Legitimate tax return prep offices and other businesses offers “refund anticipation loans”, whereby you have your refund sent to their bank account and they give you most of it in advance in cash. But, these kinds of services do place restrictions on who they will offer loans to, based on any tax offsets due, filing status changes from prior years, etc.

But, since these services are highly-advertised and have become commonplace, people are falling prey to scams that offer such services. These scams are blended with high-tech methods of phishing and information collection that go further than tax season. One scam even asks for your mother’s maiden name, which is a common identifier when resetting or revealing other passwords.

Learn more about these scams, how to spot them, and how to report them.

There was a certain Web site going around that claims to offer access to the Halo 4 beta. Let’s just ignore that Halo 4 has only had one trailer and Microsoft has been rather mum on it since. A beta isn’t completely out of the realm of possibility, but offering it to everyday gamers before releasing any information to the press is.

Now, David Ellis warned us of this fake beta a while ago via Twitter. That must have been enough to deter most gamers, but not all Halo players are on Twitter. They might not have heard the news and a Halo 4 beta would certainly make their day.

Well, the Web site was taken down after the press got a hold of Ellis’ warning. Best to get out of the scam business before it explodes in your face. Microsoft is forcing it to explode by filing a complaint against the Web site with the National Arbitration Forum according to Fusible.

Microsoft has a 99.9 percent chance to claim the domain name from the fraudster. It won’t be long before halo4beta.net becomes Microsoft property and can be used for the actual Halo 4 beta that will most likely precede Halo 4’s expected launch at the end of this year.

So as to avoid falling for such a scam in the future, remember these helpful tips regarding multiplayer betas. Betas are always announced by the publisher/developer proper before they are deployed for public play. Even if it’s a closed beta, there will be a press release or announcement of some kind. The Web site for a beta will also have links to the Web sites of the developer/publisher and are usually already tied into the Web site proper anyway.

In other words, the old saying remains true: If it’s too good to be true, it probably is.

In a post today on their twitter, Anonymous has said that Anonyupload has no affiliation with the site and they flagged it as a scam.

For those unaware, the site promised free file sharing among users and looked official. Only problem is that it’s hard to tell what’s official with Anonymous. They were asking for donations via PayPal to help buy server space and support the Web site proper.

Once again, it seems that people are using the Anonymous name to either make a quick buck or force innocent users to do their dirty work. Of course, we don’t know if Anonyupload is legit or not, but I wouldn’t take any chances until the site supposedly launches on January 28.

@YourAnonNews and @AnonyOps are generally good indicators of what is currently going on in the world of Anonymous. You would be wise to follow them for any official updates on this and other matters during their current operations.

CNET is reporting that there’s a new spam scam hitting Facebook today. The message is innocuous enough: Mark Zuckerberg has just sent an e-mail informing the lucky winner that they have won a free iPad.

Now the link to claim the free iPad doesn’t take people to Facebook, but rather a promotional Web site that claims to need your e-mail address, phone number and other account information.

If the “lucky winner” tries to claim their prize, they will be taken to a Web site that explains they are a potential winner. So we’re now going from winner to potential winner. To really win, you have to answer a simple question. It’s like if the lottery required winners to answer a random trivia question to claim their money.

The scammers aren’t all terrible people though, so they warn everybody that claiming the free iPad will add a small weekly fee onto your phone bill. At least they were nice enough to warn people in the smallest print possible.

Like always, the real reason for this is that the spammer gets an affiliate commission every time somebody is foolish enough to sign up for the contest.

As CNET points out, the best part is that Mark Zuckerberg apparently sent the e-mail via a hotmail account. Who still uses that anyway?

As with all these scams, use common sense. It’s highly unlikely that Apple and Facebook would give away free iPads. If it sounds too good to be true, it probably is.

[Lead image courtesy of Technologizer]

Now, that looks an awful lot like any other email you’d receive from Apple but there are a few clues that it’s fake (most phishing emails have these sorts of tells). The first and biggest is the link. Although it says “store.apple.com” in the body of the email, the link does not actually go to store.apple.com:

If you get an email from Apple or eBay or your bank that includes a link, the link will always include the actual name/official website of the company you’re visiting. If the link goes somewhere else entirely, it’s a fake. Case in point: store.apple.com. Of course, the best response to an email like this is to delete it, and manually navigate to Apple’s (or your bank’s, or whatever) website and log in to your account that way.

