Scam alert

[Wil Ferch]

Guys:

I posted an item "for sale" in my local region PCA club. I got an inquiry from someone who wanted to do paypal. So far so good, and I saw no problem. The problem comes in the posted Paypal link he provides you ( in case you currently don't have Paypal), and he has it set up with malicious malware. Here's the warning note I sent to my local Porsche club newsleter editor....for him to warn our local club members as the scammer may be fishing there still.

Seeing he found a Porsche part....I am extending the warning to this group. My letter to club follows--->

--------------------------------------

Jim:

Post a warning to the Porsche club members. There is a scammer ( Rayman david , email---> " dedaveray at rediffmail dot com " ) who wanted to buy my item in our classified section. He says he's an oceanographer at sea...and can only do Paypal. Sounds weird but safe enough. His method--> he says in his text that he can ONLY do paypal, since he's at sea.... and if you ( the seller) don't have an account, he provides a paypal link in his text to make it easy. Problem is, his link is false...and includes malware to dig up financials ( like your REAL paypal)...and corrupts this. Man...some people.

I tried this test....I already had paypal so I did NOT click, but went ahead with the deal. All of a sudden, he answers by email that he has a "Small problem" and says he needs me to click on a Western Union link he provides for shipper issues, etc. Ding, Ding, Ding.....scam alert. when you click, he now attaches malware to your Paypal account and gets your financial information....with
"who knows" what damage he can do.

- Wil

----------
PS --- Kudos to Pelicanhead Twistoffat who I talk with often....who advised me from the start of this possible scam.

[Wil Ferch]

Here's the multiple email exchange with him, for record....so you can see his method....
I omitted my last "response" to him, as this is a public forum viewed also by children
His last email to me.....long , cocaine-driven-run on-sentence....is the big tipoff.
- Wil
================================================


On Tue, Apr 12, 2011 at 4:06 AM, Rayman david wrote:
I was just about to make the payments when i had this little problem with the picking up of the Item , I am currently on sea and i am buying the Item for my dad as i explained earlier on and i tried to book pick up with my pick up agent, but they asked me to pay first before they can make the booking, and they only accept western union money transfer for payments and they don't accept paypal or bank transfer and I tried to send the money online but i could not and I am on sea and there is no way i can find a western union agent to make the transfer to my pick up agent, so i wanted to ask if it was okay for me to include my pick up agent's fees in the payments I am about to send through paypal,my pick up agent charged $200 plus insurance and all of that,please can i include their money in the payments I want to send then after i have made the payments you will help me forward the $200 to my pick up agent through western union money transfer,this I would have done myself and not bother you but the for the fact that I am currently on sea, so after I have made the payments you will help me send $200 to my pick up agent through western union money transfer,I just wanted to seek your consent before going ahead with the payments,I will more than appreciate if you mail me back, and I will be making the payments shortly.

PS:the shipping company's Head quarters is in England and any pick up fees to be paid is sent to their head quarters by the payee, so the money for pick up will be sent to their head quarters in England through western union money transfer(this can be done from any post office) or you can do it online at Money Transfer | Western Union

Thanks,
Rayman.

On Tue, 12 Apr 2011 05:32:18 +0530 wrote

>Rayman:

I am asking $300 USD, per the ad. If you need to do Paypal, there is typically a 3-4% fee to me for incoming money for purchases. I will need to add a similar amount to the asking price. Let's make it simple and just say $310. For clarity, this is an aftermarket ( probably M A Shaw or Getty Design) Porsche tail, in white primer/paint that still needs a bit more sanding/prep prior to painting. It is very light compared to a factory piece. My address is in a 14127 US zip code. Are you a US national and would your purchase be considered a domestic purchase?. I am guessing this to be the case and that is the Paypal fee structure that would apply.


Let me know if this is agreeable with you and what your suggested next steps are. My Paypal is linked to this email I use.

Do you work for Woods Hole Institute ? Fascinating stuff !!! ..........be safe.

