Scamlines 39: Social Networking Under Siege

Four sites targeted in 2009 attacks, plus new economy-linked scams

A fourth is being used to try to lure members into downloading malware.

We also have news about new type of threatening email, a phony gift cards con and a couple of scams aimed at taking advantage of victims’ financial plight in the economic downturn.

In particular, we highlight a new scam that tries to trick people into selling their homes and cars for nothing.

1. Twitter, Facebook, Digg, targeted in phishing attacks

The scams: First, the rapidly expanding microblogging site Twitter is attacked twice. In both incidents (which are unconnected), members receive messages inviting them to check out a sensational story. When they click the link, they are taken to a bogus Twitter sign-on page that looks like the real thing and harvests thousands of IDs and passwords.

Around the same time, Facebook users receive messages on their “walls” (areas where others can post comments), seeming to be from a trusted friend and offering a link to some compromising photos. Again, the link takes them to a phony sign-on page.

Finally, the social news site Digg is in the firing line when instant messages and emails appearing to come from the real Digg and linking to a particular story are received by users. Once more victims go to a spoof sign-on page that looks like the genuine article.

Hackers who use these tricks are phishing for usernames and passwords that may also be used on other sites, like Amazon.com. The hacker simply tries every name/email address and password and orders goods with each one that works.

The solution: In all cases, although the sign-on pages looked genuine, a glance at the browser address bar showed that these were not the real sites. So, always check that bar before re-signing in.

Second, use different usernames and sign-ons for each and every account where your money is either stored or spent.

And if you are caught by one of these tricks, change all passwords immediately. Notify any organizations that might be contacted with the old names.

The worst of this scam is that, armed with your sign-on details, the hackers also send their messages to your Twitter and Facebook contacts in your name. So warn all your contacts as soon as you discover you’ve been hacked.

For more on social networking scams, check out this article.

Also, see this article on password security — and look out for a forthcoming new Scambusters issue that provides more guidance.

2. LinkedIn profiles point to Trojan downloads

The scam: Users of another social networking site — the business-oriented LinkedIn — are targeted by criminals who set up phony profiles on the site, containing supposed links to nude photos of celebrities.

The links take victims to a site where they’re either told they need to download a program to be able to view the photos — TubePlayer.ver.6.20885.exe — or that that they have a virus, which can be removed. Either way, what they get is malware, a Trojan that takes control of the victim’s PC .

The solution: Don’t click on links from people you don’t know or trust. And if you do, never subsequently click on a link to download a program from a site you don’t know or trust.

The more sensational or salacious the supposed story/photo, the more likely it is to be a scam.

3. Spoof FBI email demands cash — or else

The scam: A new type of threat email emerges in East Coast states. Victims get a message seeming to come from the FBI, telling them they’re suspected of involvement with terrorism.

It demands a $500 money-wire payment so the Bureau supposedly can obtain documents that will clear them but adds a nasty warning that failure to pay up will endanger them: “We’ll pick you up off the street — you’ll never see us coming.”

The solution: Quite simply the FBI or any counter-terrorism organization does not send emails to its suspects, not does it ask for payments, least of all by wired cash. Report these threats to the police immediately.

4. Scammer baits with gift cards lure

The scam: Decorah, IA, residents receive a phone call saying they’ve won a $100 Wal-mart card plus a $100 gift card to any gas station.

The scammer, claiming to be from an organization called Financial Education of America, says he needs $3.96 to cover shipping.

He asks for the victim’s MasterCard number. To try to convince the victim he’s in the know, he adds that the card begins with a number ‘5’. In fact, all MasterCards begin with a ‘5’.

The solution: Another phishing attempt. Never pay to receive a supposed prize. Never give out your credit card number or any other financial details to an incoming caller or to anyone else whose identity or business you’re not 100% sure of.

There are all sorts of scams going around that involve gift cards — some of them just senseless tricks, like this one, supposedly from the Gap.

5. Work-from-home scams on the rise, says FBI

The scam: With the economic downturn, bogus work from home schemes are rocketing, the FBI warns after an incident in Nashville, TN.

Most of this type of scam involve an upfront payment for materials or training but in the
Nashville case the victim is supposedly employed to help manage the financial affairs of a man and his pregnant wife.

She cashes a $7,800 check, most of which she then forwards to the scammer. The check bounces and the victim is left owing this amount to the bank.

The solution: Simply never cash a check and forward a payment to someone you don’t know. For more work-at-home advice, see these work-from-home scam articles.

6. “Fed-backed” house purchase bonds are fakes

The scam: Staying with the theme of the struggling economy, a nasty trick aimed at desperate homeowners emerges in the shape of a “private offset bond” supposedly guaranteed by the federal government.

This bond is a sort of promissory note. The crook offers to a buy a house by transferring the bond to the vendors, claiming it’s the same as cash because it’s backed by the government.

The bonds appear to be federal documents bearing the signature of Treasury Secretary Henry Paulson and are also used in attempts to buy cars. But they are fakes.

The solution: It’s hard to imagine how any scammer thinks they can get away with this but it’s happening often enough for the US Treasury to issue a warning.

In fact, the federal government does not guarantee private bonds, and the only printed bonds it does issue are savings bonds. For more on economy-related and mortgage scams, see this article on bad economy scams.

This week’s roundup of the scam headlines confirms our earlier warnings that phishing and the economic downturn would be key features of the 2009 crime scene. It gives us no comfort to be proved right!