dfwci.com

Posted on 19th March, 2013 | Tags : DHL, DHL delivery report, LABEL-ID-NY19032013-GFK78.zip, phishing scam, post office, reports@dhl.com, superimposehp74@gmail.com | 7 Comments

Today’s pathetic phishing SCAM allegedly comes from DHL.

The grammar of this sophomoric phishing SCAM is so incredibly hideous I simply HAD to share it:

Message Subject: DHL delivery report
Message Sender: reports@dhl.com
Alleged Actual Sender: superimposehp74@gmail.com
Spoofed sender: cjdngbsmebvp.yapfq.su
Actual server delivering this dreck: ldlhilzayzugdaz.ozckjclio.ru
(Russian – no big surprise)

Now is where the fun begins – the message body:

================================
(Notice there is no greeting here – your first clue)

DHL notification

Our company’s courier couldn’t make the delivery of parcel.

REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: ETBAKPRSU3
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.
(Really?  DHL delivers your parcel to the Post Office?)

An additional information:

If the parcel isn’t received within 15 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
DHL Global

================================

The pitiful excuse for English grammar and sentence structure in this silly email is absolutely laughable.

The attachment designed to ruin your life and empty your bank accounts is:
LABEL-ID-NY19032013-GFK78.zip

Let’s not go clicking on crap like this, shall we?

Posted on 13th March, 2013 | Tags : AT&T, AT&T Customer Care, phishing scam, Wireless Billing | No Comment

AT&T Wireless Billing Phishing SCAM

A very disturbing new phishing scam looks exactly like your monthly AT&T Wireless billing notification.

If you’re like many iPhone users, you receive a monthly notification that your wireless bill is ready to be viewed online.

What you may not notice is your next “reminder” is not at the usual time in your billing cycle and you may click on the link to log in and… KAFLOOEY! (that’s the technical term) – your identity is promptly tossed into the garbage disposal.

Watch out for these SCAMs.

Before you click on any link in an email, hover your mouse (DO NOT CLICK) over the link and observe the destination in the gray bar across the bottom of your browser or email client window to determine the destination. If it is really ATT.com, you’re OK. If not, DELETE it immediately.

The current crop of SCAMs look like this:

Subject: Your AT&T wireless bill is ready to view
Sender: AT&T Customer Care
(this is the correct address – but not the REAL address this crap is coming from)
REAL source: account birchingy9@hemc.net
(plus a lot of other spoofed addresses)

These come in a lot of “flavors” so I won’t bother to include the websites you’ll be redirected to. Just check before clicking or you’ll spend six months un-wrecking your credit.

Let’s all be careful out there!

Posted on 27th February, 2013 | Tags : ????.??????@fdic.gov, Accounting Dpt, bogus, cyrillic, email, FDIC, jakmurowane.pl, menservantsgt3@wsupg.org, message, phishing scam, refueled5@bildungsschein.de, Security Department | No Comment

But wait! There’s more…

How about a phishing scam from FDIC?

Your very first clue in this bad boy is the sender’s address. Anything in cyrillic is clearly bogus, right? (of course)

Subject: Special requirements for your account security
Sender: ????.??????@fdic.gov
(See what I mean? And once again, any domain ending in .de is likely not kosher…)

Return address:
(again – not the same as the Sender address – clue #2)

Message contents:

Attn: Accounting Dpt.

In order to diminish the number of wire fraud cases, we have introduced a new security system. In this connection all the ACH and WIRE transactions of our customers have been temporarily blocked until you update your security version in compliance with our new requirements.. In order to fully re-establish your account, it is required that you install a special security software. Please use the link below to read the instructions for the installation of the latest security version.

We apologize for causing you inconveniences by this measure.
If you need any assistance, please do not hesitate to contact us.

Faithfully yours,

Federal Deposit Insurance Corporation
Security Department

(In general, the grammar in this message is just enough left of center that you should be suspicious of it.)

Were you foolish enough to click on this link, you would be redirected to:
….jakmurowane.pl/templates/beez/i.php?fdic

Needless to say, you would not be happy with the outcome.

Let’s all be safe out there.
Like

Posted on 27th February, 2013 | Tags : email, finhospitality.com, hysterics4@krenzek.de, LinkedIn, Margie Lobaton, message, phishing scam, screwdriverpt@modernprintshop.com | No Comment

Today’s nasty inbox infestation allegedly comes from LinkedIn.

Most of these attempts are flagged by our spam-filtered mail servers as SPAM.
This little bug got right past them and has been reported to LinkedIn.

Check it out:

First of all, there are no corporate logos in this message – a global clue that it is bogus.

Subject: Join my network on LinkedIn

Sender: Margie Lobaton – LinkedIn
(your first clue. Any domain ending in .de is suspect – and definitely NOT a legit LinkedIn account)

Return path:
(Notice the Sender and Return are different? Not kosher!)

Message contents:

LinkedIn
REMINDERS

Invitation reminders:
From Margie Lobaton (Owner, Project Consulting Services sprl)

PENDING MESSAGES

There are a total of 6 messages awaiting your response. Go to InBox now.

This message was sent to .
(Clearly bogus – your email should be here)
Don’t want to receive email notifications? Login to your LinkedIn account to Unsubscribe.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. c 2013, LinkedIn Corporation.

clicking on any of the hyperlinks in this infectious bit of dreck redirects you to:

….finhospitality.com/templates/beez/i.php?c002

Doing so would be a very bad idea.

Let’s be careful out there.

Posted on 2nd September, 2012 | Tags : computer storage, computer upgrade, hard drive, hard drive replacement, storage upgrade, western digital | No Comment

So you’ve run out of space in your current hard drive.  Now what do you do?

