New sick Facebook scam exploits Robin Williams’ suicide

ESET Ireland is issuing a warning about a widespread Facebook scam, this time exploiting the tragic suicide of comic actor Robin Williams.

The scam, which has spread widely on Facebook, claims to show a “goodbye” video made by Robin Williams before he committed suicide last week. However, when Facebook users click on the link they are told to share it with their online friends and complete a survey before they can watch the promised video. Each completed survey earns the scammers a small amount of money.

How the Robin Williams Facebook scam works:

The first thing you see is a post shared by one of your Facebook contacts, entitled, “ROBIN WILLIAMS SAYS GOODBYE WITH HIS PHONE VIDEO BEFORE SUICIDE”. Here is an example of how it might look in your Facebook newsfeed:

robin-williams-1

Clicking the Facebook link takes you to a third-party website, which claims to have a video that was purportedly filmed on Williams’ mobile phone in the minutes before his death.

If you click to watch the video, you are informed that you first need to share the link on your Facebook wall. The scammers do this to encourage as many people as possible to go through the same process.

robin-williams-scam-2

EXCLUSIVE VIDEO: ROBIN WILLIAMS SAYS GOODBYE WITH HIS CELL PHONE BEFORE HANGING HIMSELF WITH A BELT AND CUTTING HIMSELF WITH A POCKET KNIFE. HE CAN STILL MAKE EVERYONE LAUGH WITH THIS VIDEO BUT IT WILL MAKE EVERYONE CRY A RIVER AT THE END.

Instead of being shown the video, you are presented with a survey, from which the scammers behind this Facebook scam are making money.

“The point of the scam is that each time someone fills in the survey, they are paid an unknown sum,” said Peter Stancik, security expert at ESET.This is not the first time that a celebrity death is used as click bait on Facebook. The more victims that complete the survey, the more money the scammers make. And, in case you were wondering: no video is shown after completing this Facebook scam.

robin-williams-3

ESET Ireland’s advice:

The best thing to do is not to share or click on this scam, and report any sightings of it to Facebook. “It is a good idea to first check the links you click on social networks, and never Share or Like something before you have seen it yourself. Putting this in other people’s feeds is a surefire way to upset your friends” added Stancik.

Read more about this scam on ESET’s security blog, We Live Security: http://www.welivesecurity.com/2014/08/15/robin-williams-suicide-phone-call-scam/

Attention gamers: You’re targets for crime!

Video games have gone since the late 1970s and early 1980s from being a small offshoot of the “traditional” computing industry to becoming a full-fledged multi-billion dollar industry in themselves. Today, companies like Microsoft, Nintendo and SONY generate billions of dollars from sales of games and gaming consoles.

To get an idea of just how pervasive computer gaming is, let’s look at these successful games and consoles, and match them up with some other real-world numbers:

ITEM
NUMBER
EQUIVALENT TO
The Sims 175 000 000
(copies sold over 15 years)
Combined population of Austria, Belgium, Denmark, Germany, Liechtenstein, Luxembourg, Netherlands, Poland, Slovakia and Switzerland
World of Warcraft 7 600 000
(avg. # players over
last 4 quarters)
Cost of 2014 upgrades (in
USD) to Kensington Palace,
United Kingdom
8th generation console units 18 680 000
(PS4+Wii+XBONE units shipped/sold)
Average number of viewers per
episode of Big Bang Theory
during its 2012-2013 season

Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible” or, to put it more succinctly, criminals who abuse the ecosystem.  But in virtual worlds, can real crimes occur?

The sale of virtual goods (including virtual currencies) is an important part of in-game economies, but also presents criminals with some unique opportunities as well, such as theft of in-game goods, counterfeiting items and gold farming. But computer criminals don’t just target gamers:  Gaming companies themselves can be targeted as well.  Probably the most well-known example of this is the April 2011 breach of the SONY PlayStation Network gaming and Qriocity music streaming service, which resulted in the compromise of the names, addresses and credit card details of 77 million user accounts. ESET provided extensive coverage of the SONY data breach in our blog, starting from the initial report of the breach in April 2011 all the way up to the proposed settlement of a week ago.

For the most part, computer gaming poses no additional risks beyond any other activities you might perform on the Internet.  You may, however, wish to take a few extra precautions, as outlined in the previous two articles from We Live Security:

This is a shortened version of Aryeh Goretsky’s article on We Live Security. Go here for the full story.

What’s scamming this week? FBI, Tesco and Bank of Ireland

FBI1

ESET Ireland warns of FBI, Tesco and Bank of Ireland names abused by scammers in phishing emails sent to Irish mailboxes.

Another week, another variation of the old phishing scams hitting Irish mailboxes. This week the scammers are telling us Bank of Ireland wants us to update our account, Tesco wants to add €120 to our cards and FBI wants to pay us $5.9 million. Wow!

Dear customer,
We wish to inform you that access to your online account will soon expire. In order for this service to continue without any interruption, You are require to fill and confirm your details via the following link below:
Update Your Bank Of Ireland online account:- click here to update
After which your online account will then be automatically restored and you will be contacted by one of our bank employees.
With online banking , you have everything at your fingertips with a click .
With online banking , you have quick and easy access to your checking account. You can easily do transfers and standing orders with one click.
We are very pleased to be at your service
Sincerely,
Bank Of Ireland Customer Service.

 

So says the first phishing email. They’re basically telling us to go to their page and give them our online banking log in details, so they can do whatever they want with them. Bank of Ireland warns of these scams on their website, saying “Never respond to any unsolicited e-mail that asks you to validate your login / payment credentials no matter how reasonable the request looks.”

You have been selected to access the Tesco Survey and win a 120€ direct to your card.
Please click here and complete the form to receive your reward. Thank you.

 

The “Tesco” spam is even more straightforward, but like the one above just leads to a site that harvests people’s personal details and financial info. Tesco also offers some advice on staying safe online on their website, adding “Please remember we will never ask for your bank or security details.”

But my personal favourite this week is the FBI one. The gist of it is, that FBI is warning us “that you are among one of the individuals and organizations who are yet to receive their overdue payment from overseas which includes those of Lottery / Gambling, Contract and Inheritance. Through our Fraud Monitory Unit we have noticed that you have been transacting with some impostors and fraudsters” and that “The Cyber Crime Division of the FBI gathered information from the Internet Fraud Complaint Center (IFCC) on how some people have lost outrageous sums of money to these impostors”, and because those wicked fraudsters are out to get us, we should contact barrister James Henry of the Central Bank of Nigeria directly, with all our banking details, so he can transfer us $5.9 million that we are “owed”. Scammers trying to scam us by warning us of scammers. Cute, isn’t it?

Well, now you know. Don’t fall for their tricks and stay safe online.

Malware that encrypts Android phones using FBI child-abuse warnings to scare victims into paying $300

Security researchers from ESET® have uncovered a new, even more dangerous version of Simplocker – the Android file-encrypting ransomware that was discovered a month ago by ESET.

The new version of the file-encrypting malware, detected by ESET as Android/Simplocker.Icontains some notable improvements. This time it displays the ransom note in English – the previous version was targeting mainly Ukraine and Russia – and also asks for a higher ransom, 300 US Dollars to be exact. In comparison to the previous version, it also encrypts a wider range of file types and is more difficult to uninstall from devices.

Last time we wrote about Android/Simplocker – the first ransomware for Android that actually encrypts user files – we discussed different variants of the malware and various distribution vectors that we’ve observed. What initially appeared as just a proof-of-concept mainly because of Simplocker’s “not-exactly-NSA-grade” crypto implementation has proven to be an actual threat in-the-wild in spite of its weaknesses. Also, the malware has been available for sale on underground forums.

Last week we spotted a variant of the ransomware that featured a few significant improvements.

Simplocker

The first change that meets the eye in Android/Simplocker.I is that the ransom message is now in English rather than Russian. The victim is led to believe that the device was blocked by the FBI after detecting illegal activity – child pornography and so on – typical behavior of police ransomware that we’ve seen many times before. The demanded ransom is now 300 USD and the victim is instructed to pay it by a MoneyPak voucher. Like other previous Android/Simplocker variants, this one also uses the scareware tactic of displaying the camera feed from the device.

From a technical perspective, the file-encrypting functionality remains virtually unchanged, apart from using a different encryption key, but this recent Simplocker variant does contain two additional tricks to make the victim’s life more miserable.

In addition to encrypting documents, images and videos on the device’s SD card, the trojan now also encrypts archive files: ZIP, 7z and RAR. This ‘upgrade’ can have very unpleasant consequences. Many Android file backup tools (which we strongly recommend, by the way) store the backups as archive files. In case the user has become infected with Android/Simplocker.I, these backups will be encrypted as well.

