Category: Phishing

More Facebook Phishing

February 10, 2024 / Jesse Mueller / 0 Comments

I never think I’ve seen it all. I’m sorry to report, there’s always another scam, just around the corner. Today, I’m seeing a new take on Facebook phishing, and this time, it’s targeting Facebook Business Pages. The scammers are creating fake profiles AND fake websites, and hoping to fool everyday folk like you and I.

The Scam

The scammers are watching and waiting for a legitimate business to post on Facebook. Specifically, they’re looking for giveaway-style posts, where the business is offering something to anyone who comments on or Likes the post. It’s easy for them: They’re just performing a word-search on Facebook posts for “giveaway” or something similar. And when they find what they want, they spring into action.

They quickly create a phishing website that resembles the target company. And they also create a Facebook page, using the name and photos from the real business profile. Then they start commenting to people on their original giveaway post:

more facebook phishing — That comment is not from the real Freeman Foods, it’s an impostor!

Unsuspecting people might see these comments and be fooled into thinking that it is a real comment from the legitimate business. But the comment and link is fraudulent. The URL in the comment leads to a bogus phishing website that asks for your PII. And victims of that fake site will suffer from spam, identity theft or worse.

The Tells

This scam may be obvious to some people, but I should point out how to recognize this as a phishing attempt:

The comment links to a strange URL, containing “myfreesites”, “googlesites”, “sitebuilder.com” and not the real URL for the business. These other URLs are using platforms that let anyone create a website, on the fly, for free!
The English is a little off, because the scammer is certainly in another country. They could be in Scamdinavia or Carjackistan, but they hide this and pretend to be in the USA.
If you click through to the commenter’s page, you can see that it was created very recently and has very few Likes/followers. The legitimate business page would have many Likes and have been created far in the past.

The real Freemans Foods has thousands of followers and created their FB page in 2013.

Reporting the Issue

If you are the real business owner, and the scammer is commenting on your posts, click on the impostor’s name and use the 3-dots button on their profile to report them to Facebook. Then, return to your posts where their comments are, and report those as well. When reporting the comments, look for additional options to Block or Ban them from your Page.

If you are a regular Facebook user, and you see this type of phishing, feel free to report the scammer’s Page and comments to Facebook. The more reports they get, the quicker they may shoot down the impostors.

And if you want to go the extra mile, you can report the phishing website (URL) mentioned in the comments. This can help Google, Microsoft and other big tech in noticing and flagging that website, and it may lead to the site being removed from the internet:

Google accepts phishing reports at this website.
Microsoft wants unsafe website to be reported here.
Submit any phishing URL to Norton at this page.
McAfee has a page where you can submit a phishing URL.
The FTC welcomes reports of all kinds of fraud at this site.
Submit any phishing URL at the IC3, using this link.
You can also look up the phishing website at a site like this, and then send an email to the Registrar Abuse Email, letting them know that they are hosting a phishing website!

The Bitcoin Purchase Scam

February 1, 2024 / Jesse Mueller / 0 Comments

The Bitcoin Purchase Scam is rather common right now, and I’d recommend you become familiar with it. It is just another Thank-You-For-Your-Purchase scam, and there is no truth to what’s in the message.

In short, this scam’s email announces a charge for a Bitcoin purchase you didn’t make. That’s because there was no purchase, but the scammers are hoping that you don’t know that. They want their victims to react quickly and reach out. Anyone calling the stated phone number will speak to a cybercriminal who is all too ready to lie lie lie and steal your money.

But here’s a longer, Too Many Words version, from a fresh incident that I just helped a client recover from:

From a Recent Service Call:

Today’s caller asked me to check over his computer, because he’d had some unauthorized transfers on his bank account. His bank couldn’t explain it to him, so they recommended he have his PC checked. I asked him a few questions about possible scams, but nothing rung a bell. So I dug in and eventually picked out the history and whole story of the scam.

About a month ago, he’d received this email, became concerned, and called who he thought was Paypal. It was not Paypal, it was instead some crook in Scamdinavia.

The scammer on the phone told my client some convoluted story, in order to convince him to install Anydesk and DWAgent (remote control software) on the machine.

I don’t know the in and outs of the scammer’s claims, but browser history from the PC showed that they’d visited the Paypal website, as well as Western Union. Perhaps they attempted some money transfers, but I don’t think they succeeded. And then things went quiet for a few weeks. But the scammer was playing The Long Game. He retained his remote-access to the computer and bided his time….

