La Piazza

Published by Javier Merchan, November 2010

Have you ever received an email from a supposed admirer in Russia or the Ukraine? If not, then either you don’t have email or your anti-spam protection is doing a fantastic job.

It goes like this. A stunningly attractive woman, normally from Russia, has found your email address and is writing to you because she wants to get to know you in person and visit your country. After you’ve exchanged a couple of emails with her, she falls hopelessly in love with you and desperately wants to meet you. So you think: How could she not fall in love with me? After all, I guess I can be quite charming.  And importantly, who could resist, after seeing her photo?

For all women reading this post: How can you say that you don’t understand men?  You see, we really are that simple.

Typical photos included in these emails:

Well, I’m sorry guys but I’m going to ruin it for you… for all your charm, you won’t end up marrying the beautiful Russian blonde. The girl of your dreams is, I’m afraid, just in your dreams.

Don’t get me wrong, I’m not saying you won’t meet and fall in love with someone as beautiful as this.  Just that it won’t happen like this.

This is one of the most popular Internet scams, just like the Nigerian letter, fake job offers and lottery prizes.  Yet people are still falling into the trap.

How do these scams work?

1. As with any other type of spam, thousands or millions of email addresses are harvested and spammed.  Obviously, the more mails sent, the greater the chance of finding potential victims.
2. The message claims to be from a girl, often from Russia, the Ukraine or other Eastern European countries, and include a photo (normally they use a model).
3. The messages are normally written in English or Spanish, two of the most widespread languages, with poor spelling and grammar, but given their nationality –and their looks- many seem prepared to excuse that.

   Typical message:
   

4. If you reply, you will soon hear from the girl, wanting to know all about you and no doubt telling you about how she intends to leave her country.  As you get more intimate, she will suggest coming to live with you, and will send you even more photos.
5. Then comes the crunch. Just when the girl is about to leave her country to meet you, some last-minute problem occurs (holdups with the visa, bribes that need to be paid, etc.). To resolve this, she will ask you for a small amount of money, anything from $500 to $1000. This, obviously, is where the fraud starts; the girl doesn’t exist, she is just an invention in order to defraud users.

Some years ago, this type of fraud tended to arouse more suspicion, yet now, with so many people participating in social networks (Facebook, Twitter, etc.), they have become more plausible. With so many personal profiles and email addresses in the public domain, people may think it feasible that somebody has seen their photos and has taken a liking to them.

What should I do if I’m targeted by one of these scams?

It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:

• Use your common sense. Always distrust emails from unknown sources. Even if you spend half your time in the gym and a real charmer, the chances of an unknown girl from another country wanting to know you via email are practically nil…  Love at first sight across the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.

• Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.

If however, you do fall victim to fraud, PandaLabs advises you to promptly report the crime to the police. Even though tracking down this type of crime can be complex, law enforcement agencies are becoming increasingly adept at dealing with cyber criminals.

You can find more information about Internet scams in Panda Security’s Press Center: top scams on the web

================================================================================

I have been working in Panda Security since 2001 and I am the PR Coordinator.  This may sound strange, but it consists of working with our offices worldwide to coordinate PR and Communication actions. I love sports (lately I prefer to watch rather than take part), reading and good movies… This is subjective, as some people may consider Rambo a good movie, and others may like French movies where the main characters look at each other through a window while the rain is pouring down it. You can contact me in http://twitter.com/javiermerchan or josejavier.merchan@pandasecurity.com

Posted by Cristina Bermudez,  October 16, 2009

This is a relatively common question and the answer is:

Spam is the massive sending of UNSOLICITED email. 

Spam is not mail received due to a voluntary subscription to a distribution list (usually in exchange for relevant information), even if you consider it to be annoying, as long as you can easily unsubscribe with just a few clicks.

 Tips to avoid being saturated by large amounts of unwanted mail:

1. Be wary of messages received from unknown addresses. In general, any message from an unknown address could be spam. If it is unsolicited mail and you don’t know the sender, we advise you to delete it immediately.
2. Never open or respond to the spam message. If you open and respond to an unsolicited mail, you will be confirming the spammer your address is correct and in use, and you will probably receive more spam.
3. Only publish your address on trusted websites that guarantee the address will not be published and you will not receive unsolicited information. 
4. Install an antivirus - anti-spam filter on your PC, NOW! 
5. Do not take part in email forwards, as they are an important source of email addresses for spammers.
6. Incredible but true, you still draw your attention to messages like “The true origin of swine flu”, “Poor deformed child could be cured by forwarding this message”; there are numerous messages of this type and they are all false.

