Facebook phishing scams

keyboardscamFacebook users have a tendency to be lulled into a false sense of security by the social media giant. Cybercriminals are aware of this tendency and routinely set up fake Facebook accounts to lure new victims into phishing scams. How do you avoid becoming a victim? First, learn to spot the scam.

Spotting the scam

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
When a Facebook friend sends you an email with a link or shares a post with a link, are you tempted to click it? If you do follow the link and your browser pops up a login form with a trite message such as sorry for the inconvenience, for your security, to prevent fraud, etc., you should be getting suspicious. Indeed, that login form is a clear signal you could be on a phishing site.

Other Facebook scams

While you’re on the lookout for phishing attempts on Facebook, watch for these lures designed to trick you into providing your personal information. These include profile viewers, the “free i-Phone” ads, free credits for games on Facebook, new Facebook features, and steamy messages designed to lure you elsewhere. All-in-all, Facebook can be a pretty unsafe place unless you’re careful.

Three tips to stay secure

Tip 1: Check first, click second. Get in the habit of checking links before you click them. By rolling your mouse over a link, you can see the address it will go to. If the address is unfamiliar or spelled incorrectly, don’t use the link, but if you do . . .

Tip 2: Don’t log in. If you do land on a page that is asking you to log in and you did not use a trusted link to get there, simply close the window. If they want other personal information, don’t provide it. Quite simply, if you take no action on a phishing site, you can leave with no harm done.

Tip 3: Change your password. And if you do get caught in the scammers web and your account starts spamming your friends? The first thing you should do is change your password. Don’t stop with Facebook, either. If you have any amount of personal information on Facebook, your other accounts might be compromised also. There’s one last step: after you’re done changing passwords, apologize to your friends for spamming them. Then, thank the one who told you your account had been hacked.

How about them Apples?


Apple logo from http://archiveteam.org/index.php?title=File:Apple-logo.jpg

Apple products have been on fire lately. Apple stock is equally hot. The reason for these events is simple. People like simplicity and Apple helps them get there. Queue the upbeat, snazzy music and enter the Apple ID. For those who don’t know, your Apple ID is the way users access all things Apple. From I-Tunes to the App Store, you gotta have one to buy stuff, sync your devices, etc. With so much power behind one simple ID and password combination, is there any doubt the scammers would like to nab yours?

This past week, I received an email claiming to be from “Apple Support.” The email was simple and to the point—my Apple ID had been suspended. The important part is included here.

Apple Security Department has sent this email to inform you the following:

Your account has been flagged for review and your access was suspended until further notice.

This may be due to either of the following reasons:

* Billing / Payment Issues

* Abuse & Terms of Use Issues

We strongly suggest you to review and confirm your account information today by following the link below:

You should be able to guess where this is going. If your choice was “scam,” congratulations, you’re a winner (Congratulations! You get to avoid huge headaches and bills from the real Apple!). It appears that scammers have decided they don’t necessarily need to hack your Mac to get to the good stuff, all they need is get access to that prized Apple ID. This same scam has been used so many different times with other big names as the lure—Verizon, Microsoft, US banks, foreign banks—need I go on?

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
If you receive this type of email, look for the following clues that it’s a scam:

  • It’s not addressed to you personally
  • The sender is a generic name (in my case, it was “Apple.”)—duh—and the sender’s email address isn’t from the company (in this case it was toluna.com—another duh for the scammer, that’s a social media site)
  • The email subject is something inane. In this email it was [notice][37888]. Methinks maybe the scammer hasn’t quite mastered his mail merge program yet.

What should you do if you get the Apple ID email? Ignore it. Then, fire up your Apple device and enjoy the simplicity.

Three secrets of the credit mule scam


McKenna says: don’t be duped by a slick talker with promises of easy money. The only one who wins is the con man.

“Secret Shoppers” or “Mystery Shoppers” have been around for many years. These jobs can be a great way for someone to earn extra cash by working part-time. Never one to pass up a good opportunity, con artists have created their own version of the secret shopper, the “credit mule.” And believe me, if you fall for this one, it could cost you a bundle and ruin your credit at the same time.