And more sketchy activity began a couple of weeks later: New remote control software (Supremo & RealVNC) was added to the system last week. And then someone installed a covert keylogger as a Chrome extension. My client didn’t recall any new phone calls, so I had to conclude that they were accessing the computer without his knowledge. They were adding these programs and attempting more bank transactions using his computer, while he was away or asleep.

For my part, I removed all of these control apps and crimeware. The Supremo was a challenge, as they’d put a password on it, but I persevered. In less than an hour, we had answers and a safe-to-use computer again. But the client still has plenty of work to do. Following up with the bank, changing passwords, chasing after money to see what, if anything, can be clawed back… I wouldn’t wish this stress on anyone.

Please, if you’ve read this far, understand that these crooks will go to great lengths to steal your money. Be suspicious of anything unexpected that arrives on your computer or phone. Try to verify things independently from any call or email that has you worried. And if it gets too complicated or overwhelming, just shut everything down and go talk to a friend. Sunlight is the best disinfectant.

If you’ve received an email you are concerned about, feel free to forward it to me! I will write you back with my professional opinion as to if it is fake or legitimate. And if you’ve been had, you may call me and hire me to clean your computer. But call your bank first, prioritize your financials over your technology!

Evite Phishing

January 24, 2024 / Jesse Mueller / 0 Comments

There’s a phishing email going around that looks like an Evite. Here’s what you need to know about it:

Phishing Photos

The bogus message looks like this:

This email, if you receive one, may have one of your friend’s email at the top. But please don’t believe in this thing. This is all a sham.

I clicked through, though, because I accept the risk and have to dig into these things. The “View Invitation” link led me to a different phishing page:

This is not the real Dropbox, but it looks similar enough to fool some people. Please notice that the URL is nowhere close to the real address for Dropbox.

Next (please don’t you do this!), I clicked the Captcha and saw the next screen, which wanted to know which email I used:

And each of those email buttons leads to a different phishing panel, where they were trying to convince me to type in my email address and password. This whole scam, phishing upon more phishing, is all an effort to get people to hand over their email credentials to some cybercriminals.

Dos and Don’ts

If you receive this message:

Don’t reply to this message.
Don’t Block the Sender (because it really did come from one of your friends).
Don’t click on any links.
Don’t type in any passwords or other important info.
Call the sender, or contact them outside of email, to let them know about this.
Encourage the sender to change their email password or otherwise secure their account. They have likely been compromised, and someone bad is abusing their email address!
If problems persist, mention to the sender that they can reach out to BlueScreen for direct help!

Facebook Guest Chat

January 15, 2024 / Jesse Mueller / 2 Comments

Update as of 2/13/2024:

Readers recently brought to my attention that they couldn’t follow the steps below. After I looked into it, I can see that Meta has changed their Settings Pages, and you may not be able to disable this feature.

But as it turns out, that’s OK. Because they’ve disabled the entire Chat Plug-in feature, for the entire site:

I have to guess that Meta could not fix this problem with the scammers, so they had to abandon this odd feature. If you continue to get other scammy Facebook messages, make sure to report them.

Original Post:

Facebook Guest Chat is a new and problematic feature that affects (so far) only Facebook Business Pages. This feature allows people to message a business over Facebook, without signing in to a Facebook account. Guest chat allows for anonymous messaging, and the chat only lasts for a short time. After a day or so, the messages self-destruct, like in a spy movie.

Problematic

I can’t say why Facebook decided to implement this feature, but it is a problem. Cybercriminals are already looking to use this tool to phish and scam people:

If your Facebook Business Page receives this sort of message, please do not believe it! It did not come from Meta, there is no crime or danger afoot for your Page, and you should not do what this says. It is simply a phishing attempt, and the bad guys are trying to trick you into giving them your Facebook logon credentials!

You are welcome to report suspicious Guest messages to Facebook, if you like, but I doubt it will do much good.

Disabling Guest Chat

If you have a Facebook Business Page, you may choose to allow or refuse Guest Chat messages. The steps for doing this, though, are hard to find, and even Facebook can’t tell you accurately how to do this. Here’s what worked for me:

Go to your FB Business Page at https://business.facebook.com/
On the left, click Inbox
To the upper-right, click the cogwheel (Settings) button
Under Inbox Settings, click Chat Plugin
Click where it says Customize Chat Plugin
Next to Guest Chat, click the Toggle to turn it off
To the lower-right, click the Publish button.

After you take these steps, you will still get regular FB messages, from people who are properly signed-in to Facebook. But no more Guest messages can get through to your Business Page.

