[Warning] ANOTHER Bogus Facebook Link

This one just popped-up in the Feed a few minutes ago.  Its title is “Yeahh!! It happens on Live Television!”  Ironically enough, it’s women that are clicking on this post too, not men.  😀

Fake video post on Facebook | Click to Enlarge

This one redirects you to a fake Facebook page…

Fake Facebook Page
Fake Facebook Page | Click to Enlarge

It then asks you to “Click Jaa twice to confirm”…

Click Jaa twice
"Click Jaa twice" - Are you kidding me? 😀 | Click to Enlarge

I mean, you should’ve already been able to tell this was a bogus post right away.  The website weebly[.]com lets anyone create a website, so someone signed up for videovideo1[.]weebly[.]com.  It’ just like anyone can sign up at BlogSpot or WordPress.  Asking people to click ‘Jaa’ not once, but twice – are you joking?  Is that some form of new security measure – click twice?  Sadly enough, it works for X amount of people.

You know the story…install Firefox, install NoScript, use ESET Nod32 Antivirus, blah, blah, blah.  😀

I must sound like a broken record!


UPDATE 6/23/2011

It looks like they’ve moved their crappy little pages over to a different site.  The same scam post from yesterday, is showing up with a new URL…

Bogus Facebook Link
Bogus Facebook Link | Click to Enlarge

Same virus as yesterday, same bogus picture, just a new URL and a new title.

[Warning] Latest Facebook Malware Link – “r0ller c0aster”

Shocker.  The ‘0rgasm’ post on Facebook leads to a virus (Trojan).  Funny enough, it hasn’t been men that have been clicking on the link in the feed.  🙂

Here’s what the latest scam/virus/fake link looks like…

Facebook malware virus trojan scam social engineering

They’re trying to circumvent Facebook’s detection algorithm by tossing in zeros (0) for the O’s…

Trying to trick Facebook's algorithms

I don’t really feel too bad for those who clicked this (come on, isn’t this one just obvious?), but we still have to bring it to everyone’s attention.  The very nature of Facebook’s “social – proof” feedback leads to people almost unconsciously clicking random links in the Facebook feed.  “Oh, I bet this is funny, it can’t be too bad.”  All it takes is one click and your system is infected.

Well, this one is a Javascript loader that pushes a Trojan onto your PC…

ESET Nod32 Blocks Javascript Loader Trojan

If you clicked the ‘r0ller c0aster’ link in the Facebook Feed and you didn’t see a notification from your antivirus software instantly, then you are infected, 100%, no doubt.  You should be running ESET Nod32.  What if an employee clicked on that link while at your store?  Your consignment software would be rendered useless until the infection was removed.  How many minutes can you go without your systems?  How many hours?  What if your backups stopped working two days ago, but you didn’t know?  Now your systems are down and you might’ve lost the last few days’ worth of data.  See how quickly one little *click* could turn into a disaster?

The interesting thing is, ESET’s database knew about this threat and Facebook didn’t.  Now, Facebook isn’t security software (not primarily), but it does perform security tasks.  They do parse new posts for known-bad URLs and will either toss up a CAPTCHA or if it’s a known-threat (according to Facebook, that is), then they’ll block the post altogether.  Maybe Facebook could/will eventually get to the point where they utilize a global threat database.

This is one of the topics we’ll be discussing this Saturday at the 2011 NARTS Conference in Dallas, TX.  There is no silver bullet.  Sure, this is technology and security programs exist, but social engineering and people trying to scam you isn’t unique to technology.  We’ll continue to show the types of posts used to dupe you into installing malware.  Just stop and look at the URL before you click.  Make sure it’s a trusted URL.  And no matter what, just start using ESET Nod32, please?  How many times are you going to see someone get infected or you yourself, end up with an infected system?

KeePass – Our Favorite Password Safe!

KeePassKeePass is a free, open source password safe.  The quickest and easiest way to get KeePass, is via the Ninite download page:

[button link=”http://ninite.com/keepass/” open_new_tab=”true” size=”big”]Download KeePass[/button]

What is a password safe?

Great question!  Ok, so you know how you have a ton of passwords for all sorts of things?  Your online bank, your email, your consignment software…all sorts of stuff.  Well, where do you keep that info?  In your noggin?  It’s not scratched down on a loose sheet of paper, is it?  😉

Have you ever forgotten your username or password for something?  What about sites or services you don’t use that often, but are important.  Take for example your web host where your website is hosted.