Secret No. 1 —The Targets

The prime targets to be used as credit mules are those who are inexperienced or have little credit history. Typically, this means scammers most often find willing “employees” at colleges, but there are plenty of other young people who could be taken in by a smooth talker. If you know someone who fits this category (and who doesn’t?) consider warning them about these types of jobs.

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
Secret No. 2 —The Job

Let’s be clear about this. Most secret shopper jobs, unless they are obtained through a reputable agency, are bogus. It’s the enticement of good money for little work that snares the victim.

Typically, the scam begins when you see an ad or are approached by someone about a job as a secret shopper. The job will be pitched as “rating the service” or “rating the customer experience” at various businesses. Your assignment is simple: purchase a few expensive smart phones, get the unlock codes, and pass the phones along to your boss. You are assured by your boss that you will not be charged for the cell phones or the monthly charges because you have 15-30 days to cancel the contract you have signed.
Because the victim doesn’t realize he’s been conned until collection letters or phone calls begin, the phones and the employer are long gone. It won’t be long before the victim discovers the contract was not cancelled because the phones were never returned. The cell phone company has the right to hold the victim responsible for the cost of the phones as well as the associated monthly charges. To make matters worse, the victim’s credit record will be trashed if he doesn’t pay in accordance with the terms of the contract. Meanwhile, off in another country, those unlocked cell phones are being sold at premium prices.

Secret No. 3 —The Realization

Because the victim doesn’t realize he’s been conned until collection letters or phone calls begin, the phones and the employer are long gone. It won’t be long before the victim discovers the contract was not cancelled because the phones were never returned. The cell phone company has the right to hold the victim responsible for the cost of the phones as well as the associated monthly charges. To make matters worse, the victim’s credit record will be trashed if he doesn’t pay in accordance with the terms of the contract. Meanwhile, off in another country, those unlocked cell phones are being sold at premium prices.

Woohoo! I’m in Who’s Who

owl-blue-brownWho’s Who directories have been around since 1849 when A & C Black published the first listing of prominent British citizens. Today’s Who’s Who scams, however, are a far cry from that auspicious start.

At least once a week, I receive an email offering me inclusion in a Who’s Who directory. Here are two from this week. Both are from the same spammer.

“Dеаr Ꮯаndіdаtе,

It іѕ mу рlеаѕurе tо іnfоrm уоu thаt уоu quаlіfу fоr а 2014 mеmЬеrѕhір tо thе Ꮃhоѕ Ꮃhо Nеtwоrk оf Ꭼхеcutіvеѕ аnd Ρrоfеѕѕіоnаlѕ, thе lаrgеѕt рrоfеѕѕіоnаl аѕѕоcіаtіоn fоr Ьuѕіnеѕѕ ехеcutіvеѕ аnd рrоfеѕѕіоnаlѕ іn thе Unіtеd Stаtеѕ! Thе Ꮃhоѕ Ꮃhо Nеtwоrk hіghlіghtѕ аnd рrоfіlеѕ thе cоuntrуѕ mоѕt аccоmрlіѕhеd іndіvіduаlѕ іn оvеr 200 іnduѕtrіеѕ аnd рrоfеѕѕіоnѕ. Ꮃе рrоvіdе аn ехcluѕіvе аnd роwеrful nеtwоrkіng fоrum fоr оur mеmЬеrѕ tо cоmmunіcаtе аnd ѕuccеѕѕfullу аchіеvе ѕоcіаl аnd cаrееr dеvеlорmеnt.

Incluѕіоn іn thе Ꮃhоѕ Ꮃhо Nеtwоrk іѕ а рrіvіlеgе ѕhаrеd Ьу thоuѕаndѕ оf ехеcutіvеѕ аnd рrоfеѕѕіоnаlѕ thrоughоut thе wоrld еаch уеаr.”

