Buying rnicrosoft.com And Other Fake Websites – The Easiest Way To Scam People

Typo Squatting and spelling errors on domain names can make your shopping experience at Amazon a living hell. A scammer will typically purchase a domain name that resembles that of a major company and install malware or worse yet, steal hundreds of dollars from your bank account. Because of these scammers, Amazon has taken proactive measures to stop possible scams against their customers, they have purchased multiple variations of their domain name – Aqmazon, maxzon, amzon, and many more.

Now there are other names that you can purchase that no one really thought about, they include switching letters with numbers, or combining letters to form a new letter – the reason no one ever though about it until now, is because they are so far out of the way to type, to be a screw up. For example the letter l and I (L and i ) they both look the same in some browsers. Also combining the letter R and N forms the letter M in some browsers. This new type of squatting may not mean anything to you. Especially when you’re not going to make the mistake of typing in RNicrosoft.com on a website, but think about how many people can e-mail you these links or post them on facebook and direct you to a website that looks identical to the real deal? here is an example arnazon.com looks very similar to amazon.com, an unsuspecting victim may not see the difference until you look really closely into the domain name.

Other examples are Google.com and Goog1e.com, or e5pn.com. These fake domain names are going out for thousands of dollars each, RNicrosoft is selling for a little over $4,000 dollars, which is nothing for Microsoft to purchase, especially when they can really get taken advantage of by a group of scammers. Just recently Microsoft took down a large BOT Net with the aid of the US Marshals, they usually sent out e-mails with links to less than reputable sites like PaiPal.com etc, now imagine getting an email to PayPaI.com where the i looks like an L at the end of the address. Now not even looking at the domain name to see if it’s okay is going to work. The only protection you’ll have then is copy and paste the link then paste it into a word document and change the font to something different.  [SEDO via Gizmodo]

Did Facebook Get Caught Reading Your Text Messages – Not True

London’s Sunday Times claimed that Facebook admitted to reading the text messages that were being sent by their users. They weren’t talking about the text messages that are were sent via their “messages” application, but the actual SMS messages that were sent between your cellphone and another person’s cellphone.  They claimed that Facebook was reading the SMS messages of the users who downloaded their Facebook app onto their smart phones, which could be millions of people.

According to the Sunday times, “Facebook” claims that it was doing it for research so they can launch their Facebook messaging service, but the article was not very clear as to when or even IF this actually happened. The article quoted several sources but they were not named. According to TechCrunch a Facebook spokesperson speaking to ZDNet said there is “no reading of user text messages.” Facebook says the Times piece is “completely wrong” but says the Facebook Android application permissions require SMS read and write capabilities.

Facebook said that lots of communications apps use these permissions, and the application technically has the capability to integrate with the phone’s SMS system, but added that it is for testing purposes. The company did not respond to the claim that the Times “admitted” to reading text messages, however.

Shortly after Facebook released this statement, the Sunday Times article was taken down, at least that’s what it seems like when you click on the link. So good job Times, you just completely paranoid a whole bunch of people that were sending text messages about the upcoming parties.

Scientist are Developing a Device to Unlock your Computer with your Heartbeat

Anonymous made a very good point when they said that all passwords are hackable. You can’t ever really be 100% secure, passwords are a problem that for the most part, will never go away. It doesn’t matter how secure, long, or protected you believe your password is, if a hacker really wants to get into a webpage or system, given enough time, they will manage to break into it. But if a group of researchers have it their way, some day we may have a password that is unique to each one of us and the only way to hack it is by taking our heart.

The researchers are playing around with the idea of using the human heart beat and associating the beat with an encryption key, by taking your heart’s ECG reading from a person’s hand, they can extract the signature beat of the heart and generate the password needed to unlock your device.

This should be ultra-secure, in theory, but what happens if you’re running or you’re minutes away from turning in your midterm paper but your heart is racing because of how nervous you are? Well, according to Chun-Liang Lin from the National Chung Hsing University in Taichung, Taiwan, the human heart never repeats the same pattern. The encryption scheme is based on a very sophisticated math algorithm that can figure out when the user is the right user based on missed beats, length of beats, and other small tale tale signs.

