Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation

Divider









Issue 29 - Hoax-Slayer Newsletter

Issue 29: 29th June, 2004

This week in Hoax-Slayer:
Read Previous Issues


Hoax-Slayer is a Free Monthly Web-Based Newsletter brought to you by Brett Christensen

The Hoax-Slayer Newsletter keeps you informed about the latest email hoaxes and current Internet scams. Hoax-Slayer also features anti-spam tips, computer security information, pertinent articles and more.

As soon as the newsletter is published each month, subscribers are sent a notification email with a direct link to the latest issue. The Hoax-Slayer Newsletter is absolutely free and you can easily unsubscribe at any time either by following a link in the notification email or visiting the Hoax-Slayer Unsubscribe page.

To get your free subscription, enter your complete email address in the form below and click the "Subscribe" button. Concerned about giving out your email address online? I will never sell or give away your email address, or any other personal information, for any reason what so ever.

Read the Hoax-Slayer Privacy Policy for more information.



Subscribe to the newsletter via RSS feed

Subscription Options in Detail



Share Your Experiences.com Scam

Has someone filed an "experience request" report about you on "Share Your Experiences.com"? Probably not! Submissions indicate that a new wave of these scam emails has been hitting inboxes.

Basically, the emails are just a hook to entice people to sign up for the company's dubious "service". The emails claim that "A user is attempting to share experiences and opinions about you via our website."

If you access the website via the link provided, you can view an "Experience Request" that lists some vague details. It may state that the user has information about you, but does not say what this information actually is. In order to gain more information, you need to use the "Identity Protection System" to contact the supposed user. However, to access the "Identity Protection System", you need to pay for a "Premium" membership.

Even after you fork out money to sign up for the service, it appears that the only way you can really find out what someone was supposed to have said about you is by using this completely anonymous "Identity Protection System". Apparently, the real identity of the author of the request is not revealed to you even if you are a premium subscriber. According to the site, "sharing of experience and opinions at this website occurs via direct, private email communication between two members using our Identity Protection System". Thus, anybody could have filed an "Experience Request", including the owners of the website, and there is no evidence that the user actually does have further information about you at all. In any case, anonymous "information" such as this is hardly worth procuring and certainly not worth paying for. What's more, in order to access the alleged information, you are dependant on the author's willingness to send it to you via the site's anonymous email system. In other words, you end up paying for a service that provides little more than a means of communicating with an unknown user.

There have been quite a few websites that offer almost identical services, including several "Word Of Mouth" sites. The sites are very similar in functionality and style, and I strongly suspect that the same people operate them all.

In short, this is just another grubby little scam that preys on our natural curiosity. These emails should go directly to the deleted item folder where they belong.

######This is not commercial email.######

A user is attempting to share experiences and opinions about you via our website.

The purpose of this email is to inform you that a posting has been made about you at our website. This is email is not commercial in nature.

If this email message was delivered to your spam or bulk email folder please notify your ISP or spam filtering company regarding this mistake on their part.

To view postings about you click here:

[LINK REMOVED]

Our Identity Protection System is a simple system in which this website sends email messages to the Experience Request author on your behalf, and vice versa. This website will never reveal the identity of the Experience Request author to you, nor will it reveal your identity to the author of the Experience Request.

The Experience Request author will receive your message in an email sent from our website. He/she can then respond to your message via our website by clicking a custom link that appears in the email.

Communication then continues back and forth via our Identity Protection System until one party or the other provides other contact means (phone number, etc.).

IMPORTANT - To add this email address to our Do Not Email List click here:

[LINK REMOVED]

Regards,

SYEC Support

SYEC Support Department


Discuss This Story

[TOP]



Phisher Scams Continue

Both the US Bank and Citibank have been targets of renewed attacks by phisher scammers over the last few days. Criminals regularly undertake email-scamming campaigns against these banks as well as many other major financial institutions around the world.

As scams go, phishing is a relatively recent trend. However, the explosive growth in this sort of Internet scam implies that it is a lucrative pastime for cyber-criminals. I'm not sure who came up with the name "phishing", but strange spelling aside, the word aptly describes this sort of scam. These scam emails are "fishing" for personal information. Simply put, a phisher scam is one in which victims are tricked into providing personal information to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a "look-a-like" website that is designed to resemble the target company's official website. Typically, emails are used as "bait" in order to get the potential victim to visit the bogus website. In general, these emails are randomly mass-mailed to thousands of Internet users in the hope of netting a few victims. It only takes a small number of recipients to fall for the trap to make the exercise worthwhile for the scammers.

The emails themselves are also created to give the illusion that they have been sent by a legitimate company. They may include logos, contact and copyright information virtually identical to those used by the target company. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the genuine company website. However, the main link featured in the body of the email will point to a bogus site. Usually a phisher scam email message will contain what, at face value, sounds like a reasonable request for information as well as a link to the fake website. For example, the email may inform the potential victim that his or her account will be terminated unless they log in to the company site and update personal details. If a recipient falls for this ruse and logs into the bogus site, the scammers are able to retrieve his or her password, user name and any other information submitted including, in some cases, bank account numbers and PIN codes.

A variation of the scam involves using an embedded form within the bogus email itself. Victims are instructed to enter details such as a password and bank account number into the form provided and send the email. Of course, rather then being sent to the legitimate company as expected by the victim the information is mailed directly to the scammers.

As a rule of thumb, be wary of any email that asks you to provide sensitive personal information such as banking details. Most legitimate companies would not request such information from customers via a method as potentially insecure as email. If you have any doubts at all about the veracity of the email, contact the company directly.

The FraudWatch International site has more information about protecting yourself from phishing scams.

A copy of a recent scam email that targets Citibank is included below:

Dear Citibank user,
As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link given below

[LINK REMOVED]

Please fill in the required information. This is required for us to continue to offer you a safe and risk free environment to run your business, and maintain the Citibank experience. Thank you

Accounts Management

As outlined in our User Agreement, Citibank will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

Copyright 2003 Citibank Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners. Citibank and the Citibank logo are trademarks of Citibank Inc

Announcements | Register | SafeHarbor (Rules & Safety) | About us
Copyright (c) 1995-2003 Citibank Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners.



[TOP]



Virtual Card for You Virus Hoax

Summary:
Email claims that a message with the subject line "A virtual card for you" carries a virus that will destroy the hard drive on the infected computer.

Status:
False

Update:
August 2007 - A new version of this hoax email tacks on factual information about a genuine, but totally unrelated trojan threat (Details in commentary below).

Example:(Submitted, February 2007)
WORST VIRUS EVER --- CNN ANNOUNCED
PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!
A new virus has just been discovered that has been classified by Microsoft as the most destructive ever. This virus was discovered yesterday afternoon by McAfee . This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner:
It sends itself automatically to all contacts on your list with the title: "A Card for You".

As soon as the supposed virtual card is opened the computer freezes so that the user has to reboot. When the ctrl+alt+ del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York , according to news broadcast by CNN.

This alert was received by an employee of Microsoft itself.
So don't open any mails with subject: "A Virtual Card for You. " As soon as you get the mail, delete it !! Please pass this mail to all of your friends.

Forward this to everyone in your address book. I'm sure most people, like myself, would rather receive this notice 25 times than not at All .


Commentary:
This old virus hoax has been continually circulating since 2001. In spite of being quite thoroughly debunked on a number of anti-virus and anti-hoax sites, including Symantec, the message still manages to fool many recipients into urgently hitting the "Forward" button. There is not, nor has there ever been a virus that fits the characteristics of the one described in the email. Over the last few years, there have been Dutch, German, Spanish and Portuguese versions of the hoax as well as several English variants. All versions are equally false.

Unfortunately, there are many false "virus warnings" that are passed around via email. Some, like this one, are outright hoaxes. Others seriously overstate the risks of the threat described, or are hopelessly outdated. Such bogus warnings help nobody and do nothing more than spread misinformation. Therefore, it is important to check the facts before sending on any email virus warning. Information about destructive viruses like the one described in this message would certainly be listed on many different anti-virus sites. In fact, a virus so bad that it actually destroyed the hard-drives of infected computers and "caused panic in New York" would also be prominently featured by news outlets around the world. Conversely, if a warning message is a known hoax, it will most likely be listed as such on both hoax information and anti-virus websites.

Thus, it is not usually very difficult or time consuming to verify if an emailed virus warning is true or false. Email hoaxes like this one try to create a false sense of urgency in order to trick people into sending them on without too much forethought. However, even if a warning turns out to be legitimate, the described threat is very unlikely to be so dire that recipients should not spend a minute or so verifying the information. No matter how urgent or important the information may seem, responsible Internet users will always verify before forwarding.

If you receive a copy of this email, do not forward it to others and please let the sender know the information it contains is untrue.

Update:
Around August 2007, a new version of this hoax email began circulating that included added information about a genuine, but completely separate malware threat. A copy of the new version is included below:
Thought I would pass this one on to everyone.

This one is for real - do not open any emails about receiving postcards or greetings from a friend etc. Just delete the whole email.

My inbox has been inundated with emails saying a friend, neighbor, classmate, admirer has sent a greeting, postcard, card etc. from Bluemountain, Postcard. com etc, etc, etc.


Guys this is quite real.. so please be careful

WORST VIRUS EVER --- CNN ANNOUNCED

PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!

A new virus has just been discovered that has been classified by Microsoft as the most destructive ever.

This virus was discovered yesterday afternoon by McAfee. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner:
It sends itself automatically to all contacts on your list with the title: "A Card for You".

As soon as the supposed virtual card is opened the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.

Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN.

This alert was received by an employee of Microsoft.

So don't open any mails with subject: "A Virtual Card for You." As soon as you get the mail, delete it! Even if you know the sender !!!

Please pass this mail to all of your friends. CUT AND PASTE this to everyone in your address book. I'm sure most people, like myself, would rather receive this notice 25 times than not at all.
The first part of this new version (bold text in above example) is true. In July 2007 a spate of malicious eCard notification emails began hitting inboxes. Some of the first claimed to be notifications about a postcard from a family member. Back in early July, other emails claimed to be a 4th July celebration eCard notification from a colleague or friend.

Since then, there have been several other versions, all claiming to be a notification that someone has sent you an eCard.

Clicking on links in these emails opens a website that will download a trojan to the user's computer. The trojan will then attempt to download and install other malware.

However, it is important to note that this malware campaign is totally unrelated to the information contained in the original "virtual card" hoax. The genuine threat downloads a trojan that may give a hacker access to the infected computer, but it does not destroy the computer's hard-drive. Moreover, the malware emails do not arrive with the subject line "A Virtual Card for You".

Unfortunately, by adding information about a real malware threat, the perpetrator has, perhaps unwittingly, given new life to this old hoax. More importantly, because this version combines factual information with a well-known hoax, any warning value the message might have had is significantly eroded. Many recipients will simply dismiss the message as a mutation of the original hoax and the factual information it contains will go unheeded.

Certainly, Internet users should always be very cautious of any eCard notification emails. Do not click links in these emails until you have checked that the message is from a genuine eCard service. However, if you receive a warning about these malicious emails that is combined with the virtual card hoax, please do not forward it as your action will do no more than spread dangerous misinformation. Also, be sure to let the sender know that the "virtual card" portion of the message is a known hoax.

An earlier version of the hoax:
ATENTION TO THIS WARNING...

It just have been discovered a new virus that was clasified by MICROSOFT and by MCAFEE as the biggest destroyer of all times. This virus was discovered yesterday afternoon by MCAFFE and a vaccine for this virus is not found yet. It just destroy the 0 track of hard drive where the vital information for its FUNctionality.

It works as follows:

1- It sends itself by Internet with the subject "A VIRTUAL CARD FOR YOU".
2- Locks the computer, so user must reboot it.
3- At the moment that the keys CTRL-ALT-DEL or RESET are pressed, it destroy the 0 track and the hard drive for ever.

Please distribute this email to as many people as possible, in some hours of yesterday this virus caused panic in NEW YORK as CNN said.


