Snippets issue exposes mercury hoax, password scandals plus more phishing and extortion tricks: Internet Scambusters #939
A mysterious form of the liquid metal mercury is being touted as a disease cure. But experts say neither the mercury nor the cure exist.
But, as we explain in this week's Snippets issue, that doesn't stop scammers asking for up to $25,000 for this supposed elixir.
We also have a trio of warnings about password usage and a clutch of other new scams currently doing the rounds.
Let's get started...
Costly and Dangerous: Ignore This Fake Mercury "Cure"
A couple of centuries ago, word got around that potions containing the liquid metal mercury could be used for treating all manner of serious diseases. Not true, however, with the result that people who took the potions generally got worse or died.
Evidence that some scams have been around for hundreds of years has emerged in the shape of renewed claims that a form of the metal -- this time called red mercury -- can help with disease treatment, including Covid-19.
It's a weird scam because, according to some experts, red mercury doesn't actually exist, though rumors that it does have been around for the past 50 years -- possibly connected with the old "red" Soviet Union during the cold war era.
But that hasn't stopped people offering something with that name for sale on the black market and even on some social media sites.
This includes liquid mercury that has been stained with red coloring, other compounds that happen to be red or even, in one reported case, mercury compounds being sold in bottles painted red with nail polish!
The implications of this are really serious. And the stuff is hugely expensive -- up to $25,000 a gram (but more usually around $350) according to global news site vice.com.
An investigator for Vice who responded to an ad via messaging site WhatsApp was told by a seller in North Africa that the potion can cure the coronavirus. However, he would have to hand over that $25,000 for evidence as well as the product. Money upfront without evidence is a sure sign of a con.
Consuming mercury is likely as dangerous -- or more -- as drinking hand sanitizer or disinfectant. Vice quotes Professor Andrea Sella, a chemistry professor at University College London, as saying: "Mercury is bad news, no matter what you do with it."
Any product that has "mercury" in its name should be given a wide berth, the professor says, adding it would be "insane" to even try it.
As COVID-19 infections may ramp up in the coming weeks before vaccination starts, beware of anyone offering red mercury or any other supposed cure. You could end up worse off -- financially and health-wise -- than if you got the disease.
Password Problems
New password research shows some interesting new letter and word combos among the most commonly used. In addition to the usual "qwerty," "123456" and the old favorite, "password," come unusual words that are said to feature in a new Top 200 list.
These include "picture1" (no. 3), "senha" (10) and "aaron431" (18). This revelation underlines the importance of using much more complex passwords, preferably using an app to actually manage them.
Password manager NordPass compiled the list. You can check it here: Top 200 Most Commonpasswords of the Year 2020.
And, if they can't guess, crooks have recently launched a new piece of malware called Jupyter (that's the correct spelling) that steals passwords straight off of computers. It's different from many other viruses in that it's difficult to detect, even for some security programs.
It's also tough to uninstall and can add further malware by opening a digital door that allows crooks to access the victim's PC whenever they want.
Security software companies are scrambling to add Jupyter detection to their armory. But the best action you can take is to stop it before it even tries to infect your PC.
It's delivered via what seems to be a Microsoft Office (Excel or Word) attachment. So, as we always warn, don't click on email attachments until you're 100 percent sure you know who they're from.
It's also better to use a password manager than allowing your browser to remember the codes. The browser stores them on your PC where they may be stealable; most passwords managers don't.
As if that's not bad enough. Scammers and hackers who do uncover people's passwords, or who buy them on the black market, have found a novel way of using them for extortion.
They send victims an email message using their own passwords in the subject line, suggesting they have access to their PC or an online account.
The crooks claim they have information or, more often, a video or other compromising material about the victim. So, of course, they want paying off, sometimes with thousands of dollars.
If you receive one of these emails, you can usually safely ignore it. But it's one more reason for using difficult to guess passwords and a different one for each confidential or sensitive account.
More Current Scams
Just in time to alert you to a few more scams currently doing the rounds:
- Incoming phone calls starting with the area code "473," which is actually from the island of Grenada. If you pick it up, you could end up paying huge premium charges on your phone bill.
- A new and widespread phishing scam involving calls offering assistance with claiming unemployment benefits. In the current economic climate, there are a lot of potential targets for the scammers to aim at. They usually claim to be from a federal or state labor department and ask for personal and confidential information. Just hang up.
- A fake notice from retailing giant Amazon saying that someone has spent thousands of dollars using the victim's account. In some cases, people receive what seems to be an invoice from Amazon requesting payment. The message contains a supposed fraud-hotline number. Victims are told they must send $200 or similar to correct the "mistake."
- Finally, a renewed warning about Christmas shopping scams, which are expected to be heavier than ever this year. These include fake store websites, price gouging, sale of counterfeit products, fake shipping notices with clickable links, and phony fund-raising charities. Be on your guard!
Time to conclude for today -- have a great week!