Vishing

November 28, 2023 / Jesse Mueller / 0 Comments

I didn’t think we needed a specific term for scam phone calls, but here we are. Following in the footsteps of smishing and quishing, we also have the term vishing. Vishing is another portmanteau, created from voice + phishing. When you see or hear about vishing, they’re referring to any phishing/cybercrime carried out over the phone or through other verbal means.

Vishing Examples

You may know of some of these vishing scenarios already, but they’re worth rehashing. Some of these employ live human voices, while others might use recorded messages or even AI-generated speech.

Big Tech Impostor: An important technology company calls to urge you into action. The call may claim to be from Apple, Microsoft, Yahoo, Google, etc., and they may claim your account has been compromised or your data has been stolen. Others calls seem to come from Norton, McAfee and the like, where they state your PC is infected, or you are due some special refund. These calls often become a remote control scam.
Big Merchandise Impostor: Most of us place orders with Amazon or Wal*Mart, but that doesn’t mean they’ll call you out of the blue. Calls announcing that your shipment has been lost or damaged, will probably morph into a refund-based scam.
Pretending to Be Your Bank: Is that call really coming from your bank, or is it an impostor. Be suspicious if the person on the phone wants your PIN, or a texted code or anything else sensitive from you.
Television/Broadcast/Satellite Impostors: Xfinity, Dish, DirecTV and more are commonly impersonated on calls offering discounts and refunds.
The Grandparent Scam: Vishers call their victims, trying to pass themselves off as young relatives in trouble. Even worse, this scam is changing to employ AI-generated voices that sound very convincing. Family members report receiving calls that claim someone dear to them has been kidnapped.
Police Department/Court Systems/IRS Threats: If you need to pay your taxes, settle a court order or be arrested, a government employee will not call you to take payment over the phone. But these vishing efforts succeed everyday, because people are often afraid of these entities coming to their doors.

Advice & Notes about Vishing

Most vishing calls use Caller ID spoofing, to make them more convincing. Please remember that Caller ID is not always truthful.
Do not harass or aggress a caller, if you figure out they are a scammer. In rare instances, the cybercrook will respond by swatting their victim. Just hang up on them.
Some vishing calls originate from your trash. A crook may harvest an account number or some other PII after doing a little dumpster diving. I recommend you shred all sensitive paperwork before you dispose of it.
If you haven’t put your number on the National Do Not Call Registry, now’s the time. It won’t solve your telemarketing call problems, but it might decrease the unwanted calls coming in.
Let all unknown callers roll to voicemail. Do not answer mystery callers.
Some vishers look to leave a voicemail message about an urgent situation. They may use tools that send their call directly to your voicemail inbox! The recording will state a phone number to call, but that will typically just connect you to the scammers. Do not call these crooks back!
Don’t speak to a robocall or any suspicious caller. Some experts worry that talking on a recorded line may make it easier for a crook to steal your spoken words to create voice-mimickry used in their next vishing calls.
Vishing calls are getting better everyday, and you may find yourself on a call that you can’t figure out. If you’re feeling torn, hang up the phone! Call the company back, using a number you can trust, either from a printed invoice in your possession, or from their website.

Quishing

October 20, 2023 / Jesse Mueller / 0 Comments

That’s not a typo. The title is not missing an ‘S’. Quishing is a new term, made by combining “QR code” and “phishing”. Like smishing, it’s yet another deceptive practice that scammers are using to take advantage of people. Here’s what you need to know, to be safe out there:

QR Codes

this is not a quish, my QR code is safe to use!

QR (quick response) Codes are those delightful Bladerunner-esque hieroglyphics that you see on windows and doors of businesses. Scan a QR code, and it will quickly take you to a website, an app download, or some other useful internet function. And as society gets more comfortable with using them, they’re coming into play in many more places:

Restaurants, for viewing menus
Parking meters, for instant/electronic payments
Hospitals, for health app downloads
Storefronts, for advertising/promotional offers
Malls and public space, for connecting to free municipal Wi-Fi
Product packaging, for access to nutrition/safety info

I’ve previously blogged about using your camera on QR codes, and also how easy it is to make your own QR code, for free. Well, as QR codes become more commonplace, scammers are looking for their angle. These opportunists are finding it handy to use QR codes as they phish, because a QR code hides the URL or true intent from the human eye.