The email goes on to give me instructions on how to apply. It even tells me there’s no fee for inclusion. Note that that’s no fee to be included in the directory. Once I agree to provide my information, however, the next step would be to sell me access to this exclusive network.

The sender of the email used the domain mysecretfb.com, which is located on a server in Copenhagen. Apparently, the owner doesn’t want anyone to know who he really is because he uses Panama-based WhoIsGuard to shield his true identity.

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
WhoIsGuard.com claims to have a zero-tolerance policy for spammers using their service, yet I have seen many spammers protected by this service. If you’re legit, WhoIsGuard.com, man up and shut this guy down. If you don’t, then we know where you stand, too.


McKenna critiques the FBI email scam

Business UnderworldSpecial Agent Erick Bolt. Ah, the very name conjures up memories of the 1965 TV series, “The F.B.I.,” starring the snappily dressed Efrem Zimbalist, Jr. The very cool thing about that old series was the F.B.I. Director J. Edgar Hoover served as a consultant until his death in 1972. Unfortunately, whoever sent the email claiming to be from Special Agent Erick Bolt should have hired his own consultant—this one’s bad. I can’t do justice to the absurdity of this email without passing along the text. So here’s the first paragraph. Booboos are in bold. MY CRITIQUE IS IN CAPS.

“I am Special Agent Erick Bolt from the Federal Bureau of Investigation (FBI) Field Intelligence Groups (FIGs), we Intercepted (INCORRECT CAPITALIZATION) two consignment box  (PLURALIZATION) at JFK Airport, New York (THERE’S ANOTHER JFK AIRPORT?), the boxes were scanned but found out (EGADS, THE BOXES WERE FOUND OUT) that it (INCORRECT PRONOUN) contained large sum of money (YIKES! WHERE DO I START?) ($4.1 million) and also some backup documents which bears (SUBJECT-VERB AGREEMENT) your name as the Beneficiary/Receiver of the money (INCORRECT TERM? SHOULD BE MONEYS), (INCORRECT COMMA USAGE. USE PERIODS TO END A SENTENCE) Investigation carried out on the diplomat that accompanied the boxes into the United States (WAIT, WAS THE DIPLOMAT IN THE BOXES? HOW BIG ARE THESE, ANYWAY?), said that he was to deliver the fund (URAL-PLAY ON THE UND-FAY, OY-BAY Editors critique of McKenna’s critique: Pig Latin is not cool, not everyone may understand it.) to your residence as overdue payment owed to you by the Federal Republic of Nigeria through the security company in the United Kingdom.”

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
WHEW! That’s a lot of uh-ohs in one paragraph. We’ll be here all day if I do the whole thing, so let’s just say the whole grammar thing nets our sender a solid D. As they say, but wait! There’s more. What’s next?

“Meanwhile, we cross check all legal documents in the boxes but we found out that your consignment was lacking an important document and we cannot release the boxes to the diplomat until the document is found, right now we have no other choice than to confiscate your consignment.” Hmmm, makes sense. If the feds don’t have the paperwork—well, we all know where that goes.

The next paragraph lets me know what paperwork I’ll have to file with the IRS—thank you! But, then threatens me with charges of money laundering and currency violation.

“According to Internal Revenue Code (IRC) in Title 26 also contain reporting requirement on a Form 8300, Report of Cash Payment Over $10,000 Received in a Trade or Business, money laundering activity may violate 18 USC §1956, 18 USC 1957, 18 USC 1960, and provision of Title 31, and 26 USC 6050I of the United States Code (USC), this section will discuss only those money laundering and currency violation under the jurisdiction of IRS, your consignment lacks proof of ownership certificate from the joint team of IRS and IRC, therefore you need to reply back immediately for direction on how to procure this certificate to enable us relieved the charge of evading the law on you, which is a punishable offense in the United States.”

And now the threat that’s intended to galvanize me into action.
“You are required to reply back within 72hours or you will be prosecuted in a court of law for money laundering, also you are instructed to desist from further contact with any bank(s) or person(s) in Nigeria or the United kingdom or any part of the world regarding your payment because your consignment has been confiscated by the Federal Bureau here in the United States.”

