Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Scam

From Malware Wiki
Jump to: navigation, search
File:Win-a-1000-amazon-gift-card.jpg
A scam asking for personal information.

A scam is when users are offered something for free e.g. (free bingo, poker, lottery, slots, and/or casino spin, game currency generators) or told to install a product, but the product is fake or a rogue software. Sometimes the user will be told to complete a survey or install another program to obtain the wanted item. Some scams may install adware on the user's computer and/or infect it with viruses. An common example of scams is rogue antiviruses.

Variants

Gift Card Scams

Gift Card Scams are scam or phishing websites that display messages similar to "Collect 100 points to win $1000 Amazon gift card", or for other popular retailers, like Swagbucks, Starbucks, Coke, Dove, Google Play, Visa, PayPal Cash, Xbox, PSN, Steam, BJ's Restaurants, Amazon eBay, Roblox, Bloons Monkey Money, Microsoft, Windows, or even iTunes.

All of those names are owned by the owner of Gift Card Rebel to trick users in installing virus. Other scammers own a group of twenty different female usernames, but mostly the scammers are male.

They ask for personal information to give it to spammers by asking about medical treatments, cars, cards, poker, credit, debit, and gift card numbers, check numbers, church addresses, home addresses, antiviruses (All of them give users fake options like ByteFence, Protegent, and SpySheriff. The last option is Neither.

Typosquatting

Typosquatting are malicious websites that have URLs that are website URLs but with intentional typos to pray off of typos. The easiest ways to avoid these, is to simply pay attention to spelling.

List of Typosquatted Websites

  1. Google.com: Goggle.com, Googe.com, Foogle.com, Hoogle.com
  2. YouTube.com: YoTube.com, YouTibe.com, YouTybe.com, YouThbe.com
  3. Facebook.com: Faceboook.com, Facebok.com, Racebook.com, Dacebook.com

Human Verification Scams

Human Verification scams are mostly harmless scams that occur most often on websites claiming to be in-game money generators or websites claiming one can get "X Paid Game Free". After supposedly filling out a form for their "Free" items, the website will claim that a form human verification has to be completed to confirm the user is not a bot. This human verification will often consist of the user having to fill out a survey or having to install some apps. This usually will not charge the user anything and the apps will usually be legitimate apps. This form of scam is mostly a time-wasting scam and has little harm on the user while generating money for the scammers, however some human verification scams are malicious and may try to force users into inputting credit card information, under the false pretense that no money will be charged and it is being done only to verify, or may request confidential information such as passwords. 

File:Human-vertification.png
A survey scam site.

Win Free Items Scams

File:S8scampoophackvirus.png
Fake scam claming to be Samsung.

Win free items scams are scams that trick users into believing that they can win a free item. It can be found by advertisements online, mostly in sites filled with advertisements. When the user clicks on one, the scam may require the user to perform a form of "human verification" (see above), give confidential information such their credit card information or download malware.

MMO Scams

Main article: MMO scams

File:Roblox-robux-generator1.png
Fake Robux generator program, for the online game, ROBLOX.
File:屏幕快照 2018-08-18 下午5.34.16.png
A scam for the game Minecraft pretending to be Microsoft.
File:C4790E91-5E17-4002-942E-D3E07A9DEB96.jpeg
nohumanverification.com the scam site
File:94FCD693-BBEC-4049-9073-C7F8298CCEDC.jpeg
Fake ITunes Gft Card Generator

MMO scams are types of scams. It is unknown what was the first known MMO scam.

Advertising Scams

This is when a scammer creates a false product, then creates fake news sites that claim that a popular female celebrity or TV news anchor left (or was fired) from their job because they allegedly invented this false product. The scammer then puts links to this fake news article on malvertising platforms such as Adsense, Outbrain, and Taboola. These fake news ads are displayed on millions of sites, ironically even including sites that fact-check fake news, such as Snopes, PolitiFact, and HoaxSlayer. When the CBC investigated these types of scams in October 2017, the scammers sent a box containing a tube of "skin care serum" (probably a placebo) each month, again with no way to cancel, but when this was investigated by CTV in September 2018, the scammers didn't actually send any serum; they just charged a victim's credit card monthly, making them pay for receiving nothing.

Casino Fake News Scam

In this scam, the scammer sets up a rigged online casino.These sites copy the layout and logos from the sites of legitimate news organizations, such as CNN, CBC, and CNN; this is called "trademark infringement", and can get the scammers in massive legal trouble. Similar to the other fake news scams, the scammer then puts links to their sites on these kinds of false articles.

Lottery fake news scam

They claim to give users unlimited chances, but this isn't always the case. They ask for credit card numbers after the victim user's numbers match. After which, they can then steal the users' money. After the user's numbers match in Fishdom, Block Puzzle, and/or Bingo, they ask for credit card numbers and steal it.

Charity Scams

Some scammers, like Swagbucks, claim to donate money to charites. The money actually goes to the scammer.

Tech Support Scams

A tech support scam is a type of scam that involves phone or chat. It mainly revolves around Remote Desktop Connections like TeamViewer, and others. These scams will force the user to pay, damaging their computer to get their way.

File:Microsoft-Official-Support-System-Virus.jpg
Example of a tech support scam.

Login scams

These types of scam spread through email and claim that the user's account has been suspended or disabled, and that they need to click a login link to continue. The link redirects to a fraud website that mimics a genuine login page, and once the user inserts their credentials in the fake login page, the scammers will either steal money from the account or leak information from it. These scams may make use of tabnabbing, as well.

Scams mimicking login pages of major websites have been documented, such as those imitating Facebook, eBay, Gmail and Yahoo, Amazon, Twitter and PayPal.

Bitcoin Generator scams

Bitcoin Generator sites trick users into downloading malware by inviting them to "claim free bitcoins". Some sites receive traffic by redirecting from some Bitcoin and other cryptocurrency faucets, while others receive traffic from users who downloaded malicious programs.

When the user visits the website, it shows "real-time chat", information about the site and amount of generated bitcoins. Then, after the "generation process", the site displays a message prompting the user to deposit 0.0045 BTC or more. Contrary to what it claims, no amount of Bitcoin will be sent to the user after the deposit; instead, trojans, PUPs and adware are downloaded through the website.

"Sexy" websites

Sexy.ru, or Sexy.pw, is a series of scam websites that trick the visitor into downloading a piece of malware, such as a virus, a trojan, rogue software, adware or ransomware, under the guise of obtaining arousing pictures or online dating. The link is most often found in profile pages of bots in picture-sharing websites like deviantART.

The website contains a random number, the word "sexy" and a top-level domain, most often that of Russia or Palau. The following websites have been documented to belong to this type of scam:

  • 10sexy.ru
  • 19sexy.ru
  • 22sexy.pw
  • sexy3.ru
  • sexy7.ru
  • sexy26.pw
  • nvyk.ru
  • xvwqg.ru