Spammers lack imagination in July

Written by John P Mello Jr on August 5, 2010

Spammers appear to have taken their summer vacation in July, if the junk mail that evaded my gauntlet of garbage filters is any indication of their activities during the period. They stuck to shopworn and even hoary pitches with little in the way of inventiveness.

One vein that was worked extensively prior to July faked support messages from my Internet Service Provider. It seems my ISP wised up to these attacks and only a pair managed to make it to my inbox in July. One was a typical inept attempt to obtain my user ID and password. If the fact that the sender of the message spelled user incorrectly wasn’t enough of a tip off, the “reply to” address to an AOL account sealed the deal. The other lame pitch had a security angle. “This message is from Your Service provider kindly send your Login information because we noticed your account is being accessed from three different location,” it said. I don’t know about your service provider, but mine doesn’t refer to itself as “Your Service Provider.” It also knows a thing or two about punctuating sentences and when to use plural nouns.

One of the oddest messages landing in my inbox had a subject line in an alphabet I didn’t recognize, but had an English message beckoning me to go to kasate.com for a sealed lead acid automatic battery charger.

Continue reading Spammers lack imagination in July»

New Phishing Scam Targets Oil Spill Victims

Written by Sue Walsh on July 30, 2010

It’s really not surprising but it’s disgusting anyway. A new phishing attack is aimed squarely at the victims of the disaster in the Gulf. Emails claiming to be from BP CEO Tony Hayward are circulating on the net. The emails offer a $500,000 “grant” from the company in exchange for some personal info such as their bank account number and social security number, so the email claims, they can deposit your grant funding right away.

Authorities say the emails actually originate in Nigeria. The Florida Attorney General’s office is so concerned they issued a statewide alert about the scam. It’s not the first time scammers have exploited a tragedy and it won’t be the last. After pop legend Michael Jackson’s sudden and tragic death last year, spam campaigns exploiting the event exploded across the net, offering links to “exclusive” videos and autopsy photos. Similar spam campaigns have exploited the financial crisis, the death of actress Brittany Murphy, Swine Flu, the World Cup and other big news events. Holidays are also exploited and we can expect to see Halloween and Christmas themed spam start rising in a few months. Those types of spam campaigns often hawk fake pharmaceuticals and designer goods.

Authorities say while the person or group responsible for the fake BP emails hasn’t been tracked down yet, the United States Postal Inspection Service is investigating. The scammers may have to rethink their scam though as Tony Hayward is no longer CEO of BP.

Top 10 Phishing Targets

Written by Sue Walsh on June 28, 2010

The spam reports are out for May and here’s the latest list of the top 10 phishing targets:

10. NatWest - This bank is a newcomer to the list. Like many other financial institutions, it’s likely the target of the Zeus banking Trojan, which pumps out massive amounts of spam to distribute itself. The emails pretend to be notices from the bank asking recipients to log into their accounts to verify info or download a security update. Those that do find their login credentials captured by a keylogger and their bank accounts compromised.

9. Bank of America – A favorite phishing target, BOA briefly fell out of the top 10 but is back again. Zeus has hit them especially hard.

8. MSN - Users of MSN have begun receiving spam messages that look like they came from friends inviting them to try a service that claims to tell you who, if anyone, has blocked you recently. Those that fall for the phish have their MSN logins stolen and are brought to a page advertising a variety of free offers, all of which lead to adult chat rooms and try to push adware. Victims will also discover that their entire address book was sent the same spam.

7. Halifax – This bank, located in the UK, is yet another victim of Zeus.

6.Bradesco - Yet another bank that’s fallen victim, this time it’s one of Brazil’s biggest.

5. Google - This phishing attack targets Gmail users, who have being receiving spam messages warning them that their account will be deleted unless they “verify it” by providing their name, Gmail ID, password, and country. It’s one of the oldest phishes around.

4. Facebook - Like the Google attack, Facebook users are receiving fake emails that claim to be from Facebook announcing that Facebook has rolled out a new login system and they need to update their account.

3. HSBC - HSBC, a bank with customers around the world, is yet another victim of Zeus and other phishers. Interestingly enough, I’m an HSBC customer and have never received a phishing email pretending to be them!

2. eBay – One of the favorite targets of phishers. Their goal is to steal people’s eBay accounts and either use them to post scam auctions or attempt to hijack the Paypal account attached to it.  Speaking of Paypal…

1. PayPal - It’s no surprise they are at number one. Phishers have been exploiting them for years and there’s no end in site. Hijacked Paypal accounts can be both very lucrative and very useful!

