A Little Warning About Gumtree Fraud

Posted on December 2, 2011 by caseyjohnellis

I’ve been trying out Gumtree to sell some excess junk from around the house lately.

So far it’s been a pretty interesting experience… One thing that has struck me is the volume of fraudulent requests to purchase.

One came in about a laptop that I had for sale asking that I accept a company cheque because “I need the laptop for a job tomorrow, the cheque needs to be co-signed and I need to be onsite by 8am”. Of course the guy was very happy to pay full price without trying to negotiate it.

I proceeded to have a bit of fun with him and in doing so learned that he actually had no idea what he was buying, only that it was valuable and he could resell it. When I flatly refused to release the laptop into the money was cleared and in my bank account he swore and hung up on me.

Here’s the mantra:

If you are selling on a classifieds or ANY online store whatsoever (eBay and other included) NEVER let the goods out of your sight until the CASH is in hand.

This includes cheques, screenshots of bank transfers, Paypal receipts with bizarre explanations about why you may not be able to see it in your account, etc, etc, etc. No cash = no play.

If you do NOT compromise on this and you will greatly reduce you chance of getting scammed.

UPDATE – What Happens When Coles Runs Out Of $500 Gift Cards?

Posted on October 31, 2011 by caseyjohnellis

They are at -34 and counting… Even for a scam website that’s some seriously sloppy code.

SCAM – $500 Gift Card for COLES – FREE

Posted on October 31, 2011 by caseyjohnellis

UPDATE: The purpose of this scam is to get people to fill out a survey. Every time the survey gets filled out the scammer gets paid a small fee. That’s the reason for all of this silliness.

There’s an Australia-specific scam doing the rounds of Facebook at the moment purporting to be giving away a Coles gift card with the text:

$500 Gift Card for COLES – FREE

If you click on the link you are taken to a page with the following text:

Step 1: You must share this page

Step 2:Click “Add Comment” & Type, Thanks! into the comments below

It is 100% certifiably undeniably a scam. Do not fall for it. If you fall for it and I know you don’t be surprised if I make fun of you the next time I see you.

The clues?

The countdown for the giveaway resets itself to 1300 every time you refresh the page.
Look at the punctuation and spelling… Doesn’t seem right does it? Certainly not like the work of a branch of the largest company in Australia.
The URL the link redirects you to when you click it is http://yeyenut.info/ and the link it asks you to share is http://toolapz.info/. Does this look legit to you? If yes, does it look legit AND even vaguely affiliated with Coles?
If you share the link and say “Thanks!” how is Coles going to find you if they aren’t your Facebook friend? Seriously, actually stop and think about it for a second.

There have been a few of these lately – No real purpose, benefit or threat to them which can be seen (although I’m keen to hear from anyone who has a different opinion here) but because of the lure of FREE STUFF they inevitably spread like wildfire.

Please, stop and think.

What’s your way of figuring out if something is a scam or not? Share below!

UPDATE: The purpose of this scam is to get people to fill out a survey. Every time the survey gets filled out the scammer gets paid a small fee. That’s the reason for all of this silliness.

SCAM: In Memory of Steve Jobs, we’re Giving Away 1000 iPad 2′s – NOT!

Posted on October 17, 2011 by caseyjohnellis

The text of this Facebook scam is as follows:

Title: In Memory of Steve Jobs, we’re Giving Away 1000 iPad 2′s

Link (DO NOT CLICK): http://promo-ipad.net/?801&fb_comment_id=fbc_10150343605577550_19262669_10150344652707550

URL: promo-ipad.net

Body Text: To celebrate the life of Steve, we have decided to give away 1000 iPad 2′s to honour Steve, who passed away earlier this week.

Fortunately it doesn’t seem to be malicious at this stage – The page you get taken to simply asks you to re-share the link on Facebook and put the text “Thank you Steve” in your status. It looks like an experiment to me, or a sort of guerrilla tribute to Steve Jobs.

That said, as this picks up momentum on Facebook and more people re-share it it’s quite possible that the author could pivot the scam into something more malicious. The tendency with scams is the more popular they are the more trusted they become, and the more popular they get as a result.

A few thoughts…

Steve Jobs died just over a week ago. They are giving away 1000 iPad’s. When I check they had 198 left… It’s been on 198 for a day now – Have they stopped giving them out? Forgotten perhaps? Or maybe the scammer is leverage the “scarcity principle” – If a person thinks that they are about to “miss out” they are far more likely to act without thinking things through.
The end date is October 16th 2011. It’s October 16th 2011 in the USA right now. See the above point.
How would those running the competition contact you to tell you that you’ve won? They aren’t your friends on Facebook – Are they? Or haven’t you thought this through?
Where is the competition disclosure statement required by law pretty much everywhere? For that matter – In which jurisdiction is this competition being held? If it was a legal competition this stuff would be there.
The landing page is copyrighted “Applepromo 2011″. Did anyone actually google “Applepromo” to see who they are or if they are in any way connected with Apple? I guess now that the phrase is in this post we’ll see!

You’ve been warned. Please think before you re-share this stuff. At best it’s a bit of a waste of time spent excited about something that will never happen. At worst it’s a pivot point into identity theft, viral infection, and a host of other fun things naughty people can do once they have your trust.

Is A 3 Year Old All That’s Between You And Pwned?

Posted on September 7, 2011 by caseyjohnellis

Here’s some food for thought… Would you trust a 3 year old:

…with access to your mortgage?
…to keep your house secure?
…with the security of your bank accounts?

Of course you wouldn’t.

