The Robocalls are Getting Worse

I’ve had five today alone, and now my auto-reject list is full.

Robocall1

Most recently I’ve seen:

  • “Business Opportunity” scam (multi-level marketing, one-up gifting scams, etc.)
  • “Congratulations! Your phone number has been randomly selected by Expedia / Travelocity / Whatever to receive two vacations for a promotional price of $799.00!”
  • “Business Loan Center”

All of these have reps working in call centers in India, the Philippines, and other such places.

I’ve written about these calls before, but the landscape has changed a bit. Instead of using dead numbers to use for their caller ID spoofed number, they are using randomly-generated or dynamically-created phone numbers; since my phone number is based in Utah, I’ve been getting a lot of calls that seem to be from local numbers but which actually originate elsewhere. The Caller ID number, however, may belong to a real person.

I’ve even been called by people asking me to “stop calling them” – clearly my own number is showing up on other people’s screens.

Articles like this one at HuffPo give a few ideas for people with land-lines, but the sad truth is that there is little to nothing that can be done to stop this plague unless some serious effort is made at the legislative level, and our political leaders probably don’t even understand the full scope of the issue. Witness the CAN-SPAM act, for which our legislators roundly congratulated each other, and which actually increased the amount of spam being sent out by unethical and unscrupulous operations.

The FTC has not been idle, but it’s like a hydra – for every bad actor they shut down, ten more seem to spring up. This infographic gives a lot of good information about how the calls are driven, and why the problem is so massive.

The best thing I can think of is for people affected to contact their representatives and in no uncertain terms express how pissed off they are with the criminals who are interrupting our lives multiple times a day with fraudulent proposals.

Maybe we could hire some robocalling outfits to flood their phone lines 24 hours a day with automated requests to do something about the problem؟

The Old Wolf has spoken.

 

 

Beware the IRS Impersonation Scam

Rule No. 1: The IRS will never call you to demand immediate payment of taxes. Ever. If anyone on the phone claims to be from the IRS, threatening to have you arrested if you don’t immediately wire money or get a prepaid card, they are criminals and it is a scam.

12-18 PHONE SCAM


 

Scammers have become far more aggressive with this particular gambit of late, and it would be important to be aware of what’s happening. Forewarned is forearmed.

From the IRS website:

IRS-Impersonation Telephone Scam

An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.

Or, victims may be told they have a refund due to try to trick them into sharing private information.

If the phone isn’t answered, the scammers often leave an “urgent” callback request.

Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

A cousin of mine was targeted by these drones, and despite the scammers themselves most likely being in another country, this was doubly frightening because they had accomplices in place who actually appeared at her door with badges and threatened her on the spot.

If this ever happens to you, let no one in and call the police.

Some even more diabolical scammers were frustrated that their victim wouldn’t pay up and swatted them. This refers to prank 911 calls, or the unholy practice of getting police or a SWAT team to show up at someone else’s house. Not only is this terrifying for the victim, and can result in lasting psychological harm and other logistical difficulties, but it’s a terrible waste of police resources. The scammers, however, don’t care.

Be prepared by knowing that the IRS will never try to force you to pay up with these aggressive tactics. If you’re called like this, hang up immediately and notify the police.

The Old Wolf has spoken.

More Domain Registration Jiggery-Pokery

I’ve mentioned domain registration scams before. Here’s another one to watch out for. The scumminess just drips off of this one.

Domain Notice <info@quickdomainsubmit.net> Feb 9 at 1:28 AM
To: [Name redacted]

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: [redacted]

ATT: [Name Redacted]
Response Requested By
10 – February – 2016

PART I: REVIEW NOTICE

Attn: [Name Redacted]
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it’s time to send in your registration.
Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.
Privatization allows the consumer a choice when registering. Search engine registration includes domain name search engine submission. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.
This Notice for: [domain redacted] will expire at 11:59PM EST, 10 – February – 2016 Act now!

Select Package:
http://www.quickdomainsubmit.net/?domain=%5Bdomain redacted]

Payment by Credit/Debit Card

Select the term using the link above by 10 – February – 2016
http://%5Bdomain redacted]
unsubscribe:
Please reply with UNSUBSCRIBE subject.
———————————————————————————————————————–
Disclaimer: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask mailers to stop spamming them. The above mail is in accordance to the Can Spam act of 2003: There are no deceptive subject lines and is a manual process through our efforts on World Wide Web. If you send me an UNSUBSCRIBE email we ensure you will not receive any such mails.

A couple of comments:

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

This is the purest garbage. Unwitting businesspeople will get the idea that unless they pay for this “domain registration,” people won’t be able to find them on the internet. The major search engines all crawl the web on a regular basis, and unless you have a robots.txt file on your website which blocks search engines, it will automatically be indexed. I am reminded of an old scam my mother (born in 1916) introduced me to as a child – the drone who puts a classified ad in the paper, “Today is the last day to send in your dollar!” and lists a Post Office Box. Nothing is promised, yet people send in their money anyway, fearing that they’ll miss out on something good – and the scammer cleans up.

