Tag Archives: scam

Has the Windows Phone Store become a new target for hackers?

Almost exactly two months ago, we reported on some fake apps found in the Windows Phone Store. Unfortunately, the news hasn’t stopped there – instead, it seems that this third-party app store is becoming an increasingly popular platform for the bad guys. Today, we‘ve uncovered quite a large set of fake apps which includes scams imitating legitimate popular apps such as Facebook Messenger, CNN, BBC, and WhatsApp.

Fake apps advertised by Ngetich Walter on the Windows Phone Store.

Fake apps advertised by Ngetich Walter on the Windows Phone Store.

There are two perpetrators behind these fake apps: Ngetich Walter and Cheruiyot Dennis. Between the two of them, they have 58 different apps available in the Windows Phone Store, all of which are fake. The majority of the apps have certain things in common — they collect basic data about users and display various advertisements that are mostly driven by a user’s location. A portion of the apps try to lead users to pages that force them to submit a request to purchase something. Let’s take a closer look at two of them:

1. World News CNN (a.k.a. Abundant Life): What first appears to be a CNN World News app is actually an evangelical message titled “Abundant Life“.

wp_ss_20151006_0027

2. Fake Avast Antivirus: Along with the illegitimate social and news apps we discovered, there were even fake Avast apps added into the mix. Fortunately, each of the fake Avast apps are harmless and don’t accomplish anything more else then redirecting users to Avast’s website and displaying advertisements to the user.

wp_ss_20151006_0009

Money, money, money

It’s fairly obvious that hackers don’t do this sort of thing for free. After looking into monetization methods, it appears that hackers are primarly using two ways to profit from producing and circulating fake apps on a large scale:

1. Advertisement clicks: Apps load different kinds of advertisement kits, which are clicked either by the user or, in some cases, the app itself. Theoretically, the bigger the number of apps that you advertise on an app store, the larger number of clicks you would receive – another reason that hackers often offer a large number of fake apps at once.

2. Misleading advertisements: Certain ad servers are remotely controlled, giving them the power to switch different advertisements on and off. In some cases, those ads lead to scammy pages that try to convince you that your device has security issues and that you need to install some other paid product to fix it.

What is the motivation behind propogating fake apps?

These days, the Google Play store and iTunes continue to implement smarter solutions to protect their entire ecosystems. This approach is making these systems quite difficult to attack and monetize, causing hackers to avoid them altogether. As a result, a less widely used, third-party app store such as the Windows Phone Store is an ideal place for a hacker to hunt for security loopholes. On top of analyzing the reasons behind why these cybercriminals do what they do, it’s also interesting to consider the fact that often, fake apps remain on third-party app stores for weeks and even months at a time. For some reason, no one takes the time to report bad apps, even if it’s clear that they are fake and the majority of user reviews are extremely negative.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Got an aging parent? Tell them about the Grandparent scam

Scammers rob elderly victims of an estimated $3 Billion per year.

A scam that has been around since at least 2008 is still active and targeting elderly folks. Seventy-four year old Avast evangelist, Bob Gostischa, who knows a thing or two about scams, security, and privacy, received a call just yesterday from a scam artist attempting to steal money. “If it happened to me, I’m sure it’s going to also happen to others,” said Gostischa.

Male Family Members

Scammers target elderly people “because they’re more gullible.”

Here’s the basic premise:

Someone either calls or emails pretending to be your grandchild. The typical story is that they have been wrongfully arrested and need bail money wired right away. Another variation says they are traveling and have been mugged or even in an accident and badly injured. After going through this frantic sob story, and if they sense that their victim is falling for it, the scammer asks for money to be wired through services such as Western Union and MoneyGram.

After the phone call ended, Bob sent us a transcript so we could share it with Avast Blog readers. “I consider myself lucky because the first instinct was wow, how can I help her…?,” he said.  “I guess we all really need to be very vigilant at all times.”

Caller: Hello Grandpa, this is your granddaughter. I have laryngitis so I don’t sound like myself

Bob: You certainly don’t. Which granddaughter?

Caller: What do you mean?

Bob: Well, I have several. Caller: Your oldest.

Bob: Oh, OK (Suspicious because she should have said her name.) Is everything OK?

Caller: No.

Bob: What’s the matter?

