If you find our resources valuable, please support us by making a small donation. Thank you!

x

October 17, 2018

THE WEEK IN REVIEW

We’ve actually seen a decline in the number of malicious emails reported to us by readers and our own honeypot email accounts.  And for that we’re grateful. We’ll take this peaceful moment to share a funny story told to us by a TDS reader named Cody. Cody was invited to interview for a job by a scammer pretending to represent Manufacturers’ News, Inc.  Cody soon recognized that this was a scam since the interview process was via text through Google Hangouts. Imagine interviewing someone for a job and saying that it can only be through text –not phone, nor in person, nor video chat — because you are interviewing multiple candidates at once?  (We’ve documented more than 35 different scam jobs that use Google Hangouts to interview candidates.)  But Cody jumped in anyway because he was curious about the scam.  During the interview process Cody was Googling these kinds of scams, found our article and learned that we’ve traced some of these scams back to Nigerian scammers.  He then baited “Mr. Josh White,” the “HR representative” and Mr. White fell for the bait! Here are screenshots from the end of their text conversation where Cody calls out “Mr. Josh White” as a Nigerian baller.  (“Nigerian Baller” is a slang term for a Nigerian criminal who has become very successful.)  The scammer’s admission surprised us! (Cody’s texts are in grey; the scammer in white)

 

 

Cody took a guess that the scammer was from Nigeria and “Paul” admitted it!  He also explains in this last set of texts why he does it…

 


Phish NETS: Nets: Wells Fargo

Imagine getting an email from your bank saying “an important tax document is available.”  However, when you look carefully at the FROM address it is easy to see that it didn’t come from wellsfargo.com.  Mousing over the link “Tax Documents” clearly shows that it leads to a hacked and misused website called brownsugarohio[.]com.

YOUR MONEY:  $15 Million Dollars Richer Thanks to 5 New Friends!

Last week we took the unusual step to close our newsletter by bringing some attention to the scams disguised as  ridiculous heartfelt stories or business offers that pour into our inboxes weekly. We’re now certain that there is a God and she has a sense of humor because during the following week the scamuncious faucet opened wide and we received a deluge!  Forgive us, but we can’t hold back. These are just too good to pass up. Here is a sampling of five new friends who reached out to us from Japan, Afghanistan, Estonia, Trinidad and Tobago, and….wherever. With these five new friends, and our math, we find ourselves about $15 million dollars richer!

First we received this urgent letter from Ms. Vivian Brown from Estonia.  We’re so sorry to say that she’s writing us from a hospital in the Ivory Coast of Africa.  Apparently, she was poisoned **GASP** and she only has a few days to live! There’s an evil stepmother and an inheritance. Almost sounds like a fairytale story. We can keep 30% if we help!

Next we heard from Sergeant Lisa, a soldier for the UN in Afghanistan, fighting the war against terrorism, and asking for our help.  Apparently, UN soldiers get paid REALLY WELL because she tells us that she’s made $3.5 million since 2014. She’s willing to give us 40% for our assistance in moving the money to the United States. We’re thinking of negotiating a 50-50 split.

Go team!

As if it couldn’t get any better for us, George Owen sent us an email from his bold Japanese email address appropriately named “Office Office” to give us good news!  $8.5 million dollars has been approved for transfer into our bank account!

And then, what happened next is mind boggling!  You are not going to believe this…. We heard from another woman, this one named Deborah Eddie.  She is also in a hospital in the Ivory Coast of Africa because she was poisoned!  YES! What are the odds of that? And she needs our help to guard her inheritance of $4.5 million dollars, for which she will pay us 50%!  Dear TDS Readers, we’re **almost** speechless!

Finally, as if our collective heads weren’t already spinning from the news we received from our overseas friends, we just learned that we are the 2018 Google Lottery Winner! (Though we don’t quite understand why we’ve been notified by Mr. Jim David through a Yahoo email account.  Should we be suspicious? Nah!) We’re just not quite sure whether we’ve won one million dollars or one hundred thousand dollars. Can you help us figure that out?….

By our reckoning, and quick calculations, we’re nearly $15 million dollars richer thanks to our five new friends.

What a glorious week it has been!

TOP STORY:  Facebook and Privacy (*sigh*), Again

Most adults have Facebook accounts and truly don’t know how much their personal and private lives are being monitored, monetized, marketed and sold as a consequence.  Think of the modern-day adage “If you’re not paying for it, you’re the product.” (This modern-day truth was researched and explained well in a January 2, 2018 blog post on the Conversable Economist.)  We are reminded of this point again because of two recent events, one small and the other Trump-Huge!  Doug at TDS recently saw this notification ding his phone…

When his Facebook app opened, it showed him the following two messages about his friend…

    

Here’s the issue… The friend NEVER posted these messages.  She didn’t log into Facebook and tell her social media friends that she was away in Atlanta, eating at the Nam Phuong Restaurant or visiting Ponce City Market.  And, like “Laurie” in the second message, most of her friends didn’t know. What if she didn’t want them to know? Did Facebook ASK HER if it was OK to share this with her social media community?  You already know the answer. Not only did that NOT happen, but she didn’t know that Facebook sent these posts in her name and about her travels until I contacted her to ask if she notified people about her Atlanta trip through Facebook.  Once again, if you are hoping for some privacy in this increasingly exposed world, you won’t find it by using social media. We are the product! Facebook makes money FROM our personal information and doesn’t ask our permission on how they use it.  We imagine that the Atlanta restaurant and market pay Facebook every time a Facebook user can be identified by geolocation services as visiting their businesses. Facebook doesn’t ask us because we “accept” their terms without question. After all, it’s free.  If you are a Facebook user and see these geolocation notifications from friends and family, ask them if they’ve posted them, or even know that they’ve been posted about them.

Also, let’s not forget that Facebook owns Instagram.  So while you’re pondering your privacy on Facebook, check out this article on Naked Security titled “Instagram Tests Sharing Your Location History with Facebook.”

But this is just a drop in the bucket of privacy concerns.  Do you remember the recent Facebook breach in September, in which 50 million (and possibly up to 90 million) users had information stolen about them by hackers?  Facebook just followed up with some “good news” that this breach ONLY impacted 30 million Facebook users. The bad news is that “approximately 14 million users — had their username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and their 15 most recent searches” stolen by hackers.  You can read the details about this discovery at ABC News. Some people even had the last 4 digits of a credit card stolen.  If I were one of these 14 million users, I would be very concerned about my digital life and do the following four things…

  1. Most importantly, create an account with each of the three major credit reporting services and put a credit freeze on my name and my spouse’s name. (Experian, Transunion, Equifax) Inform my friends and family that my personal account was one of the breached accounts.  Tell them to notify me immediately if they hear or see anything unusual from any of my accounts, or new accounts claiming to be me.
  2. Make sure that ALL of my financial accounts have multiple alerts turned on so I am notified when charges are made or transactions conducted through them.
  3. Make sure to turn on 2-factor authentication for all of my personal accounts that provide this service.  And, in particular, if my email service or bank doesn’t provide this service, I will be looking for a new email service and bank that does offer 2-factor Auth.

NOTE: There are services like Lifelock.com that you can pay to do many of these things and more, but they have their pros and cons as well.  Some have suffered data breaches or accidentally released client info. Some have been fined by the FCC for deceptive advertising or failing to secure customer data.  It’s a mixed bag. And it can be pricey. We believe you can do all of the most critical things yourself.

A final note: if you’re a Facebook user and have seen, or see, notifications from friends saying that they have received “duplicate friend requests,” just ignore it.  And do NOT share it with your friends, as requested. It’s a hoax.

FOR YOUR SAFETY: Let’s Compromise

Last week we told readers about a website called “Have I been pwned?”  The website tracks known instances in which email address accounts have possibly or likely had their passwords compromised for these accounts because of known security breaches that have been documented.  We should also have mentioned that there are three good websites our readers can use to test the quality and strength of the passwords they use for their various accounts. It is safe to use these sites since you are not entering your name, email address or any other identifying information.  Nor are you telling them what the password is used for.

However, you can’t just rely on one of these sites!  Use all three and then consider the results of all three sites as you decide whether or not your password is strong enough to be safe.

https://howsecureismypassword.net/

http://www.passwordmeter.com/

https://www.my1login.com/resources/password-strength-test/


Until next week, surf safely!