What has YouTube got in common with Canadian Pharmacies?

News from Omniquad | July 20, 2012

Forewarned is forearmed: Recent Phishing Scams.

The internet is a wonderful invention; you can keep in touch with friends, share photos, find information about just about anything, and even work from the comfort of your home. However, along with all that, there are those who try and beat the system by taking advantage of people’s vulnerabilities.

Twitter Bad Rumors

If you get a direct message (DM) on Twitter saying that someone has been spreading bad rumors about you, the best thing you can do is ignore, report it, and delete. This has been making its rounds for some time, and the hackers are getting a little better at making us curious enough to click—and get our information swiped.

If you click on the link in a message something like this:

  • Someone is saying nasty rumors on you...
  • I cannot believe the nasty things this person said about you...
  • Some person is making bad rumors about you...

You will be taken to a fake, though authentic-looking Twitter login screen that prompts you for your credentials. Enter those, and the phishing scheme spams all of your contacts with the same “bad rumor” message, and some sales pitches that appear to come from you. In short, it completely hijacks your Twitter account. If you see one of these phishing messages, do not click on anything, instead, report it to Twitter and then delete it.

YouTube Pharmacy Spam

YouTube seems to be getting lots of hacker attention lately, with almost all of the phishing schemes directing people to Canadian pharmacy sites.

Many people have been receiving spoof emails with the return address noreply@youtube.com that say “Thank you for your video submission” or telling them that they’ve won something or that their inbox is full. Trouble is, this email contains lots of links, all of them redirecting you to those Canadian pharmacies we mentioned, including a bogus unsubscribe link. So, again—the best defense against this type of phishing scheme is to never click any of the links. In fact, it is even better if you do not open the email at all. Ignore, report it to your email provider as spam, and delete it.

LinkedIn Contacts Messages

LinkedIn seems to be having lots of trouble with scammers lately. The well-publicized security breakdown that ended up listing hundreds of users on a Russian website recently was only one problem. The latest scheme involves a message on the site asking for your permission to list your contact information on their website—a totally bogus message, designed to make you curious enough to click on any of the links in the message. Do that and the site will redirect you to—guess what? A Canadian pharmacy!

If you get any sort of suspicious message on LinkedIn, do not click on any links at all, but report it to Linkedin via this email: abuse@linkedin.com. Remember, right now the messages are asking for permission to post your information on their website, but that could change if they do not scam enough people into falling for it.

Picture: LinkedIn Phishing Emails - You have 1 unread message

Facebook “Verify your Account”

A current scam is circulating on Facebook that says you must verify your account by a certain date or it will be terminated, according to the SOPA act. It is NOT an official Facebook message, but simply an application that will be used to collect personal information from users. It will also spam all of your Facebook friends with similar verification requests, and they likely will comply since it will appear to be coming from you!

If you already got scammed by this, you can go to your Facebook apps (under account settings) and remove it from your account, which also deletes any permission you authorized for them to access your account. Report this app to Facebook immediately, and warn all of your friends about it as well.

While we wish we could say this is a comprehensive list of all the scams going on in cyberspace, that would be untrue. Hackers work hard to undue website security, and there is no indication that will change soon. We all must be extra vigilant on every website we visit.