Search Engine/Directory
1.Google 1 9
2.Bing 23 8
3.Open Directory 1,877 7
4.Yandex 2,323 7
5.ScrubTheWeb 4,926 6
6.EntireWeb 5,817 6
7.ASR 6,273 5
8.Viesearch 7,411 4
9.SWD 7,860 6
10.A1WebDirectory 8,217 5
11.ExactSeek 8,578 6
12.Sites Web Directory 8,740 6
13.SecretSELabs 9,169 4
14.Gain Web 10,790 4
15.Online Society 11,494 4
16.1WebsDirectory 11,681 4
17.W3 Catalog 11,917 4
18.24/7 Web Directory 11,977 4
19.SoMuch 12,750 5
20.9Sites 12,879 4
21.AceWebDirectory 14,331 4
22.Synergy Directory 14,494 4
23.OBLN 14,703 5
24.Anoox 15,080 4
25.GigaBlast 15,572 3
Search Engine/Directory
26.Pegasus Directory 15,921 4
27.SonicRun 16,325 5
28.DirectMyLink 17,001 3
29.Directory Free 17,327 4
30.HotvsNot 17,670 3
31.FyberSearch 18,579 4
32.Elite Sites Directory 19,476 4
33.Nonar 19,614 4
34.IS 21,315 3
35.Info Tiger 21,371 4
36.LinkRoo 21,633 3
37.The Web Directory 21,969 4
38.Triple W Directory 22,775 3
39.BusinessSeek 22,929 4
40.Thales Directory 23,161 4
41.Cipinet 23,185 4
42.LinkPedia 23,717 3
43.Bhanvad 23,846 5
44.Amfibi 24,722 5
45.oneMission 26,602 5
46.MasterMOZ 27,263 5
47.OneMillionDirectory 27,306 3
48.10Directory 28,426 2
49.Link Centre 28,475 4
50.Botid 29,441 4

The above list shows the search engines that this service claims your domain name will be submitted to, for the following prices:

TOP 25 Engines Registration
1 Year – $47

TOP 25 Engines Registration
5 Years – $197 (SAVE : $38)

TOP 50 Engines Registration
1 Year- $97

TOP 50 Engines Registration
5 Years – $297 (SAVE $188)

But notice the Alexa and Google rankings for these sites – aside from Google and Bing, none of these search engines are accessed to any extent at all, making them virtually useless – and the first two will index your domain automatically. You are paying these criminals between $50 and $300… for absolutely nothing.

Be smart. Don’t send in your dollar.

The Old Wolf has spoken.

 

Here’s why you do external backups

ransomware

The BotNet distributing the original Cryptolocker was taken down (I’ve mentioned this malware multiple times), and many people were able to get their data back – but there are still many malicious clones of this supremely evil malware floating around out there.

Per this article (in Norwegian, but you can use Google Translate to get a good gist of its meaning in English), if your files have been encrypted, you’re pretty well screwed. Your only options are to pay the ransom (which does not guarantee that you will get a decryption key) or bring your files back from a non-connected, external backup – this because the encrypting malware can affect cloud storage as well either directly or indirectly.

To protect yourself from this sort of data horror:

  1. Back up your files to an unconnected external drive regularly
  2. Never open email attachments from unknown people, no matter how legitimate they may look

Hell is going to be a busy place. Be careful out there.

The Old Wolf has spoken.

Scam: The Blue Screen of Death

Yesterday while visiting her mother, my wife did a search at YouTube. For some inexplicable reason (I wasn’t there to observe what exactly went down,) this website was accessed:

BlueScreen2

Overlaid on this screen was a scary-looking popup:

BlueScreen1

The page is especially nasty: it disables the back button, the close button, and any other Chrome windows you happen to have open. The only way out is to kill Chrome via the task manager, or by doing that hard reset that the message tells you should not be done.

This would be very unsettling for someone like my mother-in-law who is not terribly computer-savvy (although she’s quite good with email and Facebook) and the deal here is that if you call the number – definitely not Microsoft – you get some agent in an Indian or Pakistani boiler-room who will convince you that they are from Microsoft, fling all sorts of nonsense technobabble at you, talk you through the process of installing TeamViewer or some other such remote-control software, and then upload malware to your machine.

The scam is very similar to what I described in Don’t Help the Scammers (item no. 4); a good comprehensive writeup of this type of scam is also found at MalwareBytes Unpacked.

Please be careful out there, and if you have friends or relations, particularly the elderly, who could be taken in by this jiggery-pokery, please help them to stay safe.

