Blog Archives

Pansee Site Valuation – Rubbish

False Valuation by Pansee.com

pansee site valuation trashEver had a site valuation by pansee.com – I got sent a mail informing me ‘someone’ had conducted a valuation of my website graphicline.co.za using pansee.com valuation tools, with a link to the valuation report. Interested to see what the report contained, I checked if Google had any information about malware on the site, then visited the page.

The valuation report had some interesting data. From the country where most of the website traffic is derived from, to number of daily visitors. And a claim to the value of advertising on the front page.

France is the Biggest Source of Traffic

This amused me… According to pansee.com, 12.2 percent of my traffic comes from France, while the USA only accounts for 8.1%

Read the rest of this entry

Advertisements

Bad Things About You Tweet Scam

Hello somebody is posting very bad things about you

twitter scam tweet graphicHello somebody is posting very bad things about you…” is an opening line to an ongoing Twitter scam. In each instance the tweet includes a link – using a URL shortener so you have no idea where you will end up. The one thing all these tweets have in common is the link directs you to a webpage with malware. DO NOT CLICK THE LINK.

These tweets are often found in direct messages sent from someone you may or may not be following.

Another thing common to many of these (NOT ALL) is that the destination page is often a Twitter look-a-like. Or the URL way be similar to twitter.comm with extra letters e.g. twittler…

Read the rest of this entry

WordPress Plugin Phishing Scam

Phishing Scam Targets WordPress Plugin Developers

wordpress plugin scam imageWhat may be the first phishing scam specifically targeting WordPress Plugin authors has been discovered. The scam comes in the form of an e-mail claiming the developers plugin has been removed from the WordPress Repository, and tells the plugin author to use the link in the mail to login and change their password.

The e-mail uses the Subject line “[WordPress.org Plugins] Urgent: Your Plugin Has Been Removed” and has this message content

Dear WordPress Plugin Developer,

Unfortunately, a plugin you are hosting has been temporarily removed from the WordPress repository. We are going to manually review your plugin because it has been reported for violating our Terms of Service. If your plugin does not get approved then it will be permanently removed from the WordPress repository.

You can check if your plugin has been approved or rejected at…

This is not an official WordPress email!

Read the rest of this entry

Fix this Message – Fake Warning

Another Spam Scam – Fix this Message

“If you are the owner of the site, you can fix this message by publishing…” is appearing all over blog comment forms. The spammer would have the blogger believe there is an error message somewhere on the site, and publishing the contents of the comment will some-how fix the supposed problem…

Mysteriously fix the Error Message

fix it button graphicPublish the comment and the problem with the site is gone! Wow – as easy as that. No checking code files or testing plugins, all your problems are solved if you are the owner of the site…  Publish the comment and you can fix this message. So simple.

Of course this is a spammer trying to get the link to some trash site published, hoping to attract click-throughs to the site, hoping to sell some rubbish product like cheap black-market Viagra or install malware on the visitor’s computer, steal personal information such as your banking details. Are we really that naïve – I don’t think so.

Read the rest of this entry

Rove Digital Botnet Take-Down

Cyber-Criminals Arrested, US Offices Closed

A cyber criminal network operated by Estonian company Rove Digital was taken down on November 8 2011 in a combined effort involving the FBI (Federal Bureau of Investigation of the USA) and the Estonian Police in co-operation with Trend Micro.

Rove Digital operated a botnet consisting over four million (4 000 000) bots on computers infected with a class of malware known as ‘DNSChangers’. The infected systems will typically have their Domain Name Server (DNS) changed to point to foreign IP addresses.

Rove digital appears on the surface as a legitimate business, with established offices in Tartu, Estonia. They are the parent company of several other operations, including Esthost, Estdomains, Cernel, UkrTelegroup and many less well-known shell companies.

Rove Digital used a variety of  criminal methods to earn money from the DNS changers. The cyber crime network has operated from 2006.

Operation Ghost Click

Read the rest of this entry

Who Views Facebook Profile Scam is Back

Scam warning who is viewing facebook profilesWho is Viewing Your Facebook Profile Scam back?

This scamming app appears to be making another return to Facebook! Noticing a surge in searches for information on this scam app, I spent some time the past few days doing some research into ‘Who is Viewing Your Facebook Profile’. My first discovery of this app is the subject of a post on this blog.

Who is Viewing Your Facebook Profile has made regular appearances on Facebook over the past few years in several guises. The one common factor is it claims to inform Facebook members about who is viewing your Facebook profile, then after being allowed to connect to your Facebook account, it directs you to a website where you are required to subscribe to a cellphone subscription service, or provide details about yourself; cellphone and e-mail among these.

A more detailed report on my findings can be read on
www.graphicline.co.za/viewing_facebook_profile

Who is Viewing Your Facebook Profile is a SCAM

Online ScamThe scam has at times offered a ‘link’ to a website (Copy and past this link in your browser…)
WARNING: The supposed link is a Javascript and using it to navigate to the website can result in your PC being infected with Phishing Malware

Anyone coming across the Who is Viewing Your Facebook Profile scam app should

  • Block it immediately on their Facebook page(s).
  • Not click on the link whatever you do!
  • Report the app to Facebook

I would also appreciate instances of this app being reported using one of the methods on the mentioned Graphicline webpage.  WordPress, Facebook and Twitter account owners can also use the comment form below. The linking URL will not be made public! I do not want to propagate this scam further.

My intention is to spread the warning about  this scam.

Similar Apps to Who is Viewing Your Facebook ProfileFacebook Security Icon

Any app or website claiming to be able to provide information about viewers of your profile should also be reported. This kind of information is NOT available from Facebook. Any claims that any app or website can provide this information is false; It is a scam, a phishing attempt, and criminal. Any website, app or service that has managed to access this information has done so ILLEGALLY.

Stay vigilant to protect your information and yourself, and prevent the spread of these types of malware.

Security Alert | Mijnics Hoax

Credit Card Security WarningWarning of phishing scam: Mijnics Hoax

In the ongoing war against online threats to financial security, this scam e-mail notification warns our readers of a recent threat. An e-mail received this morning masquerading as an offical notification from International Card Services (ICS) (Netherlands) claiming their server had been attacked by cyber-criminals

The mail requests all account holders to update their credit card information.

Do Not click on the links contained in this e-mail

Do not submit your details to this scamming site

The text contained in the mail received reads (in Dutch)

“Afgelopen donderdag is onze server MijnICS aangevallen door internetcriminelen. Wij zijn bezig met ons onderzoek dat onlangs is ingesteld en hopen binnenkort deze internetcriminelen te ontmaskeren.
Tijdelijk is het noodzakelijk dat alle klanten die gebruik maken van MijnICS nu momenteel op de onderstaande website inloggen en hun opnieuw verIfieren. Na het volledig invoeren is ons beveiligingsprocedure voltooid en verschijnt er een scherm waarop zichtbaar is dat uw MijnICS volledig is beveiligd is. U krijgt hier over ook een e/mail toegestuurd. Na dat u onze e-mail hebt ontvangen, kunt u weer inloggen op de officiele website van ICS.
Opgelet! Dit moet binnen 48 uur uur gedaan worden, anders verdenken wij dat er een internetcrimineel achter uw MijnICS zit.
Opgelet! Log pas weer in op de officiele website als u de beveiligde website succesvol hebt voltooid. Logt u toch eerst in op de officiele website, is er kans dat wij deze actie verdacht vinden en uw MijnICS tijdelijk op hold zetten.

Klik hier! Voor de beveiligde website!
(Het kan zijn dat sommige computers het moeilijk hebben met de capaciteit van de  en niet alles meer zichtbaar is)

Opgelet!
Bewaar deze brief/e-mail bij uw andere brieven.

The english translation reads (translation by Google Translate)

“Last Thursday our server MijnICS was attacked by cybercriminals. We’re doing our research that has recently been installed and we hope to expose these cybercriminals.
Temporarily, it is imperative that all customers who use MijnICS now available on the website below and log them again verify. After fully implementing our security procedure is completed and a screen that is visible to your MijnICS completely secure. You will get about an e / mail. After you have received our email, you can log back in to the official website of ICS.
Attention! This must be done within 48 hours hours, otherwise we suspect that an Internet criminals behind your MijnICS it.
Attention! Only log in on the official website if you have successfully completed the secure website. Please log but only on the official website, chances are we suspicious of this action and your MijnICS temporarily hold up. Click here! For the secure website!
(It may be that some computers have difficulty with the capacity and not everything is visible) Attention!
Keep this letter / e-mail with your other letters.”

THIS IS A PHISHING SCAM:

No security card company will ever notify account holders using this type of e-mail notification.
If you are uncertain about the security of your credit card or bank accounts – CONTACT YOUR BANK only. Never use any link contained in an e-mail to access your bank account or your card account.

WARNING | ‘Who is viewing’ your Facebook profile

ALL FACEBOOK USERS BEWARE:Facebook Icon

The recent app, ‘Who is Viewing Your Profile’ is a SCAM, NOT the official Facebook ‘Insights’ This app is a 3rd party app, which may at the very least violate Facebook’s Terms and Conditions for applications. Official Facebook statistics are FREE from Facebook Insights.

This app keeps on making  a return: Despite Facebook upgrading the app screening process, it looks like ‘who is viewing your Facebook profile has returned again. A sudden upswing in searches on Google for information about this malignant app strongly indicates who is viewing is active. Do not permit this app to access your Feacebook account. It is a SCAM.

The app directs you to a Facebook page

which instructs you to click a link to continue. It requires permission to connect with your facebook Account using a non-secure connection (http) If you click the ‘continue’ button, you will be directed to a website set up by a gambling operation, and asked to enter your cellphone number. One of the options is to subscribe to a cellphone app… the other is to ‘see if you are lucky’

Facebook clearly states in the terms of use for apps, that REQUIRING a member to spend money or simarly do something to receive the benefit of the app is not permitted. Such a requirement may only be OPTIONAL.

Read the rest of this entry