Archive

Posts Tagged ‘Email address’

LinkedIn new Scam: Upgrade free to LinkedIn Premium

August 8, 2012 15 comments

Today, E-Crime Expert encountered a new scam, related to LinkedIn this time.

How it woks:

I received an email on my regular email address which said that because I am a valuable LinkedIn user, they will upgrade my Basic accoun to a Premium one for free, for one month period.

Picture 1

I did not know that this is a scam so I proceeded with the upgrade. After I clicked “upgrade” I was promted to introduce my LinkedIn password. I did so, but nothing hapenned.

Then, I checked my LinkedIn account on a different webpage and still there my account appears “Basic”, so no upgrade done as promised.

Picture 2

Instantly I realize that this is a scam having as purpose the access of your valuable friends database with email addresses, phone numbers, professions, etc. The purpose of this scam is to retrive for free this valuable information that later can be used for identity theft, or spam, or aother related scams.

Action:

if you did upgrade your account, please change your password as soon as possible

If you received this message but did not upgrade yet, please don’t do it.

If you have further questions, please fel free to contact us at: dan@e-crimeexpert.com

Warning: Domain name personal data retrieval!

October 4, 2011 3 comments

This post is a special edition as this type of data vulnerabilities and scamming risks are significant.

The blog shows how sensitive personal data can be retrieved without authorization, in one of the easiest ways I personally experienced:

-Anyone can type in their browser: http://www.who.is/whois/

Next step: type in the search box a web address they know or find freely on the Internet such as: http://www.e-crimeexpert.com, then hit “enter”

Fig. 1

-After, from the bottom of the page, the link under “For complete domain details go to” can be easily copied and further use:

http://who.godaddy.com/whoischeck.aspx?Domain=E-CRIMEEXPERT.COM.

Fig. 2

-Once the link will be introduced in a web browser (copy and paste),  sensitive and complete personal data as shown bellow, will be made available:

Registration domain

Registrant’s  full name

Complete email address

Complete home address

Complete phone number

Registration date

Expiration date

Last update

Fig.3 

 

Indeed there is a “no data use” warning posted on the page, but personally I have doubts that this will stop anyone from using this data, (outlined in the red circle).

What someone can do with this data? A scam! Any kind of scam, but mostly it is preferred the domain registration one.

How it works:

A letter will be send on the name and to the address available on WHOIS website claiming to pay the registration fees for your domain name. The expiration date is indicated (it is real) and it is available on the website for anyone.

The same letter will ask the registrant to pay the registration fees for another two years and provide the credit card number and  credit card expiration date details.

Fig. 4

 

Fig.5

What would they do with it? The scammer will clone your card and buy products online or from offline stores (such as electronics, computers, jewelries) having the purpose of selling them for cash.

A website address may be a public domain but the registrant’s name, home address, email address, phone number should not be public at all!

To me not the scam itself it is the most concerning but the easiness how sensitive personal data is available to ANYONE on the world wide web !!!

There are never ending discussions about how policies should be like, how new SNS’s features should be like, but do those policies and features help effectively protect many users from privacy intrusion, unauthorized access of personal data, fraud and scams? I am not sure, but what I am sure about is that AWARENESS, EDUCATION, KNOWING which are the risks, and how could be defeated, can protect users from being victims of identity theft, privacy intrusion, financial frauds, access of personal data.

When registering a domain name, one can chose to keep the registration details private, but unfortunately the account comes with this settings set public by default, instead to be set private by default. How many users know about these risks and how to protect against them? In order to get the registration private, some steps should be done which it is not known by many users/registrants.

This post aims to emphasis one more time how vulnerable our private data is on the Internet.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know this scam? Did you know how to retrieve such info? What do you think about the easiness of this method?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: