Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

Message body:
I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

Attached to it is a ZIP file, whose filename will vary depending on the recipient. For instance, if the email is sent to chris@example.com, the zip file will be called chris.zip.

Inside the ZIP file, is an executable file: “Individual Income Tax Returns.exe”

The executable file is a Trojan horse backdoor that will allow hackers to take over your computer for their own nefarious purposes.

Keep in mind that this is only one example and there are usually many variations out there. There is one thing you can be certain of: They are all designed to steal your money and/or your identity.

[video] Chuck Norris dies at age 71! Not a Joke.
[LINK]
See the video to find out how he died. News today of Chuck Norris death at age 71 has been met with confusion and humour, but sadly it is true.

If you are gullible enough to click on the link, you will be presented with a survey scam like the one below.

If you do fall for this scam, or one like it, make sure you aren’t now allowing rogue applications or “liking” questionable pages. These can help spread the scam.

And it’s probably a good idea to change your Facebook password while you have it on your mind.

Why do people do things like this? Simple, they do it for the money. Every survey someone fills out results in a payment to the scammer. It’s called “Cost Per Action” marketing and the scammers are just trying to run up their numbers. It’s illegal and they’ll get banned from the program if they get caught, but they can make a good haul before that happens.

Don’t help line their pockets.

1. Your current location. You want the whole world to know where you are, or a thief to know you’re not home? This is just dangerous on the web. There are people out there who don’t have your best interests in mind and letting them know where you are just doesn’t make sense.
2. New technology toys. “Wow, I love my new expensive gadget! Here’s a picture of it sitting on my bed. There is no reason for the whole world to know how you spend your money and no need to make yourself the target of thieves. This also ties in with #1 above: If the bad guys know you you aren’t at home and that you have penchant for expensive technology, you’ll be on their radar. Believe me, there are rings of people out there who take advantage of this.
3. Chain posts about Facebook’s new payment system. It’s free: always was and always will be. It is absolutely amazing to me how these things just seem to persist forever. Posting these things is an indication that you’re, well, not the brightest bulb in the lamp. Hackers target gullible people with this stuff and gullible people continue to fall for it. Stop letting them know you’re a potential target.
4. Vague or impersonal “personal” messages. You’ve seen them; you read them and go “huh?” Again, this could indicate that you are low-hanging fruit for the scammers and spammers.
5. Vacation, pictures. I’ll let you be the judge on this one. This is not only related to #1 above – you’re letting people know you’re out of town – but depending on where the vacation spot is, local bad guys who may be monitoring things could target you.

You think your security settings that only allow your friends to see your updates are going to prevent bad things from happening? Well, take a good hard look at your friends list. Anyone on there who may be questionable? Anyone on there you really don’t know and have never met?

Facebook isn’t a private telephone conversation, it’s more like a 50,000 watt radio station; it can reach into places you don’t consider. And, unlike a telephone conversation that is over when it’s over, what you post on Facebook and the web will probably never go away. It can come back to bite you.

It’s not fun to get bit…

Kroger wants you to know that the data base with our customers’ names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience.

Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted.

Wonder how many other notices I’ll be getting?

My wife got this email notice yesterday:

As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.

We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.

Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.

Stay alert to anyone who requests personal information via email. It just isn’t done by any financial institution.

I found this over at computerschool.org and it does an excellent job of explaining the “what” and “why” of malware. We at DCT often try to explain it in simple terms, but this picture just lets you follow the flow of money. Now you know why it is important to practice safe computing!

Hint: Click here to view the chart full size at its original location.

I'm interested in purchasing kennyhart.com.
I'd likely be able to pay in the $200 - $700 range for it.
Let me know whether or not you are open to hearing a formal offer.

Now, that seemed right in the range of what I know the domain is probably worth, so I answered the email:

Sure. I was thinking about flipping it and my website.
Let me know what  you have in mind.

To which I received this reply back:

Thanks for getting back to me.
I can offer you $xxx for KennyHart.com  and all associated content.
Let me know if you are interested and we  can get the ball rolling 
on the transfer.

I wrote back and told him I was up for it. The offer was a fair one and I was ready to accept it. He wrote back with this:

Great.  The easiest way to send the payment will be paypal.  Do you
have a paypal account?

Something felt a little odd that this was going so quickly and way too easy, but since I have PayPal locked down with 2-factor authentication, I wasn’t too worried about getting hacked. Still, I had to ask a simple question, so I replied with this:

I have PayPal. The PayPal email address is xxx@xxx.net.

