World of Warcraft phishing scams

Blizzard's MMORPG World of Warcraft is one of the most popular games out there, and its players are among the most targeted by online scammers.

It is common knowledge that login credentials for WoW accounts are very much sought after by phishers, so TrendLabs warns about a couple of scams currently going around.

The in-game chat/whisper system is often used to lure players to phishing sites. The phishers usually pose as Blizzard employees or unknown players and "whisper" to the victim that they have been selected for receiving a free gift or that their account has been flagged as hazardous:

In both cases, the victims are urged to follow the offered link that will take them to a phishing page where they are supposed to register with their account credentials in order to receive the gift/prevent the suspension of their account.

Recently, WoW's in-game mail system has also been employed to deliver similar malicious messages to players:

To add to the credibility of the message, the text and the offered phishing URL make many references to WoW and other Blizzard games. Just as a side note - the phishing website domain is registered and hosted in China. The website in itself resembles very closely the official Battle.net site, making it easy for some people to fall for the scam.

Blizzard is aware of these phishing attempts, and has made it their business to intensify its efforts when it comes to informing the players about them on Battle.net’s security page. They have also made it possible to report scammers from within the game (see, for example, the "Report Spam" button in the in-game mail system).

Google warns Gmail users on spying attempts from China

Recently, a number of users have been witnessing a glaring red banner popping up when they accessed their Gmail account, saying "Warning: We believe your account was recently accessed from: China (IP ADDRESS)".

ThreatPost reports that among the seemingly random victims - gamers, doctors, media consultants - was also one Alexander Hanff of Privacy International in the UK.

Even though his Gmail account is wholly unconnected with his work for the human rights organization, he says that it is possible that he was targeted because of a EU-China Human Rights Network seminar during which he discussed freedom of speech issues and differences between the EU and China on that account.

All users who have been similarly warned are advised by Google to change their passwords. Technolog asked Google to comment on the occurrence, and they said that the banner is simply part of the security feature introduced in March.

"To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert," they commented.

PayPal expands consumer protection

Beginning Nov. 1, 2010, shoppers around the world will have expanded buyer protection when they make purchases at the millions of retailers that accept PayPal.

The expanded protection will cover shoppers on merchant websites if they don’t receive an item they purchased, or if they receive an item that is significantly different than described by the merchant.

PayPal will extend these additional benefits to shoppers in all countries it serves except Belgium, Brazil, France, Italy, the Netherlands, Poland and Spain.

PayPal provides protections for both buyers and sellers in addition to the safeguards that are built into the PayPal system:

• Because PayPal never shares a buyer’s financial information with sellers, privacy is built into the service.
• PayPal provides zero liability for eligible unauthorized transactions on PayPal accounts.
• PayPal has one of the most sophisticated anti-fraud models in the payments industry, which gets smarter and stronger with every transaction that goes through our system – and PayPal has processed billions of transactions in the past 11 years. With this technology, PayPal often detects and stops fraudulent activity the moment it occurs and before it ever reaches our customers.

"Girl killed herself" Facebook scam returns

If the title of the "Girl killed herself, after her dad posted This to her Wall" Facebook page sounds somewhat familiar, it is because almost two months ago the very same sentence came up popped up on many a user Wall, in connection with a supposed Trojan infection.

There must be something in the title that made a lot of impact, because here it is - trotted out for another scam.

The user sees it on a friend's Wall, follows the link to the page, where a warning about possible inappropriate content pops up. After getting it out of the way, another pop-up window appears, in which the user has to prove that he is human and not a bot:

Unfortunately for him, this simple test is there to hijack his clicks and use them to post the unfortunate message on his Wall, in order to spread the scam further.

In the end, the user is asked to participate in one of several surveys offered so that he is finally allowed to access the content he wanted to see. But, tough luck, the only thing that will actually happen if he does complete a survey is that the scammers will try to make him sign up to premium rate services.

I know it is sometimes difficult to resist the lure of an interesting caption, but you must learn that things like these are rarely (if ever) benign.

Twitter Fixes Mouse-Over Flaw

The Twitter mouse-over vulnerability, which caused grief for thousands upon thousands of Twitter users has been patched and resolved. The bug which was first reported at 2:54 am PDT on Tuesday was declared gone by 6:50 am PDT.

As short lived as it was, people are constantly tweeting. A 2009 study on pingdom.com showed the average number of tweets sent reaches above 1.1 million each hour. That's nearly 4.5 million tweets during the four hour span in which the worm was active. The way it worked was that a person could tweet a maliciously crafted link which included the "onmouseover" javascript code. When the link was touched by a user's mouse (not clicked, just the mouse running overtop of the link) that user's account tweeted the same link, while opening a third party website in the user's browser. There were several high-profile Twitter accounts affected, including White House Press Secretary Robert Gibbs and Sarah Brown, the wife of former British Prime Minister Gordon Brown.

This is not the first time that Twitter has combated this type of exploit on their site. Last month, the site faced similar attacks. These were fixed on August 24th. During an update of the site this fix was somehow reversed, which allowed the attacks to continue. Twitter tweeted a message of their status when the bug was reported, and updated it when they finished re-patching the hole. They then blogged on the site describing in greater detail the onmouseover flaw, how it had resurfaced from the problem they experienced last month, and reassuring their users that account security had not been breached.

Luckily, this exploit only affected those people who were using the actual twitter site. Those who use third-party or mobile applications to tweet and read tweets were completely unaffected.

Fake "universal" iPhone jailbreaking exploit contains Trojan

When Apple released iOS 4.0.2 which, among other things, patched the vulnerabilities that allowed iPhone owners to jailbreak their device, these users were faced with the question "To upgrade or not to upgrade?"

But, buyers of iPhones with iOS 4.0.2 or 4.1 already preinstalled didn't have that choice - and they still don't. And even though a hacker announced that he was working on an exploit that will change this and will allow users to jailbreak any existing or future iPhone or iPad (regardless of the iOS version), this exploit is yet to see the light of day.

And here is where malware peddlers enter the arena.

Being aware that the jaibreaking community is eagerly waiting for the solution to come out, they thought of trying to use the hype to push some of their malicious wares.

According to Kaspersky Lab expert Costin Raiu, the awaited exploit is supposed to be called "Greenpois0n", so they named the .rar archive that contains the information-stealing Trojan greenpois0n_By pOsixninja and made it available for download on popular torrent sites.

Websites selling fake tools that can supposedly jailbreak any iPhone with any iOS have also appeared. Selling these tools for a price that goes up to $40, they are also trying to capitalize on the users' lack of patience.

Webmail Account Compromises

Over the past week, I have been receiving pharma spam from friends' email accounts. It was obvious that their email accounts were compromised and used to relay spam.

One had a Hotmail account and another a Yahoo account. I’m not sure whether they should be mocked more for using accounts at those domains or for getting compromised.

Restoring Access
If this happens to you and you’re really fortunate, you’ll be able to log into your webmail account, change your passwords, and change the security questions used to reset the password.

If you can’t gain access because the bad guy changed the passwords, try using the lost password button. If you can’t reclaim your account that way, you’re going to have to contact the Google/Hotmail/Yahoo, whoever the website owner is. Good luck with that.

Cleaning Up
Review all your settings. In Google Mail check your Filters and your mail forwarding. Mail from your bank could now be forwarded to the bad guy.

Maybe its paranoia talking but I would search my mailbox for “password” to see if any other accounts might have been learned by the bad guy because a plain text password was available in your inbox.

Prevention
People always want to know how this happened to them. Often they jump first to blaming their webmail provider. While that’s possible, it’s not something you can really control. It’s better to start looking at simpler explanations that you can do something about.

Was your computer hacked? Did a keystroke logger gather your webmail credentials? That is certainly possible. And it doesn’t hurt to check out the computer. I would have to wonder why the spammer would gain your credentials and then use another computer to send the spam. Some webmail providers give full mail headers including the PC used to send the email. For the spam I received I could see it wasn’t the same country as the sender.