A couple other clues that the email is bogus: pretty much nobody threatens to shut down your account if you don’t update your billing information. You can have an Apple account with no billing information at all. They just won’t let you buy anything. Also, there are usually grammar tipoffs. For example, a legitimate email from Apple would probably not capitalize “Billing Information.” Finally, most direct emails will include either your personal name or your user name in the message greeting, as an indication that the message is legitimate. Thus, a legitimate email from Apple or any other site would say “Dear Bob,” or “Dear bobalicious75,” instead of a generic “Dear Customer.”

Long story short, don’t trust an email just because it looks legit. Read the text carefully for typos and weird grammar, and check the links. Better yet, ignore the email and log in to your account directly and see if there really is a problem.

[Source: The Mac Security Blog]

The judge ruled Bright Builders was guilty of contributory trademark infringement, and other charges, due to them providing marketing and web hosting services. The judge ordered Bright Builders to pay $770,050 in statutory damages, while the site’s owner, Christopher Prince paid $28,250.

Do you agree with the difference between damages owed? Let us know.

Cleveland Golf was the company who filed the suit, and originally only targeted Prince. When Cleveland’s lawyers discovered of Bright Builder’s services, they decided to file suit against them as well. The argument presented by Cleveland’s lawyers is Bright Builders was knowingly aware of the scam, and continued their services.

Christopher Finnerty, one of the lawyers for Cleveland Golf said this of the ruling, “For Internet Intermediaries like SEOs and web hosts, this should be a cautionary warning” he continues, “The jury found that web hosts and SEO’s cannot rely solely on third parties to police their web sites and provide actual notice of counterfeit sales from the brand owners. Even prior to notification from a third party, Internet intermediaries must be proactive to stop infringing sales when they knew or should have known that these illegal sales were occurring through one of the web sites they host.”

Finnerty also stated how this was the first time a service provider was found liable for infringement, without being notified prior to the lawsuit. Being the first of its kind, it brings about the question of whether or not this is a precedence setting case.

I’m not totally surprised the judge found Bright Builders guilty of contributing to trademark infringement. Considering we have no idea of the knowledge the judge has or developed during the case in terms of web hosting, or SEO practices. What I find odd is the discrepancy between the amount of money responsible between Prince, and Bright Builders. How could they be responsible for so much more than the actual owner of the site?

Bright Builders has never had a sterling reputation. If you research them on BBB, you’ll find a rating of ‘C-’. 26 complaints have been filed against them. If you search for them on Google, one of the top links will direct to a website called scam.com.

The case certainly leaves a worrisome feeling for SEO experts, and firms. It has the potential to make experts more aware of the content they’re working with. It also provides a debate among those interested.

Should SEO and hosting services be responsible for the tools they’re providing counterfeit sites? If they have no knowledge of the site being counterfeit, is there a defense to be found? Considering how much a SEO service needs to know in order to be successful, it presents a rousing debate.

Let us know how you feel about this case in the comments.

EDIT: To clarify, the verdict was found by a jury panel and the judgement was handed down by the South Carolina Judge.

UPDATE: Stephen Gingrich, Vice President of Global Legal Enforcement and HR for Cleveland® Golf/Srixon said this in a press release, “While individuals who sell counterfeits pose major problems for the manufacturer, companies like Bright Builders who can amplify the impact and scope of this problem are even more dangerous” he continues, “Counterfeiting has existed for thousands of years but has been a localized issue. The Internet, ease of global shipping and payments, combined with SEO’s and web hosts injecting steroids into the situation has brought the issue into every consumer’s living room.“

The fraud occurred when a Supervalu in Idaho received two emails, one claiming to be from American Greetings employee and another claiming to be with Frito-Lay, according to court documents. The email said the companies wanted payments sent to new bank account numbers.

Supervalu sent over $6.5 million to the bogus American Greetings account and close to $3.6 million to the phony Frito-Lay account before learning it was a scam. The FBI was able to recover the money before the scammers, but American Greetings, Frito-Lay and Supervalu are in a dispute as to who the money belongs to. U.S. District Judge B. Lynn Winmill will decide where it should go.

"Supervalu was the target of attempted financial fraud," company spokeswoman Haley Meyer said, "We were able to quickly discover and report this to the FBI. As a result of the quick work of the Boise FBI Office and the U.S. attorney, any funds lost are minimal."

Supervalu began sending payments to American Greetings in the wrong account on February 28. The company made a total of nine payments before discovering the error where money was wired to HSBC Bank in Miami Beach, Florida.

Supervalu’s vice president for legal services, Stephen Kilgriff, said the company received email on Feb.28 that instructed future wire transfers be sent to a First Security Bank account in Rogers, Ark. The fraud was also detected March 6 when the company contacted police.

The type of scam that Supervalu fell victim to is called spear phishing where individuals are targeted by name and sometimes title.

The fraudulent emails, which claim to be from legitimate greeting card companies, tell consumers to click on a link in the email message to view their e-card. Clicking on the link can possibly expose a person’s computer to a virus.

"If you get an e-mail claiming you’ve received an e-card from a generic ‘friend’ or ‘family member’ rather than from someone whose name or personal e-mail address you recognize, the e-mail is fraudulent and should be immediately deleted," says John Hambrick, Unit Chief of the FBI’s Internet Crime Complaint Center.

"Do not follow any of the instructions in the e-mail or click on any link."

For people who are not sure if an e-card notice is legitimate, the Greeting Card Association recommends that they go directly to the publisher’s Web site to receive an e-card, instead of clicking on the link in the email.

People who receive the fraudulent emails can file a complaint with the FBI’s Internet Crime Complaint Center.

The Federal Trade Commission has also been notified of the scam.

He called the continued appearance of those criticisms “pure and utter libel,” and believes they were initially posted by business competitors. Retkin said the domain offers in question were “perfectly legitimate.”

At this point, Retkin thinks Google has removed about 15,000 links from its international search engines, like Google.co.uk. On that site, a query for dotworlds scam returns notes at the bottom of Google’s search results, saying the company has removed some links in response to a legal request.

“Google gets mad when it’s used against them,” Retkin said, referring to the notorious incident where CNET published copious information about Google CEO Eric Schmidt that writer Elinor Mills found using the search engine.

On Google’s US search pages , the same query for dotworlds scam returns over 300 results, referring to the postings that have Retkin and his legal advisors at odds with the company.

Google Responds To AdWords Scam Kerfuffle

Google’s bread-and-butter paid search ads had a whiff of acrid spoilage to them after a nasty criminal attack using AdWords accounts became public knowledge.

Criminals used AdWords to direct web browsers through a third party website that attempted to infect the PC. The attack would take advantage of a flaw in Internet Explorer to drop a backdoor and a post-logger onto PCs; the malware specifically looked for credentials for 100 banking sites, according to Exploit Prevention Labs.

Google’s Inside AdWords blog has a new post available, with the company’s response to this egregious abuse of its product. They identified and shut down AdWords accounts linked to these attacks, and are continuing to monitor the situation.

“We actively work to detect and remove sites that serve malware in both our ad network and in our search results,” the post said. “We have manual and automated processes in place to detect and enforce these policies, and products such as Google Toolbar that actively seek out and alert users when they access malicious or suspicious sites.”

It doesn’t look like the processes worked. Exploit Prevention Labs began noticing the criminal AdWords placements on April 10, a full two weeks before Google deactivated the offending accounts. Those ads likely ran for a period of time before Exploit Prevention Labs picked up on them.

Google also gave the usual security advice to people about securing their systems with up to date virus protection, and changing complex passwords regularly. Good advice, but it’s also a deflection from the broader trust issue that people will have with paid search ads now.

Searchers were making very innocuous queries on Google that turned up these malevolent AdWords ads. These were searches that turned up phony ads for the Better Business Bureau and Cars.com, neither of which tend to be associated with the less than prurient sites (as in adult) usually associated with drive-by infections.

The situation is also going to make people who have been hit with attacks like these, without having visited any unusual sites, to wonder if this is how their systems got nailed with a nasty Trojan. This isn’t the first time criminals have tried to abuse AdWords, judging by Google’s stated practice of looking for this behavior.

It’s going to take more than a blog post to engender ongoing trust in paid search ads. Good luck with that.