Beware : “Damaged message was restored” phishing scam eMail

! BEWARE !

today I got an eMail from Google Administration, stating “Damaged message was restored and re-sent to you”,

on my Mac this was immediately recognizable as a Junk-message (or rather : a Phishing Scam-message), as you can see in the picture below.

DamagedMessage-fakemail

so BEWARE ! and don’t let yourself be fooled or mislead by this eMail scam !

Advertisements

Beware : Picasa Library phishing scam eMail

! BEWARE !

 

 

 

 

 

today I got an eMail from PicasaLibrary, stating “Your photo is successfully uploaded”,

on my Mac this was immediately recognizable as a Junk-message (or rather : a Phishing Scam-message), as you can see in the picture below, but on my iPhone that wasn’t so easy to figure out… it was mainly the fact that I haven’t used Picasa in ages that made all alert bells ring in this case… and the fact that I’ve never heard of PicasaLibrary (and would expect it to be written Picasa Library) raised more suspiciousness…picasa_scam…so BEWARE !

Note : this scam eMail comes in various versions, a similar one pretending to be from Picasa Library also states “Damaged photos found”. More info on that one can be found here.

 

 

Beware : WhatsApp voicemail eMails are fake !

Lately, more and more people are being spammed with (fake) eMail messages, suggesting that there is a WhatsApp voicemail for them.

Beware : clicking on the (green) “Play” or “Listen” button will NOT enable you to listen to any newly recorded voicemail…

…this is a phishing-scam that instals malware (= malicious software) !!

DO NOT INSTALL !!

Note : the fact that this malware-installer makes use of a stolen Authentication Certificate (which is still valid) makes it extremely hazardous, as that will tick your computer/mobile phone into allowing the malware to be installed

The devices that suffer from this are mainly Android-mobile phones, but jailbroken iPhones, PCs and Macs also. Any original (not-jailbroken) iPhone will only install software from the iTunes App Store, so they are secured against this kind of malware.

HOW TO EASILY DETECT THESE PHISHING EMAILS :

The subject will read something like “Incoming voicemail at [date]”, and the sender will appear to be (*) “Whats App Notifier”, and there will be a big (green) button inside the eMail  named “Listen” or “Play”…

(*) on a Mac this can easily be detected, because of 2 simple indications :

1- in the senders name it is written “Whats App”, in stead of the official “WhatsApp” (one word)

2- when clicking on the senders name in Apple Mail.app, it turns blue and in yellow an eMail address will appear, which will not have “WhatsApp” in it, but will look like a regular private or business eMail-address

If you get one of these fake eMails, just mark them as SPAM and delete them a.s.a.p.

They look something like these :

whatsapp-malware-1whatsapp-malware-2

Note : if you happen to click on the “Play or “Listen” button, what will happen will (slightly) depend on the version of the eMail you have encountered and the type of device you are using :

– malware will be downloaded directly onto your device

– you will be redirected to a website which will scam you into installing malware

The Malware reportedly is WinWebSec and installs Fareit and Ursnif, which are info-stealers that send your private info to internet criminals, enables them to make your computer call paid telephone numbers and send these same type of phishing eMails on your behalf to anyone in your Contacts…

And once installed, you will also be spammed with messages by a fake antivirus-software called Antivirus Security Pro to pay for getting (in-existend) infections removed form your computer…

More on this scam be found here :

http://www.spamfighter.com/News-18612-Bogus-WhatsApp-Voicemail-Messages-Employed-to-Spread-Malware.htm

http://www.threattracksecurity.com/it-blog/kuluoz-voicemail-spam-drops-signed-certificate-winwebsec/

Donate Button (MacManusNL)

Beware : FBI warns not to upgrade software through free-WiFi !

The FBI has reported that users of ‘out-of-home-WiFi’ (free-WiFi hotspots, hotel WiFi, etc.) have become infected with malware, while upgrading ‘a widely used software product’.

http://www.fbi.gov/scams-safety/e-scams

The original report states :

“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.”

