MySpace Scams

MySpace said it will develop technologies to help block convicted sex offenders.

MySpace is partnering with Sentinel Tech Holding Corp. to build a database containing names, physical descriptions and other identifiable details on sex offenders in the United States. The News Corp. site, however, stopped short of adopting Sentinel’s technology for verifying the ages and identities of its users.

The database, to be called Sentinel Safe, “will allow us to aggregate all publicly available sex offender databases into a real-time searchable form, making it easy to cross-reference and remove known registered sex offenders from the MySpace community,” Hemanshu Nigam, MySpace’s chief security officer, said in a statement.

Parents, school administrators and law-enforcement authorities have become increasingly worried that teens are finding trouble at social-networking sites, which provide tools for messaging, sharing photos and creating personal pages known as profiles.

The aim of such sites is for users to expand their circles of friends — and critics say those circles sometimes include predators, including those previously convicted of sexual crimes.

John Cardillo, Sentinel’s chief executive, said the database will give MySpace and other sites a tool to help keep out sex offenders.

Online scam artists send e-cards to get unsuspecting users to click on links, disclose personal information, and download potentially dangerous software.

`Tis the season to start receiving greeting cards, and a growing number of them, conveniently, will come via the Internet.

There’s only one problem: Some of the e-mails saying that you have an e-greeting card from a friend or family member may instead be from a scam artist intent on obtaining your Social Security number, credit card data or even brokerage account information.

“People like receiving greeting cards this time of year, and they are likely to click on these greetings” if they are in their e-mail inbox, said Stu Elefant, senior product manager for McAfee Inc., an Internet security firm that markets products that detect unsafe Web sites or e-mail. “There is more cybercrime because peoples’ defenses are down. They are in a more trusting mood, thanks to the holidays, and they are looking online for bargains.”

That is an irresistible mix for increasingly clever cybercrooks as they realize more people than ever will shop online this holiday season, as well as seek to save postage–and time–by e-mailing holiday greeting cards.

Online shopping is already off to a fast start.

“Online sales are up 23 percent, about $6.35 billion, so far this year versus a year ago,” said Gian Fulgoni, the Chicago-based chairman of ComScore Networks Inc., which tracks Web activity. His figures are from Nov. 1-19 and will be updated Sunday to reflect this weekend’s frenzied shopping.

Holiday cybershopping will steadily increase over the next few weeks, with Monday slated as one of the busiest Internet shopping days during the holiday period as people use downtime at work to shop online.

Overall, Fulgoni estimates that $24 billion will be spent online this year during November and December, which should account for about 7 percent of all retail activity.

“That’s probably up a full percentage point over last year,” he said.

Indeed, more people than ever are comfortable shopping online these days, with 91 percent of adults saying they use the Web to shop, according to a survey released Friday from Harris Interactive and Check Point Software Technologies.

But as more people turn to the Internet for at least some of their holiday purchases–or simply for comparison shopping–more crooks, too, are tracking their movements.

The average loss per “phishing” scam grew from $257 in 2005 to $1,244 in 2006, according to a November report from Internet research firm Gartner Inc. Losses stemming from such attacks reached more than $2.8 billion this year, Gartner found.

In Australia, a scam was uncovered in late October by Exploit Prevention Labs that was perpetrated through e-greeting cards. According to a TechNewsWorld story, accounts at nearly every Australian bank were affected when a major cybercrime group used fake Yahoo greeting cards to infect computers with malicious software that tracked keystrokes on PCs. This so-called “keylogger” software was used to steal credit card numbers, bank account user names and passwords.

Yahoo did not return messages Friday for comment.

Researchers with Exploit Prevention Labs added that the e-card spammers were also targeting computer users in North America, according to TechNewsWorld.

Indeed, since early fall, numerous computer users across the U.S. and in Chicago have noted a marked increase in e-card-based spam e-mail. The subject line typically reads, “You’ve received a greeting from a family member” or “You’ve received an animated postcard.”

The text inside these “phishing” e-mail messages asks people to “click here” to see the card. Phishing scams are an attempt to trick people into revealing personal information. If they click on these links, they could unwittingly be downloading software that could be used to separate users from their hard-earned holiday bonuses.

Elefant warns people to exercise extreme caution when e-greeting cards enter your inbox and to open messages only from people you know. If you have any doubt, he warned, don’t open the message.

The number of e-greetings sent this time of year typically doubles compared with the rest of the year. In October, for instance, visits to sites managed by American Greetings, where there are e-cards for holidays or birthdays, increased 66 percent over September, according to ComScore figures. That was the second-highest traffic increase for any Web site in October, ComScore reported.

