Businesses around the world have lost billions of dollars over the past few years to an increasingly popular internet scam in which criminals pose as company executives, and send faked emails to their staff ordering subordinates to transfer money into financial accounts controlled by the scammers. That's all according to an FBI alert issued this week.
A Philadelphia-area police department is warning locals about fake emails sent in its name to try and get people to install malware. The clever part: the emails contain accurate speeding data, targeting drivers whose GPS data is leaked to the scammers by shady apps.
It's suspected that the data is coming from an app with permission to track phone GPS data. That could either be a legitimate app that has been compromised, or a purpose-built malicious app that was uploaded online. As anyone who has used a GPS navigator knows, location data can be used to roughly calculate your travel speed. The emails ask for payment of the speeding ticket, but no apparatus is set up to receive such fines. Instead, a link that claims to lead to a photo of the user's license plate instead loads malware onto the user's device. This particular scam appears to be hyperlocal at the moment, however, it does show how these scams can progress. Like con artists, most of these scams rely on fooling users into thinking they're from a legitimate source.
An example email:
Read the rest
From: Speeding Citation To: (Accurate Email Removed) Date: 03/11/2016 03:08 PM Subject: [External] Notification of excess speed First Name: (Accurate Name removed) Last Name: (Accurate Name removed) Notification of excess speed Route: (Accurate Local Township Road –removed) Date: 8 March 2016 Time: 7:55 am Speed Limit: 40 Detected Speed: 52 The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.
I'm enjoying James Veitch's weekly video series where he has fun with email scammers. In this episode, James has an exchange with a US soldier named Mary Gary who discovered a buried safe while on a routine patrol and wants to share the $15 million booty with James. Read the rest
GOP presidential candidate and noted scumbag Donald Trump met with a bunch of televangelists, Tea Party “teavangelicals,” and preacher profiteers at his Trump Tower office Monday afternoon.
The elite group, which included some megachurch chiefs who have previously been investigated by the federal government for misuse of donations, prayed while performing the “laying on of hands” to infuse him with the Holy Spirit. The goal: Jesus, get our man elected. Read the rest
I use Yelp and Trip Advisor reviews to help me decide which restaurants and hotels to visit. I assumed many businesses purchase shill reviews to boost their ratings and try to take that into consideration, but I did't know that the "review dealer" business was so large. You can buy 5-star reviews for your own business and 1-star reviews for your competition. From Atlas Obscura:
A 2012 Cornell University study found that, after a one-star increase in a hotel's overall review score, that hotel could raise its room rate by 11 percent and wouldn't scare away any new customers.
Jeremy Burke says he contacted the "not-shady-at-all sounding" Silverman Slim's review dealer posing as someone who'd like to get paid to write reviews for businesses:
A representative explained via email that once Silverman Slim's got "sales" for reviews in my area, they would kick me the link. Once I completed each review, I would get compensated through PayPal.
After expressing my enthusiasm for review assignments in both Brooklyn and Toronto—places I legitimately frequent — I didn't hear back for a few days. I sent an email asking for an update. They responded by asking me to share their information with local businesses, negotiate a deal myself, and write the review. And after all that, they'd still take a cut of the profit.
It didn't seem to add up.
I'm fascinated by conspiracy theories and their origins. I'm also fascinated by the real people behind click-bait and spam email scams. This story brings them both together.
Reporter Zack Beauchamp went looking for Frank Bates, the face of a "FEMA hates this!"/"The secret Obama doesn't want you to know!"-style online ad campaign that sells overpriced dehydrated food (and lots and lots of fear) to middle-aged conservatives. He quickly discovered that Bates doesn't actually exist. Instead, the company Food4Patriots is the work of a salesman named Allen Baler who was just tired of working in an office and wanted to run his own business.
Unlike Bates, Baler doesn't live off-the-grid. He doesn't appear to be under any threat from FEMA and/or the Obama administration. It's not even clear that he's particularly conservative. But Baler is making an awful lot of money pretending to be Bates.
I wouldn't normally link to ThinkProgress, which generally seems to exist for the sole purpose of getting liberal people outraged about things. (I'm not particularly fond of the Outrage-Industrial Complex, no matter which side is participating.) But this story is a fascinating look at what goes on behind the scenes of scammy ad links you see all over the Internet and I think it's worth reading.
Read the rest
Baler started dabbling in this field in his free time after work. His first foray — a campaign he refers to as “How To Train Your Pug Dog” — got noticed by his boss, who told him to choose between making cheapo pug training videos and his “multiple six figures” salary.
Bryan Seely, a Microsoft Engineer demonstrated an attack against Google Maps through which he was able to set up fake Secret Service offices in the company's geo-database, complete with fake phone numbers that rang a switch under his control and then were forwarded to real Secret Service offices, allowing him to intercept and record phone-calls made to the Secret Service (including one call from a police officer reporting counterfeit money). Seely was able to attack Google Maps by adding two ATMs to the database through its Google Places crowdsourcing tool, verifying them through a phone verification service (since discontinued by Google), then changing them into Secret Service offices. According to Seely, the disabling of the phone-verification service would not prevent him from conducting this attack again.
As Dune Lawrence points out, this is a higher-stakes version of a common spam-attack on Google Maps practiced by locksmith, carpet cleaning, and home repair services. Spammers flood Google Maps with listing for fake "local" companies offering these services, and rake in high commissions when you call to get service, dispatching actual local tradespeople who often charge more than you were quoted (I fell victim to this once, when I had a key break off in the lock of my old office-door in London and called what appeared to be a "local" locksmith, only to reach a call-center who dispatched a locksmith who took two hours to arrive and charged a huge premium over what I later learned by local locksmiths would have charged). Read the rest
Twenty years ago, Peter Molyneux's Dungeon Keeper became an instant classic, wedding a clever premise—you're the baddie fending off the heroes—to innovative strategy gameplay. The remake just came out for iOS. Not only is it bad, but it is free-to-play bad: the original's brilliant gameplay is all but frozen, with even the most basic mechanisms of play hooked into expensive further payments.
Like recent games such as Minecraft, progess in DK's requires the player to clear space one block at a time. With the new iOS version, however, you soon have to pony up real money for each individual cube to clear--or it takes up to 24 hours for the action to take effect. When it comes to digging out your realm, Dungeon Keeper iOS grinds to a halt unless you're willing to pay-per-tap.
"As I write this review, I am waiting for one of my imps to finish mining a block that I commanded it to start digging last night," writes Jim Sterling in a review at The Escapist. "Something so simple, something that took a handful of seconds in the original Dungeon Keeper, is taking me 24 hours in the twisted mobile reimagining."
Sterling awarded the game 1/10; a brutal score to match its brutal payment model. Destructoid, issuing a comparatively generous but hardly enticing 4/10, says that publisher Electronic Arts is selling a "sack of spolied potatoes ... using a respectable IP as its skin."
German gaming site Superlevel's review is more concise—and works in any language.
German gaming site Superlevel's review is more concise—and works in any language.Read the rest
In Colorado, a scamming sonofabitch charged with collecting about $2 million through sales of breast-cancer-awareness merchandise, none of which helped breast cancer charities, has been sentenced to 14 days in jail. We wrote about this dirtbag back in 2012, when the Illinois state attorney general began investigating his cancer-scam activities.
The Denver Post today reports that Adam Cole Shyrock was jailed for running a new scam in violation of a court order. He wrote a $36,000 check on a frozen Wells Fargo bank account to a T-shirt manufacturer to make t-shirts for "I Heart This Bar," a new scheme purporting to raise money for college scholarships. Man, some people never learn. Snip: Read the rest
Keith Jones was scammed out of US$110,000 by a fraudulent investment firm. Not surprisingly, law enforcement initially had little interest in the case, so Mr. Jones decided to track down the criminals on his own, leading him from his home in Australia to Thailand. He made this high-quality and fascinating documentary of his sleuthing.
HSBC bank, which gave the scammers an account to rip off Mr. Jones, also refused to help him. (That's not surprising either, once you read Matt Taibbi's Rolling Stone article, "Gangster Bankers: Too Big to Jail How HSBC hooked up with drug traffickers and terrorists. And got away with it.") Read the rest