Were you phished or tab napped. Attackers manipulate victims into providing valid authentication credentials at fake sites. The best defense to this is to use bookmarks to avoid typos, and go directly to https sites where possible.

Did you use the account from an insecure computer or network. It’s so tempting to hop on an open access point at the coffee shop. It’s tempting to use the ‘guest kiosk’ at the hotel while on vacation. You don’t know the hygiene of that computer. You don’t know who is snooping on that coffee bar network.

Is your password really weak? I don’t think webmail providers would allow a lengthy bruteforce attack without locking out the account. But if your password is incredibly bad, this could still be a cause.

Was your password used on another service? While blaming the host isn’t my first thought, hosts do get compromised every now and again. There ae multiple account/password lists available from server compromises. If you’ve been on a system that was compromised and their password list stolen, if you reuse the same credentials than you have a problem.

Unfortunately the causes for account compromise aren’t any clearer than the ways to get your mailbox back. Hopefully this gives some food for thought.

Run Nessus on your iPhone

Tenable released an iPhone application for its Nessus Vulnerability Scanner, providing Nessus users the ability to remotely connect to a Nessus server, launch scans and review reports with the Apple iPhone and iPod Touch devices.

The Nessus iPhone application is available at no cost in the App Store and is located under the productivity category.

Features of the Nessus iPhone application include remote starting, stopping and pausing of network scans as well as the ability to analyze scan results. This mobility allows a security professional who is responding to an incident to quickly log into a Nessus scanner during a meeting to find a host with a given vulnerability, thereby improving the efficiency of the Incident Response process.

Google engineer abuses power, violates privacy of minors

Another newsworthy piece of report that proves that nothing you post on the Internet (with a provider) is secured or private - even if it is locked with a password.

Another newsworthy piece of report that proves that nothing you post on the Internet (with a provider) is secured or private - even if it is locked with a password.

A Google Site Reliability Engineer was fired in July after an internal investigation by the company that confirmed that he violated the privacy of several underage users.

David Barksdale, the fired 27-year old Google employee, seemingly abused his power to access various information located in the users' accounts and used it to demonstrate his power over at least four minors who were members of same technological group as him.

He allegedly accessed the accounts, contact lists and chat transcripts, call logs from Google Voice and, in one instance, removed the block that one of the minors set up on Gtalk in order to cut communications with him. He used the information found in the accounts to taunt the victims and to demonstrate his power, but according to a Gawker source, the harassment seems not have been sexual in nature.

When contacted, Barksdale refused to comment on anything, saying only that Gawker must have heard some pretty wild things if it thought that him getting fired was newsworthy.

Google issued a statement that confirmed that Barksdale was fired for breaking its internal privacy policies. "We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective," says Bill Coughran, Senior VP of Engineering at Google. "That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously."

If the company was unaware of the privacy violation until they received the complains, they should definitely use this incident as an indication that security controls must be reviewed.

ZBot removal tool

ZBot (also known as Zeus, ZeusBot or WSNPoem) is a Trojan engineered to steal sensitive data from compromised computers.

While ZBot focuses mainly on the online banking details that users input on financial organizations’ pages, it also monitors system information and steals additional authentication credentials.

The latest variants can also gather the history of the visited Web sites and other data users provide online, while also capturing screenshots of the their’ desktop.

ZBot is distributed mainly via spam campaigns and Web pages which host its malicious payload, usually under the guise of a popular legitimate application.

Once onto the system, ZBot modifies the files and folders’ structure, adds registry keys, injects code into several processes (such as winlogon.exe or svchost.exe) and adds exceptions to the Microsoft Windows Firewall, providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers’ command-and-control center.

This allows cybercriminals to manage the Trojan in order to download and execute additional malicious payloads on or take control over the system, its actions including, without being limited to restarting and shutting down the affected computer.

BitDefender has created a ZBot Removal Tool which checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild.

Large collection of stolen logins go public

FarmVille player? Then you gotta read this.

Below is a rather bland FarmVille phish that was brought to Sunbelt researcher, Christopher Boyd's attention, by a friend who had it posted to their Facebook account. The entire page is blank save for the fake login:


Nothing spectacular, I’m sure you’ll agree. However, he did a little digging around on the same URL and came across a large collection what the site claims are stolen Facebook logins dating from July right up to today:

Click to enlarge:

While he can’t confirm these logins were obtained via the FarmVille phish (that seems a little too crude to be grabbing this many username / password combinations), there’s a good chance that many of the users on the list use the same passwords for their email accounts as their Facebook login. We have everything from Yahoo and GMail to Hotmail and AIM on there – not great in terms of the amount of personal data that might be accessible.

As far as numbers go (and accounting for the fact that there are some duplicates / clearly fake entries on there).

It’s entirely possible there are more of these account dumps out there, seeing as this one was numbered – worse, we’ve since found another dump which has some (but not all) of the same data posted to it along with logins not present in the first batch. The second site is registered to a Chinese email address, and doesn’t seem to be related to the “Facebook” logins so there may be numerous individuals having some fun here.

As always, be careful what you’re clicking on.

Source:
http://sunbeltblog.blogspot.com/2010/09/large-collections-of-stolen-logins-go.html

How to Protect Yourself From the "Here You Have" Virus

A harmful new computer worm infested the computers of large companies and federal agencies through an e-mail attack Thursday, bringing down such major companies as Disney, NASA, Comcast and more.

The worm disguises itself as a benign e-mail message with the subject line "here you have," and replicates itself by tricking you into clicking a link in the e-mail message's body. Then it can disable anti-virus products stored on your computer and send copies of the original, dangerous message to all the contacts in your e-mail address book.

Once the virus infests a computer, it can also spread to the local network -- which can include home and office computers -- surreptitiously copying itself to the shared hard drives of machines.

The threat is rapidly spreading through the enormous quantity of e-mail messages it has generated, said Internet security companies Norton and McAfee Labs, which have detected that many e-mail servers have ground to a halt due to the sheer volume of wire-clogging spam. The Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) even weighed in on the worm, with advice for users.

“US-CERT is in the process of collecting and analyzing samples of the malware and has developed and disseminated mitigation strategies,” spokeswoman Amy Kudwa said. “Basic cyber security practices and hygiene are essential to maintaining the security of networks and individual computers.”

US-CERT recommends that you take more caution with your e-mail than usual, advising not to click on links in unsolicited e-mails, to install anti-virus software and frequently update it, and to turn off an option on your computer that automatically downloads attachments.

Security experts from Norton advise additional, more extreme steps you can take, such as disabling network sharing and disconnecting infected computers from the local network. If you've already gotten a "here you have" e-mail, the company suggested blocking outbound traffic to the domains or IP addresses contained in the e-mail to prevent users from connecting to distribution sites to download.

But the easiest way to protect yourself from this and other viruses is the simplest: Make sure you're running an anti-virus program and make sure it's up to date. PCMag.com security analyst Neil J. Rubenking agreed, stressing the importance of your own actions in keeping you safe.

"People! DO NOT click links in e-mail messages from unknown people. DO NOT even click links in e-mail messages from your friend, since the real source of the message might be a virus. DO keep your computer protected with an antivirus or a security suite," he wrote in an entry on the Security Watch blog.

"That way if you click the wrong link in a fit of weakness, you'll still be protected from whatever new threat replaces 'here you have,'" he pointed out.

PayPal fails to follow its own anti-phishing advice

PayPal credentials are one of the most sought after by phishers, so it stands to reason that the company would try to educate its users on Internet safety. And it does - by offering a can-you-spot-phishing? quiz.

But what happens when PayPal itself doesn't follow the advice it's preaching?

According to The Register, PayPal UK has violated its own anti-phishing advice when it sent out an email containing a direct link to the updated user agreement to its users, because one of the tips on avoiding phishing scams contained in the quiz says that the users should "always log into PayPal by opening a new browser and typing in the following: https://www.paypal.com."

PayPal confirmed that the email is legitimate, but points out that it also contains the information that the users can type paypal.co.uk into the browser if they aren't completely sure that the offered link is safe to click on.

"PayPal does not advise people not to click on links in emails, rather to exercise caution. Users are advised to check the URL of any link to make sure it does not direct them to something unexpected, as you know they can do this by hovering their mouse over the link," it says in their comment.

This might seem like a non-issue, but a lot of users have a tough time learning all the online safety advice given by safety practitioners and various companies and institutions - giving good advice but failing to follow it makes it that much harder for them to know what things are safe and what not.

Internet Explorer 8 Vulnerability Exposed

A new vulnerability has been discovered in Internet Explorer that takes advantage of Cascading Style Sheets (CSS), in order to steal data from the browser.

This past Friday, Google security researcher Chris Evans posted on the Full Disclosure mailing list (see that post here) describing a CSS vulnerability he discovered. He also posted a harmless example of what that vulnerability could do. In the example, you go to a site in IE and click a button (which supposedly could be automated) and your twitter account will automatically send out a tweet. Barely two hours later, Microsoft tweeted that they were aware of a problem and would "investigate" the issue.

This CSS vulnerability is not exclusive to Internet Explorer. The other four major browsers are also affected: FireFox, Safari, Opera, and Chrome. The only difference is the vendors of those browsers have issued patches and plugged the holes that created the problem. As of yet, Internet Explorer is the only major browser that has yet to be fixed. Not that there hasn't been enough time to work on a patch. According to Evans in the posting mentioned above, "[t]here's evidence to suggest that Microsoft has been aware of this since at least 2008." Whether or not they have known about the vulnerability that long is irrelevant, considering that it has been fixed by everyone else.

This vulnerability takes advantage of CSS standards to steal browser data. According to those standards, cookies are sent from the browser when CSS is called, even if it is a cross-domain call. Combining this with a CSS injection attack using background-image:url(), the browser's cookies will be sent to the given url. These cookies can contain the keys needed to break into web applications such as Twitter accounts and webmail sites. Even worse, this happens even when javascript is disabled, making this a threat even to those who think they are relatively safe.

Critical 0-day Adobe Acrobat, Reader flaw exploited in the wild

Adobe has released a security advisory warning users about a newly discovered 0-day vulnerability that has already been spotted getting exploited in the wild.

The flaw affects all current versions of Adobe Reader for Windows, Macintosh and UNIX, and of Adobe Acrobat for Windows and Macintosh. "This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of public exploit code for this vulnerability," says in the advisory.

The company is still evaluating when a security update to resolve the flaw will be pushed out, and they haven't provided any mitigating instructions so far.

In the meantime, vendors of security solutions have begun detecting malware that exploits the vulnerability. Trend Micro has detected a Trojan that arrives as an attachment to spam email messages, which drops a downloader into the system. This downloader leads to another one, which is downloaded - along with other malware - from various (currently unavailable) URLs.

A quick search for the registration information for those URLs revealed that the registrant is located in Hong Kong, but the servers that host the site are located in the U.S. and in Germany.

Another interesting fact is that the malicious file is digitally signed with a valid certificate of a legitimate American credit union:

Adobe is urging users to keep their anti-malware solutions up-to-date in order to protect themselves until a patch is issued.

NSA Director says citizens' privacy will never be compromised

Cybersecurity and citizens' privacy won't be mutually exclusive terms for the federal government, vows NSA Director Gen. Keith Alexander.

"As the director of NSA and the commander of U.S. Cyber Command, I have an obligation to the law and to the American people to ensure that everything we do in cyberspace preserves and protects our civil liberties and operates legally under the constitution, while concurrently conducting our mission," said the General in his address at the O'Reilly Media Gov 2.0 Summit.

According to eSecurity Planet, he followed with a general overview of the things that the U.S. Cyber Command is in charge of: monitoring the .mil domain, helping civilian agencies when it comes to matters of information security, uniting the various military information security units.

He also made sure to note that government systems are always under attack from foreign and domestic hackers - the DoD system are probed some 250,000 times per hour, and the DHS reports that the number of cyber attacks against U.S. systems has risen by 150 percent since 2008.

"Considering the body of both personal and national treasure that resides on the Internet -- information, money, medical records, personal email, critical infrastructure and, most important, national security -- it is not a hyperbole to say that we have as much at risk or more than any other nation," Alexander said.

Twitter XSS vulnerability exploited in the wild

Malicious links leading to the download of a malicious JavaScript payload have been popping up on various Twitter accounts, warns Kaspersky's Stefan Tanase.

The payload uses a XSS vulnerability to steal Twitter cookies and transfer them to two servers (one of which is hosted in Brazil). The cookies are then used to hijack users' sessions and post a message in Portuguese claiming that a member of a popular Brazilian pop band has been in a tragic accident:

Combining these clues with the knowledge that the two domains are registered under Brazilian names, it seems fair to assume that the attack originated in that country.

According to bit.ly's statistics, one of the malicious shortened links in these messages has been clicked on more than 100.000 times, which means that there could be at least that many compromised accounts out there.

Fortunately, Twitter has already fixed the vulnerability.

Local bakery's website defaced

Was checking out some cake pricing from a local bakery's website, and ended up seeing this:

(Pls click on pic to see bigger image)

Uncool.

Update (08/09/2010):
More than 24 hours have passed after informing the site administrator about the incident and still nothing is done. The defaced web pages are still there.

Scammers using IM to deliver "IQ Test" spam

An IM variant of the well-known "Solve the IQ test, get your results on you mobile phone" scam has been spotted by a Trend Micro analyst.

He received a couple of messages via Yahoo! Messenger, apparently sent from his cousin's account to all her friends:

The format of the message exchange convinced him that he was chatting with a bot. He followed the link, solved the test and was presented with the following request:

A quick look at the "Summary of Terms" at the bottom of the page revealed that apart from gaining your phone number and probably spamming you some more in the future, the scammers are also trying to get you to part with your cash.

If you enter your cell phone and press the "See My Results" button, you are simultaneously agreeing to subscribe to receiving some mobile content, and for this service you will be charged from $9,99 to $19,99 per month.

On a side note - if you want to see what bots are capable of doing on social networks, go here.

Facebook boosts security by adding remote logout feature

Following the May rollout of the security feature that made it possible for Facebook users to be notified of unapproved account access, the social network announced another one that will allow them to remotely logout from their account.

This way, if you forgot to logout after accessing your account from a friend's phone or a public computer, you can access your account from your own and terminate remotely the active session.

The feature will be rolled out gradually, and this is how it will look like:

To check out if you can use it already, go to your Account Settings page and choose to change your Account Security.

The information provided for each active session will consist of the login time, device name (if you have named it), a ballpark location derived from the IP address, and the browser and operating system on the used device.

This way, even if someone accesses you account after you or your account credentials get phished and used, you can lock out those users by terminating the session remotely and changing the password for the account.

Phishing campaign targets McDonald's fans

A widespread spam campaign that is promising cash in return for completing a McDonald's customer satisfaction survey has been uncovered. The emails, claiming to be sent by 'McDonald's Survey Department' and with the subject line 'McDonald's Customer Survey' direct recipients to the survey that poses questions on McDonald's food.

Once the survey has been completed, computer users are asked to provide a raft of personal information, including their credit card number and security code, so that they can receive a $90 payment for taking the time to complete the questions.

"Exploiting online surveys is a popular way for scammers to make money as legitimate customer satisfaction surveys are increasingly common," said Graham Cluley, senior technology consultant at Sophos. "Although it's not unusual to be offered a reward or the chance of a prize for completing an online survey, a legitimate questionnaire will never ask you to part with your card details. I'm afraid anyone hoping to receive the cash from this survey is more likely to have their account emptied by the spammers."

"It's ironic that some internet users may actually be more likely to hand over their credit card information because they are more used to receiving phishing emails pretending to come from online banks, not burger joints," explained Cluley. "The truth is, however, that phishers can use a multitude of disguises - posing not just as online banks, but social networks, online stores, web email providers and now fast food giants too."

Top scams on the web

PandaLabs has drawn up a ranking of the most widely used scams over the last few years. These confidence tricks, which are still in wide circulation, all have the same objective: to defraud users of amounts ranging from $500 to thousands of dollars.

Typically, these scams follow a similar pattern: initial contact is made via email or through social networks. The intended victim is then asked to respond, either by email, telephone, fax, etc. Once this initial bait has been taken, criminals will try to gain the trust of the victim, finally asking for a sum of money under one pretext or another.

Below are the most frequent scams of the last 10 years, based on their distribution and the frequency with which they are received.

Nigerian scam: This was the first type of scam to appear on the Internet, and continues to be widely used by cyber-criminals today. This typically arrives in the form of an email, claiming to be from someone who needs to get a very large sum of money out of a country (normally Nigeria, hence the name). You are promised a substantial reward if you help to do this. However, those that take the bait will be asked to forward an initial sum to help pay bank fees (often around $1,000). Once you have paid, the contact disappears and your money is lost.

Lotteries: In essence, this is similar to the Nigerian scam. An email arrives claiming that you are the winner of a lottery, and asking for your details in order to transfer the substantial winnings. As with the previous scam, victims are asked to front up around $1,000 to cover bank fees, etc.

Girlfriends: A beautiful girl, normally from Russia, finds your email address and wants to get to know you. She will always be young and desperate to visit your country and meet you, as she has fallen head-over-heels in love with you. She wants to come immediately, but at the last moment there is a problem and she needs some money (once again, around $1000 should cover it) to sort out flight tickets, visas, etc. Unsurprisingly, not only does your money disappear, but so does the girl.

Job offers: This time you receive a message from a foreign company looking for financial agents in your country. The work is easy -you can do it from home- and you can earn up to $3,000 working just three or four hours a day. If you accept, you'll be asked for your bank details. In this case you will be used to help steal money from people whose bank account details have been stolen by the cyber criminals. The money will be transferred directly to your account, and you will then be asked to forward the money via Western Union. You will become a ‘money mule’, and when the police investigate the theft, you will be seen as an accomplice. Although this is often referred to as a scam, it is different from the others in that the ‘money mule’ also stands to gain, albeit by unwittingly committing a crime.

Facebook / Hotmail: Criminals obtain the details to access an account on Facebook, Hotmail, or similar. They then change the login credentials so that the real user can no longer access the account, and send a message to all contacts saying that the account holder is on holiday (London seems to be a popular choice) and has been robbed just before coming home. They still have flight tickets but need between $500 and $1,000 for the hotel.

Compensation: This is quite a recent ruse, and originates from the Nigerian scam. The email claims that a fund has been set up to compensate victims of the Nigerian scam, and that your address is listed as among those possibly affected. You are offered compensation (often around $1 million) but naturally, as in the original scam, you will need to pay an advance sum of around $1,000.

The mistake: This has become very popular in recent months, perhaps fueled by the financial crisis and the difficulty people are having in selling goods or houses. Contact is made with someone who has published a classified ad selling a house, car, etc. With great enthusiasm, the scammers agree to buy whatever it is and quickly send a check, but for the wrong amount (always more than the agreed sum). The seller will be asked to return the difference. The check will bounce, the house remains unsold and the victim will lose any money transferred.

What should I do if I'm targeted by one of these scams?

It's normal that if you're not aware of these types of criminal ploys, you might think that you have won a lottery or found true love on the Internet. So here are some practical tips that will help keep you out of harm's way:

• Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.
• Use your common sense. This is always your best ally against this kind of fraud. Nobody gives away something for nothing, and love at first sight on the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.
• The Internet is a fantastic tool for a great many things, but if you really want to sell something, it's better to have the buyer standing right in front of you. So even if you make contact across the Web, it's better to make the transaction in the ‘real world’, to verify the genuine intentions of potential buyers.