Folks who read this blog know: when I find them, I report them.

There seems to be a new attack on CareerBuilder.com users, both employers and job seekers, aimed at spoofing their name for whatever purposes. I got the email in my mailbox today and will be dutifully informing CB of the problem once I’m done posting this to the blog. The email redirects to a rojoka.net address.

Content:

Dear employer

Due to a recent security breach in the Careerbuilder computer system, a new set of terms and conditions has been issued.
In order to guarantee the security of your Careerbuilder account , we need you to login over a secure connection and confirm your user and password,
by clicking the link below.After the process is completed, your account will be secured as stated in the new terms of use.

Please click on the link below and login in order to accept the new terms and conditions that have been issued ( Online Access Agreement Update ) :

http://www.careerbuilder.com/share/login.aspx?sc_cmp2=JS_Nav_MyCB_LoginM>

After completing this process, you will be redirected to our new terms of use.

Thank you

�© Careerbuilder Limited. Use of the information contained on this page is governed by federal law and is subject to the disclaimers which can be read on the disclaimer page.

Those of you who check this site often know I track such things. This one is an interesting one, in that it looks for all the world as though you just bought $400+ worth of Creative sound equipment, and then gives you a nice, fancy “Cancel this transaction” link, which of course goes to the phisherman’s cove. The body of the scam email is contained after the flip, as is the registrant information for the offending domain, in case you want to give him a jingle. As always, I have reported this email to PayPal and recommend you always do the same.

» Continue Reading…

Citi Bank customers and others, beware! There is a domain called paypal-up10.com moving some kind of phishing scam through the Internet of which I have been recently made aware. The body of the email reads as follows:

Important Information Regarding Your Citi Bank Credit Card
Dear CitiBank Client ,

This is your official notification that the service(s) listed below
will be deactivated and deleted if not renewed immediately. Previous
Notifications have been sent to the Billing Contact assigned to this account.

As the Primary Contact, you must renew the service(s) listed below.

SERVICE: Citi Bank Credit Card
Expiration Nov 1st 2007

What you need to do:

It’s easy to renew your Online Banking Services by click on the link bellow :
http://www.citicards.com/us/HOME

- Go to Account Login
- Update/Verify Your Information

Thanks
Citi Bank 2007

» Continue Reading…

Yes, we’ve all seen this boy: John Scherer, CEO and founder of Video Professor, the series of DVDs that claims to teach you how to use a computer. And he always ends his commercials with the catch-phrase (of sorts), “Try m-product?”

Well, apparently, he’s only interested in you trying his product, he’s not at all interested in you reporting back what you thought of the product to anyone else. If you do, he’s apparently ready to sue each and every last one of ya:

INFOMERCIAL SCAMS.COM - VIDEO PROFESSOR SUES HIS OWN CUSTOMERS

Interesting Info:* A direct quote from the Video Professor website reads, “Any company can say good things about its own product, but the real proof of product quality is when customers speak out about its excellence.”

* Ironically, Video Professor is suing its own customers, despite the aforementioned quote

A website and public consumer advocacy group called “infomercialscams.com” is getting sued for allowing people with what appear to be legitimate gripes against the company to voice them to the world. This article goes into detail with all the hidden fees and unordered but charged-for mystery DVDs people are experiencing.

So we’re clear, this all looks terribly familiar to me. When I was out of work recently, I was introduced to a website offering free business cards, so I signed up. I couldn’t tell ya the name of that site, now. After ordering the cards and getting them, I started getting mystery charges all over the place, and as it turned out, some shady “check-box magic” on the order form gave this scam enough quasi-legitimacy to avoid litigation from scammed folks all over the globe. I suspect the same thing is in play here.

Technorati Tags: Video Professor, Scams

Across the country, attorneys general are sniffing around Facebook and MySpace, looking to crack down on pornography and sexual predators.  Unfortunately, Facebook has taken to bragging about it’s privacy over MySpace, and that’s led to some red-faced explanations of why complaints about porn and predation have not been followed up on:

Facebook’s safety disputed || Democrat & Chronicle: Local News

“My office is concerned that Facebook’s promise of a safe Web site is not consistent with its performance in policing its site and responding to complaints,” Cuomo said in a statement. Facebook spokeswoman Brandee Barker said Monday that the states’ concerns are being taken “very seriously.” . . . Founded in 2004, Facebook started as a social network for teenagers and college students, but in 2006, the site was opened to anyone. The company has boasted about its efforts to keep its sites private and safe.

Andrew Cuomo is right to be looking out for kids on the Internet, and if there’s reason to improve safety on Facebook, I’m all for it. However, this is an apples-and-oranges comparison: privacy and identity security as opposed to safety for minors.   » Continue Reading…

OK, guys and girls in the blogging community, lend me your ears and shit.

There seems to be a new scam in town, of which I am hot on the trail. I’m asking those of you who blog to pay particular attention to this one, because it affects your blog and is the kind of thing you could potentially be held liable for. I was browsing through my moderation queue and found this one, so have a look at yours, eh?

» Continue Reading…

Look out, everyone.  Phishing just got a whole new look, and it’s beginning to look a lot like PayPal:

broadband ? Forums ? Spam, Scam and Charge Busters ? [Phishing] ALERT!! New Vicious PAYPAL phishing

Within 72 hours one of these Paypal phishes has ensnared over 1,100 victim accounts. It was targeted by multiple spams that used various referral links on hijacked machines. In the two years that I have been digesting and extracting phish data, I have never seen any that came close to 1,100 victims in a little over two days. In fact, I have never seen anything even close to that rate regardless of the up-time or the phish type. As far as I am concerned this is a record.

Technorati Tags: phishing, fraud, scam, PayPal

powered by performancing firefox

Interesting article from The Register:

Browser crashers warm to data fuzzing | The Register

Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws.

Fuzzing is an interesting concept. Basically, you throw random code at an application and see what crashes it.  This technique has been used with network protocols and network hardware for a while now, but turning it on browsers is a relatively new development.

Despite what you may think, while a preponderance of stablity flaws found were in Internet Explorer, there were several found in other browsers.  The article doesn’t specify what vulnerabilities were found in which browsers, but Microsoft of course is hedging for now.  They know that the wind of public opinion is directly aimed at thier faces, and they’re going to “look into it.”  In fairness, there hasn’t been an outbreak of anything particularly nasty in a while in terms of Microsoft vulnerabilities.

But what new dangers lie just below the surface that will be found by some enterprising young hacker looking to make his mark?  Time will tell, and it seems sooner rather than later with this new technique in play. . .

Let this be a warning to all who read:

VXers add rootkit tech to MyDoom and Bagle | The Register

For example, Bagle-GE incorporates rootkit features designed to hide the processes and registry keys of another Trojan of the same family, Bagle-GF. The development has raised particular concerns because of strong links between Bagle and the operations of numerous botnets, networks of compromised Windows PCs that are often used to either distribute spam or attack other systems.

Just in case you thought that PayPal couldn’t get any riskier, guess again!!!

PayPal goes mobile | The Register

PayPal mobile will launch within the next two weeks, and will allow users to pay bills and receive funds using a text message interface. A spokeswoman said the service would only be available in the US, Canada and Britain at first.

Ah yes, the brilliant minds at PayPal have decided that opening the floodgates to email phishing was too easy, so they’ve decided that making phishing attacks much smaller on a hard-to-read cell phone screen would be much more effective. Bravo.