"Tesco" Facebook scam returns, as Timeline Removal Plugin

  • File under '...really, Amazon?!'

In another example of Amazon's AWS abuse detection failing spectacularly, likely the same culprits behind last week's Tesco Voucher Giveaway scam have targeted Facebook users again -- this time with a "Timeline Removal Plugin" scam.

The scam seems to function thusly: victim clicks the link from a previous victim's event, creates a Facebook event with the same TinyURL in the Event description (containing a link to a Google Translate-wrapped AmazonAWS link) and so the cycle repeats. This doesn't involve the sharing feature, probably a technique Facebook locked down after last week's abuse.

Here are some screenshots of what will appear in your feed when a friend falls victim... Continue reading ""Tesco" Facebook scam returns, as Timeline Removal Plugin"

If you knew your site had been hacked, would you do anything about it?

Earlier this week a PayPal phishing email dropped into one of my work inboxes. I usually delete them instantly, but I checked out the compromised URL -- and surprise surprise, it was a UK domain. "OK," I thought, "I can do something about this."

Little did I know that the problem - a hacked subdomain hosting PHP redirector files to HTML on other compromised domains, and a fairly simple one to fix in five minutes - still wouldn't be fixed by the web site owner a week later... Continue reading "If you knew your site had been hacked, would you do anything about it?"

Chinese domain name prospecting scam - it's back

A couple of years ago, Jeff Ventura blogged about a fairly cunning domain name scam originating from China, whereby owners of domain names would be contacted by a 'registrar' indicating that another company was trying to register domain names with Asian TLDs that matched their existing domain name. This died down for a while, but it's back again (and it doesn't seem to have changed at all). I received one of these emails myself last week for a company I work for; read more for all the gory details (including copypasta of the email conversation I had with "Lebron Zhu"). Sinohosting also reported on this when it first began to occur.

[Update, July 20: They're still at it, this time with a new name and company: James Hong, "Senior Consultant of domain name registration and solution center in china" and "one company which self-styled "Packs Co.,ltd" were applying to register [company name] as Network Brand
and following domain names"
.

If it walks like a duck, talks like a duck... [update ends]

From Jeff's blog entry;

This is clever and it took a bit of time to figure out the pathology.  But there is one, and it's interesting.  Continue reading "Chinese domain name prospecting scam - it's back"

I