The goal is to build the system into hard drives that will use a device to detect your heart beat almost instantaneously to unlock your device. Via NewScientist

Anonymous Donated Money to Charities from Stratfor’s Stolen Credit Card Numbers

Anonymous hacked again, this time in the spirit of Christmas – depending on who you ask. Anonymous claimed to have hacked into Stratfor, the American security firm, they then stole private credit card numbers, passwords, addresses, and emails from the firm’s clients.

Shortly after the hack, they delivered the payload via Twitter where the followers were asked to download the information. After the information was downloaded, unauthorized charges were made to the stolen credit cards – they donated gifts to charitable groups like the American Red Cross and CARE.

I’m sure that the owners of the credit cards are going to try and pursue Anonymous, but as far as the charity goes there can only be two outcomes for this:

1)    They can be douche bags and ask for the money back effectively ruining Christmas for someone.

2)    They can play the nice game and let them keep the charities.

Anonymous stated that Stratfor the – Super Awesome American Security Firm – failed at maintaining their client’s data by making a rookie mistake. They stated that Stratfor did not encrypt their data. This is something that even a fresh out of the oven security company should know about.  Since the attacks on Sunday the site has been under maintenance.

As far as how much information was stolen, Anonymous claims that they have information on the 4,000 Stratfor clients, and over 200 gigabytes of stolen information. Some of Stratfors main clients were the Defense Intelligence Agency, The US Air Force, Apple and even Microsoft.

Even though this sucks, at least Anonymous did something good with the stolen credit cards – in my opinion that’s not that bad considering how much money these agencies have.

Misspelled websites aim to steal information – How Type Squatting Works

Typosquatting, is a term given to a person, or company, that buys a URL that is very similar to that of a legitimate website. People that buy Typo URLS are doing it for a couple of reasons, to sell it the legitimate website at an inflated price, bandwidth jacking where they steal traffic from typos, or the modern day tactics of stealing people’s identities.

Typosquatting relies on mistakes made by internet users when they input the name of a website into the address bar. The people that buy these typo-urls sometimes make websites that look identical to the site the user was trying to visit. Because the websites look identical, the unsuspecting user has no idea they are becoming a victim. The owners of these sites try to trick the users into releasing private information, credit card numbers, and even security numbers.

As the internet became more popular for shopping and for registering for services, the cybersquatters began to focus more on stealing peoples identities to anything they can possibility get a hold of. Best Buy, Tumbler, Facebook, Chase, Video Service Sites, etc.

An internet security firm is warning that there are several websites that give criminal the ability to hijack your system. The San Diego based Websense, Inc. has identified as many as 2,000 typosquatter websites that look identical to the real ones.

If you’re a Tumblr user, there are 3 different sites that look very similar to Tumblr.com  One of them is a survey website, this site tries to trick you into taking surveys so the owner of the site makes money.

A traffic stealing site is Tumbler.com, you are taken to a site where you can purchase cups. This version of the site does not look anything like Tumblr.com but it’s used as a Traffic theft site.

But outside of that, there are hundreds of other sites that can enable criminals instant access to your computer. Most domain names are part of a giant bot network. This network is used to steal passwords and obtain personal information to get access to your financial institution.

Other typosquatting domains try to use phishing schemes to steal your passwords and credit card numbers.  Then there are sites that claim you have won iPads, computers, money, or other different gifts – these sites will try to take information.

Websense said that some companies actually buy up domain names with misspellings to protect their customers. Amazon for example, registered Aqmazon, maxzon, amzon, and many more. Have you ever landed on a typosquatt site?

Windows 8 Picture Password Sign In

Windows 8 will be implementing a Picture Password

If you know anything about security, this only smells like trouble. The user selects a personal picture. After a personal picture is selected the user must implement a series of gestures. These gestures are tap, line, and circle.