If, after following these tips, you still have a spam problem, we remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

Critina Bermudez -  eKnowledge Department

Posted by Blanca Carton October 13, 2009

Twitter, Facebook and MySpace are highly popular social networks. Unfortunately, there are always hackers who try to exploit the success of these networks for financial gain. Such is the case of Twitter, which has become an easy target for hackers to distribute spam.

How can you protect against spam in Twitter?

• Disable the “followback auto” option. This way, you will be able to choose the people you want to follow.
• Do not access all the links you receive. Make sure you know who you are following. 
• Follow the spam profile in Twitter: http://twitter.com/spam. You can find good tips here. For example, according to a recent post,  “If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thank you!”
• Install a complete security solution on the computer, preferably with an antivirus, firewall and phishing filter module.

If you follow these tips you will be protected against spam.

What type of spam could I have received?

The most common types are:

• Trending Subjects Spam: This spam searches for popular subjects (e.g. Michael Jackson’s new movie, store discounts, etc.) to publish similar tweets with malicious URLs.
• Tweet spam: This type of message comes from one user following another. Consequently, all the attached followers can see the tweet.
• Direct Message: This direct message comes from a follower. Therefore only the recipient can see it.

Don’t forget to follow us in Twitter @PandaTechSup and visit us at our New Tech Support Forum !!

Blanca Carton -  eknowledge Department

Posted by David San José September 22, 2009

On checking your mail you could find messages with enticing names of famous people, e.g. “Angelina Jolie porno Video Free”, “Barack Obamaaaaaaaaaaaaaaaaaaa!!!!!!!”, “Brad Pitt naked video!!!”, “Michael Jackson free video!!!”, etc.

Sometimes the email subject begins with popular social network names; “Facebook….!!!”,  “Twitter…!!!”.

The common feature is that they use interesting subjects to temp users into opening them. From then on, the door is open to E-crime, which could install unauthorized programs on your computer.

Here is an example of the spam detected, related to Angelina Jolie:

Hackers are becoming increasingly crafty. For example, who wouldn’t open an email which allegedly contains flight tickets? or an invoice? Cyber-criminals try and get as close to victims’ daily lives as possible (at work or at home).   

Once open, these emails are designed as Trojans that steal information from your computer without you noticing.

To prevent these emails from accessing your mailbox you must install an antivirus and enable the automatic updates. This way, Panda Security protects you against identified E-crime.

This post has been written together with PandaLabs which has a mailbox you can send suspicious emails to (virus@pandasecurity.com) and will inform you whether it is spam or not.

David San José

Posted by Blanca Carton September 17, 2009

Although the Internet is a great source for job offers and other opportunities, it is also frequently exploited by hackers to defraud users quickly and anonymously.

A typical example of this comes in the form of junk mail –or spam- that will no doubt have reached your mailbox at some time. This junk mail offers many things:

• Easy money for taking part in a competition by dialing a premium-rate number.
• Information from your bank, promising a gift or asking for your login details (or credit card number and password).
• Job offers promising incredible salaries… asking you to dial a number or send your CV together with a certain amount of money (supposedly to cover administrative costs).
• Tax returns… claiming they need the user’s credit card number and password to complete the transaction.

Remember:

1. No company/bank would ever request your account number and password by email/phone. This data is confidential. 
2. Follow the safe online purchase/payment procedure we have outlined before Some Safe Online Shopping Tips.
3. Never be rushed into a decision. If you have any doubts, contact your consumer advice office.
4. Keep your antivirus up-to-date. This will help you prevent spam.

Tell us about your experience.

Blanca Carton

Posted by Alvaro, July 8, 2009

Who by now doesn´t know that Michael Jackson, the king of pop is dead? This post will not debate the circumstances surrounding this unfortunate event, but we would like to warn you about spammers who are sending new spam on the occasion of Jackson´s death.

As you all know, SPAM is defined as unsolicited mail, usually of commercial nature, sent in huge, even massive quantities with a detrimental effect on the person receiving these emails.

Malware creators are fast and exploit any event, as it is the death of the great pop icon, in order to modify the appearance of their spam mails.

In this particular campaign, different types of SPAM can be found. They all, apparently, contain privileged information regarding the death or even assassination of Michael Jackson.

The messages invite the recipient to view videos or pictures related to a possible plot to assassin the pop star, an appealling subject for many users.

During the tests performed on these messages, several rootkits and backdoors filtering users´ bank data have been detected.

We highly recommend to keep the anti-spam protection of your antivirus updated in order to protect yourself from these attacks.