Over the past couple of weeks, there has been a huge number of emails sent out as part of a phishing scam involving ACH and FDIC. Below are what the emails read (they may change over time):

Subject: FDIC notification
From: no.reply@fdic.gov
Message: Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.
Best Regards, Online Security departament, Federal Deposit Insurance Corporation.

Subject: ACH Payment 2318207 Canceled
From: account.manager@nacha.net
Message: ACH Payment Canceled

The ACH transaction (ID: 51800395),
recently initiated from your checking account (by you or any other person),
was canceled by the other financial institution.

Rejected transaction
Transaction ID: 8574210513218
Reason for rejection: See details in the attachment
Transaction Report: report_082011-65.pdf.exe (self-extracting archive, Adobe PDF)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703)561-1100 2011 NACHA – The Electronic Payment Association

These emails contain an attachment. Do *NOT* download or open this file. It will install a variant of the Zeus or ZBot trojan on your system. They aim for account information, mostly regarding banking. Again, if you receive an email do not open the attachment. If your email provider allows you to mark it as a phishing email, do so and then delete it (if it hasn’t been already).

Recently, I’ve been asked by a few people what my thoughts and opinions are on the fees that banks impose on their customers. Banking fees are an unneeded hassle. For a lot of people, they can be the difference between eating and going without food. There’s quite a few fees that banks impose to squeeze out every penny they can from people. I’ll be going over some of the ones that I’ve either encountered, or have enough knowledge about to post on.

Overdraft fees are probably the most widely known. This is a fee that a customer is charged because they ended up spending more money than was in their account. Now, my beef with this one is that banks should have a safety net for customers. I’m sure everyone’s aware of the magnet strip on the backside of your debit/credit card(s). This is used to identify your card, and is tracked in real-time. Now, if you take that into affect, a bank *should* be able to in fact track your purchases. Most purchases aren’t updated in your banking account until the transaction has been confirmed via the business you made the purchase at. If this were implemented, a cease could be sent if you try to make a purchase over your balance (The same way your credit cards do if you try to make a purchase over your spending limit). The average overdraft fee is $25 (United States) but, can run up to $40 depending on the financial institute you’re with.

Maintenance fees most likely come in second. This is a fee that is usually imposed if your balance is under a certain limit (determined by the bank). Honestly, you have to seriously ask – who the hell came up with this idea? Now, if my account isn’t at the predetermined balance set by my bank, how could it help to impose a fee? I know from reading that my bank imposes a $8 maintenance fee and a $35 overdraft fee. Here’s a dramatic example based on my banks fees. Say my bank account has $7.99 in it, and they decide to hit me with a maintenance fee. This would deduct $8, leaving me with a balance of negative 0.01. Now because of that, my account would then get an overdraft fee for $35, making my new balance negative $35.01. Could you imagine getting that, all because your account didn’t have the designated amount set by some six figure a year CEO…

The easiest way to avoid fees is to use the bank as little as possible. Some of you are probably saying “But all my money goes in there!”. My question to that is – why? I tell this to everyone I know, and anyone who asks me – If you only have a checking account (most people do these days), always make sure that you keep at least $50 in it at all times for emergencies. This should be your minimum balance, making sure that you won’t get a maintenance fee for not having the min balance limit. On top of the $50 you have, if you pay bills with checks, electronic payments or your debit card, make sure to have just enough to pay them. The rest can be kept in a home safe (You can get firesafe safe starting at $30 – a great investment), or a safe deposit box. If you’re into stocks, then put some into the stocks. Direct Deposit is a great invention, and I strongly suggest that you use it but, I also suggest that you withdraw what you’re not going to use on bills and put away outside of the bank.

Ya know, I was going to write an exorbitant post bashing BP but, I think we need to look at the people who have continued to allow this corrupt corporation to stay in business, continually harming the environment. Now, I’m no conservationist but, I do what I can to help and I do have a fucking problem when a company with subsidiaries that have felony charges in at least two states (Alaska and Texas) is allowed to continue to put us all in danger. The government is all about “Going Green” but, does this only apply to us, or should it in fact apply to large companies as well? Can you say fucking hypocritical?! I’m sick of hearing how the government wants me to go green, and then watch as they sit back and watch companies like BP kill our ecosystem.