References:
Virtual Card for You
Virus Hoaxes
Osama Bin Laden Virus Emails
Postcard From a Family Member Malware Email
Fake 4th Of July eCards Point to Trojan
Malicious eCard Emails Continue



[TOP]



Virus Report: Weekly Virus Wrap-Up

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

Another version of the Bugbear worm, W32.Bugbear.K@mm, is currently circulating. This is a mass-mailing worm that sends itself to email addresses it finds in the infected computer's inbox and in certain other files. It can also spread via network shares. It can log keystrokes and send information to the perpetrator of the worm.

Variations of the Korgo worm continue to spread. These worms use the LSASS vulnerability present in unpatched Windows 2000, and XP systems.

Anti-virus companies regularly release specialized removal tools for significant virus/worm threats. Curing an infected computer by using a removal tool is generally much easier and safer than trying to remove the infection manually. You can view a list of removal tools offered by Symantec via the link below:
Symantec Removal Tools

Discuss This Story

[TOP]



Mobile Phone Giveaway Hoax

Noika is NOT giving away a new mobile phone in exchange for forwarding emails. This old hoax has seen many versions since it's first appearance in 2000 and continues to circulate.

It is highly improbable that any legitimate company would employ such a haphazard promotional method as the uncontrolled forwarding of emails. Also, consider how many times an email like this might be forwarded in a two-week period. If the claim were true, Nokia might have found that they were obligated to give away thousands of phones.

Nokia has the following disclaimer on their website:

"Nokia is aware of the prank e-mail circulating around the world. The content of the e-mail is not true. Nokia does not hand out free mobile phones. We apologize for any inconvenience caused to our customers."

The hoax has spawned other giveaway hoaxes, including one that pretends to be a counter-offer from Nokia rival, Ericsson. The Ericsson version is also reproduced below. It's interesting to note that "Anna Swelund" is the person to contact in both the Nokia giveaway hoax and the Ericsson version. Perhaps, Anna is moonlighting? :)



Nokia version:
Hi Everyone,

Nokia Is Giving Away Phones For "FREE"!!

Nokia is trying word-of-mouth advertising to introduce its products.And the reward you receive for advertising for them is a phone free of cost! To receive your free phone all you need to do is send this email out to 8 people (for a free Nokia 6210) or to 20 people (for a free Nokia WAP).Within 2 weeks you will receive a free phone. (They contact you via your email address).

You must send a copy to anna.swelan@nokia.com


Ericsson Version:
Dear customer Our main competitor, Nokia, is giving free mobile phones away on the Internet. Here at Ericsson we want to counter their offer. So we are giving our newest WAP-phones away as well. They are specially developed for Internet happy customers who value cutting edge technology. By giving free phones away, we get valuable customer feedback and a great Word-of-Mouth effect.

All you have to do, is to forward this message to 8 friends. After two weeks delivery time, you will receive a Ericsson T18. If you forward it to 20 friends, you will receive the brand new Ericsson R320 WAP-phone. Just remember to send a copy to Anna.Swelund@ericsson.com - that is the only way we can see, that you forwarded the message.

Best of luck

Anna Swelund
Executive Promotion Manager for Ericsson Marketing


Discuss This Story

[TOP]



Tip of the Week: Automatic Spell-Checking in Outlook Express

Outlook Express can be configured to check spelling automatically before sending. When you click "Send" the email will be automatically spell-checked and, if errors are found, you will be given the option of correcting them before sending.

To enable this function:

1. Click Tools/Options/Spelling Tab

2. Tick the check box with the caption "Always check spelling before sending".

Most other email programs also have automatic spell-checking functionality.

Discuss This Story

[TOP]

Feedback from Readers and Site Visitors

If you receive a hoax or scam email, I would appreciate it if you would send me a copy.

Many submissions and enquires this week involved Lottery Scams. I have noticed that the number of lottery scam emails has been steadily increasing over the last few months. Reports indicate that many people around the world continue to lose money to lottery scammers.

The apparently invulnerable Money From Microsoft hoax continues to be a popular subject for submissions.

The most popular article on the Hoax-Slayer site over the last week has been the Glade Plug-in Fire Hazard Email that I discussed in last week's issue.

Other popular articles were the Crying Baby Hoax, the MSN Contact List Virus Hoax, and the Swiffer WetJet Hoax

Again, thank you for all you submissions and feedback!

Discuss This Story

[TOP]



The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments