I’ve been receiving a lot of invitations in Facebook that asks me to click on a link to know who has viewed my profile. The message says: “Hey everyone, fb now lets you see who viewed your profile! to enable this feature, go here! (with a link to the application).”

For a regular and unsuspecting Facebook user, this can be attractive with tendency to visit the site given and follow the instructions given on the page. But beware! This application turned out to be a SCAM where some malicious script will run and will send request to your friend list. The application does not really detect your actual viewers, but instead it gives you random picks from your friends’ list and gives you random numbers of views. Users are asked to complete a survey or quiz, and every quiz completed gives earning to the program developer.

To avoid this malicious application, refrain from clicking links to unregistered Facebook applications.

Tech At Hand have investigated further on this Facebook “Who’s Viewed Your Profile” Scam.

Incoming search terms:

The events in Japan, the 8.9 earthquake, the tsunami, and the radiation scare which has reached even the Philippines, were all over Facebook and Twitter. Countless posts being made every second. Users posted news articles, photos, and video footage about both the earthquake and tsunami.

Facebook also served as an alternative communication as many mobile networks shut down. Users with relatives and friends used Facebook to inquire about their condition.

However, it’s sad that this vital role of Facebook has been taken advantage by scammers. Several strategies by scammers have been designed to trick unsuspecting Facebook users. Users are being invited to donate and help those in Japan, however we could not check the legitimacy of these donation drives.

Another scamming strategy was through “clickjacking” (which means prompting a victim to click something while a different action is taken behind the scenes). “Japanese tsunami RAW tidal wave footage” followed by a link, and also mentions Australian tourists in the description has been tricking ignorant victims to click on the video or link. A French version: “Vidéo exclusive de l’arrivée du Tsunami sur les cotes Japonaises – Voilà une vidéo du Tsunami du Japon du 11 Mars 2011 !!! A voir absolument.” is also spreading.

The fake video player window is overlayed with a hidden iframe; actually clicking on it anywhere will also submit a Facebook Like and spread the post to your Facebook page. The scammer earns his or her money via a commission for every survey completed. Furthermore, you should never hand over your mobile phone number as scammers will sign you up for a premium rate SMS service.

So Facebook users are warned about these scams, and advised to scrutinize every video and posts.

Incoming search terms:

Kaspersky found out a fast-moving Twitter worm that exploits goo.gl targeting unwary users. These truncated links are obscured and users are unaware that these links redirects to a fake anti-virus called ‘Security Shield’ which asks the users to download the said software to disinfect their computers. Similar with other malware, once downloaded it will automatically install the worm.

I immediately referred to their Support page and looked for possible reasons how my account got hacked.

The primary reasons how accounts may become compromised are:
1. Entrusting your username and password to a malicious third-party. In my case, I recently signed up for a third party, a make-money-from-Twitter page, which I granted for an access to my Twitter account.
2. Due to a weak password. Usually, I am using combination of letters and numbers so I think this couldn’t be the reason.
3. Due to viruses or malware that are collecting passwords. I am currently using an ESET Smart Security as my anti-virus, which was named as one of the best antivirus software.
4. Due to a compromised network.

The most possible reason I could think of is signing up at that malicious third-party. When I tried to request for a reset of the password using the e-mail add associated with my Twitter, it said that the e-mail account was not existent. But when I tried to request using my username, it was successful, however, since the e-mail address has been changed, I did not receive the password reset. This confirmed that my account has been hacked.

I immediately sent a support ticket to Twitter, to which their autoresponder promptly replied to. But until now I could not login to my account. What to do?

E-mail harvesters can get your e-mail address:

1. Through your online profiles in message boards or forums. That’s why it’s always advisable to disguise your e-mail address. Some message boards offer an optional field for your fake e-mail address that will be displayed on your profiles. It is advisable that you utilize this field. Some also give you the option to display your e-mail address or not.

2. Through social networking sites like Friendster, MySpace, Multiply.com, etc, especially when you display it in your profile. Some people display their e-mail addresses so it would be easier for people to invite them but this way, they are also inviting spammers to get into their inbox.

3. Through mailing lists. By subscribing to some mailing lists, you are disclosing your e-mail address to them. It is either they use your e-mail address to send you unsolicited e-mails from them or sell it to spammers or advertisers. It is, thus, recommended to read a website’s privacy policy when signing up for their mailing list.

4. Through webpages. Spammers have programs or bots, which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags (those you can click on and get a mail window opened).

5. Through your own website by means of contact information. As I have emphasized in Prevent Spam in your Inbox Part I, you can use online e-mail signatures or a contact form. You can also right your e-mail add this way: yourname(at)host(dot)com.

6. From various web and paper forms. Some sites request various details via forms such as guest books. Spammers can get email addresses from those because the form information becomes available on the world wide web. Most of the time, the e-mail field asked in guest books are optional. Or if some websites require it, you can put a fake e-mail.

7. Through chain letters or e-mails. This has been over-emphasized in my Prevent Spam in Your Inbox Parts I and II.

You can read more at FAQ.org.

