BOFYA HAPA kutengeneza tovuti yako BURE. Create a website for FREE. CLICK HERE! Free hosting and no ads.

 
Scammers are continually working hard to come up with new ways of stealing money from anybody who falls in their trap. Of late, is the email message containing bogus information luring you into believing that you've won a lot sum of money, even though you never bought, neither participated in any lottery game.

I just received a message (see screenshot blow), which, as usual, you know it's fake after reading the headline as well as the first few lines in it.

In order to recognize these kinds of scams, as a general rule of thumb, look for these  pointers:

  1. All caps used in the subject line
  2. Poor and/or misspelled English (crappy grammar)
  3. Being asked to supply sensitive Personal information (eg. Full Name, TIN/SSN/Passport #, Full address, Bank account number etc)
  4. Some money (dubbed "processing fee", "postal charges", "courier fee" etc) being asked upfront
  5. Promise/Assurance of winning lottery that you never played (neither anybody known to you has informed you that they played/bought a lottery ticket on your behalf)

If you see some or all of these (and other pointers that I didn't mention), be assured that the message is fake and the intention of the sender is to get some money out of your wallet.

In dealing with these kinds of messages, it will be helpful if you utilize your email provider's options of reporting the message as "phishing" or marking it a "spam". From what I know, this helps email providers block such emails in the future hence minimizing spam activities.
Picture
Add Comment
 
 
United States Attorney's Office District of Connecticut
Press Release
September 1, 2010

NIGERIAN CITIZEN SENTENCED TO MORE THAN 12 YEARS IN FEDERAL PRISON FOR ROLE IN “ADVANCE FEE” FRAUD SCHEME
David B. Fein, United States Attorney for the District of Connecticut, announced that OKPAKO MIKE DIAMREYAN, 31, a citizen of Nigeria who sometimes resided in Accra, Ghana, was sentenced today by United States District Judge Janet C. Hall in Bridgeport to 151 months of imprisonment, followed by three years of supervised release, for engaging in an Internet “advance fee” scam.  On February 16, 2010, a jury found DIAMREYAN guilty of three counts of wire fraud stemming from the scheme.

According to the evidence presented during the trial, in an “advance fee” scam, a victim is persuaded to pay money (an “advance fee”) in order to obtain a larger sum of money that never materializes.  From approximately August 2004 through August 2009, DIAMREYAN and others engaged in advance fee scams against a resident of Connecticut and others around the country.  As part of the scheme, DIAMREYAN sent numerous fraudulent email messages in which he claimed to have a “consignment” stored in Ghana containing amounts ranging from $11.5 million to $23.4 million.  DIAMREYAN offered the victims 20 percent of the money if they would help him transfer the money to the United States, and he provided fraudulent documents to the victims to persuade them that the money existed.  In an effort to persuade his victims to pay fees in connection with transferring the money to the U.S., DIAMREYAN used different identities, including Prince Nana Kamokai of Sierra Leone, General Odu Kuffour of Ghana, and the Rev. Dr. Richard Camaro, airport director in Accra, Ghana.

“This defendant and his accomplices preyed on vulnerable victims in Connecticut, the United States and around the world, leaving many individuals and their families in financial ruin,” stated U.S. Attorney Fein.  “The lengthy prison term imposed today should send a strong message to others who intend to commit similar crimes – we will pursue these cases wherever they lead us and bring you to justice.  I want to single out the DCIS and their agents who worked this case tirelessly and thoroughly and helped to achieve justice for victims.”

The Government has identified 67 victims of this scheme and conservatively estimates that DIAMREYAN is directly responsible for losses to his victims in a total amount of more than $1.3 million.

Today, Judge Hall ordered DIAMREYAN to pay restitution in the amount of $1,021,560.74.

“Although today’s sentencing represents the conviction of a single individual, the Defense Criminal Investigative Service will investigate the misrepresentation by others who falsely portray themselves as U.S. Military members and prey upon the more vulnerable in our society for their own financial gain,” stated Edward Bradley, Special Agent In Charge of the Defense Criminal Investigative Service’s Northeast Field Office.

This matter was investigated by the Defense Criminal Investigative Service of the United States Department of Defense.  The case was prosecuted by Assistant United States Attorney Edward Chang.

CONTACT: 
U.S. ATTORNEY'S OFFICE
Tom Carson
(203) 821-3722
thomas.carson@usdoj.gov

Source: www.justice.gov/usao/ct/Press2010/20100901-1.html
2 Comments
 
 
The example given below is from the popular circulating email that usually threatens that, 'Yahoo! is shutting down' that I believe almost every Yahoo! account owner has received at least once. Below you will see a screen shot of this scam.

How do you recognize it? By learning as many many tips as possible.

Tips from this email:
  1. As mentioned in the previous posts, Yahoo! is not shutting down.
  2. Yahoo! is NOT running any random scanning program to verify email addresses for deletion of the unused ones.
  3. The sender's email address is not an official company's contact address (in the image example below), Yahoo! Company does NOT bear such an email address as it's official contact address.
  4. The email asks for personal data such as Username, Password, Date Of Birth and Country or Territory. Such information or details will NEVER be asked by Yahoo! if you already have an account with them, except when you register for a new one.
  5. Emails coming from official Yahoo! Management will have a security icon (like the one shown below), therefore look for the DomainKeys icon and you'll see a small icon of an envelope and key in the email header. This verifies that it's from the domain it claims to be from.
Picture
Other tips:
- The use of puntuation marks excessively like the (!!!) in the From: and Subject: fields.
- Note also that there is no specified address in the To: field, thus an official address to a specified person will not come without your name in the 'To' field or in the introductory not at the beginning of the message (even simple mass mailing subscription services know how to identify their subscribers by their names).
Picture
Add Comment
 
 
Picture
bofya picha kuikuza
Kadiri siku zinavyosonga, ndivyo na watu wanavyotumia intaneti na kadiri ya matumizi ya intaneti yanavyoongezeka ndivyo na vitendo vya kidanganyifu na wizi wa mitandaoni vinavyoongezeka.

Kujifunza kung'amua mbinu wanazozitumia matapeli katika kufanikisha malengo yao ndicho kiokozi muhimu katika kujilinda wewe binafsi na wale unaowajali dhidi ya upotevu wa fedha na mali.

Kwa bahati mbaya, matapeli kama ilivyo kawaida yao, hawakomi kujaribu kuvumbua mbinu mpya za kuiba pale wanapogundua kuwa watu wengi wameshazifahamu na kuzizoea mbinu zao.

Siku tatu zilizopita nimepokea ujumbe kama unavyosomeka kwenye picha inayoonekana hapo (bofya kuikuza ili kupata ukubwa unaosomeka kirahisi zaidi) na katika ujumbe huo, hakukuwa na maelezo zaidi ya 'respond to the subject matter'.

Nilifungua kiambatanisho hicho na kusoma maelezo hayo.
Yafuatayo ni mambo muhimu ya haraka niliyotumia kung'amua kuwa ujumbe huu ni wa kitapeli.
  1. Tarehe iliyopo katika mhuri ni 05.05.10, mbona bado hatujamaliza hata mwezi Aprili?
  2. Kuulizia namba yangu binafsi? Ukishaona mtu anaulizia habari binafsi, kuwa makini.
  3. Ati wametenga kiasi cha fedha na mikataba kwa kampuni yangu. Najiuliza, 'mbona sina kampuni?
  4. Wanaahidi kulipa fedha mwanzoni. Hii inanipa wasiwasi, biashara ya kulipa kabla ya kutoa huduma?
  5. Tishio kuwa nisipojibu ndani ya wiki mbili watafuta kampuni nyingine kwa ajili ya kazi hiyo. Najiuliza, Wiki mbili za kuanza kuhesabika tangu lini? Kwa kigezo kipi? Wana uhakika gani kuwa ninasoma barua pepe kila leo? Na kama wana-track kujua nimesoma lini barua pepe, kwa nini wanitishe?
  6. Mwisho, ni jina la mmoja wa Wakuu wa nchini Nigeria walilolipachika cheo ambacho kinanipa walakini.
Niliishia kutupa ujumbe huo kapuni na kuwaasa wengine kuwa makini na aina hii mpya ya wizi.

TAHADHARI:
Tafadhali usiige tabia ya kufungua viambatanisho vyovyote navyotumiwa ikiwa huna usalama wa anti-virus katika kompyuta unayoitumia. Baadhi ya watu hufungua viambatanisho wasivyotarajia kupokea kwa kuwa wana tamaa ya kujua kilichomo ndani. Matokeo yake ni kufungulia virusi wanaoharibu tarakilishi taratibu au kuisababisha iwe 'misukule' (zombie) kwa ajili ya kutumika kutuma virusi kenye tarakilishi nyingine bila ya wao kufahamu. Mara nyingi viambatanisho (attachments) huwa ni vyanzo vya kusambaza virusi kwenye tarakilishi.
Add Comment
 
 
I said it before and I will continue to say it, protect your computer with an anti-virus, a firewall and anti-spyware, also, add Microsoft Security Essentials (MSE) - it's free!

By installing the free Microsoft Security Essentials in your Windows PC, you will protect the system from malware attacks to a certain degree. Initially, Microsoft rolled out this softwared in 17 countries and 8 languages. As I write this post today, this product is already available in 74 countries and 25 languages and probably by the end of 2010 it will be available in 87 countries and 33 languages. The software is small, light and with simple user interface that starts working to clean your system as soon as you finish installing it.

The reason why you need to add an anti-virus to your comptuter on top of this software, is because MSE has a poor protection against keyloggers, rootkits, and scareware.

Click on the images to enlarge for a better view, screen shot photo a courtesy of PCMag.com
Add Comment
 
 
Picture
Just another reason to love and use Gmail. Reading their official blog today, Gmail is going to roll out yet another security feature enhancement.

Have you ever received those emails from friends requesting money sent to them in a foreign bank account because they had a quick travel and accidentally got robbed or kidnapped and the only way they can be released is if somebody sent them money and all that yada yada yada stuff?

You are lucky if you haven't but most of us have, in fact, I just received one two days ago.

Well, there is a reason to rejoice, for one of the Gmail Engineers, Pavni Diwanji, has just posted an update on the gmail blog saying that, as of today, Gmail is introducing a new feature to notify their users when they detect suspicious login activity on user accounts. This is in addition to the already aexisting remote sign out and information about recent account activity where one could see this information displayed at the bottom of inbox notifying them of the last login activity prior to the current one.

This new warning notice will display the following message, "Warning: We believe your account was last accessed from…" along with the geographic region that they can best associate with the access.

To determine when to display this message, their automated system will match the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. Click on the "Details" link and you'll see the last account activity window along with the most recent access points. If you think your account has been compromised, you can change your password from the same window. If you know it was legitimate access you can click "Dismiss" to remove the message.

Source: Gmail Blog - Gmail Official Blog
Add Comment
 
 
Kuna watu wana tabia ya kiherehere, wanaopenda kubofya bofya kila linki wanayopokea hasa pale inapohusu habari za kustua ama gumzo dhidi ya watu maarufu duniani ama zile zinazohusiana na ngono.

Zimeanza kusambaa habari za uongo zinazosema, "an accident that killed U.S. President Barack Obama" ati, "raisi wa Marekani bwana Barack Obama ameuawa katika ajali". Hizo ni habari za uzushi ambazo zinakuja kwa njia ya linki yenye maelekezo kuwa ubofye ili kusoma habari zaidi kuhusiana na tukio hilo. Punde mtu anavyofanya hivyo, basi anakuwa amebofya linki yenye virusi ambavyo vitaingia katika tarakilishi unayotumia na kusababisha uharibifu.

Linki hizi zinajificha katika majina yanayokuelekeza kwenda mitandao maarufu kama vile Facebook au YouTube kuona video au kusoma zaidi, lakini hiyo ni haddaa, si kweli, majina unayoyaona kwa kusoma yameficha linki haribifu. Linki hizi zimesambaa kwenye chat clients kama Windows Live Messenger.

Tafadhali kuwa mwangalifu na zingatia kuwa na anti-virus ambayo utai-update mara kwa mara na usipende tabia ya kubofya bofya linki usizokuwa zenye habari zinazoelekea kuwa za udaku.
UPDATE
Kuna watu wanapenda kubisha tu alimradi wamebisha, basi hiyo ndiyo furaha yao. Hapa naambatanisha maelezo na linki, mwenye kuchukua hatua atachukua, asiyetaka, hajalazimishwa, endelea kubofya bofya tu.
Kuna linki mwisho wa maelezo ukibofya waweza kuona screen-capture ya IM ina URL yenye virus (circled).

“Obama Accident” Instant Messages Used to Spread Malware 2:56 am (UTC-7)   |   by Jonathan Leopando (Technical Communications)
A new attack spreading BUZUS malware via Windows Live Messenger has been spotted. Trend Micro researcher Loucif Kharouni spotted the messages spreading via the popular instant-messaging (IM) application, samples of which can be seen below.

The text before the links are in French and tells users to click the link that follows. Some of these links made users believe that they were viewing a photo related to an accident that supposedly killed U.S. President Barack Obama. Others used domain names similar to legitimate sites like Facebook and YouTube.

In reality, however, the links lead to malicious BUZUS variants detected by Trend Micro as TROJ_BUZUS.BTA and TROJ_BUZUS.BTB.

Malware attacks using Barack Obama as social-engineering bait date back to his 2008 campaign for the U.S. presidency. Previous attacks were seen both around his election (both for pharmaceutical spam and spreading malware) as well as around his inauguration.

Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious websites that host the malicious files. It also detects and prevents the download of TROJ_BUZUS.BTA and TROJ_BUZUS.BTB via the file reputation service.

Source & Credit: http://blog.trendmicro.com/obama-accident-instant-messages-used-to-spread-malware
7 Comments
 
 
Pengine utaniuliza, 'oyaa, unazungumzia nini? Hiyo 'misukule' microsoft inayofunga ndo kitu gani tena?'
N'takujibu hivi, 'misukule' hii kitaalamu inaitwa 'botnet' na jina hili limetokana na muunganiko wa maneno mawili ya kiingereza, "robot" na "network".

Utasema tena, 'kwa hiyo?, mbona bado sikuelewi?'
Sasa sikiza...
Ikiwa una anwani pepe, huenda hutakuwa mgeni wa barua mazagazaga (spam na junk mails) yanazokuja kwenye inbox yako bila wewe kujua yametoka wapi na hao waliotuma mbona huwafahamu na isitoshe, wamejuaje anwani yako? Mara nyingi emails hizi huwa zinachujwa na kufichwa kwenye 'junk' au 'spam' folder' na kisha kutupwa ikiwa hutazishughulikia ndani ya siku kadhaa.

Sasa kuhusu uhusiano wa botnet na tarakilishi (computer) na mazagazaga (junk/spam) uko hivi.
Baadhi ya tarakilishi zinaweza kugeuzwa kuwa 'msukule' au 'zezeta' na hivyo kufanyishwa kazi kinyemela (remotely) na mtu aliyeko mahali fulani popote duniani. Tarakilishi inaweza kugeuzwa msukule ikiwa utapakua virusi kutoka kwenye barua pepe au tovuti fulani ulizotembelea na kupakua virusi kwa kutokujua. Punde virusi huyo anapoingia kwenye tarakilishi yako, si rahisi ufahamu kwani huwa haifanyi lolote zaidi tu ya kujishikiza kama kupe na kutoa taarifa kwa yule aliyeko kwenye 'control room' na kusubiri tu kupewa amri ya kuanza kusambaza virusi/trojan/linki za matangazo feki ya dawa za viagra nk. Punde tarakilisho yako inapoanza kufanya kazi hiyo, ndipo inapoitwa 'zezeta' aka msukule alias 'botnet'.

Ukitaka kuelewa kwa njia ya picha, tafadhali bofya picha ifuatayo na kuikuza ili kusoma.
Picture
bofya picha kuikuza ili kuona mfano wa nadharia ya utengenezaji na utendaji kazi wa misukule
Sasa iweje watu wanaotumia bidhaa za Microsoft wafurahie?
Ni kwamba, kutakuwepo na punguzo la junk emails zinazozalishwa kuniani kwa siku kwani kampuni ya Microsoft imepewa ruhusa ya muda kutoka kwenye mahakama moja ya Marekani katika jimbo la Virginia Mashariki inayoipa ruhusa Kampuni hiyo kubwa kabisa ya tarakilishi, kuweza kufungia majina ya intaneti yapatayo 277 ambayo yamethibitika kuwa kitovu cha msukule wa Waledac. Msukule huo unaaminika kusambaza virusi bilioni moja (1,000,000,000) kwa siku moja tu duniani kote. Bofya picha yenye ramani hapo chini ili kujionea makaridio ya tarakilishi ambazo zimeshambuliwa na 'misukule' kote duniani. Kwa maelezo zaidi kuhusu habari hii, soma tovuti ya Microsoft.

Vile vile unaweza kubofya hapa ili kutizama video kusikia maelezo mafupi kuhusiana na suala hili.
Picture
bofya picha kutizama athari ya virusi wanaosambazwa na misukule ya tarakilishi
Add Comment
 
 
Picture
Several security websites are reporting a flaw in one telephone company that is transiting malware via HTC phone's USB port port when connected to computers.

A person recently bought an HTC Magic (Android) phone and when she connected it to her PC over USB, the antivirus (Panda) software went off.  The say that the phone had malicious autorun and other files identified as a "Mariposa" bot tied to a botnet run by a Spanish hacker. There was also Conficker and a Lineage password stealer.

Other smart phone users need to be aware of this threat in order to prevent their phones and computers from getting these malicious files that could severely affect their documents.

Click here to read and see screen capture of the  Vodafone HTC malware issue.
Add Comment
 
 
Katika posti iliyopita, tulizungumzia kuhusu namna ya kutambua na kujikinga na wizi wa mtandaoni. Leo tutizame kanuni za utengenezaji nywila imara na madhubuti na na hivyo kuepuka kutengeneza nywila nyepesi, legevu, nyong'onyevu, jinga kabisa na ambazo ni rahisi kubambwa.
  1. Usitumie tarakimu au herufi zinazofuatana. (Do Not use similar or sequentials). 
    Mfano: "12345678," "88888888," "abcdefg," au herufi zinazofuatana juu na chini ya kibodi kama vile yhbujnikm ama xswcdevfr
  2. Usitumie alama ambazo ni rahisi kufahamika kuwa zimetumika badala ya herufi. (Do Not easy to identify reversed letters or numbers).  Mfano: '1' badala ya 'i' au '@' badala ya 'a'  au '0' badala ya 'O' au 'E' badala ya '3' au "P@ssw0rd" nk.
  3. Usitumie jina lako la login au username wala sehemu ya majina yako rasmi au tarehe ya kuzaliwa au namba ya TIN au SSN au sanduku la posta au namba ya simu au namba ya nyumba unamoishi n.k. kutengenezea nywila. (Do Not use your official names, date or birth, SSN, TIN, postal office box number, zip code, post code, phone number, house number etc to create a password). 
    Unaweza kushangaa, 'wezi wanawezaje kupata taarifa hizi zote?', ni rahisi. Wezi hutafuta habari zako kwa kina kupitia vielelezo vyako kwenye mitandao jamii kama vile Facebook, Twitter, Hi5, LinkedIn, nk. vile vile katika Wasifu wako wa CV au Resume, na kwenye tovuti yoyote ile ambamo umeacha taarifa zako na ikawa rahisi kuzipata kwa njia mitandao ya utafutaji (search engines) kama vile google, yahoo, ask nk.
  4. Usitumie meneno ya kwenye kamusi ya lugha yoyote. (Do Not use words from a dictionary to create a password).
    Utawakuta baadhi ya watu hutengeneza nyila kwa kutumia maneno ya kamusi na kuyageuza kinyumenyume au kuandika maneno ya kutusi nk. Hii ni rahisi kwa wezi kutumia software ya word-scramble na kupata aina mbalimbali ya maneno yanayoweza kutengenezwa kutoka katika neno hilo, hasa pale wanapokuwa wameshapata 'hint'. Kumbuka kuwa wapo watu wanaolipwa kwa kufanya kazi ya kuiba nywila, hivyo ni ajira na huwza kuifanya kazi hii kwa saa hata kumi mfululizo ikiwa wameahidiwa donge nono na hasa kama walishawahi kufanikiwa kung'amua nywila nyingine. 
  5. Acha tabia ya kutumia nywila moja kwa akaunti zako zote. (Do Not use only one password for all your accounts).
    Wapo baadhi ya watu ambao hupenda kujifanyia urahisi kwa kutumia nywila moja kwa ajili ya akaunti zao mbalimbali, kwa mfano, mtu anatumia nywila ya Facebook kufungulia Twitter au LinkedIn. Hii ni makosa kabisa. Ukitumia nywila moja kwa akaunti zako zote, siku mwizi atakapofanikiwa kuibamba moja, basi utakuwa umewarahisihia kazi ya kujaribu akaunti zako zote kukamilisha ujangili wao. 
  6. Kuwa mwangalifu unapotengeneza neno la siri la kukumbushia anwani yako pale utakapoipoteza. (Be careful with password recovery questions).
    Mara nyingi unaposahau anwani yako, huwa unatakiwa kubofya neno, 'I forgot my password' na hapo huanza utaratibu wa kukuuliza neno la siri kabla ya kukurekebishia nywila yako. Kuwa mwangalifu na swali la siri pamoja na jibu lake. Mara nyingi kampuni au huduma husika watakupa maswali yaliyoandaliwa ambapo utatakiwa kuchagua mojawapo na kulitolea jibu. Kwa bahati mbaya au nzuri, maswali haya ni rahisi kwa mtu kuyakisia. Mfano, Shule yako ya msingi inaitwaje? Swali kama hili ni rahisi kwa mtu anayekufahamu kulijua hasa kama mlisoma pamoja shule ya msingi au ni jirani yako au alisoma nawe shule ya Sekondari au Chuo au anafanya kazi nawe au ndugu, jamaa na rafiki mnayefahamiana akawahi kutamka kuwa mmesoma pamoja, huyu anaweza kupata urahisi wa kuiba nywila yako.
  7. Jiepushe na matumizi ya stoo za mtandaoni (Do Not trust any online storage).
    Mwizi atakapoweza kuiba online storage yako,  ni rahisi sana kuiba nywila na taarifa zako ikiwa umezihifadhi humo
Ukitaka kusoma vidokezo vya namna ya matumizi mazuri na angalifu ya emails, tafadhali peruzi kwenye lebo katika 'Computer Or Email Tips & Tricks'. (To read previous email tips, use the search box located above the page or click through 'Computer Or Email Tips & Tricks' under the labels).
3 Comments