Caller: I was visiting a friend in Niagara Falls and on my way home, I was involved in a car accident.

Bob: Are you OK?

Caller: Yes, everyone is fine.

Bob: And the car?

Caller: The car is fine. This woman came out of nowhere, and I hit her but she’s OK.

Bob: Thank God.

Caller: Yes, but when the cops came, they asked if I was drinking. I told them no but, because I’m taking medicine for my laryngitis, I failed the breathalyzer and spent the night in Jail.

Bob: Did they assign you an attorney?

Caller Yes, but I need bail money. Can you send me $500.00 via Western Union?

Bob:  That’s going to really be hard. We just had some medical bills so things are pretty tight.

Caller: Please Grandpa, can’t you put it on your credit card?

Bob: Sorry, they are all maxed out.

Caller Please Grandpa, I don’t want to stay in jail.

Bob: Sorry sweetie, but I really can’t and don’t have any money I can send.

Caller: click…. she hung up.

“In my case, my oldest granddaughter doesn’t drive and she also wouldn’t be in Niagara Falls,” said Gostischa.  “It’s very easy to fall for a scam like this because all of us want to help family – especially our grandchildren.”

Last year, CBS News interviewed a former scammer who worked this game. He said that on a good day he could make $10,000 from the grandparent scam. “We target people over the age of 65, mainly, because they’re more gullible,” the former scammer said. “They’re at home. They’re more accessible. Once you get them emotionally involved, then they’ll do anything for you, basically.”

How to protect yourself from the Grandparent Scam

The FBI’s Internet Crime Complaint Center (IC3) has these suggestions:

  • Resist the pressure to act quickly.
  • Try to contact your grandchild or another family member to determine whether or not the call is legitimate.
  • Never wire money based on a request made over the phone or in an e-mail…especially overseas. Wiring money is like giving cash—once you send it, you can’t get it back.

What to do if you have been a victim

  • Contact your local authorities or state consumer protection agency if you think you’ve been victimized.
  • File a complaint with IC3, which may refer the case to federal, state, local or international law enforcement or regulatory agencies for possible investigation, or The Federal Trade Commission. You can also call the FTC at 1-877-382-4357 to report a complaint.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Recent scams in my spambox

Being a marketing-communications guy, I’m not as geeky about software technology as some at Avira are – my geekiness is more aligned to any communications I see, which includes the ‘voices’ of spammers. I like to dig through my spam folder and analyze the ways that spam/scam writers communicate. Common Viagra or penis-enlargement topics aside, I’m particularly interested in the rhetoric that scammers use to trick people into clicking, thinking the email is legit (even if the email is already in the reader’s spam folder!).

The post Recent scams in my spambox appeared first on Avira Blog.

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

How iOS users can stay protected against iScam threat

iScam displays a "crash report" to affected users. (Photo via Daily Mail)

iScam displays a “crash report” to affected users. (Photo via Daily Mail)

It’s a common belief (and myth) that Apple products are invincible against malware. This false line of thinking has recently again been refuted, as iPhone and iPad users have been encountering a ransomware threat that freezes their Internet browsers, rendering their devices unusable. The ploy, commonly known as iScam, urges victims to call a number and pay $80 as a ransom to fix their device. When users visit an infected page while browsing using the Safari application, a message is displayed saying that the device’s iOS has crashed “due to a third party application” in their phone. The users are then directed to contact customer support to fix the issue.

How to clean your system if you’ve been infected by iScam

  • Turn on Anti-phishing. This can be done by visiting Settings > Safari and turn on ‘Fraudulent Website Warning’. When turned on, Safari’s Anti-phishing feature will notify you if you visit a suspected phishing site.
  • Block cookies. For iOS 8 users, tap Settings > Safari > Block Cookies and choose Always Allow, Allow from websites I visit, Allow from Current Websites Only, or Always Block. In iOS 7 or earlier, choose Never, From third parties and advertisers, or Always.
  • Allow JavaScript. Tap Settings > Safari > Advanced and turn JavaScript on.
  • Clear your history and cookies from Safari. In iOS 8, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data. To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.

Check out Apple’s support forum for additional tips on how to keep your device safe while using Safari.

Alton Towers Facebook Scam

Following an accident at Alton Towers – a theme and water park in the United Kingdom, a Facebook scam has emerged that purports to show video footage of the accident. Beware: this is a scam, which we shall now dissect for you.