Even though the software product is not mentioned by name, it is good to inform you that one of the most common software products using this type of upgrades is Adobe Flash… so watch out when upgrading Adobe Flash (and any other software upgrade that is offered) when you are not on your own private WiFi-network.

So… here are some useful guidelines regarding software updates while traveling :

1- if you can do without upgrading, don’t upgrade while traveling ; wait until you’re back home on your own trusted WiFi-network

2- if you really need to upgrade, take these precautions : when you are prompted to upgrade any software while on an ‘out-of-home-WiFi’-network, click to close the pop-up window that is urging you to upgrade. Then either use OSX’s built-in “Software Update…” feature, or open the (Mac) App Store to download your updates from there, or manually type the URL of the known software-maker and download the software update directly form their site (after having double checked that your installed version is not the latest one).

Note : in the case of of the Adobe Flash browser plugin, the software-maker’s website is Adobe.com

tip : 6 obvious ways to spot a phishing eMail

Not all phishing* attempts are easy to spot, but today I came across one that has some very obvious examples of what to beware of :

* FYI : phishing = an attempt to lure you into giving some unreliable source your private info of your credit card and/or bank account (internet criminals are ‘fishing’ for your secure info this way…)

1- OSX Mail.app has indicated it thinks this is “Junk Mail”

(though Mail.app isn’t 100% reliable on its suggestions of Junk Mail, it’s a good indication you should have a thorough second look)

2- the sender of the eMail is not sending from a reliable and/or known eMail address

a “.ORG”-eMail address will 100% not be something used by a bank

3- you are not the sole recipient of this eMail and/or your personal eMail address is not listed

if this were such strictly confidential info as is claimed, why would any bank send it to anyone else but you personally ? (furthermore : banks do not contact you on things like this though eMail, because of security reasons…)

4- you are not personally addressed in the text of the eMail, and neither is it indicated what the payment was for and to whom it would have been made

if this where an eMail form your bank or payment service to inform you on anything personal, why wouldn’t they inform you what it’s about straight away ?

5- the weblink-URL that’s included does not link to the website that is listed in its name, but to some completely different website

if you do a mouse-over on the URL in the eMail, a completely different URL is appears in a yellow highlighted line – now that’s about the best indication you could get that you’re being mislead !

6- if you lookup the actual domain that this eMail was sent from and is (re)directing to in WhoIs?, it gives registrant info that does not seem like any bank of payment service you know (especially the fact that it was created just a few days ago makes this extremely suspicious)

you can find info on the registrant of any website on WhoIs? :

http://www.whois.com/whois/

try that with the domain used in this example and you’ll see info that is really suspicious :

A- a registrant eMail address that is on Hotmail…

B- a registrant street address that can not be found in Google Maps…

C- a registration creation date that is just a few days ago…

Flashback trojan finally detected by built-in OSX malware detection

Apple introduced built-in Malware Detection in OSX 10.6 Snow Leopard (and OSX 10.7 Lion also of course). This works very good and updates automatically whenever your connected to the internet and Apple releases new malware definitions…

…this week (online) news sources were warning Mac-users that Apple still hasn’t updated for the latest expoit of Java by the Flashback trojan horse malware…

Today however the Java update was released by Apple :

http://support.apple.com/kb/HT5228

As always : to install this update, just use OSX’s built-in Software update feature (find it under the Apple-icon menu in the left top corner of your screen).

 

Beware : MAC Defender = malware ! don’t install ! remove it !

Since some of you might not know… just a quick note to inform you :

Your Mac is not completely immune to viruses and malware (and never has been). The  weakest link in the security chain of Mac-protection is often the user himself…

A program called “MAC Defender” claims to be your best protection, but do not install it ! If you really need a reliable virus-protection app for you Mac, go only with the renowned ones like Sophos, Kasperski, Norton, ClamXav or VirusBarrier (downloads available via MacUpdate.com, or from their respective brand’s websites).

MAC Defender is a fake AntiVirus-app ! It’s a trojan horse intended for phishing your valuable data, passwords and credit card info.

Apple has put info on how to avoid or remove MAC Defender online here :

http://support.apple.com/kb/HT4650?

…but still : best remedy is not to install it at all !