Let me try another question then… Is your smartphone PIN access code the same as your:

…phone banking password for your mortgage?
…the alarm code on your front door?
…your ATM PIN number?

I know kids who’ve been able to memorize PINs and unlock their parents iPhones since they were very young. If, like for the majority of people, that PIN is “the normal PIN that they use for everything” then they are effectively trusting the keys to their kingdom to the discretion of a 3 year old. To get that PIN all I need to do is ask, watch the child unlock the phone, or hand them a phone and see what they punch in. It’s not that big a stretch, and as smartphones and tablets proliferate into education and childcare I suspect this will become a more relevant concern.

Some tips…

Ideally, don’t reuse PINs AT ALL. Don’t have it so that all of the doors to your castle can be opened with the one key. That’s just unwise.
If your absolutely MUST reuse PINs, keep “low security” and “high security” PINs separate. Don’t give your kids the keys to your castle. (I can’t think of a legitimate reason to justify this, but I know it will happen regardless).
Don’t be paranoid, but be smart with the information you give you kids. The expression “like taking candy from a baby” exists for a reason.

Food for thought.

ALERT: Twitter Profile Views App Hijacks Twitter Accounts

Posted on March 4, 2011 by caseyjohnellis

The Twitter Profile Views App is doing the rounds hijacking Twitter accounts. It’s a similar bait to recent Facebook scam apps.

Steer clear of the following:

Seriously this amazing app will calculate your twitter views
I have had 15460 Twitter Profile Views since i registered in 2008 – See how many you have had here

Don’t get pwned.

ALERT: Trojan Email Spreading as Fake ATO Email

Posted on February 28, 2011 by caseyjohnellis

The bad guys are circulating the Zeus Trojan (a nasty piece of malicious software that you don’t want on your computer) via a fake email campaign pretending to be from the Australian Tax Office. The dodgy emails contain Trojan.Zbot malware within a zip file named ‘Restore your account’.

More information from ITNEWS.com.au.

Reiterating some basic email security tips:

Install some decent antivirus software and make sure it’s staying up to date.
Don’t open ANY KIND attachment that you weren’t expecting.
Stop and think – Does the email look “funny”?

Have you seen this scam email?

"While on Facebook, look at your URL address…" – Real Or Not?

Posted on February 27, 2011 by caseyjohnellis

I got asked about a status update which seem to be making the rounds of Facebook at the moment:

From various sources: While on Facebook, look at your URL address. If you see http: instead of https: then you don’t have a secure session and you can be hacked. Go to Account|Account Settings|Account Security and click Change. Check the first box. Otherwise FB defaults …to the non-secure setting. Copy and repost.

First of all, this is NOT a scam or a virus. It’s actually some pretty helpful information – If you follow the instructions in the status update it will force Facebook into HTTPS. HTTPS encrypts the data you send and receive from Facebook as it travels across the Internet, making it pretty difficult to intercept and read or otherwise modify to trick you into doing stuff.

HERE’S THE CATCH – These instructions will NOT protect from the following:

Having a dumb password and someone guessing it.
Having the same password as you use on you other account that got hacked the other day.
Falling for a Facebook scam (e.g. “Find out how who’s visited your profile recently”, etc…)
Having a virus on your computer that logs your keystrokes and captures your password.
Having a dumb password and som… Oh, I already said that.

I love when people take the initiative to post stuff like this – It really is a good thing. I just think it’s important to remind y’all that there is NO SILVER BULLET when it comes to not getting pwned.

Lost Your Phone? Ur Accounts Iz Pwned.

Posted on February 11, 2011 by caseyjohnellis

Most people I know have lost their mobile phone at some point. I have. Apart from the annoyance of losing your contacts, SMSs, and all that jazz, there is a very real security implication to what just happened that affects WAY more than just your phone.

Here’s a few nifty things a malicious individual could do with your phone:

If you have email set up, the can run a “Lost Password” routine on your Paypal, eBay, Facebook, Internet Banking, etc, etc, etc.
They could pretend to be you via email or SMS to “Socially Engineer” and defraud your friends and family.
If you’ve got an iPhone or Android, they could literally hack the phone to retrieve your passwords for Paypal, eBay, Facebook, Internet Banking, etc, etc, etc. Check out this post from PCWorld.
You know how banks have implemented that super cool SMS authorization when you transfer funds from your account? Oops.
Etc, etc, etc, etc, etc. I’ll revisit the post as I think up more.

The solution? Stop and think for a moment. If you lose your phone, cancel your SIM ASAP, then change your passwords and contact your family and friends to let them know.

Appfresh Helps Keep Your Apple OS X Apps Up To Date

Posted on February 8, 2011 by caseyjohnellis

I have a Mac. I love my Mac. I border on being evangelical about my Mac. But I digress…

I keep my Mac up to date with the latest Software Updates because, apart from (usually) making it run better and giving me access to the latest features, keeping your software up to date is important for not getting pwned.

Keeping Mac’s operating system (i.e. OS X) up to date is relatively easy, just run a “Software Update”.

What’s NOT as easy is keeping all of the OTHER apps on my computer up to date… Applications like Evernote, Cyberduck, Skype, VLC, Garagesale, and so on…

Enter Appfresh.

Appfresh runs through your Mac OS X computer, compiles a list of the software you have installed and the current version levels, and compares it to a list maintain by Appfresh. If a piece of software is out of date, it will automatically download the latest update and install it. Pretty cool.

I ran it on my Mac and, while there were a bunch of application that it “didn’t know”, it generally did a far better job than I would if left to do it manually.

I highly recommend you check it out. Keep in mind that the software is BETA, use at your own risk, etc etc…