More iTunes Accounts Being Hacked For Fraudulent Purchases

Earlier this week, several users iTunes accounts were hacked to make app purchases. The hack turned out to be by a rogue developer who purchased his own apps from other users account to push it up the top rated apps section. If you thought that it was an isolated case, you are wrong since more users are now complaining of unwarranted purchases through their iTunes account.

iTunes WiiSHii Network Hacked Receipt

According to Ars Technica, a reader contacted them saying that fraudulent app purchases were made through his account to the tune of $168.89. However, only apps from a single developer WiiSHii Network were purchased. The apps in question are travel guides for Chinese cities.

Due to the fraudulent purchases the apps from WiiSHii Network are now gaining numbers in the travel category. Now the question here is how the hackers in question got hold of the passwords for users account, and if their passwords were so easy to guess, why didn’t Apple trigger an alert when a single user was purchasing the same apps over and over again?

So is this a case where any developers can go and access iTunes accounts for users who download their apps and make frivolous purchases. Why isn’t Apple acknowledging a problem at their end and continuing to blame users for having easy guessable passwords?

Even you iTunes account could be hacked, to ensure that nothing is wrong or no weird purchases have been made, open iTunes and Click on the "Account" link under the Quick Links section in the right hand side. You will be prompted to enter your password, do the needful and hit enter. In your account page, first check your purchase history, if you see some weird transactions, report the problem to Apple. Make sure to change your iTunes password even if you don’t see any problems with your account.

(Ars Technica via TechMeme)

Warning: Twitter Account Deletion Phishing Email Scam

A new Phishing email is being sent out to users saying that their accounts will be deleted unless they click on a link. The link in question leads to a scam website and may compromise your accounts.

Though I do not have any such email samples with me right now, a tweet was officially tweeted by the @safety account on Twitter, the tweet reads:

Heads-up: if you receive an email saying that your account will be deleted unless you click on a link, it’s not from us.

Twitter has been a victim of several scams in the past, most of which were sent through direct messages (DM), however, the DM scams have come down considerably after Twitter employed a brilliant spam protection for DM messages. However, it looks like spammers have begun using the plain old email scams to trick users again.

It was not clearly mentioned on how user’s email address was compromised, but make sure to delete any emails which tell you that your Twitter account will be deleted.

Is Cyberdefender a Scam?

no-go-ico On March 24, 2010, lawyers representing the Cyberdefender Corporation issued a ‘take-down’ notice to Allen Harkleroad. The take-down notice claims that Allen published false and potentially defamatory articlesabout their product and sales practices.

The Contenders:

Cyberdefender is advertised as an easy solution for PCs that are running slow or are infected with spyware or adware. You may have seen the television advertisements for and Visits to both of those websites will prompt you to install Cyberdefender software. It looks like Cyberdefender is the owner of both of those sites.

Allen Harkleroad is a well known consumer advocate, who has taken on some pretty big names in business, such as Dell, AMD, ATI, UPS and FedEx, to name a few.

The Contention:

Allen claims that Cyberdefender is a scam and has posted several articles in his websites, supporting those claims. Here’s one of them:

Beware of and Same Scam, Same Company

Here is a copy of the legal take-down notice from Cyberdefender’s lawyers:

CyberDefender Corp, MyCleanPC, DoubleMySpeed and Catanese and Wells

At one point, Allen says that he:

I installed the MyCleanPC software on a fully patched Windows XP machine that I rarely used just to see what happen. Other than installing software I use nothing else had been installed and no software had been uninstalled on the machine. It does have anti virus software on it. The CyberDefender software found over 3,000errors on a machine that runs perfectly fine, never had software uninstalled and rarely was on the Internet.

I’ve heard others claim that Cyberdefender isn’t worth the asking price. I decided to try it myself. I used Microsoft Virtual PC, with a copy of the IE6 test virtual machine. This allows me to run a clean, new, fully patched copy of Windows XP. It doesn’t have anything installed on it, not even an anti-virus program. The advantage to using a virtual machine is that I don’t have to worry about messing up a real computer.

Below, I have created a short slide show, which gives the results of my simple test.

Go here if you can’t see the embedded slideshow.


Let the buyer beware. If I see over 300 errors reported on a clean PC, I have serious doubts and would never buy the software.   What do you think about DoubleMySpeed and MyCleanPC? Would you buy them?

Fake Warnings and Hoaxes on Facebook – Are You Smart Enough to Avoid Them?

joker Every time I hear about a new scam or hoax on Facebook, I have to wonder how people can fall for these. Don’t be fooled, a few minutes of research can save you some embarrassment. Here’s an example of one of the hoaxes that’s been going around.

Fox 4 news reported… ATTENTION !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! do not join the group that runs currently on facebook with the title “becoming a father or mother was the greatest gift of my life” This is a group created by pedophiles whose aim is to access your photos!!!!!!!…!!!!! Please rotate …this post to all Your Friends on Facebook xx

In truth, there were no groups started by pedophiles. It was all a big hoax, but it got passed along in Facebook and email so often that it took on a life of it’s own. Originally, there were no groups with that name or a similar name, but some other pranksters created similar groups, just to see how much trouble they could start. It even got to the point where people were creating groups to protest the original (hoax) groups. I was tempted to laugh when I read about this hoax, but I’m also sad that there are so many people ready and willing to post stuff like this in their Facebook page or email.

Read the truth about the Pedophile Group Hoax

Here’s another one – would you pass on this picture and description?