In my opinion, this is a horrible idea that Microsoft’s Engineers came up with. I sense this will only cause chaos for the user, and a headache for Network Administrators.

A large part of workplace user calls are because they have locked themselves out.

What do you think? Good Idea from Microsoft’s Engineers, or a headache in waiting?

The initial Beta release of Window’s 8 is set for February. The launch is expected late of 2012.

The Republican Party is Afraid the Iowa Caucus Might Get Hacked by Anonymous

The Republican Party is afraid that anonymous hackers are going to be targeting the Iowa caucus polling system. The Iowa caucus, is perhaps one of the most influential state appearances for a presidential candidate because it’s always been the first step to get nominated.

The GOP believes has reason to believe that Anonymous is going to change the results and ruin the republican’s chance of winning the state… I wonder why?

The video above was allegedly posted by Anonymous, it calls for all of their supporters to “peacefully” shut down the Iowa caucus. If you know anything about previous attacks, “peacefully,” means hacking into computers or sitting out in front of buildings. The reason they are doing this is because of how corrupt the political system is in the US. The GOP thinks that the Iowa caucus is going to be corrupted by hackers, they will modify the votes, crash the website, and cause them to lose.

According to the AP, in response to the video, the GOP is going to increase their security, they believe that by boosting security of the electronic systems, they will make sure that no one tampers with their computers. The party is not talking about what strategy they are going to use because they think that the hackers will try to go around their security. “they want to surprise the hackers” when they try to take the site down.

Blog Advertisement Scam Alert: Jino Agency and Blog Banner Ad Scam

How great would it be if your blog, which is just starting out, gets the attention of an international advertisement company – better yet, they want to purchase and advertisement space for whatever price you throw at them? Well, that’s what happened to one of our blogs – Evilnickel.com – The blog gets about 100 views a day, and is little by little getting new posts.  But earlier in the week, we received an e-mail that didn’t look like a scam, until you got down to the third or fourth e-mail.

The internet is full of scams, there are hundreds millions of different cleaver ways that a person can take your money without you even suspecting a thing. Many people online have been able to use the internet to make money, but because of the notion of – well, he’s doing it, why can’t I? – people fall prey to scam artists who mask their intentions with something that sounds legitimate and true, but usually isn’t. Make sure you “google” any and all kinds of “get rich quick” e-mails you receive.

We’re all too familiar with the Nigerian scam where a King is asking for help to transfer a large amount of money to a different bank. That same scam has been re written into the Apartment/car/lease scam. Where an individual sends you money in a check and then asks you to wire him part of the money back after you deposit the check – three days later, the check bounces but the guy already received the money, and you’re out of the money you sent the guy. These scams, fail because they are WAY over the top of your average internet user… you may fall for the scams when you’re a novice internet user – or when you trust other people too much. But eventually you learn from the scam, and never fall for a similar scam again. Remember – If it sounds too good to be true, it usually is.  But what happens when you find a scam that you’ve never encountered before? Google it, make sure that no one else has fallen for that scam in the past. If you found this article is probably because you’re looking for the advertisement scam.

So What is This Scam?

I’m always on the internet, I’ve had my fair share of experiences with Scams on the regular basis. Friends of mine have fallen victim to all types of scams, even family members have fallen for vehicle scams on Ebay. So I never thought I would fall for a similar scam, and then I got this email:

Your Name: – Killian Blanchard
Your Website –
Your Email – kblanchard@jinoagency.com
Your Phone Number: –
How should we contact you? – By Email
When Should I Contact You: – ASAP
Your Message: – Hi, We are looking for new advertisement platforms and we are interested in your site evilnickel.com. Is it possible to place banner on your site on a fee basis? Best regards, Killian Blanchard
Did You Find My Website Through Google? – Not Checked

Form Displayed on Page: evilnickel.com/contact-us-2/

I have seen these kind of advertisements come through my site in the past, and honestly most are legitimate. So this kind of e-mail didn’t send any red flags to me. I replied  telling them that I had several different areas to accommodate their advertisement. I asked them what they were looking for, and they replied with the following e-mail:

Hello,

Thanks for reply to our proposal!