Then you give them the okay to use a dispersant that’s been banned in another country, because it was scientifically found to have an adverse effect on the marine environment?! Give me a fucking break here… Hey, Lisa Jackson, I think I have some orange scrub some where around here to get the oil off your hands.

And Obama, oh man… Kick someones ass? That’s cereal business right there. You are not Clint Eastwood, and this isn’t Heartbreak Ridge. Your words aren’t worth shit. How about instead of “kicking someones ass” you actually take a corrupt business down? Oh no, that would mean losing a potential contributor – if they aren’t already… See, if you look at Mr. Barry Soetoro’s (Barack Obama) contributors for his presidential campaign, it seems he got quite a bit from investment banks, who in return received financial support after he was “elected”.

So, Obama – how do you manage to get the oil out of your suits?

Resources:
BP Cover up’s: http://articles.mercola.com/sites/articles/archive/2010/06/12/plans-to-clean-up-the-oil-spill–dolphins-with-mops-aquaman-or-blame-the-french.aspx
Barack Obama Contributors: http://www.opensecrets.org/pres08/contrib.php?cycle=2008&cid=n00009638

I recently received an email from the address security@onlineupdate.com. They’re trying to phish for PayPal accounts. The contents of the email read as follows.

Dear shiping angel,
We recently reviewed your account, and we are suspecting that your PayPal account may have been accessed from an unauthorized computer.
This may be due to changes in your IP address or location. Protecting the security of your account and of the PayPal network is our primary concern.
We are asking you to immediately login and report any unauthorized withdrawals, and check your account profile to make sure no changes have been made.
To protect your account please follow the instructions below:
* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
* LOG OFF AFTER USING YOUR ONLINE ACCOUNT
Please click on the following link, to verify your account activity:

http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

We apologize for any inconvenience this may cause, and appreciate your support in helping us maintaining the integrity of the entire PayPal system.
Please login as soon as possible.
Thank you,
PayPal Security Center.

The link within the email directs you to “cheersandgears.com/waw/”, which has been flagged as a forged website.

The headers are as follows:

Content-Type: text/html; charset=”iso-8859-1″
Date: 02 Apr 2010 22:53:05 +0800 [04/02/2010 08:53:05 AM MDT]
Delivery-date: Mon, 05 Apr 2010 12:34:02 -0600
Envelope-to: [My Email]
From: PayPal
MIME-Version: 1.0
Message-ID: <20100402225305.0A9EC7129E153A42@onlineupdate.com>
Received: * from [72.253.60.56] (helo=server1.tnwre.com) by [My Email Server] with esmtp (Exim 4.69) (envelope-from ) id 1Nyr7Z-0005Dm-K9 for [My Email]; Mon, 05 Apr 2010 12:34:01 -0600
* from onlineupdate.com (h186-210-66-252.seed.net.tw [210.66.252.186]) by server1.tnwre.com with ESMTP; Fri, 02 Apr 2010 05:04:25 -1000
Return-path:
Subject: shiping angel, your PayPal account will be closed on 03/04/2010

Obviously, they have no idea how to read a calendar. If the senders email address doesn’t send a red flag up for you, the subject line should. Since it’s a month behind.

*Tips to keep you safe.
Always scroll over links in your emails. If they don’t lead to the website that the email is referring to, it’s most likely a phishing attempt.
Right-Click the link, and copy/paste it in to Google. This will more than likely bring up reviews and scam reports on the website in question.
If it doesn’t feel right, it probably isn’t. It’s always better to manually type out a URL you know than to click a hyperlink you don’t.

With phishing at its all-time high, you should always be careful of the emails you open, and the links that are contained inside of them.

More and more phishing websites are popping up, making it even harder to navigate an already vast and complex digital universe. Gaming websites are one of the biggest victims when it comes to phishing, considering you can sell game accounts for a month or so rent depending on the network, level and items/gear that account may possess.

I get many phishing emails to an email which has no gaming accounts linked to it, which I find funny and odd at the same time. I must have some how gotten put on to some email list ::shrugs:: Oh well. Anyways, they attempt to duplicate these websites, both with domain names, the website layout and emails. A lot of them don’t succeed, and I will be showing two of them to you here.