Crooks are exploiting what security professionals like to call “social engineering,” Elefant said. Because humans are social beings, they’re more likely to open an e-mail they think is from a friend or family member than something unfamiliar.

“Social engineering is more prevalent this time of year because people want to click on an Internet greeting card or get a better deal at a store online. So it’s more prevalent this time of year, and this year it’s more prevalent than anytime it’s ever been.”

People also are helping the crooks more than before.

The growth of social networking sites like Facebook, MySpace and even YouTube are helping cybercriminals target computer users.

“There’s more personal information about people online at these sites,” Elefant said. At YouTube, for instance, many people who post videos also include a picture of themselves along with other personal information, such as an e-mail address.

A crook may then send a message to that user and write, “Hey, I saw your video at YouTube about skateboarding. If you want a new skateboard, come check out the deals at my site.”

Elefant said this is a common technique used by sexual predators but increasingly is being used for financial scams.

Another reason for the online crime wave, according to the Harris survey, is that few people adequately secure their computers. The survey found that 74 percent of people do not install a hardware firewall and 53 percent don’t use a software firewall. Only 22 percent have installed a proper suite of security software, according to the survey.

How to avoid online scams

- Purchase items through well-known retailers you can contact via phone if necessary.

- Check for a little yellow lock at the bottom right corner of your browser window when making a purchase. This indicates a secure transaction.

- Check bank and credit card statements frequently for suspicious transactions.

- Never give out personal financial information in response to an e-mail, including charity donations. Contact a charity directly on how to make an online donation.

- Do not click on links to Web sites embedded in e-mails. These links can direct a user to a phony e-commerce site that looks like a legitimate site.

- Use a separate e-mail account for online shopping. You can get free e-mail accounts through Google, Microsoft and Yahoo.

- Make sure your security software is up to date. If you use Wi-Fi, make sure your wireless network is secure.

- If you think you are the victim of a “phishing” scam or online identity theft, go to the Federal Trade Commission’s help site at www.consumer.gov/idtheft.

Article written by Eric Benderoff

We have seen the same scam over and over with people trying to sell there cars online. If you ae trying to sell your car and someone says they are from another country or far away and says that their “client” is interested in buying your car, Beware ! This scam has seen many variances but here is the latest:

I am Wayne Blair,Internet manager for
Classical Auto Contractors, 7-8 Cavendish Row Upper O’connel
Street , Victoria Garden,Ireland.We specialise in
purchase of Autos for customers here in Europe,and we get
paid in commission,after payment has been confirmed by the seller to the
buyer.I write you on behalf of our client to contact
you and arrange for the buying and shippment of your
1972 ford bronco 4X4 which our client saw on the
internet,we would like to know the conditions of the said 1972 ford bronco
4X4 and probably arrange for payment to
get to you and shippment. My customer is interested
in purchasing your 1972 ford bronco 4X4 for
the sum of $7,000 and we will arrange for the pick
up of the 1972 ford bronco 4X4 once payment is
confirmed cleared by you. Please acknowledge the
offer and we will inform the buyer of your confirmation of
acceptance to sell and have the funds remitted to you as soon as
possible ,and i’ll like this transaction to be kept in utmost trust.I hope
you can understand. Our office is located in Ireland,asstated above.
Thanks,
Wayne Blair
Tel:+447040109

If you are trying to sell your car and are receiving messages like this, let us know.

Thanks to Kevin for the update.

Investigators said a local Pennsylvania man tried to lure a 14-year-old girl into a sexual encounter while out on bail in another Internet sex case.

Dustin Pawlicki, 20, was arrested in September after agents from the Pennsylvania Attorney General’s Child Predator Unit found him using the MySpace Web site to send a series of sexually graphic e-mail messages to a 14-year-old girl.

Pawlicki is charged with using a computer in an electronics store to send those messages.

Pawlicki was already facing charges after being arrested in June. He was picked up when he traveled to North Huntingdon to have sex with an undercover agent that he believed was a 13-year-old girl.

Pawlicki now faces charges that could put him in jail for up to 17 years if he is convicted.

Con-men have developed a phishing attack targeting MySpace music fans that highlights the evolving use of social engineering techniques in money-making spam emails.

Junk emails featuring the attack have been spammed out to thousands of computer users around the globe in the last week, to trick them into visiting one of a series of bogus websites that pose as an online music store. The emails typically pose as MySpace contact emails, increasing the chances that prospective marks will be duped by the messages.