The Old Wolf has spoken.

The World Wide Web of Deceit

I write regularly about scams and frauds on the Internet, in the hopes that some folks might stumble across my thoughts and save themselves both money and hassles. I’ve given extra attention to nutritional products, otherwise known as “Snake Oil.”

SnakeOil1

People use the Internet for accessing all sorts of knowledge, but the landscape has become so deceptive that it can be difficult even for experienced searchers to separate fact from fiction, wheat from chaff.

Here’s an example. My handheld device doesn’t filter out ads the way uBlock Origin or AdBlock Plus does with Chrome on a desktop, so I regularly see all sorts of deceptive garbage while I’m browsing.

One ad showed a picture of Stephen Hawking, with the claim that he owes his massive intellect to a specific supplement. So down the rabbit hole we went, and was taken to a page flogging “Intellux,” a supposed “smart drug” or “nootropic” compound, said to enhance memory or other cognitive functions.

The next thing  I did was to search for (intellux fraud | scam), and it’s interesting to note that almost every result is either

  1. a page that asks “Is Intellux a scam or the real thing” and then goes on to flog the product itself, or
  2. a page that lists in detail all the reasons why Intellux is a worthless fraud – and then goes on to flog another product.

A good example of this is “The Supplement Critique.” This page and this page are examples of what look like fair and balanced reviews of Intellux, Geniux, and Addium/Adderin. They describe in detail the mechanisms of advertorials, affiliate marketing, false tweets, totally fabricated stories and “user feedback,” and the general deceptive marketing techniques. It all looks perfectly legitimate – until you get to the point where the author begins flogging “Optimind,” a nootropic supplement for which he is suspiciously looking like an affiliate marketer.

Popups are pretty nasty, but a lot of pages use them – this is what I got when I explored The Supplement Critique:

Stupid

“No thanks, I like being stupid.” Well, that’s a great way to get people to feel guilty about not buying your e-book, which is doubtlessly tailored to guide people to the worthless snake oil that you yourself are peddling.

The fact remains that these pages are slick-looking enough to fool a lot of people into thinking they represent real science and real research, when in reality it’s all woo – smoke, mirrors, and pay no attention to that little man behind the curtain.

Behind_curtain

Just last February the Washington Post and others reported on a New York State investigation into adulterated or worthless “herbals” being sold by GNC, Target, Wal-Mart, and Walgreens. Among the findings:

The investigators tested 24 products claiming to be seven different types of herb — echinacea, garlic, gingko biloba, ginseng, saw palmetto, St. John’s wort and valerian root. All but five of the products contained DNA that was either unrecognizable or from a plant other than what the product claimed to be.

Additionally, five of the 24 contained wheat and two contained beans without identifying them on the labels — both substances are known to cause allergic reactions in some people.

It has long been known among scientists that the supplement industry is so unregulated that it’s very rare for the bottle to contain what’s on the label. You just don’t know what you’re getting, and despite FDA efforts, many products are hawked through disreputable channels by way of outrageous and unethical claims.

There are a few good supplements out there. About five companies I know of make a decent effort to put into their products what they claim is on the label. The rest are pretty much selling vain hope.

Be careful out there, and do your research. Look for companies that adhere to pharmaceutical Good Manufacturing Practices (which are far more stringent than food GMP’s) and submit their products to reputable external testing laboratories

The Old Wolf has spoken.

Would you like to work for the goverment? (Scam)

It’s safe to say that there are as many ways to scam as there are scammers.

From: “Abranco” <demoonth@demo.ontha.com>
To: <abranco@cheshirect.org>
Cc: <undisclosed recipients>

Subject: Government Job Offer

Dear Sir or Madam

Would you like to work for the Government organization and participate in
the development of the United States?
Perhaps it is your talent the country needs at this moment.
Requirements – U.S. citizenship and minimum age 21
We invite you to work closely, anyone who does not care about the life of the state.
If you are a student, military, businessman, retired – we’ll be happy to listen to the opinions of everyone and take help from you.
Please send a brief summary to the human resource assistant on the lyne.holt@gmail.com and you will be assigned to interview

Naturally I never responded to this illicit offer, but you can bet your bottom dollar that the response would have somehow involved wiring funds via Western Union to someone in Africa for “interview fees,” or perhaps lead to a mail forwarding scam.

In the 1st quarter of 2015, spam accounted for almost 60% of all email traffic, according to this excellent article from SecureList. Have a look at the very top of my Spam inbox:

spam

Even if these emails are not directly criminal in nature (that is, loaded with malware or phishing attempts), my rule of thumb is this:

 “If a company spams you, avoid them at all costs.”

It’s a virtual certainty that their “offer” is fraudulent or, at the very least, a bad deal for you and a good deal for them.

Be careful out there.

 The Old Wolf has spoken.