After having thought it over carefully for all of two seconds, my reply to Special Agent Bolt is as follows. “Dear Special Agent Bolt: Thank youse for contacting me regarding this shipment of moneys. I reflectively must decline these shipment as your email was not delivered in timely manner due to USPS shipping error. McKenna.”

If you’re still with me, I’d love to hear what you thought of this one. You can leave a comment or share—it’s all good.

McKenna nails the most baddest email option

EyeOnYouLately I’ve been noticing that much of the spam I’m receiving now includes an “unsubscribe” link. Sounds good, right? Not so fast. That spam email was sent by someone who makes their living sending junk mail or scamming people out of money. Why would they let me politely tell them I’d prefer to no longer be spammed by them? The answer is, quite simply, they wouldn’t.

That handy unsubscribe link is nothing more than another link in the email. Once you click it, any number of things could happen. Let’s classify these scenarios—sorry, English majors, I can’t resist this—as Bad, Badder, and Most Baddest.

The Bad scenario is that the spammer logs your address and uses it to send you more spam or sells your address to his friends as one that has been confirmed. Instead of unsubscribing, you’ve just signed up for more of the same.

The Badder scenario is definitely worse, but only incrementally so. Let’s say you click the link and get a page with a form asking for additional information. You diligently fill in your name and any other requested information, then submit the form. Not a good move. Why? You’ve just given the guy who’s harassing your inbox more information. Now, he can better target his efforts.

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
Now, here’s the worst option, the Most Baddest scenario of all. The purpose of a link in an email is to get you to click it. That link, when clicked, might do any number of things. It could download a file or take you to a drive-by malware site where the scammer downloads a file onto your computer. Once that file downloads it will install itself when you open it. So, by using the spammer’s unsubscribe link, you create the potential to infect your computer with some sort of malware.

What’s the best way to “unsubscribe” from spam? Mark it as such. Whether your email program calls it junk or spam, be diligent about marking each piece that comes in. It’s a pain, but at least it doesn’t expose you further.


The Amazon coupon scam

keyboardscamPerhaps you’ve already received the email offering your “Amazon coupons” just for filling out a survey. Let’s see, would I want to give away my personal information to a company I don’t know for coupons they say I can use on Amazon, but that aren’t from Amazon. My answer is a resounding NO! If yours is anything other than that, you’re ripe for this scam. Here’s what that email looks like. In the original email, the two lines of blue text are links to the sender’s website.

Complete the Amazon Survey!

Claim your $25 Amazon Gift Card!

Are you ready for the extra deals and savings at Amazon? Will you be shopping online or in-store? Share your opinions and experiences by completing the survey and claim your Amazon gift card!

All you need to do is complete the quick survey to claim your free gift!

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
There’s also a “Start Now” button along with an unsubscribe link, but there is no Amazon logo or anything that looks remotely official about this email. The email I received went to a site at oszo.net, which Web of Trust reports as having a very poor reputation. In other words, they’re probably phishing for your information.

The nice thing about this email is that it has no typos or grammatical errors. How nice, a scammer that can spell. The bad news is that I’ve received this one from the same source multiple times. I’m not about to use their unsubscribe button to remove myself from their list because if they aren’t legitimate, all that will do is give them more information. So, here’s my challenge: who are you oszo.net? Why are you sending me this email? Can you give me proof that you’re for real and that your “Amazon coupons” are legitimate? I’m waiting.

McKenna takes on AOL and Yahoo email debacle

Do you Yahoo? Maybe not so much anymore. Or maybe you’re one of AOL’s two million members who are scratching their heads wondering why some email is no longer being delivered. Or perhaps you’re just one of the millions of us that use a mailing list to communicate with a large number of people—and some of those people happen to have an AOL or Yahoo email address. Well, guess what, folks, these two corporations have decided what you want doesn’t matter. They want less spam, and they’re willing to tick you off to get it.