First, we have a crudely made website, which has been taken down now. Their layout attempted to mimic the World of Warcraft’s login page, but the styling was off, and had images placed in wrong order and different sides of the screen. Below is the email that was sent, and the URL the hyperlink in the email directs to.

[The link below was used for phishing]
worldofwarcraft-consulting.com/index.asp?ref=https://www.worldofwarcraft.com/account/&app=wam

The next website is still up, and I have grabbed a picture of it, as you should not go to this site, even if you don’t input any information. Below is the email received, and website.

The link leads to: worldofwcratcft.com
Creating the illusion of the same domain name is a big part of creating a proper phishing website.The closer the name looks to the original, the easier it is to fool victims. A lot of people only quickly glance at a domain name, which in the case of a phishing victim, is bad.

The image below is of the actual phishing website.

These are only a couple of the phishing emails I’ve received. Phishing has been around for almost as long as websites have, and it’s not going to go away. A few quick tips to help you stay away from phishing sites…

1. Always watch the links you click.
Even if it looks like a site you regular at, just be sure by scrolling over the link and checking where it actually leads.

2. Don’t input sensitive information on unsecure networks.
If it’s not a secure network, it doesn’t need your information. A lot of people (including myself) have an online alias, which can be used in place of actual information for any websites needing information. The only thing that needs your actual information would be Amazon, Ebay, PayPal, etc.

3. If you’re not sure, don’t.
It’s better to be safe than sorry. If you’re unsure about a website, try searching Google for it. You’d be surprised at what you can find out about a website or company through blogs or review websites.

Until next time,
Nito

It seems there’s a new name associated with the rental scam I posted a little while back. Katie Hart, which I assume is the same person who created the Anne Brooks scam.

I won’t go into all the details, because it’s an exact duplicate of the Anne Brooks scam, which you can find in a previous post here.

Remember that by law, no land lord can force you to fill out any personal information over the internet. If they won’t meet you in person, cross off the apartment and move on. Never give anyone your credit information via email, instant message or any other way online (Excluding certified credit monitoring websites).

I’d like to thank all my subscribers for bringing this to my attention.

Until next time,
-Nito

Finding an apartment can be a long and tiresome process, and can be even worse if you come across falsified postings like the one I will be reviewing in this post.

My girlfriend and I are looking for a new apartment, and we found an apartment on Craigslist that was at a decent price in the same area as we are now. I sent an email asking for more information (including an address), and as soon as I got a reply, I knew it was a scam. Googling it finds one other post for the same person/website.

This is the email received, both in image and text format.

Email Image

Hi and thank you for your interest,

My inbox was flooded yesterday with inquiries so I’ll do my best to answer some of the questions:

1) Cable, wireless internet, heat, water, and electricity are included in the monthly rental fee.

2) The security deposit amount depends on your credit score.

3) Move-in can begin as early as next month.

4) I haven’t gotten around to taking more pictures yet but I will be taking groups of interested parties for showings later this week.

Due to the overwhelming response I’ve included a preliminary rental application for any interested parties. I only want to converse with people who are serious about actually moving into this property. It should take about 5 mins. So if you are interested in a showing and further information, please fill out the attached application and email it to me so that I can get back to you soon.

I’ve attached the application. Please reply with the application or paste your responses in the reply email.

or copy and paste the answers onto the reply email.

This will be given on a first-come-first-serve basis. I only have 5 more units like this one unfortunately.

Don’t Delay!

Looking forward to hearing from you,

Anna Brooks

Alright, so right off the bat it’s either an overly-eager sales person, or a template email. I copy/paste their website into a web browser, and it comes up with an empty server – Now we know for sure it’s a template email.

Empty Server Image

Now inside this email is a .DOC attachment, which at first glance looks like a legitimate rental application, but if you look at the second page “she” says she only accepts applicants who do this free credit check from a website she specifies.

