Anatomy of a scam

I’ve been seeing this notice on my MSN homepage lately.

fake flash player

What’s your take on this? Does this look like a legitimate prompt to install or update your Flash player?

Well, it’s not. But since you have no doubt seen frequent requests to update Flash, you may be tempted to click that big fat “Update” button before you notice all the clues that expose this as deceptive.

  • First and foremost, Flash is an Adobe product. You will notice that the Adobe name and logo do not appear anywhere.
  • The word “Advertisement” is clearly indicated underneath the box.
  • The statement “You might need to install Flash Player” is technically true. You might. Or you might not. Phrased in this manner, it’s meaningless. But you’ve been prompted to update Flash before, so this ad is intended to get you to click the button without thinking it through.
  • The website “” appears in the top border. This is the site that you will be directed to if you click on the ad. There is such a thing as Windows Media Player – it’s a standard component of Windows. So “winmediaplayer” sounds familiar. Again, the hope is that you will click without thinking about the fact that Windows Media Player and Flash Player are two completely different programs.

While I didn’t click on the ad, I went to the website. The site offers to download VLC Media Player, which is a real (and highly recommended) multimedia player for Windows, Linux, Mac OS, and other platforms. But the download starts automatically after a brief countdown, even if you don’t click anything. You barely have time to read the page.

Is it a scam? At the very least, it’s completely misleading. I bailed out before the download could get underway. I figured the odds of getting an actual download of VLC were pretty slim, considering how much dishonesty they had packed into a few inches of screen space.

UPDATE 02/21/14: I just received a Flash Player update prompt from Adobe tonight, so I was able to grab a shot of what the real Flash update dialog box looks like.


Accept no substitutes!

You’re careful, but what about your kids?

It happens too often. I receive a voicemail or e-mail message from a client containing the somber words, “I think I have a virus.”

There is frequently an element of guilt and shame in the message, as if I would think badly of them for allowing this to happen. This is probably because everyone knows porn sites are common distributors of malware. But there are many other ways your system can become infected.

As we talk it over, the shame usually turns to frustration and annoyance. “I’ve been careful. I don’t surf to those sites and I don’t click on things that I shouldn’t. I don’t follow e-mail links that I don’t trust. I have anti-virus software. I’m doing everything right. Why did this happen?”

My next question is usually, “Do your kids use your computer?”

“Well, yes, but I’ve talked to them about being cautious as well, and they know about responsible web surfing…”

Doesn’t matter. The Internet is a minefield. New malicious sites pop up all the time, and there’s no practical way for the makers of anti-virus and parental control software to keep up with them all. You may never encounter such sites in your daily web routine, but that’s because the purveyors of malware are actively targeting topics that interest young people.

This article explains how the bad guys exploit web searches for top celebrity news, something that attracts mostly teens. Older folks like me, who couldn’t care less about Miley Cyrus’ latest antics and have never even heard of Lily Collins, may never encounter these traps.

But the pitfalls are still there and sometimes even we “mature” people stumble in. Once in a while I will do a web search for song lyrics. Mind you, any song I search for would have been recorded prior to 1986 (the year I graduated college and stopped paying attention to new music), but lyric sites attract all ages and are another frequent malware trap. Most any song lyric site you find will bombard you with pop-ups and malicious links. When your computer screen is going crazy like this, it’s easy to (even accidentally) click on something you shouldn’t. And before you know it, something has gotten into your browser and you have a problem.

Once a malicious program has installed itself on your system, it frequently opens the door for other malware. Think of it as a guy breaking into your house and then inviting his buddies over to eat all your food.

One of the issues I see most often is that malware has hijacked your browser’s search functions by replacing your default web search provider (such as Google or Bing) with another tool that captures information about your surfing patterns and web searches. This sort of information is valuable for marketing purposes. Sometimes these rogue search tools will change your browser’s home page, but often they are less obvious. Usually the first indication that you’ve been compromised is that you notice your PC running more slowly, especially when surfing the web. And as more bad programs are allowed into your system, performance continues to decline.

While this can be a significant annoyance, especially on older PCs that were never speed demons to begin with, there are malware removal tools that can deal with most of these problems with relative ease. But we are increasingly seeing instances of a more severe problem called ransomware, a malicious program that locks you out of your computer, displaying a warning message (frequently accusatory) and “helpful” instructions on how to send payment to disable the lock. This is, of course, extortion, and the authorities are going after these guys, but that doesn’t help you much if you’re currently a victim. Again, there are software tools that can remove ransomware, but the process tends to be tricky and time-consuming.

Unfortunately, there’s no surefire solution other than abandoning technology altogether and going off to live on a homestead with the Amish. Kids are always going to seek out the new and popular, and marketing is all about identifying predictable behaviors and exploiting them for profit. And there’s no reason kids shouldn’t be able to surf the Web for things that interest them — that’s what it’s there for. But if you’re wondering how on earth this stuff got all over your PC…mystery solved.

AOL: When “good news” isn’t actually good

The glory days of America Online are well behind them, but there are still a surprising number of people who continue to use the service, primarily for e-mail.  Today I received a forwarded copy of this message from AOL, sent on April 2.

You spoke, we listened!

In the past, your username was blocked from registering for free trials and purchasing products you may have seen advertised.

Good news – we have updated our systems, and as of today you are able to take advantage of everything AOL has to offer in addition to your existing AOL Advantage Plan.


Here are a few of our most popular products that might be of interest and have recently been made available to you:

The e-mail goes on to list three products: AOL Computer Checkup, LogMeIn Pro, and Quick Check Diagnostic. The first two have a “Try It Free!” button, but of course, there is the fine print.

*Free trial lasts 30 days. To avoid the recurring subscription fee, simply cancel before the free trial ends.

So the upshot is that AOL has taken the blocking option off this account, hoping to generate additional revenue through unintentional click-throughs. And they are marketing it as a feature. “Good news! We have disregarded your specified account restrictions and made it easier for you to buy stuff you don’t want!”

In the world of public relations, this is called “spin.” A less charitable person might call it “fraud.”

AOL has made similar questionable moves before. Back in 2006, as AOL faced declining membership and growing irrelevancy, they announced that they would move to a free membership model, earning their revenue through ad placement. However, they did not stop automatically billing their existing customers. Users could contact AOL to stop the charges, but there have been numerous complaints online that this was not easy to accomplish.

Then, to make things even worse, last year they nailed those paying customers again by slipping in an upgrade to something they called the “AOL Advantage Plus Plan.” As this post explains, the new plan took effect automatically unless the user could find the opt-out link buried in the e-mail notification.

Bottom line: If you like AOL, keep it. But if you’re still paying for it, you shouldn’t be. Paying for AOL made sense in the old days when no one had broadband and AOL provided dial-up Internet access for a monthly fee. Now, if you’re paying your cable or phone provider for Internet access and paying AOL each month, you are wasting your money.

As for this latest move, I haven’t yet found anyone on the Web calling AOL out for this. Hey, maybe I’m the first one. Or maybe it’s actually innocuous. But I’m suspicious. It doesn’t sound like “good news” to me.