Snippets issue highlights video editing free app, gas station Bluetooth hackers and fake digital signature emails: Internet Scambusters #811
Free apps that really cost you good money, Bluetooth pirates, and fake DocuSign emails -- we've got them all covered in this week's Snippets issue.
We'll explain how to avoid the scammers behind these tricks and, in the case of one supposedly free app, where to find the genuine item.
Plus, we have a caution for Netflix users about a new phishing email warning of account problems.
Let's check out today's...
Free App Trick Targets Movie Maker Users
Don't you just hate it when you get a "free" app or other computer program only to discover that it's of little or no use until you pay.
It's common for apps to appear to be free. But when you look closely at the small print in the title or description, you see wording something like "includes in-app purchases."
It's perfectly legit to do this and you only have to get stung once to be on alert with future downloads.
Many "free" software products have this limited functionality until you start paying. And in some cases, like adventure games, you can end up handing over quite a large sum over time.
The game designers know how to lure you in and then leave you with a feeling that you must pay more in order to progress with a game you're enjoying.
However, there are some products that give you no warning that they're after your money. Sometimes, they sail so close to the wind that their tactics border on being a scam.
For instance, there's recently been quite an outcry over a "free" video editing app.
It exploits the fact that, earlier this year, Microsoft stopped making its own free program, Windows Movie Maker, available.
Although there are other alternatives, people still search on that name -- 10 million a month according to the website of Forbes magazine.
And when they do, they may encounter a lookalike product that seems to have the same functionality. But after your hard work creating a movie, as soon as you try to save it, you'll be told you'll have to upgrade -- for $30.
Forbes quotes Internet security firm ESET as saying the scam is the third biggest threat it's currently tracking. It's not even clear whether the program actually does have full functionality once you hand over your dollars.
If you have this product, ESET recommends uninstalling it and running a virus scan. Then, go the Windows Store and download a new free Microsoft replacement product called Movie Moments. Another Microsoft video product called Story Remix is supposedly also on the way.
Bluetooth Bandits at the Gas Station
Advancing automobile technology means that many cars these days come equipped with Bluetooth short-range wireless technology -- mainly used for linking smartphones to a car's radio and hands-free services.
But, it seems hackers lurking around gas stations are using the technology to access drivers' phones to steal data.
It's a clever and sophisticated trick that's been identified at Washington DC gas stations.
According to the DC radio station WTOP, the hackers manage to place a pop-up on users' phones via Bluetooth inviting them to join a new Wi-Fi network.
If they agree, the hackers gain full access to their phone.
It's not clear how the hackers perform this trick since Bluetooth connections, known as pairing, normally require a passkey to be entered on the phone or for the user to accept the link to another device.
Whatever the tactic, the solution, quite simply, is not to join local unsecured Wi-Fi networks -- and definitely not at gas stations.
It may have started in DC but expect to see this hacking scam spread across the nation.
Fake Digital Signature Message
Are you a regular user of digital signature services such as DocuSign?
Digital signatures give us the ability to authorize and verify important documents without moving away from our computers.
Great. But they also provide another way for scammers to steal personal information.
If you are a regular user of the digital signing process and you get an email claiming to be from DocuSign, one of the leading signature service providers, you might easily think it's for real.
The message bears the DocuSign logo and announces that you have a new file to be viewed in your account. But if you click the "View Now" link, you'll likely download malware onto your computer or be taken to a fake DocuSign page asking for various personal details.
This and other digital signature scams has prompted DocuSign to issue tips on how to avoid phishing tricks.
In particular, the firm points out that all genuine notification emails have a unique security code at the bottom of each message. It's also on all DocuSign digital envelopes. So, if it's not there, don't click any links in the message.
Better yet, whenever you get a message purporting to be from a digital signature service, don't click the link but key in the correct service provider's address (e.g. www.docusign.com) and sign in there to collect your messages.
Alert of the Week
Staying with the phishing theme, watch out if you're one of the 120 million users of the online video streaming service Netflix.
Fake Netflix emails are dropping into inboxes claiming the firm is having problems authorizing your monthly payment.
You're asked to click a link showing the firm's real email address (Netflix.com) but this text actually conceals another address where a phony Netflix sign-on page is waiting to steal your account details.
If you get one of these emails, bin it. If you're worried, go to Netflix.com and sign on to your account there to check.
That's all for today -- we'll see you next week.