Issue 8 - Hoax-Slayer Newsletter
Issue 8: January 23th, 2004
This week in Hoax-Slayer:
U.S.Bank Phishing Scam
The U.S. Bank is currently the target of another phishing
This is a comparatively unsophisticated phishing scam that tries
to scare gullible U.S. Bank customers into providing personal
information via a bogus website. One of the fraudulent emails
(reproduced below) "informs" the potential victim that his or her
account may have been compromised and that the account will be
frozen until account details are provided. Like other phishing
scams, the intent of the email is to trick people into providing
identity and banking information directly to the criminals
responsible for the scam. The emails are randomly sent to
thousands of email addresses. The scammers rely on the
statistical probability that some of the recipients will be U.S.
Bank customers and that at least a few of them will be naive
enough to take the bait.
According to information on the bank website, "U.S. Bank will
never initiate a request for sensitive information from you via
email". In fact, it would be highly unlikely for any legitimate
financial institution to request sensitive information via email,
and such a request should always be viewed as suspect.
Although the bogus website has now been shutdown, it is probable
that the scammers responsible are already preparing for their
Subject: Your account at U.S. Bank has been suspended.
Dear U.S. Bank account holder,
We regret to inform you, that we had to block your U.S. Bank
account because we have been notified that your account may have
been compromised by outside parties.
Our terms and conditions you agreed to state that your account
must always be under your control or those you designate at all
times. We have noticed some activity related to your account that
indicates that other parties may have access and or control of
your information in your account.
These parties have in the past been involved with money
laundering, illegal drugs, terrorism and various Federal Title 18
violations. In order that you may access your account we must
verify your identity by clicking on the link below.
Please be aware that until we can verify your identity no further
access to your account will be allowed and we will have no other
liability for your account or any transactions that may have
occurred as a result of your failure to reactivate your account
as instructed below.
Thank you for your time and consideration in this matter.
Before you reactivate your account, all payments have been
frozen, and you will not be able to use your account in any way
until we have verified your identity.
Australian telecommunications giant, Telstra, has warned customers
that a text message that promises free SMS is nothing more than a
hoax. The text messages tells recipients that they will receive
free SMS for a month in exchange for passing on the message to
Last year, a similar hoax clogged a Vietnamese mobile phone network
when thousands of subscribers forwarded text messages in the hope
of receiving 90 Vietnamese dong.
These SMS hoaxes closely resemble a number of email hoaxes
including the Nokia Giveaway Hoax
, which asked people to forward the email to 8 people to get a new Nokia phone.
Security Tip: Read the EULA
If you download a lot of software, it can be tempting to just skip
over the End User License Agreement without actually reading it.
This is not a good habit to get into. Some programs have some
pretty dubious conditions of use hidden in the legalese of their
EULA's. For example, by digitally signing the EULA, you may have
given the application developers explicit permission to collect
information such as surfing habits and transmit it back to their
servers. In other words, you may inadvertently give permission for
intrusive, and sometimes unstable, adware to be installed on your
computer. If this intention to collect information from end users
is not mentioned in the EULA, then the program can be thought of as
containing spyware, although the end result is the same.
Furthermore, anti-spyware scanners such as Ad-Aware will not always
flag information-gathering components if their existence has been
noted in a EULA.
Of course, in some cases, you may be quite willing to allow
software components to collect information from your computer in
exchange for using a program for free. However, it is important
that you know about the components before you install the software,
hence a thorough reading of the EULA is worth the effort.
Old Virus Hoax: Life is Beautiful
The "Life is Beautiful" hoax is one of those hoaxes that just
Amazingly, the "Life is Beautiful" hoax is still very much active
"in the wild". I'm quite surprised at the tenacity of this hoax.
In spite of the fact that it has been thoroughly debunked on many
different websites, email discussion groups and news groups for
well over a year, it continues to circulate.
There are a number of versions of the hoax, some of which are in
Portuguese. French, Italian and German.
There is not, nor has there ever been, a virus like the one
described in the hoax email.
For more details about this old hoax, refer to:
Life is Beautiful Virus Hoax
This information arrived this morning, from Microsoft and Norton.
Please send it to everybody you know who accesses the Internet.
You may receive an apparently harmless email with a PowerPoint
presentation called "Life is beautiful.pps." If you receive it DO
NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it
immediately. If you open this file, a message will appear on your
screen saying: "It is too late now, your life is no longer
beautiful", subsequently you will LOSE EVERYTHING IN YOUR PC and
the person who sent it to you will gain access to your name,
email and password. This is a new virus which started to
circulate on Saturday afternoon. WE NEED TO DO EVERYTHING
POSSIBLE TO STOP THIS VIRUS. UOL has already confirmed its
dangerousness, and the antivirus Softs are not capable of
destroying it. The virus has been created by a hacker who calls
himself "life owner", and who aims to destroying domestic PCs and
who also fights Microsoft in court! That's why it comes disguised
with extension pps. He fights in court for the Windows- XP
MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS.
Testing your Email Security
In an earlier article
I wrote about ways to test your online security.
It's also a good idea to test the security of your email client.
The GFI Email Security Testing Zone is place where you can do just
that. Enter your email address and the service will perform a
vulnerability check on your email system. A series of emails will
be sent to you that are designed to test the security of your
system and inform you about any potential problems.
When you enter your email address to perform the tests, you will
first receive an email that asks for confirmation. Once you
confirm your request, a series of test emails will be sent. Each
email will outline the results of the test. Naturally, none of
the test emails contain any harmful code or viruses. The emails
are designed to fool your security software into detecting a
Although the company offering the tests is in the business of
selling security software, I believe all the tests are legitimate
and above board. When requesting the test, you are given the
option of subscribing to the GIF Newsletter, but I have never
received unsolicited email from the company.
During the test, your anti-virus software may warn you that you have a virus. Don't be alarmed by this as it is part of the test. The "virus" is the eicar Anti-Virus test file
and it will not harm your system in any way.
Read more about the service and request the tests
Humorous Hoax: Drivers Licence on the Internet
The website to which the email below refers is actually rather
However, I've seen the email around often enough to suspect that
people are forwarding it onward without bothering to go to the site
and check it out. That is, I'm inclined to think that some people
are taking the email at face value and actually believe the
information it contains to be true. These days there are a plethora
of real threats to our privacy so obscuring the truth by
perpetrating false invasion of privacy stories is less than
Having said that, taken in context, the site represents an
enjoyable prank. If you have a minute, you might like to visit the
site mentioned and enter some false data to see what it comes up
But think twice about sending it on to friends unless you make it
clear that it's just a joke.
You need to check this out everybody!!!!
Invasion Of Privacy!!!
I just found this.
You can see anyone's Driver's License on the Internet - including
your own! I just searched for mine and there it was.. .picture,
address and all! Maybe we should start up a petition or something
What do you think? Go to the website and check it out. It's
Just enter your name, City and state to see if yours is on file.
The Hoax_Slayer Newsletter is published by:
All Rights Reserved
©Brett M. Christensen, 2009
Questions or Comments