Beware LinkedIn scammers wanting your company’s services

Just a quick heads up on this one. I was sent a LinkedIn connect request by someone from a state-level sporting organisation who had a title of Finance Manager. We had a Group in common, so I accepted.

This was quickly followed by a message from him, stating that he was interested in our IT services. I was a bit surprised as he was in a different state, but the main alarm bell ringer was the slightly poor English phrasing. He made a point of telling me that NSW is in Australia. Would you seriously do that to someone you connect to who is in Queensland?

So I visited the official website for the organisation, found a contact email address and asked them if the guy really worked for them. Surprise surprise – they’d never heard of him. And you would think they’d know who their finance manager was.

Delete. Un-connect. Good-bye, mate.

Moral of the story – when those spidey senses are alerted, do some research before proceeding!

-SCuffy

 

Advertisements

BigPond ADSL – Your ADSL Service Cancellation Notice email

Disturbing email doing the rounds over the long Easter weekend in Australia, pretending to be from BigPond. I’m blogging about this in the hope that you’ll find this entry if you receive that email and Google it first.  It’s a scam, and a very clever one.

First the details: sender address ebilling@bt.com (that’s your first alarm bell-bt.com is not a bigpond or telstra domain name)

Subject: Your ADSL Service Cancellation Notice (second alarm bell – I am not and have never been a BigPond ADSL customer)

Text: Dear BigPond User,

Telstra BigPond is sending you this e-mail to inform you that our service to you could be suspended. This might be due to either one of the following reasons:

1. You have changed your billing address.

2. You have Submitted incorrect information during bill payment process. (third alarm bell – bad english & capital letter in middle of sentence)

3. Your credit/debit card has expired.

4. You didnt update your bigpons profile. (fourth alarm bell-missing apostrophe and now bigpond has lost its capitals)

According to above(more bad english), and to ensure that your service is not interrupted, we request you to confirm and update your billing information now BY CLICKING HERE. (another alarm bell-Telstra will never ask you to do this and definately never in capitals)

If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.

Regards,

Telstra

Billing Department

Thanks for your co-operation

Accounts Management As outlined in our User Agreement, Telstra (r) will periodically send you information about site changes and enhancements.

OK, so there are a few things in there to make you question the email, but the real surprise is the lengths they have gone to with the fake website, and what they have the cheek to ask you for.  When you click on the link, you are taken to a page that looks very much like a Telstra website:

The logo is there and the links at the bottom even point to pages on the real Telstra website.  But the big alarm bell here is this statement: “This is a secure page. Telstra has implemented SSL security technology designed to prevent unauthorised people from reading this page, or the information you send to us via this page.”  Ah no, actually that page is not secured by an SSL certificate, as the address at the top does not appear as https:// and there’s no little golden locked padlock showing in my browser.

So let’s see how far we can push this thing?  Enter a username & password – just anything, make it up .. and you get to page 2 – Thank you for confirming your identity.  And now the fun begins. They want your name, credit card details, billing address, phone number, home phone, date of birth and drivers license number.  Excuse me? I don’t think so.

So we make up some more fake info and submit it, and we get a short confirmation page which then redirects us to the real Telstra website.

Apart from wondering how on earth it can validate a completely made-up username and password, there are elements in there to really make you think it is legitimate.  The site is hosted by e3event.com which is in Indian company.  I’ve forwarded this email to Telstra to get their comment, but I’m betting my money it’s a fake. And if it is, it’s a good one.

The best scammers know that instead of spending their time trying to break technology’s security measures, they just need to take advantage of our human nature and gain our trust. With a few chosen words and a carefully placed logo, we believe they are Telstra and we’re going to lose our internet connection. The easiest way for them to gain access to your personal information is for them to to ask you for it. 

Another concern is the timing of this. It was reported to a few Computer Troubleshooters franchisees as appearing over the Easter long weekend, which was a 5 day public holiday in Australia this year due to the ANZAC Day commemoration.  The billing departments of all corporations were closed (internet providers only run technical support on weekends) and who wants to be without their internet for 5 days because you decided to wait & phone Telstra to check it out first?

So, now you’ve been warned, and you’ve seen why I think this is a scam. I’ll let you know Telstra’s reply when I get it (hopefully tomorrow – at 9pm their privacy department isn’t open).

-SCuffy

Paypal / Western Union money scam

Thanks to Kate Booby at Spinefex (www.spinefex.com.au) for alerting us to this one!

“I thought I should bring your attention to a scam that we have 3 separate cases of occur within our immediate friends/family.

All of these people had advertised to sell items (2 x cars, 1 x horse) and had been contacted by email and phone calls from a buyer. 

The buyer has asked to pay for the items through paypal (and the sellers had to set up paypal accounts) because the buyer is overseas or can’t use their internet banking (one case the man said he was on an oil rig, another was overseas).  Paypal is generally a safe & secure way to receive funds or pay for items.

They were also requesting for the item that they were purchasing to be transported to a different state and were offering to pay extra in the paypal transfer for the seller to arrange this. 

The catch was that they asked for the seller to transfer the transport cost to a Western Union account BEFORE they could do the paypal transfer – these amounts varied from $800 – $1000.”

What a great scam.  The ‘buyer’ is asking you to pay for the cost of the ‘transport’ until they can pay you the entire amount via paypal, yet no transport company is involved.  They are then free to walk away with your money and never be heard from again.

Seller beware!

-SCuffy