Where Quishing Occurs

Quishing is when a bad guy creates a QR code of his own, and places it somewhere (often in public), to get unsuspecting people to scan it. Since a QR code can link to anywhere on the internet, a quish could lead your phone to:

a phishing (impostor) website
a dangerous app download
a bogus Wi-Fi hotspot
malicious sites or advertisements

There’s not a lot of data yet on how common quishing attacks are, but there are reports of specific incidents out there. Austin, TX had a scam last year, where a quisher put his own QR code stickers on their parking meters. When people scanned those bad codes, they were taken to a fraudulent app that tricked them into paying the quisher. Another BBB article references where a student received a bogus financial aid letter in the mail. The printed QR code linked to a phishing website, bent on stealing his money.

Besides quishing stickers appearing in public, unsafe QR codes are also being used in phishing emails. These messages present as if your account needs attention and that you can scan the included QR code to sign in. But scanning that QR code leads the victim to a convincing fake website that asks for your email and password. Someone tricked in this manner will deliver their login info directly to cybercriminals.

For more quishing examples, check out this BBB article.

How to Be Safe Against Quishing

Don’t Panic. Quishing, while dangerous, is probably not going to shanghai if you remain mindful as you use QR codes.

Before scanning a QR sticker, judge it for legitimacy. Does it look clean and professional? Is there anything sloppy or suspicious about it? If so, trust your gut and look for a URL to type in or some other way to access the info/website/function. Or ask a legitimate employee about the QR code.
After scanning a QR code, confirm that you are where you expected to be. If you’re in a bakery, scanning a QR code for a chance to win a free cheesecake, you should be alarmed if instead you see an ad for dating hot singles in your area. If any weird pop-ups or downloads jump onto your screen, do not cooperate with them. Close those apps, or reboot your phone to get away from them!
Notice the URL of any website that comes up from a QR code. Does it match what you expected? Scanning a code at Starbucks should take you to a URL with “starbucks.com” in it, not “starb-buckss.tw”.
Do not sign-in to any unexpected password prompts, after using a QR code. Only enter sensitive information if you are 100% certain of the QR code’s trustworthiness. Double-check with anyone in authority where the code is posted, for peace of mind.

Stolen Facebook Accounts

May 12, 2023 / Jesse Mueller / 0 Comments

There is a large rise in Facebook Account Theft right now. I can’t explain the sudden surge, but for the last few weeks, I see people complaining about and suffering from stolen Facebook accounts almost every day. We need to go over the details, so that you are prepared and protected.

How Facebook Accounts Are Stolen

Your Facebook account can be stolen when a bad guy tricks you into revealing your password. Or, a cybercriminal can attempt to reset the password on your account, and then trick you into giving them the reset/authorization code. Then, they set a new password on the account, locking you out and giving themselves all the control.

To finalize the theft, the crook replaces the email address and/or phone number on your account with their own email/number. This makes it nearly impossible for you to recover your account.

Phishing emails are a common way to take passwords from people. Messages or pop-ups that look deceptively similar to real Facebook notices can pressure people to type in their credentials. But right now, I’m seeing a lot of password-theft happening via stolen accounts, using impersonation tactics. Example:

John Doe gets a PM from his cousin, Uncle Buck. “Hey, John! I’m having trouble with my Facebook account, and I need your help. Imma send you a code — can you tell me what that number is? It’ll help me reset my password, thanks!” John Doe thinks he’s helping his uncle, so he waits for the code to arrive by text message. When it comes, he types it in and sends it over.

But Uncle Buck isn’t Uncle Buck. A cybercriminal is inside Buck’s account, and when he gets the code, it allows him to finish a password reset on John Doe’s account. John Doe soon finds this out, when he is forced out of Facebook and cannot log back in. His account has been hijacked just like Uncle Buck’s.

How to Protect Your Facebook Account

Never share any security code with anyone. When a numeric code is texted or messaged to you, it is for your use only. In the wrong hands, that simple code can defeat the security of an important account. This goes for Facebook, Gmail, your bank login and any other online account you use.
Facebook offers some basic security tips at this page. Implement as much of their advice as you can handle.
Consider setting up additional security features for your Facebook account, like 2FA and login alerts. More info on that at this page.
If you get any fishy emails or PMs from people you would normally trust, pick up the phone and call the sender. Figure out if they really sent those message, or if you’re corresponding with some impostor in Scamdinavia.
Change your Facebook password at the first sign of trouble.
Review your Facebook Profile and make sure your Friends List, phone number and other personal info is not viewable by the public. The privacy level on that info should be “Friends Only”, or better yet, “Only Me.”

What to Do If Your Facebook Account is Stolen

Do not delete any security-alert emails that you receive from Facebook. They could be invaluable toward recovering your Facebook. When your password, email address or other sensitive info is changed on your account, you will receive an email. Each message will state: “If you did not make this change, click here.” Sometimes, clicking where indicated is your only hope of reverting the scammer’s change!
Try to recover your account at www.facebook.com/hacked . Alternate links and methods are at this page. I must warn you, though, this process can be time-consuming, frustrating and ultimately unsuccessful. Facebook has made this process difficult, and there is no easy way to contact them.
Contact people outside of Facebook, to let them know your account has been compromised. Tell them to not trust your account until further notice. Ask them to look at your account for any suspicious posts or content. If they see anything that looks bad, suggest to them that they report it to Facebook.
If you want to try to call Facebook, please know that it probably will not help. They do not want to answer the phone for non-paying customers, and at this time, you cannot yet pay Facebook for proper support. But I will give you their corporate numbers in California, just in case: 650-543-4800 and 650-308-7300. Please be careful seeking out other Facebook contact info, as most of the phone numbers you might see in a Google search belong to scammers.
There are many companies on the internet that claim to be able to recover your stolen account, for a fee. Most of these are fraudulent operations. Beware! But one company called Hacked.com seems to be legitimate. I can’t vouch for them 100%, but they have a significant internet footprint and reasonable reviews about the recovery services that they provide.
If all else fails, or the recovery process is too money or time-consuming, make a new Facebook account.

Relevant for Protecting Other Social Media Accounts

This post focuses on Facebook, as that’s where I’m seeing the most harm done right now. But the overall threat and advice is relevant elsewhere. LinkedIn, Instagram, Twitch, Twitter… Accounts can be targeted and stolen on many other social media websites, using the same tactics I’ve described.

And the amount of support you get (almost none) will probably be the same, if you are a free or non-paying user. I will help where I can, but I have no special abilities to get Facebook to do the right thing. It’s up to you to stay alert and not get in a jackpot. Stay suspicious, my friends!

What To Do About Phishing Websites

March 2, 2023 / Jesse Mueller / 4 Comments

I am seeing a rise in phishing websites; here’s some info on what you watch out for!

When you use a search engine, cybercriminals can game the results. They have ways to get their fraudulent websites to rise to the top of the page, and one method for this is simply to pay for ad placement. Check out this example:

I went to the Bing search engine and typed in the name of a local credit union. The first three results look like what I wanted, but they actually go to phishing websites. These phishing sites seem like the real deal, and offer convincing graphics and login fields. But anyone duped by these impostors may end up giving their banking passwords to crooks!

Also understand: This type of phishing isn’t just for financial sites. Recently, Cory Doctorow was shanghaied by a phishing result for the Thai restaurant he wanted to order from.

Protections

To protect against this rubbish, first please be on the lookout for the small markers next to search results that say “Ad” or “Sponsored”. Ignore or bypass any search results with those indicia.

Consider installing a browser extension that judges and rates your search results. Bitdefender Trafficlight puts a marker next to search results, to let you know what’s good or bad before you click on anything.

Change your browser’s search engine. If you explore your browser’s Settings or Options, there will be a menu or other way to set your default search provider. Right now, I see Bing and Yahoo being exploited the most. Stay away from AOL or Ask.com. Google might be safer. DuckDuckGo appears to be a great and safe choice, for now.

Install an ad-blocker into your browser. I consider ad-blocking to be your second line of defense (after your antivirus), and good free ad-blockers are widely available. This sort of tool might suppress some of the sponsored links you might otherwise encounter.

Bookmark your financial and most important websites in your computer’s web browser. Use your bookmarks more and your search engine less to get to things you visit daily.

On mobile devices, bookmarks are good, but apps are better. If your bank or other important company offers a dedicated, branded app, use it! Download it from the app store and use it instead of loading their site in your browser.

Reactions

If you encounter a phishing website, consider reporting it. The sooner a bad site is reported, the faster it may be removed from the internet.

The FBI’s Internet Crime Complaint Center wants to know about phishing sites
Google’s Safe Browsing team accepts reports of phishing sites.
Microsoft wants your reports about phishing attempts.

If you were duped by a fraudulent website, take action as soon as you figure things out. Change any passwords you may have submitted to the bad site, and contact any financial institutions that you may have shared or used when you were phished. If you haven’t already, ask your bank about activating 2FA protection for your accounts.

And in general, give the real company a heads-up about what you’ve encountered. They may appreciate knowing about the impostor efforts out there.