This little Band of Two—little as in the sense of there are only two of them—for now—have said that if you’re sending an email from your AOL or Yahoo email account, you must use one of their servers. This means you can’t use a third-party mailing service such as ConstantContact or Mailchimp to send emails. You also can’t receive emails sent by any third-party email service. Ignore their rule and your mail won’t go through. Not only will it not be delivered to other users who have their email address with the Band of Two, but any other completely independent services that comply with industry email standards—think Gmail with its 500 million users—will also reject your email because of the policy implemented by AOL and Yahoo.

When corporations make a change that will affect nearly 300 million customers, that’s a significant decision. Personally, I might expect said corporations to notify said customers in a timely fashion with a revision to said corporation’s Terms of Service in carefully worded legalese guaranteed to quash any questions, lawsuits, or other resistance from the rabble they call “valued customer.” I might not be so snarky had either of these giants made any such attempt, but they kept it a secret until someone flipped a switch and let the chaos roll downhill. It all just seems so 1984.

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
If you have an AOL or Yahoo email address, you have two options, and they both might seem pretty ugly. First, you can just stop signing up to receive newsletters, blog posts, or other email that might come through a third party. Not exactly customer-friendly, right? Your other option is even less friendly: change your email address. For now, you could use Gmail because they haven’t jumped on the band wagon. In the future, who knows? Your safest option is to buy your own domain name and set up an email account to run off of that domain. I told you—both pretty ugly.

What do you think of this change? Do you have an AOL or Yahoo email account? Does this decision go too far? Or, is it a necessary step in the war on spam?

Con Game released!

Con Game 231x350The “Con Game” is on! The sequel to “License to Lie” was released just this week. In  honor of the occasion, I’m trying out a little giveaway. You can enter to win a soft cover copy of “Con Game” if you live in the U.S. (sorry, but the international postage is a killer). If you’re not in the U.S., fear not, you’ll be eligible for a Kindle version.

About Con Game

Con artist Roxy Tanner just walked away with $2.6 million on her latest job, but left behind a dead body. Skip Cosgrove wants to help Roxy find out who killed her mark, but he has his own problems—a man the former criminologist once helped put behind bars is back for revenge. With the cops closing in on Roxy, and a killer on the hunt for Skip, the last thing they need is a gutsy street kid turning their lives upside down—until it happens. Now, all three must decide how far they will go to survive a killer’s con game.

If you just want to learn more about the book, click here.


The Patriot Survival Plan email scam

keyboardscamYesterday, I received two emails from “Patriot Survival Plan” offering me survival tips on how to make it though the coming crisis in America. There may be a looming crisis, there may not. There have been plenty of previous predictions of this sort over the years and they’ve all been proven wrong when the crisis date passed. Sooner or later, maybe one of them will come true. Until then, I’ll just deal with my email.

What I do know is that I didn’t sign up to receive “Patriot Survival Plan” emails from “foxgroveentertainment.com,” which is who sent the two from yesterday. As a result, I got curious about who might be behind this latest intrusion into my privacy and whether they’re real or not.

First off, let’s see who’s sending these things. No surprise, both emails have different sending addresses. What is a surprise is that they both come from the foxgroveentertainment.com domain.

Both of the emails have the same sender’s name: “Patriot Survival Plan.” In doing a search, I came across a website that sells a product promising to get you through the coming crisis. Technically, the real “Patriot Survival Plan” website is not a scam because their customers pay money and receive something in return. Personally, I don’t think I’d trust anyone who sells everyone the same “guaranteed” way to survive a catastrophic meltdown of our country. And, as far as “foxgroveentertainment.com,” I also don’t want to trust my survival in this country to someone who has their domain protected by a company in Panama or has their web server in Luxembourg.

Hawaii Calls

Identity theft on Kauai!
Learn more about McKenna's latest caper.
KT cover square
If you get one of these emails, just put it in junk mail. And, if you decide to check out the real Patriot Survival Plan, be sure to look at the reviews such as this one at reviewopedia.com. You might just change your mind on that one, too.