April 24, 2014

Fruit Spam using Instagram-Beware of links

Fruit Spam InstagramFruit spam?

Fruit spam.

If you’ve been noticing a strange rise of fruit-related pictures in your Instagram feed today, don’t worry. Your friends haven’t become (even more) obsessed with taking pictures of their healthy meals.

Well, you might want to worry a wee bit, because the pictures might be linked to a fruit-themed spam attack that’s slowly making its way around the popular photo-sharing service. It’s unclear just how said spammers are getting a hold of users’ login credentials, but the attack results in a number of pictures of fruit – of all things – being posted to a person’s Instagram account.

The text accompanying the pictures also includes a Bitly hyperlink – clicked on more than 35,000 times as of this article’s writing – that takes users to a fake BBC page promoting weight-loss coffee.

“Ever seen this stuff? I guess its super healthy, im giving it a try. I saw it on Dr Oz’s show! Link is in my bio #lovemyfollowers #health,” reads an example of one spammy photo’s description.

To its credit, Bitly is now throwing up a giant warning message for users attempting to click through to the aforementioned link. It’s possible the fake BBC site could just be a follow-through for the spam attack that attempts to pull money (and credit card credentials) from users foolish enough to place an order for the coffee, but there could also be some kind of method for pulling a user’s login credentials hosted on the itself. That’s the part we remain a bit in the dark on – how spammers get one’s credentials in the first place and load up one’s account with the fruity photos (in addition to changing a user’s bio to reference said fake BBC page).

Read More Here.

Fruit Spam InstagramInstagram Suffers Weird, Fruit-based Flood of Spam

Update 12:59 PT: An Instagram spokeswoman responded to our request for comment with the following: “Earlier today a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts. Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted.”

Anecdotally, it’s happened to multiple tech-savvy users in AllThingsD staffers’ feeds, including at least one Facebook employee. Om Malik over at GigaOm is also seeing similar activity in his own feed.

Instagram seems to be auto-recognizing some of this suspicious activity. One affected user I spoke to told me that Instagram sent him a standard password reset email shortly after he noticed the errant activity, and he was automatically logged out of the service. He changed his password and seems to be fine right now.

Something odd though perhaps unrelated: Twitter also saw a surge in spam earlier in the week, also focused on odd diet programs and suggestions. Related? Maybe, maybe not.

Still waiting for Facebook to explain exactly what’s going on. We’ll update when we hear back.

Meanwhile, look on the bright side: At least the spammers left our latte pics alone.

Read full article here.

If you are an Instagram user, there’s a good chance that you’ve seen quite a few photos of fruit appearing in your stream recently, along with messages extolling a miracle fruit diet. Spammers are posting the photos to a user’s profile, as well as changing the URL in that person’s bio.

The scale of this seems to be pretty large. The link (which has been generated through bit.ly for some users) takes you to a fake BBC page and is getting a lot of attention. The stats for that bit.ly link are shown in the graphic below, with more than 30,000 clicks so far. It appears to be one of the first large-scale spam attacks to hit Instagram, a service that has grown exponentially over the past year. The service, which just launched video two weeks ago, now gets 130 million active users per month.

Read Full Article here:

Email Scams, Fake Email, How to check it video

Email Safety tips and scamsFake Email, Email Scams, Email Viruses.

Every day I get some very bad and dangerous email in my inbox. I run so many websites and have about 10 business email addresses, so between all of those I get quite the variety of fraudulent email. I have been teaching about this since 1999. I am going to start documenting on this post the email I get when I see a new scam, and help others avoid getting a virus, or getting scammed. There is so much of it, I am just going to start with today’s inbox.

Did you know there is a way you can look at your questionable email safely? I made a video on how to do that. Best viewed in full screen mode.

Update 6/13

Fake “you have been tagged notifications” from Facebook.

Beware of fake Facebook Tag notifications

Be wary of fake emails claiming to be from Facebook saying that you have been tagged in a photograph [18 July 2012]

If you click on the link within the email, you are not taken immediately to the real Facebook website but instead taken to a site designed to infect your computer with malware. 

Within four seconds of clicking on the link your website browser is redirected to a Facebook page of a presumably entirely innocent individual.

If you look closely the email comes from a misspelt URL,mailto:notification@faceboook.com

The email reads as follows;

Subject: Christine McLain Gibs tagged a photo of you on Facebook


“Christine McLain Gibs” has added a photo of you 

 [See Photo] [See All Notifications]

Security on Facebook

Never click on links you can’t verify and always check to see if the spelling is correct.

Fake and Dangerous Docusign email. Has a virus in the attachment.

Update: 2/6/13 Fake Linkedin email! It said join my network and looked like a regular linkedin email.I clicked it to see who this person was , and bells went off on my computer, (Avast, best free protection EVER!)
and it closed the site and told me I just dodged a bullet and that that site was a vicious virus interjection website.
Whew. Scary!
So I went back and did the “view message source and guess what kids? It was not legit.
Well it fooled me, and I know what I am doing. That is how good these guys are, they are figuring out new ways 24/7 to get us and infect our computers! The majority of these guys operate out of Russia, Romania, Nigeria and Belgium.

This is what it looked like:
how to protect yourself from fake email

This is another fake email making the rounds right now.

Subject Line: Completed: Please DocuSign this document : Confidential Company Agreement 2013..pdf

This one spoofs your own email address and says it comes from yourself!
Docusign is aware of it and has a full warning on their website.


I have been viewing message source and getting lots of virus emails from “securebank.com”

Secure Bank does not seem to be a real bank and the website has a warning about these emails here.


When you view source and see an address in the fake email, you can copy and paste it and go there to check.

Be sure you have good anti virus software installed on your computer first, just in case the website is infected too.
I use Avast the free version for over 12 years now and it is the bomb! It has protected all my computers.
And I have a teenager who goes to a bunch of sites that hackers love to infect, like free screensavers and free downloads, so
I highly recommend Avast the free version.
You can get it here: Avast Free Download Page

How to view Email Headers in the major email programs.

Outlook 2011

  1. Open Outlook.
  2. Ctrl+Click (or right-click with a two-button mouse) on the message from the message list.
  3. Select View Source.

Full headers will appear in a new TextEdit document.

Outlook 2010

  1. Open Outlook.
  2. Open the email message in a new window.
  3. Click on the File tab from the menu bar and choose Properties.

Full headers will appear in the box within the properties window.

Mac Mail

  1. Open Mac Mail.
  2. Click on the message you would like to view headers for.
  3. Go to the View menu.
  4. Select Message, then Long Headers.

The full headers will appear in the window below your inbox.

Mozilla Thunderbird

  1. Open Thunderbird.
  2. Click on the message you’d like to view headers for.
  3. Click the View menu, and select Message Source.

The full headers will appear in a new window.


  1. Log in to Gmail.
  2. Open the message you’d like to view headers for.
  3. Click the down arrow next to Reply, at the top of the message pane.
  4. Select Show Original.

The full headers will appear in a new window.



  1. Log in to your AOL account.
  2. Open the message you’d like to view headers for.
  3. In the Action menu, select View Message Source.

The full headers will appear in a new window.

Yahoo! Mail

  1. Log in to your Yahoo! Mail account.
  2. Select the message you’d like to view headers for.
  3. Click the Actions dropdown and select View Full Headers.

The full headers will appear in a new window.

Before you open any of those suspicious emails be sure to:

  1. Do not click open the email.
  2. View Message Source instead. You cannot get infected or have a problem this way, but you can still read the message safely.
  3. Do not open any attachments or download anything from a suspicious email
  4. Google the subject in the email and see what comes up
  5. If still in doubt, never ever click any links and CALL your bank or the place the email says it is coming from.

A good source to check scams and hoaxes is this website:

When it comes to frauds and scams the Internet is a great resource to learn about what is happening.
It only takes a minute and it will save you from being infected, scammed or ripped off.

Did your web design company or person leave you hanging?

I often get new business from very frustrated website owners who have basically been abandoned by the person or company they hired to help then with their website. Sometimes their websites are half finished on a test site and the person seems to have mysteriously disappeared or stopped answering their phone.


Other larger companies who offer website design, farm out the work, and slap the site up, but give no help or direction to the poor website owner.
Often the reason for this is they are not actually doing the work themselves.
I recently had a client who came to me with that  very situation. Their website was up, but it had no keywords, tags, or any kind of the most basic SEO done. The client was more than willing to do it themselves, but the company insisted she needed to pay their “SEO dept”, once again most likely contracted out, or farmed out for the help. I have always cautioned clients about paying for SEO services. It is an area full of people who failed at other get rich quick schemes.  Remember a few years ago when you would get all those invites in the mail for “free dinners” at a hotel, and it was about getting rich quick in some kind of real estate venure? Well those are often the types I run into that decided to become “SEO Experts”.

The problem with many of these type of website related services and web designers and website companies themselves, is there is nothing required to stick up a website and call yourself an expert.
This is why I tell you, check references, check the work they have done before and beware!