Whale swallows man in kayak


Find out the truth behind this photo.

I found out about these hoaxes from an old friend of mine, Brett Christensen. He runs a website, newsletter and Facebook page that reveals the truth and the lies behind many of the rumors, hoaxes and scams you see in email and Facebook.

If you don’t want to be fooled, it only takes a minute or two in a search engine to find the truth. I recommend going to three different sites to perform a quick search before you pass on the next fantastic message you get.

Search Hoax-Slayer


I also recommend signing up for the email newsletters from Hoax-Slayer and Snopes.

Hoax-Slayer newsletter (monthly)

Snopes newsletter (weekly)

In case you want up to date info, here’s the Facebook page for Hoax-Slayer that Brett maintains. Just post a question on his wall and he’ll probably answer back with all the facts he can find.

It’s not a sin to be fooled by an email or Facebook post. However, you won’t be gaining any friends and credibility by passing on stupid rumors and hoaxes. Take the time to check them out.

I’ve never been fooled by a hoax or a scam in Facebook (or email), have you?

Twitter Rolls Out Brilliant Spam Protection For DM Scams

users have been a victim of several DM scams and phishing scams in recent times, most of the times, users were send scam links, clicking on which would ask users to enter twitter details or compromise a user’s account, and then send out similar messages to their friend list.


However, that may be a thing of the past, since Twitter will now pass all the links in Direct messages through one of their own services, so that they can track and halt the problem at the core itself.

What this means is that if someone sends you a link in a Direct message or if you receive an email with the direct message, the links contained in them will go through before reaching the destination URL.

This is definitely a smart move, considering that Twitter can disable a user from visiting a scam or phishing URL at their end itself. This will also allow Twitter to quickly avoid a scam from spreading across to multiple users.

I was always wondering on how Twitter would take steps to stop the DM scam, and this is one of the best possible solution one could come up with. Way to go Twitter, this is brilliant. More info at the Official Twitter blog.

Free Apple iPad Beta Test on Facebook Is A Scam

Trust hackers and malware spreaders to take advantage of people’s desires, vulnerabilities and even disasters like Chile to make money for themselves.

Free Apple iPad

A recent update on Graham Cluley’s blog pointed out a new scam on , where scammers create few pages on Facebook, which claimed that users would get a free Apple if they register to become a beta-tester.

However, this page is basically a scam which is used as a bait to get cellphone details from unsuspecting users. Take a look at the video below to learn more on how this scam is used to fool users.

For more information and details visit this post.

Another Twitter DM Spam Evolves, This Time It’s Horny

Oh My God, before we even came out of a really bad Twitter Phishing scam, we have another one back on our backside. However, this time it is not phishing though, but, it is definitely horny and asking for a chat.

Twitter Horny DM Spam

Earlier in the day, I was alerted by Sathya about this, but I did not heed much into it, but I then received the above message from one of my friends. Now I would not be surprised, but the person in question is a male.

I did a bit of research but was not able to find the origination of this DM spam, however, if you receive this message tell the person who sent you about it and alert them to change their password immediately.

This is definitely a bad thing for , controlling spam is not easy, but you have to do it no matter what. I am now awaiting the next bout of Spam to hit my inbox.

I will update this post as and when I come across more information about the origination of this DM spam, stay tuned.

WARNING: Twitter DM Phishing Spam, Haha, This you???? Can Harm You

A new bout of DM Phishing spam is doing the rounds where affected users are sending out DMs to their friends which contain links to spam websites. A sample message of the Twitter DM spam says "haha, This you????" accompanied by a phishing link.


I urge users NOT TO click on the links accompanied in any direct messages received on Twitter, unless you know and are very sure about what you are doing. For those interested, clicking on this link led me to the page below, which was blocked by . So make sure that you are using a very secure browser, which can protect you.


Again, this is not the fault of the users who sent you the DM, and they might have been affected unknowingly, so the first thing is to let them know about it. There are several more things that you should follow to stay safe from this Phishing scam, most of which I had listed when a similar attack came about few months ago. You can read it at IQ Test Spam Hitting Twitter Hard and Steps to Avoid Them.

Please feel free to retweet this post so that your friends and followers will be aware about the issue.

iPhone Unlock Scams for OS 3.1.3 Baseband 05.12 and 05.11

Unlocking is one of the toughest job for any developers, and several people including the Dev-Team do it for free. However, opportunists also pounce upon the situation and start offering iPhone unlocks for a price, albeit, they do not do any work as such and use the unlock codes provided for free by the Dev-Team and other iPhone jailbreak developers.

iPhone Scams

A new blog post on the iPhone Dev-Team blog warns users of new scams, where people are conning people into believing that they can unlock iPhone OS 3.1.3 on baseband 05.12 and 05.11. However, there is little truth in this as there is no unlock available for OS 3.1.3 right now.

Don’t fall for these scam sites!  None of them have a 05.12 unlock, none have the 05.11 unlock working on 3.1.3, none have a 3.1.3 jailbreak for newer devices like the ipt3G.  They’re trying to capitalize on your upgrade mistake, and they only need a very small percentage of people to fall for them to make their money and run.

According to an earlier report only 14% of users have upgraded to the OS 3.1.3, most of those who upgraded might have thought that unlock was already available.

So do stay away from the iPhone unlock scams for OS 3.1.3, as you may end up getting conned, or paying up for something which you can already get for free. Have you as an iPhone user paid for a unlock?

Image Courtesy: