Scams -Spams and Fishing for your Money Part III

The latest malicious software currently making the rounds is a recycled variant of the “FBI Virus” It locks down your computer so it will do nothing except display an official looking message “Illegal content has been found on your computer. Your computer has been locked by the FBI and the lock will not be removed until you pay a $100.00 fine”. Of course there is a link to pay your “fine”.

This virus is typically transmitted by email. Make sure your anti-virus program has access to scan your incoming email. Do not open email from people you don’t know, and be very careful when opening email attachments. It is best to right click on the attachment and have your anti-virus program scan it before opening any attachment.

Scams Spams and Phishing for Your Money Part II: Phishing for your account information using email

If you ever post on Craigslist or use PayPal, please be aware that scammers will stop at nothing to steal your information. A very common way to gain access to your financial accounts is known as “phishing”. I got an email purportedly informing me that my PayPal account had been suspended, and that I needed to “verify” my account information.

“Phishing” is a variant of the class of fraud known in computer security circles as “social engineering”. Social engineering is simply a lie. The old fashioned way of using social engineering was to call a business and impersonate someone who is high on a corporate ladder calling into the office to beg the operator to  PLEASE save them embarrassment by looking up login details of the impersonated corporate officer, giving it to the caller over the phone. The call is often accompanied by a manufactured crisis to boost the importance of the caller getting the login details immediately.

Now the scammers send an authentic appearing email to their intended victims, using classic  social engineering methodologies.

Once you have clicked the link in the authentic appearing email your web browser gets directed to a very authentic appearing copy of PayPal’s website hosted elsewhere on the internet, with the intent of stealing your password and login information to empty your PayPal account.

The easiest way to detect a scam like this is to hover your mouse over the link the scammers intend for you to click and check the web address, which usually appears in the bottom frame of the window you are viewing the email in.

Be aware that this fraud is not limited to PayPal – it can involve any business entity that can be used to gain access to your financial information – even appearing to be from your bank, credit union, or stock broker.

The link in the email below shows  as being to the secure PayPal website  In reality the link leads to->”. This is done with the HTML coding used to display the link’s text.

Be very cautious surfing the the internet and responding to email my friends. The same type of deceptive link in an email can lead you to a site that will overwhelm your computer and install malware and/or viruses onto your PC.

Some good information on infected websites and other malicious software can be found at

Please do NOT click on anything below this – it is a copy of the email I received – minus some of the authentic appearing images from PayPal – the links are live to the scammers site.


Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

Please click on the link below to initiate the verification process:


Yours sincerely,

Copyright © 2012 PayPal. All rights reserved.

PayPal Email ID PP277