Step 1: The hook

Alton Towers - step 1 the hook

This teaser Facebook post is supposedly taken from the accident (it is not). If you click on it with the (macabre) hope of seeing a video of the crash, you will be taken to a website that has been designed to look just like YouTube.

Step 2: The fake look-alike

Alton Towers fake youtube

Once on that page, you will be asked to post a link to the video on your Facebook timeline…

Step 3: The redirect

Once you accept to post the video to Facebook, you will be redirected to another website, where you will be told that to finally see that video, you need to download a video player update…

Alton Towers - step 3 the redirect

The downloaded file contains adware, that display advertisements and collects information about your browsing habits. The crooks almost certainly make money by getting a percentage of all sales on these third party ads you will be seeing in your browser.

If you see this Alton Towers scam on Facebook, avoid it. If you click on a post that tells you to download a plugin or update to watch the video, exit the page immediately. And for additional security, use Avira Free Antivirus, which blocks adware.

The post Alton Towers Facebook Scam appeared first on Avira Blog.

Scamware or why you shouldn’t believe in miracles

We normally make fun of this, or just totally ignore it. We know that it probably is a scam. So, if we don’t believe those ads, why do we believe in some apps? Apps that advertise things like:

  1. Get free stuff in our shop through your favorite social network with the ‘Just click and win’!
  2. Fix your computer; increase your RAM and hard disk space all in one click with ‘Ultra Optimizer Plus’!
  3. Install this app on your phone to get ‘Sexy videos on your phone for free 😉😉 ‘!
  4. Buy the NEW SUPER SHINY (not official) Video ‘Not-Fake Player’!

Nowadays Social Networks appear to be the best places to find victims for scams. Who hasn’t seen offers like “Like and share to win an iPhone”, “See the leaked video of the last Pop Star”, “New Facebook features!” and so on Facebook? These are – of course – usually tricks to make you fall for a scam.

facecrooks has a huge list of Facebook related scam. Below are just two of the countless examples:

Free iPhones: Like the Facebook page and share the picture. It is easy to win a phone right? Wrong. There is no iPhone and you will be spammed from this page (pages can be sold as advertising spaces) because you gave them a like.

2 Picture from facecrooks.com

 
Profile viewer: Don’t you want to know if the girl from school or the boy from work is seeing your pictures? So better ask them because these kinds of plugins/features/apps don’t work. Normally behind these links you will find some PUA or Adware ready to be downloaded and installed on your computer.

3 Picture from facecrooks.com

Then there are applications that can improve the performance of your computer. We offer you Avira System Speedup. This program can defragment your hard drive or delete useless folders and registry entries. It works perfectly well and WILL speed up your PC – to some degree. But there is just no application that will perform wonders on your PC. If it is 8 years old and slow, it will just never feel like a newer machine with more RAM and a better CPU despite your efforts and you paying €50 to improve it with a random program that promises you just that. Those scam apps, apart from not fixing your computer, also create errors or problems that didn’t exist before, in order to make you pay even more money for fixes you would not have needed in the first place.

Optimizer Pro (another real world example) could be classified as scareware as well; it tells us that the computer needs to fix things that, in fact, are working correctly. It uses our fear to get us to pay for the product.

4

Scam is not getting old. It is also very present on our smartphones. Do you want an app that does things for free where others take money? It is possible, but be careful. With these applications you will usually be walking on thin ice.

Porn app for Android for example is an app that allows users to watch porn videos for free. Just accept the conditions, give them permissions and run the app as soon as you can! Ooops! Did you think ransomware was only affecting your PC? Now you also have your phone blocked.

5

When you want to get an application, try to download it from the original source if possible. Also check different sites first, since lots of applications are actually for free.

Even on a well-known and trusted site like Amazon it is easy to find scam regarding original software. VLC is a popular video player which can be downloaded for free – but believe it or not, there are actually people trying to sell it to you to make some quick bucks.

6

If you don’t trust the source, or if it looks just a tiny bit suspicious, turn around and run as fast as you can. Regarding scam applications: If you are looking for something specific, first check for another users opinions and more information, compare it with other products, and if you are still not sure, just leave it be.