Secondly, the malware now asks to be installed as Device Administrator, which makes it a lot more difficult to remove.

1

As usual, the trojan will use social engineering to trick the user into installing it – in the screenshot above, it’s masquerading as a Flash video player.

Our Android/Simplocker detection statistics until today don’t indicate the threat to be widespread in English-speaking countries.

In case your files have been encrypted as a result of an Android/Simplocker infection, you can use the updated ESET Simplocker Decryptor to restore them. But as always, we recommend focusing on prevention ;) Also, while you should be careful when installing any application on your device, be extra careful when the installed application asks for Device Administrator rights.

 

How to hack someone’s account? Ask them for their password!

ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details.

Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there, but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to the happy scammers.

In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:

1. Bank of Ireland

An email purporting to come from Bank of Ireland, claiming your account requires and update and providing a fake link “Click here to complete update”. The email has some bad spelling errors which give it away.

Fake Bank of Ireland email

Fake Bank of Ireland email

 

2. iTunes

An email pretending to be from iTunes, thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.

Nice of them to respect our privacy, eh?

Nice of them to respect our privacy, eh?

 

3. PayPal

An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.

paypal1

Fake link in “Encrypted link”

kkk

“expert-italia.it” address instead of “PayPal

 

4. Microsoft

An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious, then offering a solution “If you’re not sure this was you, a malicious user might have your password. Please Verify Your Account and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.

Legitimate looking email.

Legitimate looking email.

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

hhh

Actual Microsoft account log in

 

What should you do?

First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog here or on ESET’s We Live Security.

Read such mails carefully, checking for clues. If the email had spelling errors or used poor language it is likely faked. A lot of the scammers come from countries where English is not their first language and they give themselves away. Also goes for similar scams as Gaeilge, where they likely used Google translate to try to fool native Irish speakers.

Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by such an email, open your browser and go to Microsoft site directly. Also make sure the website’s address looks correct. In the case of the faked Microsoft one above, the website address read “yazarlarparlamentosu.org”, which is clearly not “Microsoft”

If you suspect you may have fallen for one of these tricks, change your passwords. To be sure, change them in regular intervals anyway.

If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking. They’re accustomed to scams like these and will advise you appropriately.

Think before you click and enjoy safer technology!

 

by Urban Schrott, ESET Ireland

Holiday phishing in the holiday season

ESET Ireland advises caution when receiving holidays-related emails, messages and SMS texts as they could be phishing scams.

In the IT security world we have gotten accustomed to many seasonal or event-related scams. There are the usual suspects, the Valentine’s Day scams, St.Patrick’s Day scams, various disaster scams, currently active World Cup scams and then there is the holiday classic – the stranded tourist.

As the cybercriminals are always adapting, they’re trying many ways to convince their potential victims, the messages are genuine. For targeting Irish users, they have sometimes used mails as Gaeilge, but more commonly just use Irish sounding names. The latest such email we have been receiving in large quantities reads:

ber1

Ignore it! Do not reply to it, even to insult or mock the sender, as that will just confirm to them your email address is a valid one and it will start receiving more and more elaborate scams. If you ever receive any such, from emails or mobiles of people you actually know, consider that their emails could have been hacked or mobiles stolen. Always ring them first and talk to them, before taking any other action. Enjoy safer technology.

Phishing emails and how to avoid them

Phishing emails are popular amongst Cyber Criminals who are looking to steal your personal information. Protecting your data is essential and by following these simple steps from We Live Security your information will stay secure.

Michael Schumacher dead? No, just the latest sick Facebook scam

Facebook fraudsters use fake news of F1 star’s death to direct users to scam websites

Scammers and fraudsters think nothing of scraping the barrel of bad taste, if they believe it will help them earn a few dollars. Take the latest scam spreading on Facebook, for instance, which claims that Formula 1 racing driving star Michael Schumacher has died.

Scam Facebook post

In case you’re not aware, almost six months ago the motor racing legend suffered a severe head injury in a skiing accident, which saw him – until very recently – placed in a medically induced coma. Now, scammers are saying he has died. And, sadly, ghoulish Facebook users are helping for the scam to spread – by clicking on the link.

Cold-hearted scammers are trying to drive traffic to their faked webpages, because if you share the link with your friends you are helping them generate traffic to their site. And the more people who attempt to watch the video, the more money they will make.

Share this scam...

Oh, and by the way, as Schumacher hasn’t died – you’re not going to see a news report claiming that he has. Instead, you will be taken to a webpage which pays a small amount of affiliate cash to the scammers, helping to fill their coffers.

If you made the mistake of clicking on a link like this, make sure that you did not share it with your friends and delete any strange posts from your Facebook newsfeed. Remember to warn your online friends to be wary of similar scams, and to always think twice before sharing links.

You would imagine that Schumacher’s friends and family have suffered enough, without scammers, fraudsters and thieves attempting to profit from his critical condition.

by Graham Cluley, We Live Security

Simplocker ransomware: Now spread by Android apps

ESET recently discovered ransomware malware which targets Android smartphones. The cybercriminals are hard at work developing the threat further

simplockerAs mentioned in our previous posts, the threat is mostly concentrated in Ukraine and Russia. While the malware may display traits of a proof-of-concept, it is indeed spreading in the wild and can cause headaches for infected users. Since our initial discovery of Android/Simplocker we have observed several different variants. They target different domains, use different nag screens and demand payment in different currencies. Some even display a “we know who you are” photo of the victim taken with the phone’s camera to increase the scareware factor.

How can it get into a victim’s device?
ESET’s telemetry has indicated several infection vectors used by Android/Simplocker. The “typical” ones revolve around internet pornography – some malicious apps pretended to be an adult video, an app for viewing adult videos, etc. – or popular games like Grand Theft Auto: San Andreas, and so on. We have, however, noticed a different dissemination trick that’s worth mentioning – the use of a trojan-downloader component. Using trojan-downloaders to “dynamically” download additional malware into an infected system is common practice in the Windows malware world – and while this is not the first case we’ve seen – it is still noteworthy on Android. Using a trojan-downloader is a somewhat different strategy for smuggling malware into an Android device, compared to traditional social engineering (e.g. by using pornography, as in the example above) or more sophisticated techniques relying on exploitation of software vulnerabilities.

For more advice on keeping your mobile safe from Simplocker ransomware, see our blog post.

Domino’s Pizza hacked: Change your toppings at once!

rex

Apparently, hackers have gained access to 600,000 Domino’s Pizza customer details, including their favourite toppings. ESET Ireland advises users to change their pizza toppings selection to stay safe.

I am otherwise a rational and sensible cybersecurity analyst, but I draw the line when someone messes with my food. And the hackers behind this latest attack did just that. In a bid to extort money from Domino’s Pizza, they threatened to publically post detailed info of 600,000 customers, including their favourite pizza toppings unless they’re paid a ransom of €30,000. The hackers aimed at possible lawsuits against the pizza company for breach of privacy, but a representative of Domino’s said the ransom will not be paid and that the customers’ financial data and credit cards were not compromised in the attack.

The servers attacked mainly contained customer info from France and Belgium so Irish users shouldn’t be affected, but just to be sure, ESET Ireland recommends you change your toppings selection, so it doesn’t coincide with the one the hackers may have, so you will not be offered a fake pizza by them. Ok, we’re joking here. But only a bit. Because in the age of targeted attacks, so called spear-phishing, it is not uncommon practice among cybercriminals to gather as much data on anyone they can, including such details as food preference, then prepare a targeted scam which uses bits of this data to convince the victim it’s legit. Imagine an average Joe receiving an email from someone pretending to be Domino’s and saying “Hi Joe, you ordered extra anchovies in your last three orders with us and we want to give you a prize for being a regular customer. Click here and fill in the form to claim your prize.” Even though the sender and email would be fake, the victim would recognise they did in fact order extra anchovies and would consider the offer real and would likely click on the link. This could in turn infect their computer with malware, demand they enter their banking details to receive the prize, or any other wicked thing cybercriminals do.

Apart from changing your toppings, at least for a while, ESET Ireland therefore seriously advises you are careful with the personal data you share with companies and services you deal with. Know that, as in the case of this hack, if the data falls into the wrong hands, it can be used against you. Only disclose the minimum of necessary info and if you receive any suspicious email, claiming reference to some real info about you, double check if it is legitimate, before you do anything it’s asking you to do. When unsure, just ring the company in question and check.

by Urban Schrott, ESET Ireland

Follow

Get every new post delivered to your Inbox.

Join 72 other followers