People that are good at what I do,( build Websites and use and teach WordPress),  and other things like SEO, are very transparent. They use their real names, they have real clients whose websites you can look at and check their traffic and website rankings and the best ones have a great blog that offer tons of free help and information so you can help yourself.
Here are a few quick tools that can help you check on other sites and see how they are doing, or check your own website out.

Google Page Rank Tool:

Check Page Rank of your Web site pages instantly:

This page rank checking tool is powered by Page Rank Checker service








Ever wonder how many of your website pages are actually indexed on Google and in the search engines?

To check this out all your have to do it enter:
So for instance for me to check out this site I would go to google search and enter
This shows me all the pages on google that I have indexed, which is around 230 pages.
Another fun tool you can only use on Firefox is the SEObook tool for the toolbar.
This is real SEO website, with training and a proven track record.
With one click you can see what I have below in the image for any website.
This will help you know your competition and also check out fraudulant companies and so called SEO and Web Designers/WordPress designers.

Seo tool for toolbar seobook

If you have been left hanging, or just need some help with your WordPress Website, or to convert and HTML website to WordPress, or WordPress training, please feel free to contact me for a free consult to discuss your needs.
You can see my testimonials here, with real people, first and last names and websites that are still up and running!
If you need a website, please fill out my pre-planning sheet here. 

I will never leave you hanging out there alone in cyberspace.
When you need help, I am a phone call or email away!


Better Business Bureau Fake Email Complaint Scam

BBB scam alertIf you  have gotten any email like the one I posted below, it is FAKE.
The thing is I am not sure what they are trying to do.
When you are unsure of an email one thing you can always count on are
misspelled  words, and bad grammar such as in this case when they say the complaint is in respect to their dealership???? What the heck does that even mean?

“with respect to their dealership with you.”


So I looked up the domain which is showing on the bogus link amazonandbeyond.com and it is listed below.

No one answers that phone number of course.
Also it looks like whoever bought it, added the privacy service.

Here is the offical notice about the scam from the BBB, Better Business Bureau.

If you know what exactly the scammers are trying to do please leave it in the comment section.
This one is a bit puzzling for me. I usually can figure out what they are trying to do.
It could be the scam link already got pulled so the infection or rip off they were trying to pull off is no good on this copy I got.

Another tip I can offer you is if you are unsure of an email you have gotten like this, simply copy and paste it into Google and you will find articles and sites like mine telling you if it is a scam. For instance the name signed on this email,


Fernando Grodhaus

Dispute Counselor
Better Business Bureau

brought up many scam buster articles for me when I googled it.
I will say the scammers are getting more and more tricky.
I will keep posting when I get these emails and know they are a scam.

IP Address: (ARIN & RIPE IP search)
Record Type: Domain Name
Server Type: Other
Lock Status: clientTransferProhibited
WebSite Status: Active


Domain Name.......... amazonandbeyond.com
  Creation Date........ 2006-04-08
  Registration Date.... 2006-04-08
  Expiry Date.......... 2015-04-08
  Organisation Name.... Pete C TennantWilliams
  Organisation Address. PO Box 61359
  Organisation Address.
  Organisation Address. Sunnyvale
  Organisation Address. 94088
  Organisation Address. CA
  Organisation Address. US

Admin Name........... Admin PrivateRegContact
  Admin Address........ PO Box 61359
  Admin Address........ registered post accepted only
  Admin Address........ Sunnyvale
  Admin Address........ 94088
  Admin Address........ CA
  Admin Address........ US
  Admin Email.......... contact@myprivateregistration.com
  Admin Phone.......... +1.5105952002
  Admin Fax............ 

Tech Name............ TECH PrivateRegContact
  Tech Address......... PO Box 61359
  Tech Address......... registered post accepted only
  Tech Address......... Sunnyvale
  Tech Address......... 94088
  Tech Address......... CA
  Tech Address......... US
  Tech Email........... contact@myprivateregistration.com
  Tech Phone........... +1.5105952002
  Tech Fax.............
  Name Server.......... yns1.yahoo.com
  Name Server.......... yns2.yahoo.com

Attn: Owner/Manager

Here with the Better Business Bureau notifies you that we have received a complaint (ID 20995629) from a customer of yours with respect to their dealership with you.

Please open the COMPLAINT REPORT ( I removed the bogus hotlink) below to view more information on this matter and inform us about your position as soon as possible.

We hope to hear from you very soon.


Fernando Grodhaus

Dispute Counselor
Better Business Bureau

Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277