Doc Image

3. CREDIT REPORT:
Like most companies today, we require a recent Credit Score. This is only to do a criminal background check and keep our tenants safe. We will only speak to renters with a credit report from ‘My Rental Credit Score’ because we have seen many fraudulent reports. This is a well known company for and should garner some trust.
You can get the free report here:

http://www.MyRentalCreditScore.com

When you go to the the website in the .doc, it will redirect to another site – gofreecredit.com – with a affiliate ID in the link. If you hadn’t already known this was a scam, this should have tipped you off.

This is a classic affiliate scam that I’ve seen been done for as long as I can remember since affiliate networks have been around. On any affiliate network, there is a clear set of ToS (Terms of Service), which layout how you can and can not post your affiliate links. This is a breach of contract, and as such I have written an email to the affiliate website.

Hello,

I was falsely directed to your site via a rental agreement posted on Craigslist. I assume your ToS states that an affiliate can not falsely send users to their affiliate link.

ID: 11619
SubID: 24544-
Redirect Link: myrentalcreditscore.com
Name Used: Anna Brook

Regards,
Nito

So let’s overview what I’ve gone through in this post.

1. Sent an email for more information and got a reply without information I asked for.
2. Copy/Pasted the repliers website into a web browser, and it was an empty server.
2. The replier asked for you to do a credit score. This is a big flag, since any reputable rental manager would have you come in to do this, and usually charge for it.
3. The Credit Score link given was a forwarding link.

What to do if you receive a scam email like this:

1. If you go to the website given, make sure to get the ID’s. The URI will look something like this:

http://www.gofreecredit.com/tab_picture.php?lte=all&id=11619&subid=24544-

From that URI, you’re going to want to grab the numbers after “tab_picture.php?”. It would be the same for any affiliate site that uses this type of link. Simply grab the info after the question mark, and send the website an email with al the info you can about how you got there, and the ID’s.

2. Blog about it. Blogging is THE most powerful tool any civilian has – period. Blog’s enable a normal person like you or I to become a sort of journalist. Just make sure that your posts are true and stay on topic.

2a. If you don’t have a blog, I have set up an email dedicated to responses and such. I will go through each email thoroughly and gather more information on the subject in order to give my readers more clarification on it. The email: reportit [at] phux.org

Legally, there’s not much you can do aside from emailing the company where the link sent you, unless they fraudulently got money out of you. This is why we try to get the information out, it helps others not fall into this sort of trap.

**TIP: NEVER, and I mean NEVER fill out an application and send it through email. If they won’t take it in person, it’s not real.

Until next time,
Nito

I ran across this post from one of my followers on Twitter about how Facebook is scamming advertisers out of thousands of dollars with fraudulent clicks.. Advertisers are reporting 10:1 ratios, which pretty much means, for every 10 clicks, 1 is legit or actually recorded outside of Facebook. What a fucking piece of shit company.

See, there’s some times you need to keep some of your shit to yourself. If Facebook hadn’t opened their network to so many fucking developers, but instead charged them propietary fees to post their app’s and shit they wouldn’t need to pull stupid ass stunts like this. But then again, we’re talking about yet another online media community, which means that they’re nothing more than some money hungry suit wearing corporate douches.

In my honest opinion, advertising on Facebook to begin with is a fail. Sure, maybe you get a few legit clicks, but that fucking site is riddled with thousands of bot’s, which means that most of the clicks you get won’t be worth shit anyways. The advertising worth on that site is less than the towel I use to blow my nose with.

So for all you little investors, put your cash into other sites. You wanna get some cheap ass advertising, that’s going to get you a nice amount of clicks? You can go to Today.com or look for personally owned blogs with a couple hundred posts and a decent amount of subscribers. Send the owner an email, and make an offer.. I’m sure it wouldn’t have to be too big, since they probably don’t make cash outside of Google’s AdSense or some other low level advertising.

That’s it for now..

-Nito

So, I ordered a Cricket Broadband modem from these guys about a month back. It gets here a about a week later, and I’m happy, because now I have a wireless modem to use when we get the stupid freak power outages around here. So I toss it into one of my USB drives to give it a go, install the software and connect.

Ok, so this is where this becomes a rant, and I go off on this company..

Well, the wireless modem itself is nice, I suppose. Black and green, and it’s got the neon blue bars to indicate wifi strength. So mine stays in the one bar (For the most part), which obviously means I have a shitty ass connection (Now remember, I live in the heart of the city – about a 10 minute walk from downtown). So I open FireFox to see how fast it work. Oh man.. I sat there for about 10 minutes waiting for Google to load. Now, if anyone reg’s Google, they’ll know that all it is is a blank white page with a couple of images and a text box, so wtf?! Yeah, so I disconnect and take it out.

A few days go by and the power goes out on our block again and I load it up on my laptop because I had work to do. Again, one to no bar. What a piece of shit… All in all I used the thing 3 times, racking up around 45MB of use (I wrote a little program to convert bytes into megabytes and so on, as the log only shows you in bytes, and who the fuck would want to convert that themselves?!).

Now, I hate their software with a passion. They activate the internet gateway option in your network panel (for those of you who have this, and may have been like how the fuck do I get back on the net I already have?!), which now restricts you from using any other connection method other than Cricket. Yeah, shitty software to go with their shitty service and shitty hardware – who’d of thunk it… So I unistall their software, and then have to go in and deactivate the internet gateway, reset the wireless connection I had prior to purchasing their piece of shit hardware.. It’s just a fucking hassle.

So, the month goes on, and now it’s today. I do my daily bank account check and find that $46 has been deducted to pay Cricket for a service I haven’t used. So, I call them. Now, I pressed 3 in the Cricket Broadband menu, signifying that I required help, but of course – an automated service asking me for the number I no longer have because I removed the shitty ass software from my pc. So after the third time of the service asking me for my number, you’d think MAYBE they’d send you to a help desk? WRONG! “Sorry, maybe you should try again later when you’re ready.” *click* You get disconnected. Oh grand, so now I’m not only pissed that I got charged for something I didn’t use, I got hungup on by a fucking robot…

So I call them back, and this time I press 2, signifying that I want to activate a new modem (of course their call service would be as shitty as the rest of it, right?) and I get a customer rep (about fucking time). So I give them my info and start asking them about a refund and cancellation. Blah blah blah. She says you get billed $1.36 per day no matter what, and that the deduction was a prepay? Where in the fine print was all this?! And when did I sign up for automatic payments? So now I’m going back to my pissed off German roots, and I start going off on her about the legalities of the ordering system and what-not. I continually ask to be refunded and cancelled, she continues to dodge it all. Finally I get pissed off and just start going off on her, and she says “I’m trying to keep this professional, but if you continue I’ll have to…” *click* I hang up on her ass. Yeah, because that’s what I want to fucking hear, right? Just give me the fucking refund and cancellation like I originally asked and there wouldn’t be a fucking problem. Honestly, how fucking hard is that to comprehend? I didn’t click the spanish button, right? We’re both speaking English? Refund and cancel, not hard to understand.

Bah, anyways.. I wouldn’t recommend this company to anyone I know. It’s complete bullshit from start to end. I think the only thing they have that actually works decent, is the payment process, although I don’t remember ever signing up for those automatic payments, nor was there any contract stating that I would be charged that fee per day. In fact, their main selling point is that there’s no contract, and you pay as you go. I actually plan on calling them back in a few minutes again, after I check my bank account just to make sure they’re refunding me. We’ll see how that one goes. =)

I called them back, but it seems my number got blacklisted (Can get customer rep on my girlfriends phone though), and goes straight to automated services no matter which selection I choose. So I google cricket communications and get another number to call, which I do. Guy tells me that Cricket doesn’t refund period, and in order to cancel your account, you just don’t pay? Yeah, because that’s not a credit conflict or anything…

So I end up calling my bank, having to cancel my current card so that I can’t be billed anymore (I don’t have access to the cricket account on the website unless I reinstall their software and get the phone number ***igned to me by connecting, which would then say I used the account in this billing month – nice right…). Anyways, I transfer to the payment dispute dept. of my bank, and we go through all the legalities of this and what-not. So I have to wait until the payment is completed to dispute it. Another three days at the most to file the claim, and hopefully I can get the money back.

This company’s a waste of money and time. How on earth can a multi-billion dollar corporation not do refunds? Maybe it’s due to the fact that they receive thousands of complaints a year about their services and the hardware that they supply.