Newsletter - URL typo's and a JB HI-FI Facebook scam - SSO-NL2011-012

19 December 2011

Newsletter December 2011 (File size: 917Kb)

Overview

The purpose of the Newsletter is to provide general advice about online security issues and help you learn to better manage the security of your computer and information when online. This month’s newsletter will cover recent URL typo “competitions” and a Facebook scam.

Feedback

Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

URL Typo Web Pages

I am sure many people know what a hyperlink is; those blue underlined bits of text that take you from one web page to another when you click on them. The same things people tell you not to click on in email messages. They are a fundamental part of how the World Wide Web works and one of the main methods Google uses for helping you find the content that you want. While these links are useful, they are by no means the only method of going to a web page. You could also use a bookmark, your browsing history, or type the URL into the address bar directly. It is this last method of visiting a website that can be open to abuse.

If you wanted to visit twitter.com to check your recent tweets, but you accidentally typed twiiter rather than twitter (notice the double “i” and single “t”) where would your web browser take you? That is a question that recently drew some attention from SANS ISC (http://isc.sans.edu/diary.html?storyid=12184). They found that various misspellings of common websites (like twitter.com, wikipedia.com, and youtube.com) would take users to some strange web sites.

Example "winner" popup message

Image 1 – Example "Winner" popup message

Example "FREE iPad2" popup message

Image 2 – Example "FREE iPad2" popup message

The screenshots above show two different messages that are displayed when visiting some of the misspelled domains for well-known sites (like those mentioned above). If you continue on to visit the sites that you are redirected to you end up with a page that looks like a certificate (see the two images below).

These pages do not seem to contain anything malicious. If you have visited one your computer should be ok. As always you should remember to keep your software patched and run up to date anti-virus software.

Example winner webpage 1

Image 3 – Example winner webpage 1

Example winner webpage 2

Image 4 – Example winner webpage 2

What these sites try and do is get some personal information and details from you. They do this by asking you to enter your details and saying that you may have won an iPad or iPhone. In the fine print they outline exactly what may happen with that personal data. Some of the possibilities listed are:

- Share your information with our business partners
- Send you promotional materials
- SMS messaging (standard carrier text messaging charges will apply)

The first two may result in some SPAM email or advertising material being sent to you. The last one of those three could actually cost you a lot of money. Premium SMS messages allow a business to send you a text message in such a way that the bill for the SMS comes to you. You are essentially paying to be sent advertising material. Premium SMS messages are normally used when you request a service from a company. This service can be asking for a weather report, a horoscope, or a new ringtone and can cost up to or more. Some mobile providers allow you to disable the ability for you to receive premium SMS messages – ask your mobile phone provider for more information on whether you are able to do this.

The Australian Communications & Media Authority (ACMA) and ScamWatch also have some information on Premium SMS’s and Premium SMS scams:

- http://www.acma.gov.au/WEB/STANDARD/pc=PC_311207
- http://www.scamwatch.gov.au/content/index.phtml/tag/SMSCompetitionTriviaScams

Recent Facebook JB HI-FI scam

There are always various scams going around via email or (more recently) Facebook that are attempting to trick users into clicking, visiting, posting or installing various things. Some are just annoying and harmless but others can be quite bad for your computer. The JB HI-FI scam that was recently going around Facebook is one of the annoying but harmless types. If you have fallen for it your computer and Facebook account should still be safe.

JB HI-FI scam example

Image 5 – 200 dollar JB HI-FI scam example

The scam (see above) was saying that you could enter the draw to win a 200 dollar JB HI-FI voucher. However once you clicked on the link two things would happen. First, you would be forced to share the Facebook link yourself so that your friends could be tricked too. Second, it would ask you to complete an online survey. This survey is the reason for the scam; every time a user filled out the survey the scammers would earn some money – so by completing it and sharing the link (as you would have been forced to do) you are helping them to earn more money.

If you have found this scam and clicked on it, you should delete that post from your Facebook account to stop any of your friends from clicking the link. If you would like more information on this and other related scams the following web pages contain some good information:

- http://www.scamwatch.gov.au/content/index.phtml/itemId/891505/
- http://nakedsecurity.sophos.com/2011/12/09/free-200-jb-hi-fi-voucher-facebook-scam/
- http://www.gizmodo.com.au/2011/12/dont-fall-for-the-jb-hi-fi-200-voucher-facebook-hoax/

Disclaimer

This Newsletter has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and informationin this Newsletter is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Newsletter accept no responsibility or liability for information either included or referred to in the Newsletter. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Newsletter, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Newsletter does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Newsletter, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Newsletter may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

		SEARCH
Home Advisories Alerts Newsletters Subscribe or Log In Visit Stay Smart Online	Larger text Smaller text You are here: Stay Smart Online Alert Service > Server applications > Newsletter - URL typo's and a JB HI-FI Facebook scam - SSO-NL2011-012 Newsletter - URL typo's and a JB HI-FI Facebook scam - SSO-NL2011-012 19 December 2011 Newsletter December 2011 (File size: 917Kb) Overview The purpose of the Newsletter is to provide general advice about online security issues and help you learn to better manage the security of your computer and information when online. This month’s newsletter will cover recent URL typo “competitions” and a Facebook scam. Feedback Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests. URL Typo Web Pages I am sure many people know what a hyperlink is; those blue underlined bits of text that take you from one web page to another when you click on them. The same things people tell you not to click on in email messages. They are a fundamental part of how the World Wide Web works and one of the main methods Google uses for helping you find the content that you want. While these links are useful, they are by no means the only method of going to a web page. You could also use a bookmark, your browsing history, or type the URL into the address bar directly. It is this last method of visiting a website that can be open to abuse. If you wanted to visit twitter.com to check your recent tweets, but you accidentally typed twiiter rather than twitter (notice the double “i” and single “t”) where would your web browser take you? That is a question that recently drew some attention from SANS ISC (http://isc.sans.edu/diary.html?storyid=12184). They found that various misspellings of common websites (like twitter.com, wikipedia.com, and youtube.com) would take users to some strange web sites. Image 1 – Example "Winner" popup message Image 2 – Example "FREE iPad2" popup message The screenshots above show two different messages that are displayed when visiting some of the misspelled domains for well-known sites (like those mentioned above). If you continue on to visit the sites that you are redirected to you end up with a page that looks like a certificate (see the two images below). These pages do not seem to contain anything malicious. If you have visited one your computer should be ok. As always you should remember to keep your software patched and run up to date anti-virus software. Image 3 – Example winner webpage 1 Image 4 – Example winner webpage 2 What these sites try and do is get some personal information and details from you. They do this by asking you to enter your details and saying that you may have won an iPad or iPhone. In the fine print they outline exactly what may happen with that personal data. Some of the possibilities listed are: - Share your information with our business partners - Send you promotional materials - SMS messaging (standard carrier text messaging charges will apply) The first two may result in some SPAM email or advertising material being sent to you. The last one of those three could actually cost you a lot of money. Premium SMS messages allow a business to send you a text message in such a way that the bill for the SMS comes to you. You are essentially paying to be sent advertising material. Premium SMS messages are normally used when you request a service from a company. This service can be asking for a weather report, a horoscope, or a new ringtone and can cost up to or more. Some mobile providers allow you to disable the ability for you to receive premium SMS messages – ask your mobile phone provider for more information on whether you are able to do this. The Australian Communications & Media Authority (ACMA) and ScamWatch also have some information on Premium SMS’s and Premium SMS scams: - http://www.acma.gov.au/WEB/STANDARD/pc=PC_311207 - http://www.scamwatch.gov.au/content/index.phtml/tag/SMSCompetitionTriviaScams Recent Facebook JB HI-FI scam There are always various scams going around via email or (more recently) Facebook that are attempting to trick users into clicking, visiting, posting or installing various things. Some are just annoying and harmless but others can be quite bad for your computer. The JB HI-FI scam that was recently going around Facebook is one of the annoying but harmless types. If you have fallen for it your computer and Facebook account should still be safe. Image 5 – 200 dollar JB HI-FI scam example The scam (see above) was saying that you could enter the draw to win a 200 dollar JB HI-FI voucher. However once you clicked on the link two things would happen. First, you would be forced to share the Facebook link yourself so that your friends could be tricked too. Second, it would ask you to complete an online survey. This survey is the reason for the scam; every time a user filled out the survey the scammers would earn some money – so by completing it and sharing the link (as you would have been forced to do) you are helping them to earn more money. If you have found this scam and clicked on it, you should delete that post from your Facebook account to stop any of your friends from clicking the link. If you would like more information on this and other related scams the following web pages contain some good information: - http://www.scamwatch.gov.au/content/index.phtml/itemId/891505/ - http://nakedsecurity.sophos.com/2011/12/09/free-200-jb-hi-fi-voucher-facebook-scam/ - http://www.gizmodo.com.au/2011/12/dont-fall-for-the-jb-hi-fi-200-voucher-facebook-hoax/ Disclaimer This Newsletter has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy. The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and informationin this Newsletter is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances. The Commonwealth, AusCERT, and all other persons associated with this Newsletter accept no responsibility or liability for information either included or referred to in the Newsletter. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Newsletter, whether by way of negligence or otherwise. The listing of a person or organisation in any part of this site or Newsletter does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service. Please note that material in this Newsletter, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Newsletter may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.
	Last Updated: 2011-12-19 Copyright \| Privacy \| Disclaimer