I represent Jino Agency. At the moment we are preparing an advertising campaign for Lacoste Company (it is a French company producing clothes, footwear, perfumery etc.) We already have designed banners for the campaign, they are the following sizes: 160×600, 240×400, 300×250, 336×280, 468×60, 728×90.
What can be your price for one banner (banner should appear at ALL pages of your site) of abovementioned sizes (please specify the place for the banner – top, bottom, left, right)? Please mention a normal link for banner, without javascript code and set prices in US dollars per month.

Best regards,
Killian Blanchard.
site: www.jinoagency.com
e-mail: kblanchard@jinoagency.com
phone: + (0)9 78 62 49 25

I sent them My prices for an advertisement that would go at the top of the page across all of my pages. Usually I tend to over price the advertisement expecting them to negotiate the price down to a price that is going to fit both the agency and I. But to my surprise they e-mailed back with:

Hi!
Thanks for reply to our proposal!

We like your price.
To pass to the banner control system follow the link http://webmaster.jinoagency.com
To enter use the following data:

login: ———
Password: ——-

You should install and activate the plugin in order to display advertisement. Before making payment, advertiser must approve location of the banner. The banner will be shown on your site when you add special code to your web- address (for example: http://evilnickel.com/?adv_test=1). It means, that visitors will see the banner only if it is approved and payment made.

To get installation instruction for your site type pass to: http://docs.jinoagency.com/wp_install
To activate your site you have to enter the code: ———

What way of payment is suitable for you?

This was the first red flag that came blasting through the door, why would they require me to put a java script? At first I thought it was similar to the Google Adsense campaigns, so I logged into the website to see what it’s all about. The site looked dull, it didn’t look like the professional ad companies that I’ve dealt with in the past. And even then, the companies that I dealt with in the past would send me the image of their banner with a tracking cookie, and I would place that on their desired ad spot. Being a PI, I started to do some research about the company. I clicked on their site and it took me to this page:

I know my fair share of design and website development to know that the website was probably made in an afternoon or so, I also know that advertisement companies usually have a very well designed website. Something that is going to impress their customers – this lacked all of those things. I then clicked on the “news” links and instead of taking me to a reputable website instead, I was displayed JPG images of news-papers similar to this one:

What are They After?

When you sign up to their website and actually install the code, which can be found here if you want to examine it, you are going to be asked to send them payment information – How do you want to get paid? – You do want to get paid from them right?

I never went through with the full campaign, but this kind of scam is the same one as the – something is wrong with your paypal account, click here to sign in and approve our payment – they send you to a phishing PayPal account that looks exactly as PayPal, but when you type in your credentials, they wipe your PayPal account clean of all the money. If you have your PayPal attached to your Bank Account, there goes that money as well.

If you’re having trouble understanding why or how this is a scam, here are all the Red Flags – Evil Nickel gets about 100 views per day, 3k a month. If we’re lucky, the company wants to put and advertisement on a website that is not going to pay out them. They wanted to put a clothing companies advertisement on a site that is not about clothing at all. The ad placement was overpriced, and lastly, no advertisement company is ever going to ask you to install a plugin to make something work. Not even Google uses plugins to serve their advertisements. A simple search online revealed several other people who have the problems with their sites. But perhaps the BIGGEST red flag of them all, is the following image from other companies:

Do they look familiar? It’s the exact same website as Jino’s website. So who’s responsible for these sites?

  • Killian Blanchard – – Jino Agency
  • Noa Morin – – Kara Agency
  • Oscar Meunier – – Kervel Agency
  • Jules Barbier – – Marka Agency
  • Rayan Meyer – – Bevesto Agency 

It doesn’t matter who sends you this advertisement, if anyone is asking to install a plugin, make sure you never do it. Especially if they are asking you to install a plugin that is not in the “wordpress plugin market” Hope this helps you a little, and if you’ve had an experience with them before, let us know in the comment section below.