Posted on 27 November 2012.
It appears that fake Apple invoices are turning up in your inbox.
The invoices appear to be legitimate Apple “receipts” that iTunes users are familiar with seeing after purchasing music or apps. Most of us would be shocked by the price that appears to have been charged on our credit card. We will immediately want to click the link to view or report a problem – don’t. The links take you to fake IRS pages and ask you to download browsers (malware).
Fake Apple Invoice
Take a close look at the invoice and notice the mistakes and/or odd words/actions. A legitimate invoice will have your name/email and address listed, and should have the last 4 digits of your credit card in the upper right of the invoice.
Don’t click any links. Delete the message, or if you prefer, call Apple or your Credit Card company.
Source: Fake Apple invoices lead to Blackhole exploit kit that drains your bank account | Naked Security.
Posted in Featured, Information, Quick Tips
Posted on 07 November 2008.
Hackers and phishers are taking advantage of your need for election news by using President-elect Barack Obama’s name to get you to click on links and run programs that will infect your machine with malware.
The latest deception involves sending email with a link to President-elect Obama’s victory speech. The link will take you to a website that requires you to install the Adobe Flash plug-in. Not true. The plug-in is really a Trojan horse that installs malware on the machine.
Here is an excerpt of the the email that has been going around:
From: “President election results”
Subject: A new president, a new congress …
Barack Obama Elected 44th President of United States
Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech by clicking here
What does it do?
The Trojan’s main purpose is to steal passwords. It runs in the background and looks for passwords, and can act as a keystroke logger.
You can remove the Trojan if you have your anti-virus software up to date. In fact, if you do, your anti-virus will most likely stop you from getting infected, as it will identify the program as being a Trojan and prevent installation. Don’t take any chances though. Simply delete emails from sources you don’t know that ask you to click on links.
Posted in Email, Internet
Posted on 22 October 2008.
There has been a great deal of news of financial institution failures. Many banks have been swallowed up by larger institutions and mergers seem to be occurring almost on a weekly basis. Unfortunately, the troubled banking situation has opened up a door for Internet scams and phishing attacks.
Email that appears to be from a legitimate bank telling you that a merger has occurred. The merger involves your bank and this new bank and you are being asked to verify you account information. What to do?
There is no need to keep an email like this. If your bank or your “new” bank needs to get a hold of you, they will send you a letter via snail mail. If it is important, they would not rely on email to communicate this important information. Just delete it.
Don’t Click Any Links in the Email
They may look like recognizable links to banks, but often times they are not, and will redirect you to a bogus page that looks like your banks home page. You will be asked to enter your username and password and when you do, the site re-directs you back to the bank’s real web page. But by then, it is too late. You’ve input your personal data, and now they can use it to tap into your account.
Visit the Bank Directly from Your Browser
If for some reason you haven’t deleted the email and you believe that you have received a legitimate correspondence, you should still avoid clicking on the link in the email. Instead visit the site by entering the bank’s homepage URL directly into your browser. For instance, enter www.wamu.com in the URL field, and then navigate to the login page. Make sure your login is secure by checking for the lock icon in your browser’s status bar.
Secure Login Icon
Try Using OpenDNS
OpenDNS is a free service that you can easily setup to help you avoid phishing sites. They do a good job of tracking known phishing sites and will stop you from the site. Check out my post on OpenDNS for more on this great service.
We should all be cautious of email from banking institutions. Hopefully you aren’t getting to many of these because of the prevalence of good spam filters and services like OpenDNS.
Posted in Email, Web Browsing