing shots of tequila while driving a tank.

My guess is there is someone out there who has the money and is probably acutely unaware of this type of scam, then is probably capable of getting hooked.  But more than likely nobody will cough up $200,000. But the scammers know to start high and they will go low. They will take a $1000.00 when it comes down to it. But they also know that people won’t argue with a General and nobody will “discount” the value of their loved-ones life. So overall it’s a pretty good scam. Just don’t take the bait.

Robert Siciliano personal security expert to ADT Home Security Source discussing Facebook scams on CNN. Disclosures.

Facebook + Hackers – Privacy = You Lose

I’m as sick of writing about it as you are sick of reading about it. But because Facebook has become a societal juggernaut: a massive inexorable force that seems to crush everything in its way, we need to discuss it because it’s messing with lots of functions of society.

We should all now know that whatever you post on Facebook is not private. You may think it is, but it isn’t. Even though you may have gone through all kinds of privacy settings and locked down your profile, Facebook has changed them up internally so many times that they may have defaulted to something far less private then what you previously set.

Furthermore, no matter how private you have set them to, if you friend someone who you don’t know (like that human resource officer), they see what’s “private” and anyone on the “inside” can easily replicate anything you post to the world.

The activist groups waging what amounts to an undeclared war against the social-networking site for the last year, complete with no fewer than three letters to federal regulators claiming Facebook’s actions are illegal said that they’re hardly ready to declare a truce.

Attacks targeting Facebook users will continue, and they could easily become even more dangerous. Computerworld reports “There are limitations to what Facebook can do to stop this,” said Patrik Runald, a U.K.-based researcher for Websense Security Labs. “I wouldn’t be surprised to see another attack this weekend. Clearly, they work.”

Websense has identified more than 100 variations of the same Facebook attack app used in the two attacks, all identical except for the API keys that Facebook requires.

What does this mean to you?

For crying out loud stop telling the world you hate your boss, neighbor, students’ teachers, or spouse and you’d like to boil a bunny on the stove to teach them a lesson. I guarantee even if you are kidding, someone won’t like it. What you say/do/post, lasts forever.

Stop playing the stupid 3rd party games. When you answer “25 questions about whatever” that data goes straight into the hands of some entity that you would never have volunteered it to.

Make sure you PC is secured. Keep your operating system up to date with security patches and anti-virus and don’t download anything from any email you receive or click links in the body of any email. Once you start messing with these files you become a Petri dish spreading a virus.

Robert Siciliano personal security expert to Home Security Source discussing Facebook scams on CNN.