Incoming search terms:

What to do:
Immediately delete a suspicious e-mail message. Most of the time, you can already guess that an e-mail is from a spammer through its subject. AOL reported the Top 10 Spam Email Subject Lines of 2003. Basically, most of the e-mail subject lines contain a promising special online offer. You further know it’s a scam or a spam if you have not signed up for the said special offer.

AOL’s ‘Top 10 Spam Email Subject Lines’ of 2003:*

1. Viagra online (also: xanax, valium, xenical, phentermine, soma, celebrex, valtrex, zyban, fioricet, adipex, etc.)

2. Online pharmacy (also: ‘online prescriptions’; ‘meds online’)

3. Get out of debt (also: ‘special offer’)

4. Get bigger (also: ‘satisfy your partner’; ‘improve your sex life’)

5. Online degree (also: ‘online diploma’)

6. Lowest mortgage rates (also: ‘lower your mortgage rates’; ‘refinance’; ‘refi’)

7. Lowest insurance rates (also: ‘lower your insurance now’)

8. Work from home (also: ‘be your own boss’)

9. Hot XXX action (also: ‘teens’; ‘porn’)

10. As seen on oprah

* – Source: AOL. This list is unscientific, and is not in any specific order. The cited email subject headers are not ranked by volume.

What not to do:
1. Don’t forward chain e-mail messages You lose control on who can see your e-mail. As I have emphasized in Prevent Spam in Your Inbox Part I, it might be prudent to tell your friends not to send you this type of message. Further, you may become one of the accomplices of online scam because most of these messages are designed to trick people.

2. Don’t contribute to a charity based on a request in e-mail. Unfortunately, some spammers prey on your good will. If you receive an appeal from a charity, treat it as spam. If it is a charity that you want to support, find their number elsewhere and call them to find out how you can make a contribution. (Microsoft Office)

3. Do not reply to a spam message. If you were already suspecting that you are being spammed, don’t reply to it even for the sake of clarification. Through this, they can also clarify that your e-mail address is actively used which will encourage them more to send you spam.

4. Do not unsubscribe. Through this, they will also confirm that your e-mail address is active.

I myself has received a couple of text messages that intends to scam.  Like, it says that my cellphone number has been chosen as a winner for a “raffle” draw with a tempting winning prize of a hundred thousand pesos, and that I should call them for the instructions on how to claim my prize.  Having been exposed to e-mail scams with similar content, I just ignore these text messages.  My father, nearly succumbed to one message he received. Good thing, I warned him beforehand.

Anyway, the bureau has classified the types of text scams in the Philippines which are:

The lottery/prize scam: The consumer will be contacted by SMS or e-mail with news that he/she has won a large sum of money, but in order to receive the winnings, he/she must first pay the taxes by depositing into a stranger’s account. The consumer sends the funds, but the winnings are never received.

The charity donation scam: The victim will be told that the culprit is a representative of either a fake charity organization or a recognized government foundation tasked to secure donations for a worthy cause. The victim will be given contact details and information on how he/she can donate via the fraudster.

The online auction purchase scam: The consumer with the winning bid in an online auction is instructed that the seller will only accept money transfer as a form of payment. The seller may also instruct the consumer to use a fictitious name for the transfer, to ‘protect themselves’ until the goods are received – but they never arrive.

The dugu-dugo or budul-budol scam: The victim will receive a call from someone who claims to be a family member stating that a loved one has been kidnapped or hurt, and will need the victim to make a transfer of money to a stranger to avoid the kidnapped relative from being harmed or to pay for medical expenses.

The recruitment scam: The victim will receive an offer to a job overseas from an individual who claims to represent an agency or the employer, and requests for a placement fee to be transferred to his/her account to facilitate the application process.

The business investment scam: A business may receive a request from a stranger posing as a representative of a major corporation offering the opportunity to become involved in a large commercial operation. The offer will involve very large financial returns and will require the victim to finance portions of the business venture. All payments will be required to be forwarded in amounts between P10,000 and P50,000. Examples of the requests for money include:

• Payment of legal fees
• Payment for the suppliers or subcontractors
• Payment for the registration costs
• Payment of business taxes

The Nigerian inheritance/legacy scam: The consumer is contacted, usually by email, by an individual claiming to be either a representative of the Nigerian government, a wealthy business person or the widow of a deposed leader. The trickster may claim that they have discovered a bank account belonging to a deceased citizen or has come into possession of a large sum of money. The trickster offers to share the proceeds if the consumer allows him/her to deposit the money into their bank account. The consumer is asked to provide their account details and other sensitive information. However, before the transaction takes place, an “unforeseen difficulty” occurs and additional fees from the victim are “necessary to overcome the problem”.

Incoming search terms:

Here are some of seven web safety tips from Illinois Attorney General, Lisa Madigan for teens for a friendly internet environment:

1. Never post personal information online.

2. Don’t put strangers on your buddy list.

3. Don’t post potentially embarrassing images of yourself online.

4. Remember that anyone can read blogs.

5. Communicate only with friends and family.

6. Tell your parents if you receive anything that makes you feel uncomfortable.

7. Think before you post any information about yourself—a message long touted by the National Center for Missing and Exploited Children.