In conclusion, Scamware is a waste of time and money and never does the things you were promised it was going to do. So don’t believe in these false promises of “eternal life potion”, “Ferraris for free” or “1 click super computer”.

Links:

The post Scamware or why you shouldn’t believe in miracles appeared first on Avira Blog.

Online Tax Identity Fraud on the rise

I recently called my friend Mary to wish her a happy 83rd birthday. She was having a fine day, but had just received a disturbing phone message from the IRS requesting that she call back urgently to settle a tax debt, and that she could use her credit card to do so.

Thankfully, Mary was too smart to trust a blind call from a purported IRS representative – because the call was a one of the “imposter” tax fraud scams making the rounds. In this case, a con artist impersonates a government official and tries to bilk trusting taxpayers for un-owed back taxes. (This type of scam also happened to me last year, though not at tax time!)

Of the 2.5 million consumer complaints received by the Federal Trade Commission last year received, the imposter scams were the third most common.  Debt collection scams ranked second. But at the very top of the list is identity theft. (You can see the full list here.)

In tax identity theft, scammers steal Social Security numbers to file for a tax refund before the real taxpayer can. In many cases, victims may not even learn about the fraud until they file a return, at which point IRS notifies them that the return has already been filed and paid!

The IRS announced  that the number of tax identity theft cases has doubled each year in recent years. It estimated it has paid out $5.8 billion in fraudulent tax refunds in 2013 because of identity theft. The IRS also reported it also was able to stop another 5 million attempts to get fraudulent refunds, which saved taxpayers another $20 billion.

Many tax fraud cases involve stolen social security numbers. CNNMoney reports that hackers stole more than 6.5 million Social Security numbers last year, with up to 80 million more at risk this year as part of the Anthem data breach alone.

2014 is sometimes called the year of the hack and it is clear that while large-scale breaches continue we will surely see elevated rates of identity theft, especially in the tax season.

All is not lost though, by following a few steps you can help keep all your credentials in the right place:

  • Always keep you AntiVirus up to date! If you don’t protect your device, your data could be vulnerable to attack.
  • Never click a link you don’t trust. If in doubt, visit the official website and log in to your account there.
  • Shred physical copies of important documents when they’re no longer needed.
  • Don’t trust urgent phone calls or emails from the IRS demanding action and personal information. The IRS will never contact you by phone or email!
  • If you do get contacted, make a note of their number, and report it to the IRS at its fraud report site.

 

Here’s wishing you many happy returns!

Don’t click on the porn video your Facebook friend shared

Fake Flash Player updates fool Facebook users.

facebook-fake-flash-small

Facebook users get malware from clicking on fake Flash Player updates.

Facebook users have fallen victim to a recycled scam, and we want to make sure that all of our readers are fore-warned. Cybercrooks use social engineering tactics to fool people into clicking, and when the bait comes from a trusted friend on Facebook, it works very well.

Here’s how the scam works – your friend sends you an interesting video clip; in the latest iteration you are tagged and lots of other friends are also tagged – this makes it seem more trustworthy. The video stops a few seconds in and when you click on it, a message that your Flash Player needs to be updated for it to continue comes up. Since you have probably seen messages from Adobe to update your Flash Player, this does not raise any red flags. Being conscientious about updating your software, as well as curious about what happens next in the video, you click the link. That’s when the fun really begins.

The fake Flash Player is actually the downloader of a Trojan that infects your account. Security researcher Mohammad Faghani, told The Guardian, …” once it infects someone’s account, it re-shares the clip while tagging up to 20 of their friends – a tactic that helps it spread faster than previous Facebook-targeted malware that relied on one-to-one messaging on Facebook.”

How to protect yourself from Facebook video scams

Don’t fall for it. Videos that are supposedly sensational or shocking are also suspect. Be very cautious when clicking.

Does your friend really watch this stuff? If it seems out of character for your friend to share something like that with you, beware. Their account may have been infected by malware, and it’s possible they don’t even know this is being shared. Do them a favor and tell them about it.

Be careful of shortened links. The BBB says that scammers use link-shortening services to disguise malicious links. Don’t fall for it. If you don’t recognize the link destination, don’t click.

Use up-to-date antivirus software like Avast Free Antivirus with full real-time protection.

Report suspicious activity to Facebook. If your account was compromised, make sure to change your password.