Issue 29 - Hoax-Slayer Newsletter

---

This week in Hoax-Slayer:

• Share Your Experiences.com Scam
• Phisher Scams Continue
• Virtual Card for You Virus Hoax
• Virus Report: Weekly Virus Wrap-Up
• Mobile Phone Giveaway Hoax
• Tip of the Week: Automatic Spell-Checking in Outlook Express
• Feedback from Readers and Site Visitors

---

Has someone filed an "experience request" report about you on "Share Your Experiences.com"? Probably not! Submissions indicate that a new wave of these scam emails has been hitting inboxes.

Basically, the emails are just a hook to entice people to sign up for the company's dubious "service". The emails claim that "A user is attempting to share experiences and opinions about you via our website."

If you access the website via the link provided, you can view an "Experience Request" that lists some vague details. It may state that the user has information about you, but does not say what this information actually is. In order to gain more information, you need to use the "Identity Protection System" to contact the supposed user. However, to access the "Identity Protection System", you need to pay for a "Premium" membership.

Even after you fork out money to sign up for the service, it appears that the only way you can really find out what someone was supposed to have said about you is by using this completely anonymous "Identity Protection System". Apparently, the real identity of the author of the request is not revealed to you even if you are a premium subscriber. According to the site, "sharing of experience and opinions at this website occurs via direct, private email communication between two members using our Identity Protection System". Thus, anybody could have filed an "Experience Request", including the owners of the website, and there is no evidence that the user actually does have further information about you at all. In any case, anonymous "information" such as this is hardly worth procuring and certainly not worth paying for. What's more, in order to access the alleged information, you are dependant on the author's willingness to send it to you via the site's anonymous email system. In other words, you end up paying for a service that provides little more than a means of communicating with an unknown user.

There have been quite a few websites that offer almost identical services, including several "Word Of Mouth" sites. The sites are very similar in functionality and style, and I strongly suspect that the same people operate them all.

In short, this is just another grubby little scam that preys on our natural curiosity. These emails should go directly to the deleted item folder where they belong.


Discuss This Story

---

Both the US Bank and Citibank have been targets of renewed attacks by phisher scammers over the last few days. Criminals regularly undertake email-scamming campaigns against these banks as well as many other major financial institutions around the world.

As scams go, phishing is a relatively recent trend. However, the explosive growth in this sort of Internet scam implies that it is a lucrative pastime for cyber-criminals. I'm not sure who came up with the name "phishing", but strange spelling aside, the word aptly describes this sort of scam. These scam emails are "fishing" for personal information. Simply put, a phisher scam is one in which victims are tricked into providing personal information to what they believe to be a legitimate company or organization. In order to carry out this trick, the scammers often create a "look-a-like" website that is designed to resemble the target company's official website. Typically, emails are used as "bait" in order to get the potential victim to visit the bogus website. In general, these emails are randomly mass-mailed to thousands of Internet users in the hope of netting a few victims. It only takes a small number of recipients to fall for the trap to make the exercise worthwhile for the scammers.

The emails themselves are also created to give the illusion that they have been sent by a legitimate company. They may include logos, contact and copyright information virtually identical to those used by the target company. To further create the illusion of legitimacy, some of the secondary links in these bogus emails may lead to the genuine company website. However, the main link featured in the body of the email will point to a bogus site. Usually a phisher scam email message will contain what, at face value, sounds like a reasonable request for information as well as a link to the fake website. For example, the email may inform the potential victim that his or her account will be terminated unless they log in to the company site and update personal details. If a recipient falls for this ruse and logs into the bogus site, the scammers are able to retrieve his or her password, user name and any other information submitted including, in some cases, bank account numbers and PIN codes.

A variation of the scam involves using an embedded form within the bogus email itself. Victims are instructed to enter details such as a password and bank account number into the form provided and send the email. Of course, rather then being sent to the legitimate company as expected by the victim the information is mailed directly to the scammers.

As a rule of thumb, be wary of any email that asks you to provide sensitive personal information such as banking details. Most legitimate companies would not request such information from customers via a method as potentially insecure as email. If you have any doubts at all about the veracity of the email, contact the company directly.

The FraudWatch International site has more information about protecting yourself from phishing scams.

A copy of a recent scam email that targets Citibank is included below:

---

Summary:
Email claims that a message with the subject line "A virtual card for you" carries a virus that will destroy the hard drive on the infected computer.

Status:
False

Update:
August 2007 - A new version of this hoax email tacks on factual information about a genuine, but totally unrelated trojan threat (Details in commentary below).

Example:(Submitted, February 2007)
Commentary:
This old virus hoax has been continually circulating since 2001. In spite of being quite thoroughly debunked on a number of anti-virus and anti-hoax sites, including Symantec, the message still manages to fool many recipients into urgently hitting the "Forward" button. There is not, nor has there ever been a virus that fits the characteristics of the one described in the email. Over the last few years, there have been Dutch, German, Spanish and Portuguese versions of the hoax as well as several English variants. All versions are equally false.

Unfortunately, there are many false "virus warnings" that are passed around via email. Some, like this one, are outright hoaxes. Others seriously overstate the risks of the threat described, or are hopelessly outdated. Such bogus warnings help nobody and do nothing more than spread misinformation. Therefore, it is important to check the facts before sending on any email virus warning. Information about destructive viruses like the one described in this message would certainly be listed on many different anti-virus sites. In fact, a virus so bad that it actually destroyed the hard-drives of infected computers and "caused panic in New York" would also be prominently featured by news outlets around the world. Conversely, if a warning message is a known hoax, it will most likely be listed as such on both hoax information and anti-virus websites.

Thus, it is not usually very difficult or time consuming to verify if an emailed virus warning is true or false. Email hoaxes like this one try to create a false sense of urgency in order to trick people into sending them on without too much forethought. However, even if a warning turns out to be legitimate, the described threat is very unlikely to be so dire that recipients should not spend a minute or so verifying the information. No matter how urgent or important the information may seem, responsible Internet users will always verify before forwarding.

If you receive a copy of this email, do not forward it to others and please let the sender know the information it contains is untrue.

Update:
Around August 2007, a new version of this hoax email began circulating that included added information about a genuine, but completely separate malware threat. A copy of the new version is included below:

Thought I would pass this one on to everyone.

This one is for real - do not open any emails about receiving postcards or greetings from a friend etc. Just delete the whole email.

My inbox has been inundated with emails saying a friend, neighbor, classmate, admirer has sent a greeting, postcard, card etc. from Bluemountain, Postcard. com etc, etc, etc.

Guys this is quite real.. so please be careful

WORST VIRUS EVER --- CNN ANNOUNCED

PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!

A new virus has just been discovered that has been classified by Microsoft as the most destructive ever.

This virus was discovered yesterday afternoon by McAfee. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner:
It sends itself automatically to all contacts on your list with the title: "A Card for You".

As soon as the supposed virtual card is opened the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk.

Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN.

This alert was received by an employee of Microsoft.

So don't open any mails with subject: "A Virtual Card for You." As soon as you get the mail, delete it! Even if you know the sender !!!

Please pass this mail to all of your friends. CUT AND PASTE this to everyone in your address book. I'm sure most people, like myself, would rather receive this notice 25 times than not at all.

The first part of this new version (bold text in above example) is true. In July 2007 a spate of malicious eCard notification emails began hitting inboxes. Some of the first claimed to be notifications about a postcard from a family member. Back in early July, other emails claimed to be a 4th July celebration eCard notification from a colleague or friend.

Since then, there have been several other versions, all claiming to be a notification that someone has sent you an eCard.

Clicking on links in these emails opens a website that will download a trojan to the user's computer. The trojan will then attempt to download and install other malware.

However, it is important to note that this malware campaign is totally unrelated to the information contained in the original "virtual card" hoax. The genuine threat downloads a trojan that may give a hacker access to the infected computer, but it does not destroy the computer's hard-drive. Moreover, the malware emails do not arrive with the subject line "A Virtual Card for You".

Unfortunately, by adding information about a real malware threat, the perpetrator has, perhaps unwittingly, given new life to this old hoax. More importantly, because this version combines factual information with a well-known hoax, any warning value the message might have had is significantly eroded. Many recipients will simply dismiss the message as a mutation of the original hoax and the factual information it contains will go unheeded.

Certainly, Internet users should always be very cautious of any eCard notification emails. Do not click links in these emails until you have checked that the message is from a genuine eCard service. However, if you receive a warning about these malicious emails that is combined with the virtual card hoax, please do not forward it as your action will do no more than spread dangerous misinformation. Also, be sure to let the sender know that the "virtual card" portion of the message is a known hoax.

An earlier version of the hoax:

References:
Virtual Card for You
Virus Hoaxes
Osama Bin Laden Virus Emails
Postcard From a Family Member Malware Email
Fake 4th Of July eCards Point to Trojan
Malicious eCard Emails Continue

---

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

---

Another version of the Bugbear worm, W32.Bugbear.K@mm, is currently circulating. This is a mass-mailing worm that sends itself to email addresses it finds in the infected computer's inbox and in certain other files. It can also spread via network shares. It can log keystrokes and send information to the perpetrator of the worm.

---

Variations of the Korgo worm continue to spread. These worms use the LSASS vulnerability present in unpatched Windows 2000, and XP systems.

---

Anti-virus companies regularly release specialized removal tools for significant virus/worm threats. Curing an infected computer by using a removal tool is generally much easier and safer than trying to remove the infection manually. You can view a list of removal tools offered by Symantec via the link below:
Symantec Removal Tools

Discuss This Story

---

Noika is NOT giving away a new mobile phone in exchange for forwarding emails. This old hoax has seen many versions since it's first appearance in 2000 and continues to circulate.

It is highly improbable that any legitimate company would employ such a haphazard promotional method as the uncontrolled forwarding of emails. Also, consider how many times an email like this might be forwarded in a two-week period. If the claim were true, Nokia might have found that they were obligated to give away thousands of phones.

Nokia has the following disclaimer on their website:

"Nokia is aware of the prank e-mail circulating around the world. The content of the e-mail is not true. Nokia does not hand out free mobile phones. We apologize for any inconvenience caused to our customers."

The hoax has spawned other giveaway hoaxes, including one that pretends to be a counter-offer from Nokia rival, Ericsson. The Ericsson version is also reproduced below. It's interesting to note that "Anna Swelund" is the person to contact in both the Nokia giveaway hoax and the Ericsson version. Perhaps, Anna is moonlighting? :)



Nokia version:

Ericsson Version:

Discuss This Story

---

Outlook Express can be configured to check spelling automatically before sending. When you click "Send" the email will be automatically spell-checked and, if errors are found, you will be given the option of correcting them before sending.

To enable this function:

1. Click Tools/Options/Spelling Tab

2. Tick the check box with the caption "Always check spelling before sending".

Most other email programs also have automatic spell-checking functionality.

Discuss This Story

---

If you receive a hoax or scam email, I would appreciate it if you would send me a copy.

Many submissions and enquires this week involved Lottery Scams. I have noticed that the number of lottery scam emails has been steadily increasing over the last few months. Reports indicate that many people around the world continue to lose money to lottery scammers.

The apparently invulnerable Money From Microsoft hoax continues to be a popular subject for submissions.

The most popular article on the Hoax-Slayer site over the last week has been the Glade Plug-in Fire Hazard Email that I discussed in last week's issue.

Other popular articles were the Crying Baby Hoax, the MSN Contact List Virus Hoax, and the Swiffer WetJet Hoax

Again, thank you for all you submissions and feedback!

Discuss This Story

---

---