Technology

The British newspaper Mail Online reports that a local postman was scammed out of his life savings by an an attractive female "friend" he met on the popular online community site MySpace.

Saving the Damsel in Distress

The postman, Shane Symington, seems like a nice fellow who was simply trying to help a fellow human being. He befriended an American woman named 'Angela Gates' on MySpace in 2007. After a few weeks of friendly banter, the woman began asking for money to pay for her mother's funeral and for medical expenses.

What could Shane do but rush in and save her from her predicament? She needed him!

In order to hit every soft spot Shane had, 'Angela' also told him she needed more money to pay for legal fees that would allow her to inherit a $2 million piece of property. Anyone who's studied Advanced Fee Fraud scams will recognize this kind of story.

Damsel Turns Out to Be a Dude

Unfortunately, it appears Shane hadn't studied much about scams. It turns out this attractive, bikini-clad and potentially rich American woman was really a Nigerian man. Surprised? I doubt it.

After emptying Shane's bank account the Nigerian man even contacted Shane and admitted his fraud, but the story doesn't end there.

From the Mail Online:

He was then contacted by another woman, again from America, claiming she had also been caught in the scam.

He said that he then helped pay her legal expenses and the cost of hiring two ex-FBI agents in an attempt to regain the lost money for both of them.

Mr. Symington said that he now believes that these people are also involved in the scam. He said that he had paid out more than £30,000 to them, bringing his total losses to more than £130,000.

Ouch!

The lesson to learn here is that when this scammers find a victim, they hit them with multiple scams from multiple people until they have milked their target completely dry.

What does Shane have to say about all of this:

I feel sick from it all, I feel disillusioned, they have just played on my good nature. I've lost my life-savings, I have two loans and credit card debts, I'm in huge debts because of all of this.

You just can't trust anyone on the internet. I want to warn people but I know I won't be the last to fall for something like this.

The police in Hampshire working the case said that there's little they can do to recover the money because of the current political situation in Nigeria.

What Can We Do?

These stories are hard to read. We can't believe someone can be so easily manipulated. So what can we do? I suggest you help your friends, relatives, and neighbors by educating them about these kinds of scams. Shane said it best - "I won't be the last to fall for something like this."

Don't let it happen to someone you know.

Read the whole story (w/ pics of the lovey 'Ms. Gates' on the Mail Online web site.

For the second year in a row, malware has been discovered in major-brand digital photo frames, carried by some of the nation's biggest retailers.

Software that came pre-installed in frames manufactured by Samsung, Element, and Mercury, was found to enable the "Autorun" function in Windows, allowing it automatically install malicious code to a PC whenever it is connected. The nature of the malware varied with the device, and it isn't even yet clear in some cases whether the malicious code was put there intentionally, or if it simply replicated itself from an infected computer used in the manufacturing process.

This problem isn't just contained to digital frames though. In past years, a variety of electronic gizmos—from flash memory sticks to satellite navigation devices—have all been found to pose security threats.

Peripheral Devices And You

What do most of the popular electronic holiday gifts such as digital cameras, music players, photo printers or even cell phones have in common? They're all "peripheral devices"—meaning that they have to be connected to a personal computer in order to become fully functional. Without these devices, our home computers remain just that—stationary libraries of songs, photos, and other data, inaccessible to us when we're outside of the house.

What many consumers don't know is that anything capable of downloading data given to it by a computer, is also capable of replicating its data onto that PC in the process. So before you plug a new device into your USB port, there are a few steps you should take to keep your computer safe.

What You Can Do

As always, the best way to protect your computer is to have a good, up-to-date anti-virus program installed and running at all times. These programs can identify almost any potential threat and neutralize it immediately upon connection of a device to your computer.

Staying away from cheap brands you've never heard of before (like those $15 drug-store digital cameras or MP3 players,) is also something many experts recommend. But top-notch anti-virus software should be enough to protect you—even from those yPod and Suny products you might find at the flea market.

Myspacers have been dealing with identity theft scams for years, but now there's mounting evidence that hackers are targeting Myspace's more mature brother, Facebook. According to a Reuters wire story, a virus known as "Koobface" has been making the rounds using the Facebook messaging system.

How Does it Work?

Users are typically told that they "look awesome in this new movie" that the sender has uploaded, and are redirected to a site that in turn asks them to install a bogus Adobe Flash player update. If the user decides to take the bait, the Koobface virus is instantly installed on their computer, at which time it goes about its business gathering credit card numbers and other sensitive information.

How Do I Get Rid of It?

According to Guy Bunker of Symantec, Koobface is fairly easy to get rid of. Users can either install some anti-virus software (which will automatically find and destroy it,) or locate two files in their Windows directory. The files are named "tmark2.dat" and "mstre6.exe", and should be deleted immediately if found.

Find more details on detection, files affected, removal, etc. on the McAfee web site.

Even if Koobface itself isn't all that scary, the Reuters piece cites a security researcher with McAfee as saying that such viruses are on the rise on social networking sites. Presumably surfers are more trusting with these sites because they typically use them to connect with friends, and aren't expecting to be targeted the way they would in a random email from an unknown spammer.

In 2005 and 2006, Myspace suffered from a rash of security problems, the most widespread being a JavaScript virus named "Samy." Samy was relatively harmless since it targeted internet profiles rather than PCs. Nevertheless, more than 1 million users ended up displaying the message "Samy is my hero" on their Myspace profiles in 2005.

How Do I Protect Myself in the Future?

Social networking sites like Facebook turn us into fools when it comes to installing software.

• Want to throw a virtual snowball at someone? Install this application.
• Want to find out what kind of sandwich you are? Install this application.
• Want to know how you're going to die? Install this application.

That's why these sites are the newest playground for virus creators - people are connected, they click on stuff, they install stuff, rinse and repeat.

One good rule of thumb is to avoid redirect links in Facebook or Myspace messages unless you can absolutely verify that the URL is legit. Never download a file from a page you've been redirected to. Report the incident to the support staff at social networking site, and await further instruction.

You may know who your friends are in real life, but it's important to remember that an internet persona can always be hijacked---even if you do look really awesome in that movie.

Screenshots

Here's how the Koobface virus, and other related viruses appear within Facebook:

What Appears in Facebook

Notification in Your Email

Website Download

Updated to add:

Variants of this virus appear to be pointing to data collection or revenue generating web sites. Here are a few titles I've had reported recently:

"hey is this u on thebestphotosonline.com"

and...

"whats the deal with u bein on imdownwitu.com"

According to investigative reporters for WirtschaftsWoche, 21 million Germans have had their personal information stolen along with their bank account and bank code numbers. The thieves are offering to sell the data for 12 million euros (about 15.3 million dollars). It is believed the scammers gathered the data by using employees at financial institution call centers.

Could this happen in the U.S.?

It certainly could. Privacy laws throughout Europe are generally tighter than U.S. laws and Germany is among the tightest. Low employee morale, caused by a deteriorating job market and chaos within the financial sector makes crimes like this more likely. I'm sure it's tempting for employees to grab whatever data they can as they're shown the door or maybe they're just looking to add to a mediocre salary. Whatever the reason, it may be time to buckle up and prepare for a bumpy ride.

What could criminals do with this data? Make bank withdrawals.

Criminals can use the bank account info to make withdrawals - either big or small. A .57 cent bank withdrawal from 21 million accounts still ads up to... ummm... let me get my calculator out... $11.97 million dollars. And that's this month, and next month, and the next month, etc. until they're caught or they decide to make a big withdrawal and run.

Here's their strategy, detailed in an IT World article:

Although banking passwords were apparently not included on the CD, criminals would be able to use this data to withdraw funds from a victim's account, said Thierry Zoller, an independent security consultant based in Luxembourg.

Scammers could use this type of information to initiate a large number of debits from German banks, making each withdrawal small in hopes that it would not be noticed by the victim, he said.

This is why carefully checking your bank records is important. If you see a unexplained entry - even if it's small - you should track it down until you understand where it came from. Otherwise you might unexpectedly see a much bigger withdrawal from the same source somewhere down the line.

More about this story at the WirtschaftsWoche in English and German.

You can also find coverage at The Register, and IT World.