Please clarify what you mean by "all associated content."
I assume you mean the content at Ask the Geek and Singing Songwriter web sites.
The writer website has no content at this time and copyright for my original
music is not subject to transfer, as I do not own 100% of the songs.

No reply. No payment. Nothing. It just stopped dead. As it stands right now, I believe it’s possible that I was targeted with a manual phishing attempt. It’s either that, or he decided my terms were a deal killer. Like I said, it appeared to be legitimate. He does have a website posted that solicits people to sell him their sites.

What could someone do with my PayPal email address? Attempt a brute force attack on my password, that’s what. Though that would never work because of the 2-factor requirement.

I’ll probably never know.

Here are the top ten tips, courtesy of OnGuardOnline.gov for avoiding online scams:

Don’t send money to someone you don’t know.

Don’t respond to messages that ask for your personal or financial information.

Don’t play a foreign lottery.

Keep in mind that wiring money is like sending cash: once it’s gone, you can’t get it back.

Don’t agree to deposit a check from someone you don’t know and then wire money back.

Read your bills and monthly statements regularly—on paper and online.

In the wake of a natural disaster or another crisis, give to established charities rather than one that seems to have sprung up overnight.

Talk to your doctor before buying health products or signing up for medical treatments.

When considering an investment, remember that there’s no such thing as a sure thing.

Know where an offer comes from and who you’re dealing with.

I’ve been saying these same things all along, but I will continue to repeat them for as long as I need to.

• First of all, the call will be unsolicited. Even if you asked on a forum, so not assume that the call is in relation to that. You didn’t ask for a phone call, so if you get one, be wary.
• They will ask you for personal contact information, or perhaps pretend they already know it.
• You are asked for your Windows activation code or CD key. There’s no reason why anyone would need this to fix your PC; it’s just a tactic to make you think they’re legitimate.
• They will ask you for some other sort of code or “warranty check” information which you won’t have, and which, of course, is completely bogus anyway.
• Something like this will happen next (as described by the almost-victim in the above article. The person was put on hold while the “technician” purportedly “checked” the warranty: “A few minutes later, he was back and gave me the unfortunate news that my free support period had ended. He told me I would have to pay $99 for extended support and directed me to a place on the website to enter my credit card information. I’m not sure why, but I smelled a rat, so I hung up on him.”
• The website you are referred to looks legitimate and may even say things like, “Microsoft Registered Partner” and have an official Microsoft logo, or it may say “This company is a Technical Support Provider.”
• The domain name is registered in a foreign country and/or does not have legitimate contact addresses or phone numbers associated with it.
• The website they refer you to may have numerous spelling and grammatical errors or just “doesn’t look right.”
• The “support engineer,” or whatever he calls himself wants you to review your event viewer logs and points out that there are numerous yellow and red flags. This, of course, is normal for most Windows machines, but they will try to convince you of the dire consequences of ignoring the warnings and errors.

Don’t fall for it. Most of this will be social engineering in one form or another. They will get your money, they will get your personal information, and they may steal your identity.

Hi Ken, Please offer your opinion on this. I had a phone call today from a person representing
Secure All PC.com. He told me that they received information directly from World Web Renting?? and that my windows operating system was a genuine windows and that they received my address, phone number etc. He wanted me to check my computer and see if i had virus/bugs etc that they knew about and if I did they would fix. He wanted me to press the windows button and r at the same time and then type in eventvwr. I was not comfortable doing this.

Needless to say, I gave the advice I would give to anyone in this situation: Run fast and far in the opposite direction. I then did two things: 1. Checked the whois on SecureAllPC.com; and, 2. Checked out their website.

Strike one: Registrant Contact: PrivacyProtect PrivacyProtect () Fax: All Postal Mails Rejected Navi Mumbai, MAHARASTRA 400614 IN. That’s India, not Indiana, in case you’re wondering. No individual’s name in the registration and you can’t even contact them.

Strike two: Amateurish website layout and graphics with numerous spelling and grammar errors.

Strike three: Unsolicited call to potential customer.

Umpire says, “Scam! You’re out!”

I’m willing to bet that whatever they do is useless, possibly malicious as in installing keyloggers or other such things, and they probably specialize in selling your credit card and other personal information to other cyber-criminals.

Steer clear.