The message in the email informs recipients, “You’ve got a new song from on MySpace!”, and invites them to click on a link that directs them to a site claiming to sell MP3 music.

The sites, one example of which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, have no affiliation with MySpace, UK-based security firm Sophos reports.

The goal of the attack is to trick prospective marks into handing over their names and credit card information to fraudsters. In a bid to make the bogus email appear more legitimate, con-men have included fake MySpace boilerplate text in their messages.

MySpace boasts an estimated 43m users, far more than any online bank, so even though their spam emails are being distributed indiscriminatingly they are far more likely to reach users of the targeted service, as net security appliance firm Fortinet notes (http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-28.html).

Fortinet has recorded more than 50,000 of these spam emails over the past nine days. The attack, which originally targeted surfers in Japan, has spread worldwide and uses a variety of bogus websites. Users foolish enough to attempt to purchase music albums from these sites (offered at $2 or less) will find that their purchases don’t do through. The sites are designed purely to harvest credit card details for subsequent fraudulent use.

Original Article

Subject: Bling Bling!!

Body: I have good news. I tried out this website and it is definantly worth your time. You get 15 free ringtones! That’s right, FREE!!! Give it a try, I don’t know how long they will be offering this.GET THEM NOW!

Appears that the link goes to a fake profile that redirects you to a an image hosted at http://stupidtoad.com/free/

Here is the spammers information provided by godaddy.com

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: STUPIDTOAD.COM
Created on: 08-Apr-06
Expires on: 09-Apr-07
Last Updated on: 13-Aug-06

Administrative Contact:
Jenson, Allen a_jenson@hotmail.com
3679 Sand Creek Rd
Farmington, Missouri 63640
United States
(573) 747-9498

If you find your friends posting this, tell them to change their password on their profile. It was most likely hijacked. These posts may also be hosted at other sites. If you see one, let us know and we will get the word out.

Q What is the right age for my children to have their own MySpace profiles? How would you recommend monitoring their Web pages?

A MySpace has more than 40 million members and gets about 15 percent of all the Internet hits in the country, so caution is advised. Officially a child has to be 14 to have a private MySpace page - meaning they have to invite ‘‘friends” to join their site. This does offer some control over who has access to your children’s profiles.

How mature are your children and do you have a good honest relationship with them? It is important to explain the dangers of putting information on the Internet for the world to see; there are many predators out there. Be sure your children are cautious when setting up a MySpace profile: They will be asked for all sorts of personal information that could be used for other purposes. How about just using a first name or nickname?

    Have your computer in a common area where you can monitor what is being exchanged on the Web site. Give constant reminders that your children’s online friends may not be who they seem. You can be invited onto your children’s sites and periodically ask your children to see their profiles. Of course, your children may set up multiple profiles under different names, so you may not be able to see everything they are doing online.

    Have you actually been to MySpace.com yet? Although people argue that this is a good vehicle for keeping in touch with peers, I am appalled at some of the stuff I’ve seen there. Why not set up your own profile so you can see firsthand what is going on and discuss your concerns and rules with your children.

A Liverpool woman hoping to keep in touch with family members who live outside New York did everything possible to protect her identity when she set up a MySpace profile.  Somehow she still found herself the victim of identity theft and harrassment.

When you create a MySpace account, all you need is an email address.  You don’t even need to verify you’re the person you say you are.  Michelle McGriff found out that with no way to verify who is creating the account, someone can pretend to be you on MySpace.

McGriff is mother of three who has been running a daycare for years.  She started a MySpace account a few weeks ago and a short time later, she found two MySpace accounts with her name and picture on both of them.

One of the accounts was the one she made and it was marked private with no personal information given.  But on the other account, an imposter divulged her full name, unlisted address, phone numbers, and some pretty terrible descriptions about sex and partying.

The person most likely knows McGriff because the fake account holder is handing out her cell number and sending messages to other people online pretending to be her.  McGriff has already received phone calls from men looking to meet her.

Michelle McGriff says she is afraid that the person who is pretending to be her will set up a meeting date and put her, her children or her daycare business in danger.

The Onondaga County District Attorney’s office says web profiles like the ones on MySpace are treated much like free space on billboards. Unless McGriff was facing a real threat, there is no law to protect internet users from that form of embarassment. 

If the fake account holder contacts Michelle McGriff, it could fall under aggravated harassment and that’s when criminal action can take place. If no direct contact is made, then the only thing a person in McGriff’s position can do is sue for libel.

McGriff does plan to file a lawsuits and to demand that MySpace takes down the fake account.  Before that happens, she may have to change all of her phone numbers for protection.