When it comes to replacing hard drives, we have always recommended and used Western Digital.  Why?  Very simply because we have found their reliability to be the best in the industry.  With WD, you have 4 choices in terms of the differing levels of drives:

The Velociraptor series provides the most blistering performance for power users.  However…  They are very expensive and at this time only available up to 1 Terabyte.  They run HOT — and F.A.S.T.  We do NOT recommend confining one of these to an external enclosure.

The Black series is your next best performer.  They also use more power and generate more heat than their eco-friendly counterparts.  In an external enclosure you won’t see the benefit in speed and the drive is at risk of overheating due to limited cooling.  Inside your computer, it’s an excellent choice for power users who transfer massive amounts of data from drive to memory and back again.  Photo retouchers, videographers and digital artists should use this drive.  At this time, the maximum size is 2 Terabytes.

The Green series are your most versatile and eco-friendly drives.  Available is sizes from 500 GB up to 3 Terabytes, these drives alter their performance depending on demand and spin down when not being accessed to save energy and extend drive life.  These are an excellent choice for external drives and work just fine inside your computer was well.  For most installations, this is our recommendation.

The Blue series is WD’s “old school” drive, combining SATA and Parallel interfaces in this design.  Only available from 80 GB up to 1 Terabyte, this is the least expensive and oldest design of the four.

Posted on 4th June, 2012 | Tags : dfwci closed, dfwci on hiatus | No Comment

Until sometime in August or September of 2012, DFWCI will be on hiatus while the owner recovers from a massive spinal surgery.  Please refer to Google for alternate services until then, but send us an email and we will follow up as soon as possible.  Keep in mind this is a procedure that requires 6-12 months for complete recovery, so please be patient.

The Preston Road office is now closed and we will be doing on-site / pickup and delivery data recovery when we return.

Thanks

DFWCI

Posted on 10th January, 2012 | Tags : computer forensics, data recovery, News, press release | No Comment

Effective January 1, 2012, DFWCI no longer provides forensic services.

We will, however, continue to provide the finest data recovery services.  We will not be able to investigate the results for you, so if that is a service you need, we can no longer assist you.

Due to personal reasons, I no longer choose to participate in computer forensics, preferring to focus my energies in other directions.  Those of you who know me well will understand why.

If you’ve lost critical files, photos or emails – whether on your computer of mobile phone, contact me and I will do my best to recover your data.  As usual.

Posted on 2nd November, 2011 | Tags : apple, bit-torrent, bitcoin, devilrobber, graphic converter 7.4, infection, mac, os x, osx, osx/miner-d, security report, sophos, torrent, trojan, Trojan Horse, virus | No Comment

New Mac Infection

DevilRobber, the latest in a growing trend of Mac-centric infections, hijacks the GPU to generate Bitcoins, while harvesting sensitive user data.   Also known as “OSX/Miner-D”, DevilRobber was discovered embedded in “Torrent” downloads of Graphic Converter 7.4 obtained from bit-torrent file-sharing sites.

Detailed in a security report from Sophos released last Saturday, this particular Trojan operates as a keystroke logger, taking snapshots of  user activity and stealing usernames / passwords.  DevilRobber can also run information harvesting scripts “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and bash_history” to a text file.

This infestation has been found searching for “pthc” files, a term apparently associated with pre-teen hardcore porn.  The exact reason for this search is unclear at this time.

A performance-robbing capability of this infestation is it’s ability to redirect the Mac’s GPU to generate Bitcoins, a form of Internet currency, trading at roughly $3.20 USD per Bitcoin at this time.  Bitcoin Miner is the application used to create Bitcoins on a Mac, Windows or Linux system.  A local wallet is used to store generated Bitcoins and DevilRobber is capable of stealing this wallet.

Signs of infestation include a general slowdown of performance.  As always, Sophos recommends not downloading software from untrusted sources.

We recommend never downloading software from sharing sites.

Posted on 13th August, 2011 | Tags : gps, iphone, location, pedophiles, personal protection, security risk, smartphone | No Comment

Did you know that photos taken with your smart phone contain GeoTracking information?  Yep.  It’s incredibly easy to find out exactly where you took any photo you upload to Facebook or Twitter (or anywhere else for that matter).

How it works:

Smartphones have a GPS built in so you can use mapping functions and a compass in addition to other native functions.  This is a very valuable tool.  However…  They also have the option to record the exact location where your photos are taken.  This information is then embedded in the picture data and follows that photo wherever it is uploaded.

Anyone who can see your photos on Facebook, Twitter or any photo sharing network can read this information and knows where the picture was taken.  This is incredibly useful to criminals, pedophiles and the like.

Think about the possibilities.

They are.

You can disable the feature in your smartphone.  For an iPhone, go to Settings / Location Services and make sure the option for Camera is turned off.

Posted on 13th August, 2011 | Tags : car theft, door hole, gps, home burglary, personal protection, thievery | No Comment

A new approach to identity theft, home invasion and burglary in general has surfaced.

Clever crooks are gaining access to parked cars just long enough to gather your “Home” information out of your GPS so they know right where to go – while your car is in the mall parking lot (or wherever…).  They may take a couple of credit cards out of your purse to make it look like the target was theft from your car, but beware.  It is just as likely they want to burglarize your home – or worse.

This is happening primarily in Ford and General Motors vehicles, but others are at risk as well.  See the photo below so you know what to look for.  Just under the door handle will be a fairly small hole – almost unnoticeable with some body colors.  This is all they need to open the door, record your home information, take a couple of things they may want, lock your door (how thoughtful) and disappear like a puff of smoke.  A puff of smoke headed right for your house.

Also, you may want to change the name for “Home” in your GPS to something like “JC’s Diner” or another innocuous label that will not give the crooks your home location.

Check Your Door!