Their new scanning system will will automatically check link destinations. It will be routed through Twitter's own short links - twt.tl. The service will be used on direct messages first since these are the biggest risk to users.



Sports events are often targeted by criminals.  At this years winter Olympics, it was estimated that over £3 million worth of fake tickets sold.

How do the criminals succeed in fooling so many people? Their websites look like the real thing. They use copies of official logos or create ones that are very similar. They use e-commerce sites - they even use the "padlock".

In September 2009, the police took down over 100 fake World Cup sites but they continue to appear on the net.

How to avoid a World Cup ticket scam:

• Go to the FIFA's website to find how and to whom tickets were distributed. They have specific procedures for distributing and validating tickets to the World Cup 2010.
• Do a search on Google/Bing/Yahoo type in both the website URL/address and the name of the company and the word "complaint" or "scam"
• Do they have proper terms and conditions on their website.
• Do they publish a physical address (not a PO Box) and a real phone number (not a 070 number)
• Just be cause they have a logo doesn't mean it is an official site.
• Be careful of sites that say they "guarantee" tickets - especially if it is a late booking. Many companies sell packages without having the tickets.
• Always print a copy of your order and the terms and conditions. Make sure your order specifies everything you think you are getting, if it doesn't then query it before you pay.

Other scams:

Watch World Cup over the Internet: Can't make it to the World Cup then download this high definition player so you can watch live action! The download is malware or scareware (fake anti-virus software)

Only go to trusted broadcasters website: BBC, ITV, Sky, ESPN etc.

World Cup Lottery: There is no World Cup Lottery Tickets. There is a scam/phishing email saying that you have won a trip to the World Cup but you have to pay taxes and administration costs.

Microsoft has said the their new IE8 isn't affected and recommends IE users to upgrade. Or you could move to a new browser such as Chrome that isn't targeted as much as IE.

This is the second recent alert Microsoft has issued. There is another problem where attackers can remotely launch malware by getting users to press F1.

Samantha Higgins is real but the email is fake. It is a scam. The criminals looked for a legitimate law firm in the UK and found a list of people working there. They used that person name to send out a phishing email.

The most obvious clues in the emai are:

• First, what the email proposes is illegal. Why would someone email a random person to help them with a crime. Why would you want to work with a criminal?
• It starts off saying she is from Birmingham but then uses a London address.
• It asks you to reply to a gmail account - not the company account claiming to be doing this outside her company. Anyone can set up a gmail account in anyone else's name.
• The 0703 number are used to forward calls to any where in the world. These almost always end up in Nigeria.
• They say the Great British Pound in the everyone in the UK, business and financial markets say British Pound
• Would a lawyer say  "may his gentle soul rest in peace" absolutely not they would say the deceased.
  

Here is the original scam message:

Subject: MRS. SAMANTHA HIGGINS ( GOOD DAY )

Littleton Chambers
3 King's Bench Walk North
London
EC4Y 7HR

RE :
9,500,000.00 GBPS, ( Nine Million Five Hundred Thousand Great British Pounds Sterling Only)

Note : this is not a scam neither is it related to any of such kind

Before I start, I must first Apologies for this unsolicited mail to you. I am aware that this is certainly an unconventional approach in starting a relationship but as time goes on you will realize the need for my action.

I am Samantha Higgins From Birmingham United Kingdom. I am a representative; an Attorney to Mr. Gerald Brook’s private account, my client Mr. Gerald Brook passed away in the Year 2008 may his gentle soul rest in peace. My client by name Mr. Gerald Brook who passed away, left behind his fund amounted to
9,500,000.00 GBPS, (Nine Million Five Hundred Thousand Great British Pounds Sterling Only) which he did not supply his next of kin to his deposited fund before his death. All efforts by me to trace his Next of Kin proved abortive because he did not make any will prior to his death.

The Financial law of British inheritance clearly allows for the deceased Bank to use deceased money as deemed fit, should the inheritance money be left unclaimed for a period of Nineteen months after the death of the account owner. The Governing Body of the BANK where the fund is deposited has contacted me on this matter and I am yet to provide the Next of Kin to lay claims to the Fund. Under a clear and legitimate agreement with you, I shall seek your consent to be presented as the next of Kin so that my late client's fund will not be confiscated by the bank after a long period of time and taken into the government treasury as unclaimed.

The reason why I have contacted you now is because I want to present you as the beneficiary and next of kin to late Mr. Gerald Brook. Since he has no family and worked here as a bachelor for years now.

The British Inheritance Law clearly leaves the bonus of proof of who is or is not the next of kin, to the deceased Lawyer (ME), to prove the next of kin prior to what he wrote down with me being his Attorney. As the deceased Lawyer, the British Law simply states that l have the final say of who is the beneficiary of the deceased estate. This is 100% percent legal. As a legal representative / attorney, I know this.

If you are interested in this proposal and you are ready to keep this proposition in absolute confidentiality and trust, then contact me at once, and we can work out the details, and the issue of your compensation.

Note :  i work with littleton chambers London, do not contact me from my chambers, because this venture is outside my chamber's business, it is a personal venture as Late Mr. Gerald Brook is my personal client . Thanks for your mutual understanding

Once you receive my proposal call me on the below number for further clarification on this .

Yours Faithfully,

Contact Name : Samantha Higgins
Contact Phone  : +44-703-xxx-xxx
Private E-mail : higgins.samanthaXXX@gmail.com

DO NOT RESPOND TO THIS EMAIL JUST DELETE IT.

If you have been a victim of this scam report it to the police. If you live in the UK report it www.actionfraud.org.uk

Like other fake anti-virus software it can be a problem to get removed because it blocks access to other sites and can damage your computer.

Below Microsoft tells you what to look at for:

The fake “Security Essentials 2010” and looks something like this:

For the record, this is how the real Microsoft Security Essentials appears when it has detected a threat (in this case, Win32/Fakeinit): 

 
As we in the MMPC have always been quick to point out, Microsoft Security Essentials can be downloaded and used without charge by users running genuine Windows (from here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly Up To No Good.

We detect this imposter as Trojan:Win32/Fakeinit.

Fakeinit’s downloader not only installs the fake scanner component – it also monitors other running processes and attempts to terminate the ones it doesn’t like, claiming that they are infected:

You can see a list of some of the terminated processes in the TrojanDownloader:Win32/Fakeinit description.

Aside from this, it lowers a number of security settings in the registry, and changes the desktop background to display the following rather alarming message:

It also modifies the registry in an attempt to prevent this background from being changed again.

Furthermore, it also downloads and installs a Win32/Alureon component, and another Layered Service Provider (LSP) component, also detected as Trojan:Win32/Fakeinit. This LSP monitors the TCP traffic sent by various Web browsers that the user might have installed, and blocks any traffic to certain domains, instead displaying the following:

You can find a list of some of the blocked domains in the Trojan:Win32/Fakeinit description.



They want you to think your PayPal account has been compromised so you react quickly - without thinking.

They want you to download a file - which will infect your computer either to add it to their botnet or so they can snoop on your computer - often it is both.

The email SAYS it is  from Paypal cust_serv@online-paypalsecurity.com. It is a fake email address and the email comes from Finland not the US or UK.

Other clues is that the email doesn't say which account they are talking that is because it is sent out to thousands of people. They use the word "ensure" when they meant "insure". But most importantly, it was sent to me and I don't have a PayPal account.

We recently have determined that different computers have logged into your account, and multiple password failures were present before the login. Therefore your account has been limited.
Please download the form attached to this email and open it in a web browser.
Once opened, you will be provided with steps to restore your access.
We appreciate your understanding as we work to ensure account safety.

Copyright © 1999-2010 PayPal, Inc. All rights reserved.
PayPal Pty Limited ABN 93 111 195 389 (AFSL 304962). Any general financial product advice provided in this site has not taken into account your objectives, financial situations or needs.

There is a new type of malware that targets routers and DSL modems. It is called Chuck Norris and it works by trying default passwords on routers or DSL modems.

Home users are encouraged to make sure they have used strong passwords on their routers and modems. E-Victims.Org has a factsheet on How to Create Strong, Memorable Passwords.

Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic says that this malware installs itself on routers and modems by guessing default administrative passwords and it is taking advantage of the fact that many devices are configured to allow remote access.

Once a router or DSL modem is infected the botnet redirects the users to fake websites and installs more malware. It also searches for other vulnerable computers on the network.

This botnet is easy to get rid of because it is installed in the routers memory, all you have to do is restart the router or DSL modem.

Consumers can protect themselves by using strong passwords and disableing remote access services on their hardware.

The Register reports on a new Twitter attack that follows old pattern.

Criminals are posting messages designed to get you to click on a link that takes you to a counterfeit login page. The messages use phrases such as "Lol. this is me??", "lol , this is funny." and "Lol. this you??". It links to a fake Twitter login page hosted in China, located under the domain BZPharma.net.

The BZPharma.net domain prospective marks are directed towards is actually designed to harvest Twitter login details for later misuse in spam and identity theft-based attacks. Initially, the phishing lures appeared as direct messages on Twitter, but later dangerous links were posted in public feeds often via a service called GroupTweet, net security firm Sophos reports. GroupTweet coallows direct messages to be sent to multiple and, optionally, distributed more widely.

The miscreants behind the attacks have already begun spamvertising herbal Viagra from the compromised accounts, Sophos warns, adding that the BZPharma.net domain associated with the Twitter phish has previously been used against Bebo users.

If  your Twitter account has been compromised go to the Twitter support pages.

Facebook Page Suggestion

Gold Membership Trolling has been doing the rounds for a few years now. Bogus images were posted that supposedly only “Gold Members”  could view. This was a troll to fool people into believing that paying for an upgraded account was necessary.

Facebook pages have been set up with names like “GET YOUR UPGRADE WHILE THEIR FREE!!” which promise the unwary enhanced functionality and freedom from advertisements, among other things. Just a quick look at a couple of features of the Facebook page should set some alarm bells ringing though.
   

Bogus Facebook Gold Account page

I have been biting my tongue (or my fingers) trying not to mention the terrible spelling error in the page title, but there it is, that’s a clue. Also if you were to examine the list of “comments” on the right you would notice that they are not comments at all, rather an image file which itself also links to the scam web page.
   
So what’s the point for the scammer? Well if you follow all the instructions, first you invite all your friends to come and check out this (cough) great deal. Then, if you are credulous enough to click the button, you are informed that in order to access the Account Upgrade page you must complete “1 quick, free survey”, different versions of the scam page offer different surveys, but this is where the money is made.
   
The survey I tested linked (via a couple of affiliate marketing services) to a “Werewolf vs Vampire” quiz which promised to tell me which I am (surely I should know that already?) at the end of the ten questions I am invited to enter my mobile phone number to receive my results. If I do that I am agreeing to pay a £9.00 joining fee followed by £9.00 every week until I cancel my membership via SMS.
   
Of course the terms and condtions are displayed on the page, but to say that I arrived at the quiz under false pretenses would be understatement to say the least. The scammer will almost certainly be receiving a commission for every activation they drive to the quiz site. There are currently over 50 different versions of this particular page on Facebook, with a total of over 1,000,000 fans! I have informed Facebook and I’m sure they are removing the content as we speak.
   
Top tips to avoid this kind of scam; before you forward anything to any of your friends or contacts, research it. You may be in time to save yourself but your Aunt Petunia may not be so clued-up.
   
Never give up your mobile phone number to receive the results of an online quiz or survey, if they can’t show you in a web page, it’s not worth seeing.
   
Don’t believe any tales about Facebook functionality being added/taken away/made chargeable unless you hear it from Facebook themselves. Criminals are obviously aware of the huge popularity of Facebook and are using it to their advantage.

Then the company will send you a fake cheque. Then they will pressure you to go out and buy some products, ship them to your new boss before the cheque has time to clear.

There are no company details, company numbers and so no way to verify this "great offer".

The email isn't from the big USA company but a scammer. The emails was sent from Bulgaria, using a domain registered in Canada but hosted in the UK. It is difficult to tell where the scammer is actually located.

Scam email:

Secret Shopper is accepting applications for qualified individuals to become mystery shoppers. It's fun and rewarding, and you choose when and where you want to shop. You are never obligated to accept an assignment.There is no charge to become a shopper and you do not need previous
experience. After you sign up, you will have access to training materials via e-mail, fax or postal mail.

ABOUT US

Secret Shopper is the premier mystery shopping company, serving clients across America and UK with over 500,000 shoppers available and ready to help businesses better serve their customers. Continual investment in the latest internet and communication technologies coupled with over 16
years of know-how means working with Secret Shopper is a satisfying and rewarding experience. Secret shopping as seen on ABC NEWS, NBC NEWS, L.A.TIMES.....