What would you do if a disaster came along and you had to log in to these various services on a new system?  We talked about Firefox Sync for keeping browser logins and settings stored across multiple computers.

KeePass provides you with a safe to store this sensitive information.  You assign one master password and then all of your sensitive login information is stored in KeePass’ encrypted database.

KeePass | Click to Enlarge

Even neater is, if you use SugarSync or DropBox you can keep your KeePass database in-sync across multiple computers – e.g. your laptop, your desktop, your Android device, etc.

Best Consignment Shop Software Using CCE’s Copyright

I posted this in a follow-up comment on our original post about Best Consignment Shop Software (BCSS).  I was utilizing a handy tool – an internet “time machine.”  I decided to take a look at a copy of Best Consignment Shop Software’s website as it stood back in 2001.

Amazingly enough, the original program installer for Best Consignment Shop Software 1.0 was archived!  I was able to download their very first consignment shop software program!  When I want to install it, something caught my eye.  Take a look at the image below (click to enlarge)…

Best Consignment Shop Software
BCSS Using CCE’s Copyright | Click To Enlarge

Notice what it says down there in the bottom, left-hand corner?  Click the image to see a close-up…

CCE Copyright 2000
CCE Copyright 2000 | Click To Enlarge

Who is CCE?  Why does Best Consignment Shop Software (dot com) have a CCE Copyright on their installer?  Great questions!  Maybe it was just an oversight.  Or maybe it’s because CCE were the first to release a program named Best Consignment Software (BCS).  CCE has since changed the name of their Best Consignment Software program to Consignment Ease.  More information on CCE’s consignment software can be found on their website => http://www.consignmentshopsoftware.com/.

Now, maybe Steve just forgot to take CCE’s copyright out.  I mean, that was over 10 years ago.  Isn’t it a bit odd then, that BCSS has “Copyright

BCSS Copyright from CCE

Feel free to search the Copyright Database yourself @ http://cocatalog.loc.gov.  Just search for ‘best consignment software’ and you’ll find that CCE copyrighted that name, not BCSS.

How can BCSS just get away with that?  If anyone wants to contact BCSS’ web host and ask them why they have a false copyright on their website, BCSS’ public WhoIs records can be found at…


His site is hosted at Pair Networks (pair.com) and [email protected] is the contact email, if you’d like to bring this to his host’s attention…

BCSS Web Host

When people are trying to get help with consignment software, or are trying to get help finding new consignment software, they don’t need shenanigans like this.  Business owners can’t waste their time and money on a company that won’t respond to their calls or emails and who clearly have no regard for honesty or facts.  Why the hell else would BCSS post CCE’s copyright on their home page?

All of the information above is 100% public and 10)% verifiable.  All it takes is a little bit if sleuthing to uncover the facts.

If you’re looking for help finding the best consignment software program for you, The Computer Peeps offer a FREE 30-minute consultation.  We’ll help you isolate your needs and wants, then find a program that best matches those.

[Warning] Another Facebook Scam

This one seems to come and go, but I’ve seen a handful of people click this latest Facebook scam link.  This one is called This Guy Took A Picture Of His Face Every Day For 8 Years.  Here’s a screen shot of the bogus post:

Fake Facebook Post

This link takes you to a *questionable* URL – pastehtml dot com.  I am intentionally not including a direct-link there and please do not try to visit that URL.

Ok, here are some pointers on how to spot a bogus post on Facebook.  Let’s take a closer look at the actual post.  Notice the actual URL/website is visible right there on the post, before you even click anything?

Read before you click!

Right off the bat, I see pastehtml . com and I realize that is clearly a shady URL.  Does that seem like a legit website to you?  Is ‘pastehtml’ a company you do business with, a news organization, etc?  That is how this stuff “slips by” people – clicking without reading.  When you see a a post like this, you should mark it as spam.  This will help Facebook to prevent this sort of post in the future.

Facebook Post - "Mark as Spam"

This fake link will install malware on your system, so if you’ve clicked a post like this on Facebook or if you’ve seen friends/family members that have, it’s time to scan your system.  Your security program would pop-up right away, detecting this malware; if it didn’t, your security software isn’t good enough.  Also make sure you switch to Firefox so you can start using NoScript to block malicious scripts from running in the first place.

Just please stop clicking these bogus links though!  Let us know if you have any questions and don’t forget to come see us at the NARTS Conference 2011!!!  We’ll be going over topics just like this in our Online Safety class!  More info on the NARTS website.  -> http://mycp.biz/narts2011 <-

Back To Top