Why Social Networking Sites Suck!

Nomadic Lifestyle

If you have been victimized by this phising scheme you need to report it to the Las Vegas Police. The number to the Police in Las Vegas (where this crime originates from) is (702) 828-3111
Some possible names of people who may be involved in these crimes are:
Victoria David (sounds fake…)
Scott Shaw (this is a real person who may or may not actually be involved)
Adam Arzoomanian (this is a real person who may or may not actually be involved)
Laura Davis (this is a real person who may or may not actually be involved)

report this to the Las Vegas Police NOW!! this will continue until someone is prosecuted
Furthermore, another company who is at least indirectly involved in this fraud and who is a financial benefactor is a company called mobile messenger. If you have received unsolicited text messages on your cell phone chances are you are being charged some crazy amount of money for this “service” – check with your cell phone provider and if you are being charged, you need to report this activity to the Las Vegas Police also. The company info:
Mobile Messenger
Ste 202
2470 Saint Rose Pkwy, Henderson, NV 89074
(702) 459-4536‎

One of the newest phising/click fraud schemes to hit the internet involves a user of facebook or myspace receiving a message from a trusted friend that their profile picture has been posted to a site and the site address is included in the message. The messages vary in content but the gist is all the same and the message is intended to create curiosity or alarm in the receiver.

Some examples:

Wow I cant believe I just saw your pictures all over speedroar-com-you gotta see it.

I wanted to tell you your profile pic is on display at voteboil-com-have you seen it

I received one of these from a MUCH trusted friend on my facebook account. Had I gotten it from anyone else I would have ignored it, but because it came from this person, I fell for it hook line and sinker. Here’s how it works:

The victim visits the website (there are many) and is taken through a series of confusing pop-up screens designed to collect data from the victim. Step by step here is how the one at voteboil dot com works:

1: an alert appears informing the victim that a photo from their i.p. address has been uploaded within the last 48 hours (this is completely false)

2: The victim is asked for the full name of the friend that referred them to the site, their own full name and their email address. I am paranoid as hell about things like this as I know it usually only results in spam anyhow so I used fake information.

3: The victim is asked to create a password to login

see where this is going yet?….if not, think about it. You probably tend to use the same password for just about everything right?…well, this site has now captured an email address and a password to go with it…chances are pretty good for the phisher that he has accurate information to log in to your email account at this point – but the next step really nails it down.

4: The site wants to know how you were referred

next screen (after clicking ok)

So now the site has retrieved an email address, a password and this last step will make it easy for these people to figure out which of these services you use as a primary communication portal so that the scam can be further propagated and take in more victims. After this step the scheme branches off into several different directions and I didn’t test them all but I can tell you that this is where the click-fraud comes into play if you choose gmail – the victim will at that point be taken through some I.Q. test at the end of which will be asked for a cell-phone number to which a PIN will be texted to. Once the victim enters a phone number and clicks on “agree to terms & conditions” – and let’s face it, you’ve already spent WAY more time than you intended to see your own profile pics at this point so you click “agree” without giving it a second thought – you are billed to receive some crap on your phone at the recurring rate of $9.99 per month.

So…what to do if you have fallen victim to this scandal:

First – if you gave accurate information the first thing to do is login to your email or social networking site that you used and change passwords. If you use more than one – change them all!

Second – if you gave your phone number – and you have received some messages you need to send a test message with the word “STOP” to turn this “service” off so that you won’t be billed every month for it – then you’ll need to contact your phone service provider and if any fraudulent charges have been levied against your account demand that they be reversed and also demand that your service provider stop allowing charges from these fraudsters.

Third – keep a watchful eye on all of your social networking and email accounts for fraudulent activity.

Here is a list of other domains that are known to be a part of this scheme:

screamcaw.com, sailroast.com, spoilroll.com, spoilhike.com, barkjump.com, stalkblast.com, crawlwhip.com, buzzpaddle.com, pretendtoss.com, sprayboil.com, groanhop.com, broilwish.com, voteboil.com, cryhike.com, bakespoil.com, floatclick.com, hiderush.com, wagfloat.com, climbfloat.com, swimstroll.com, boaststing.com, spoilsail.com, mixclang.com, blinksnap.com, poachbang.com, cutboast.com, stuffrattle.com, wrestlegrowl.com, screechclimb.com, laughrattle.com, blendgrowl.com, stuffcrush.com, blinksnap.com

and finally, I know that this is off-topic for this blog but thought the information should go out in as many places as possible.

Will @ December 30, 2008