Regards,
- Wil Ferch
ph: XXX-XXX-XXXX
email: ferch dot wil at gmail dot com

=========================================



On Mon, Apr 11, 2011 at 3:48 PM, Rayman david wrote:

Thanks for the feedback, i really appreciate it,i am an oceanographer and am currently at sea at the moment, i am buying the item as a gift for someone, i want to make it a surprise for him,he wont know anything about the item until they get delivered to him, i can only pay through pay pal as i don't have access to my bank account online as i don't have internet banking,but i have my bank account attached to my pay pal account and this is why i insisted on paying you through pay pal,So please kindly get back to me with your pay pal and pls if you don't have PayPal account yet,it is very easy to set up, go on http://www.paypal.com and get it set up,after you have set it up i will only need the e-mail address you use for registration with PayPal so as to put the money through..Notice you don't need to bother your self about the shipment,i have an pick-up agent that will come for pick-up,they will also determine and secure the shipment,Hope to read from you soon.


Thanks,

Rayman.

On Tue, 12 Apr 2011 00:40:23 +0530 wrote
>Did you see the ad in the Niagara PCA club newsletter?
- Wil Ferch
XXX-XXX-XXXX

============================


On Mon, Apr 11, 2011 at 2:58 PM, Rayman david wrote:

Hello Seller,
I want to buy this item and need to know the last price and please i can only pay using pay pal, and after payments has been made i will arrange for pick up of the item.



Thanks.

Rayman.

[john walker's workshop]

[Hello Seller,
I want to buy this item and need to know the last price and please i can only pay using pay pal, and after payments has been made i will arrange for pick up of the item.]


that alone should have been enough warning. standard scammer bs.

[Wil Ferch]

John:

True enough...at some level. Yet again, one thinks, "Paypal...the guy's gonna hafta pay first...what's the problem even if his text sounds weird?".

Well...here's an example....sorry to say.

[Geronimo '74]

Did you include the malicious links in your post?????

His second mail is so poorly formatted that i could not bring myself to read it completely.
For me, that's where the deal was off (didn't even begin reading the second one...)
It's a scam for sure!

[Wil Ferch]

I surmised malicious link.....in the form of something bad happening to you *once* you click any ANY of his provided links...how else would the scam work? Unless of course he strings you along with other "problems" that end up costing you.......

Understand that my deal was going to happen BEFORE his second text.....that run-on sentence structure of his second note is the tip-off then for sure. Anyway...BEWARE of this guy and his address.

[s_morrison57]

This loser tried the same thing to me , wanted to buy my 930 sight unseen and after I got the money he would send his mechanic over to check it out. Gift for his dad and he was out to sea as well, no he's out to lunch if he figures I'm buying into that, mailed him right back after he sent 2-3 mails to me and said it was sold.
This was on Craigslist in Vancouver about 2 months ago so this turd is looking all over for suckers and probably not only on Porsche sites.

Finn

[Wil Ferch]

I hate scum like this....and they are *so* tantalizingly close and available via their email..... There has to be a better way to "reach" out to them and get them in front of authorities....but I'm a dreamer, I know.

[wildcat077]

He surely sounds like he is at sea ... maybe someone should throw him overboard ... lol
Aren't these guys incredible !

Cheers !
Phil

[Quicksilver]

The important bit to take from all this is:

When ever you are thinking of clicking a link from an email or a webpage that is even possibly questionable:
Hover the mouse over the link and look at the status bar at the bottom to be certain of where the link really goes.


Here is an example (non malicious):
- http://www.rennlist.org/ -

If you hover the mouse over the link you should see in the status bar that it actually links to Google.
Watch out for links that only have part of the correct name in them. For example www.paypal.com.ru is not even close to www.paypal.com


Another helpful self protection tidbit. If you ever suddenly get a popup that says something like "You have viruses" or "You have malware" DO NOT CLICK ANY Of THE BUTTONS... EVEN THE "NO" OR "CLOSE" BUTTONS. The buttons are all programmed by whoever created the page. Close the window using the X in the upper right corner. Then close your browser and then run a scan with your antivirus software or a good anti-malware program like Malwarebytes.
(If you get stuck in a loop of endlessly opening popup windows close the windows as listed above while hitting the escape key [Esc] as fast as you can. This will prevent the next page from loading.)

[uwanna]

Another helpful self protection tidbit. If you ever suddenly get a popup that says something like "You have viruses" or "You have malware" DO NOT CLICK ANY Of THE BUTTONS... EVEN THE "NO" OR "CLOSE" BUTTONS. The buttons are all programmed by whoever created the page. Close the window using the X in the upper right corner. Then close your browser and then run a scan with your antivirus software or a good anti-malware program like Malwarebytes.
(If you get stuck in a loop of endlessly opening popup windows close the windows as listed above while hitting the escape key [Esc] as fast as you can. This will prevent the next page from loading.)[/QUOTE]

Good info in the example quoted, HOWEVER, the popup window claiming you have viruses is programmed to give you a virus WHEN YOU CLICK ON THE UPPER RIGHT RED "X" TO CLOSE THE WINDOW!!!!! DO NOT, REPEAT, DO NOT CLICK ON RED X TO CLOSE THE WINDOW!!! Instead do a Ctl ALT Delete to bring up the screen that allows you to select "Task Manager" and use task manager to end the fake virus window. This virus scam is so insidious, and received by so many folks because we are "programmed" to hit the red X to close a window, and that becomes your downfall!!
The suggestion on Malwarebytes will help you get rid of the virus as well as MRT which is a Microsoft program already on your windows system. you just click "run" then MRT, which stands for "Malicious Removal Tool"

I just removed this virus from a friends computer yesterday using the tools recommended. When she told me about the fake virus screen, she said, "How could I have gotten a virus, I clicked the red X and closed the popup" I then related the info about X click causing the virus to download, and she said "Those BASTARDS!" I agree.
Be carsful!!

[dtw]

Guys, FFS. If you hear "the item" and "last price", move along.

[intakexhaust]

Thanks for the heads-up on this idiot. I can't stand these scammers and time wasters. This goes for the overload of them on craigslist.

When I get stupid replies, mostly about changing my terms or requirements, I just delete them. As for the bogus poop-up's 'you have a virus, etc.' I do a control-alt-delete to bring up task manager, shut down all and then run defender and my AV program.

[Zeke]

Quote:

Originally Posted by uwanna

Another helpful self protection tidbit. If you ever suddenly get a popup that says something like "You have viruses" or "You have malware" DO NOT CLICK ANY Of THE BUTTONS... EVEN THE "NO" OR "CLOSE" BUTTONS. The buttons are all programmed by whoever created the page. Close the window using the X in the upper right corner. Then close your browser and then run a scan with your antivirus software or a good anti-malware program like Malwarebytes.
(If you get stuck in a loop of endlessly opening popup windows close the windows as listed above while hitting the escape key [Esc] as fast as you can. This will prevent the next page from loading.

Good info in the example quoted, HOWEVER, the popup window claiming you have viruses is programmed to give you a virus WHEN YOU CLICK ON THE UPPER RIGHT RED "X" TO CLOSE THE WINDOW!!!!! DO NOT, REPEAT, DO NOT CLICK ON RED X TO CLOSE THE WINDOW!!! Instead do a Ctl ALT Delete to bring up the screen that allows you to select "Task Manager" and use task manager to end the fake virus window. This virus scam is so insidious, and received by so many folks because we are "programmed" to hit the red X to close a window, and that becomes your downfall!!
The suggestion on Malwarebytes will help you get rid of the virus as well as MRT which is a Microsoft program already on your windows system. you just click "run" then MRT, which stands for "Malicious Removal Tool"

I just removed this virus from a friends computer yesterday using the tools recommended. When she told me about the fake virus screen, she said, "How could I have gotten a virus, I clicked the red X and closed the popup" I then related the info about X click causing the virus to download, and she said "Those BASTARDS!" I agree.
Be carsful!!

Thanks for that, but once in the Task Manger window, what do you close? There are dozens of things running and a lot of them have rather obscure titles. Like several SVCHOST.xxx

[tharbert]

I'll add to what Milt said... You can press alt F4 to close any window without clicking on anything. It's an old Windows shortcut that's been there from 3.1.

If you go the Task Manager route, iexplorer.exe will close the browser. If, however, the window was opened by a java script, the name could be anything. I generally look for capitalized alphabet soup, something like DEERPT.exe.

---edit---
Let me warn you all now... Be sure to keep your Java JRE, Quicktime, and all Adobe products esp. Flash and Reader updated. More recent compromises are coming mostly across unpatched third party programs and less through vulnerabilities in the OS or browser. I can't tell you how many folks I come across with FUBARed computers that, when I ask, they almost take great pride in saying that they never install those stupid patches. Patch early, patch often. Patch Java from the Control Panel, Java Icon and be sure to UNINSTALL ANY OLD VERSIONS OF JAVA!. When in doubt, uninstall and get the newest version of Adobe stuff, both the free and paid license programs. ---Exiting soap box now---

[vracer]

Thank you Wil & uwanna. Great alert and information.

[Quicksilver]

Quote:

Originally Posted by uwanna

. . .
Good info in the example quoted, HOWEVER, the popup window claiming you have viruses is programmed to give you a virus WHEN YOU CLICK ON THE UPPER RIGHT RED "X" TO CLOSE THE WINDOW!!!!! DO NOT, REPEAT, DO NOT CLICK ON RED X TO CLOSE THE WINDOW!!! Instead do a Ctl ALT Delete to bring up the screen that allows you to select "Task Manager" and use task manager to end the fake virus window. This virus scam is so insidious, and received by so many folks because we are "programmed" to hit the red X to close a window, and that becomes your downfall!!
. . .

Yes, if the "X" isn't the same as the X on all your other windows then you are clicking on "their" code and not telling your computer to close it.

If you are going to go to the extent of using TaskManager then it is best to go to the Processes tab and find your browser (IEXPLORE for Internet Explorer or FIREFOX for FireFox) and right click on it and then select "End Process Tree". That will kill anything that has started running because of your browsing session.

Take note that most free "Anti malware" programs on the web are actually malware!!!

If you are infected here is a good list of free programs to try to clean out a system:
- Malwarebytes http://www.malwarebytes.org (Really good)
- ComboFix http://www.combofix.org/ (really good and almost unknown!)
- SuperAntiSpyware http://www.superantispyware.com/ (rather good)
- TrendMicro Housecall http://housecall.trendmicro.com/ (really good for trojans)
- Spybot Search and Destroy. http://www.safer-networking.org/
- AVG Antivirus http://free.avg.com/ (Not the greatest but legally free for personal use.)

Good antivirus programs:
- Kaspersky http://www.kaspersky.com/
- ESET NOD http://www.eset.com/
- Panda http://www.pandasecurity.com/usa/
- F-Prot http://www.f-prot.com/
- Symantec Endpoint Protection http://www.symantec.com/ (corporate license only)

Not great antivirus programs (but better then nothing)
- AVG (at least it is free)
- MacAfee
- Norton
- Anything free from your ISP, AOL, or Yahoo.

It is important to take note of the difference between how you protect yourself and how you try to clean your computer if you do get hit.
Do not run more then one antivirus/scanner product so it is always scanning. If you run 2 or more good scanners it can make a computer crawl to a halt.
But...
When you do get hit run a number of them to make sure you get all of the pieces of it. Just don't install them so they run "resident" (all the time). Once the computer is clean you can go uninstall the extra programs if it is an issue.

If it is a critical computer I would run in order:
ComboFix
Malwarebytes
TrendMicro Housecall (requires an internet connection)
and then either SuperAntiSpyware or Spybot Search & Destroy.

---
Final bit...
Viruses are professionally written. They are not written by antivirus companies. A study last year reported that 80% of all malware could be traced back to 30 organized crime groups. They have the best technology, the smartest people, and are very well funded. It is a multi trillion dollar a year industry.
Your protection is being paranoid (boring on the internet is good... free and flashy is bad) and patching your computer: Adobe Acrobat/Reader, Adobe Flash, Java, your web browser, and Windows itself. (This list is in the order of risk!)
Remember that there is no guaranteed way to remove this stuff. At a certain point it is best to just reload your computer.

[dshepp806]

Don't forget worst-case reply,..the power button?

Doyle

[Cairo94507]

Scammers should be taken out back, blindfolded, and hung from the highest tree. Then they should be quartered and fed to the pigs.

Oooops, I was typing out loud there. I apparently have some residual anger from all of the BS malware crap I use to get when I used a PC. That all stopped when I switched to the "other machine".

[Wil Ferch]

I'm pretty fuming too...as a hacker ( so far, traced to Malaysia) hacked my gmail account at the beiggining of this year....changed my password to lock me out....and proceded to have extortion/help type emails with all my 1300 contact list. Got it all straightened out but the disruption to my personal and business life was terrible

..... yep, quartered and fed to pig would be too good......