Yet Another Phishing Scam Hits Paypal

Written by Sue Walsh on May 24, 2010

Long the favorite target of scammers, PayPal has found itself the target of yet another phishing scam. This new attack sends emails claiming to be from the eBay-owned payment processor advising the recipient that a new security feature has been introduced and that they should click on the included link to activate something called “Security Token Key of Paypal”.  If the recipient clicks on it they are taken to a fake Paypal login page and prompted to enter their account info, which is promptly stolen. A warning on the fake site says that if the user does not activate the token they will no longer be entitled to any protections from fraudulent charges. Presumably if the user goes through with the fake login they will soon see their Paypal account and any bank account attached to it drained dry.

Other current phishing scams are exploiting the current iPad craze, Twitter, the U.S. Census, and Amazon.com. The Amazon and iPad scams look like order invoices and direct the recipients to contact customer service if they have any questions. Naturally the link provided leads to a fake login page. The Twitter attack is delivered under the guise of customer support. The messages tell the recipient that there are unread messages on their account and they should log in to check them out.  The Census attacks tell the recipient their Census form was received but was incomplete and they should visit the U.S. Census website to complete it.

Phishing attacks are rampant. If your company finds itself targeted by one, it’s important to warn your customers and vendors as soon as possible. You should contact the FBI as well although most criminals behind phishing scams go uncaught.

Phishing Scam Exploits iPad

Written by Sue Walsh on March 31, 2010

iPadA new phishing scam is targeting those lusting after the hottest new gadget around-Apple’s iPad. The message claims to offer a deep discount on the device and directs the recipient to a website where they are prompted to enter their name, address, and credit card details in order to purchase an iPad at the deeply discounted price. Users who do so receive nothing but a headache as they discover their credit card details have been stolen and used to charge an iPad and other pricey electronics that are shipped to someone else.

It’s an old scam using a hot new product and the scam doesn’t end there. Many times the scammers place fake job ads on sites like Craigslist looking for “Shipping Managers” and use a legit site’s URL to gain trust. Those that apply are told they will be paid up to $1000 a week to receive packages, repackage them, and ship them overseas. What they are actually doing is helping the phishers complete their crime. Once the credit card details are stolen, they use them to place orders and have them shipped to the people they’ve hired as “Shipping Managers”. Those people in turn ship the stolen goods overseas to places like Russia and Romania. The iPads and other electronics are sold on the black market for a handsome profit and when the theft is reported, it’s the “Shipping Managers” left holding the bag since the paper trail points straight to them. Receiving stolen goods is a serious crime but the police are well aware of this scam and so charges are usually not filed.

It’s important to keep a close eye on your domain to make sure it’s not being used by scammers. Setting up an alert is a good idea as it will let you know whenever your domain name and/or URL is posted on the web so you can take quick action if it’s being abused!

King of Informercial Scams Avoids Jail for Spamming Judge

Written by Sue Walsh on March 12, 2010

Sleazy informercial king Kevin Trudeau’s 30-day jail sentence has been stayed by the 1055088_no_spamcourts. He was slammed with it for orchestrating a spam email campaign designed to influence the judge in his case. He’s currently on trial in Civil Court fighting a complaint by the FTC that the advertising for his “natural cures” book is misleading. He was first sued by them in 1998 and banned from making false claims in the future, ordered to pay $500,000 in consumer redress and pay another $500,000 for a performance bond to ensure compliance. In 2004 he was sued again for ignoring the order and making false claims about a product called Coral Calicum. He was ordered to pay $2 million in fines and damages and banned from doing informercials except for informational publications like books, provided he make no misrepresentations. He again ignored the order which is why he is in court again. Trudeau has long been hawking his natural cures as the answer to everything from obesity to drug addiction.

In an effort to avoid further prosecution Trudeau urged his supporters to email the judge to tell him what his cures did for them and to urge him to find in his favor. The judge said his inbox was overwhelmed with spam and demands that the complaint against Trudeau be dropped and found him in contempt of court. Trudeau was scheduled to report to jail today. The court gave no reason for the change of heart but said the stay was contingent on no more spam campaigns being aimed at the judge or the court.

Bank/Customer Lawsuits Over Phishing Scams Rising

Written by Sue Walsh on March 8, 2010

Over the past week there have been two instances of banks and customers suing over phishing attacks. In the first, Texas-based Hillary Machinery Inc, fell victim to a phishing attack and had over $800,000 stolen from their account. Their bank, PlainsCapital, was able to recover around $600,000, but when Hillary Machinery requested the bank refund the remaining $200,000, PlainsCapital slapped them with a lawsuit. The suit asks that the court certify their security procedures to be reasonable and that it processed the fraudulent ACH transfers in good faith. Hillary Machinery was stunned.

In the second case, a Michigan supply company is suing its bank, claiming it does not adequately protect its customers from phishing attacks. Experi-Metal Inc claims that Comerica Bank encouraged phishing attacks by sending customers an email asking them to click on a link to download an update to the bank’s security software. This is a well worn trick used by phishers and the company says by doing so it made customers more willing to trust fake emails claiming to be from Comerica. Experi-Metal lost over $500,000 to a phishing attack.

In response the bank said that it was the fault of the Experi-Metal employee who fell for the phishing scheme and handed over the company’s banking credentials. Furthermore they said, the phishing site would have been obviously fake “”to any reasonably alert person who was responsible for safeguarding EMI’s financial records and digital credentials.” Ouch. Basically they are insisting it’s not their fault that the employee was stupid enough to fall for the phishing email, but does Comerica hold some responsibility for its practice of sending out emails with links directing customers to download a security update? (The bank has switched to a different system. The employee apparently trusted that the phishing email was real because of the previous one) What do you think? When a phishing attack happens who should be held responsible, the victim or the bank?

Weight Loss Scams Reveal Why Spam Works

Written by Paul Cunningham on January 6, 2010

pillsBusiness Week reports that a study by researchers in New York reveals that as many as one in five young, overweight people have been a victim of email spam.

The study revealed some interesting statistics:

  • 88% of overweight individuals reported receiving spam pitching weight loss products, compared to 73% of other respondents
  • 42% of overweight individuals said they opened the spam, compared to 18% of other respondents
  • 18% of overweight individuals said they bought products promoted in the emails, compared to just 5% of other respondents

Firstly why do overweight people receive more weight loss spam?  One theory is that these people are visiting more web sites on that topic than other people, and therefore end up in marketing databases.  This means that the spam is either coming from the website owner, or another party that is given access to the database of email addresses.  This access may be either from selling the list or by using co-registration, which is a legitimate lead-sharing strategy that is often abused by spammers.

For any email marketer a 42% open rate is outstanding.  It means that the subject line for the email was very effective at enticing the recipient to open the email and read more.

For a spammer sending 1,000,000 emails 42% open rates do not mean 420,000 people opened them.  Most of those recipients will never receive the spam due to anti-spam protection on their email server or their computer.  But even a 1% penetration could mean several thousand people open the email.

Finally the conversion rate for overweight people is very good at 18%.  Several hundred conversions of a weight loss product likely to cost $50-$200 is a good day’s pay for the spammer. Continue reading Weight Loss Scams Reveal Why Spam Works»

Cisco says social network, banking scams on rise

Written by John P Mello Jr on December 10, 2009
In 2010, spam volume is expected to rise 30 to 40 percent worldwide over 2009 levels.

In 2010, spam volume is expected to rise 30 to 40 percent worldwide over 2009 levels.

Money and large sucker pools attracted increased  attention by Black Hats this year and will continue to do so in the next, according to Cisco Systems’ 2009 Annual Security Report released this week by the company.

When the infamous bandit Willie Sutton was asked why he robbed banks, he told his interviewer, “Because that’s where the money is.” The same seems to be true of Internet highwaymen.

         ”Online criminals show every sign of continuing their campaign to steal lucrative financial login information–and they’re growing ever smarter and more sophisticated with their tactics,” the Cisco report noted. “The Zeus and Clampi botnets, which steal online account credentials with a focus on bank accounts, have gained in size and strength in recent months, and no doubt will continue to do so throughout 2010.”

The report also identified a new wrinkle in the malware genre that will make many consumers think twice before heeding those pleas from their banks to ditch paper statements.

          “A newer entry on the banking Trojan scene is URLZone, which exhibits new methods to shield itself from detection by computer users,” the report explained.

          “When the criminal using the Trojan makes a transfer from a victim’s bank account,” it continued, “the Trojan can alter the online bank statement to disguise the fact that an illegal transfer has occurred. Victims who check their bank accounts online only, instead of reading paper statements, would not realize their money had been stolen.”

Continue reading Cisco says social network, banking scams on rise»

New Spam Campaign Targets Unemployed;Exploits Twitter

Written by Sue Walsh on November 23, 2009

spam

Security experts have issued a warning about a new spam campaign that targets the unemployed and financially troubled and exploits Twitter to do it. The spam, being sent by the Donbot botnet, hawks “get rich quick” and work at home scams designed to get people to pay a fee for a useless program that claims to help them make money on the internet.

The spam messages use a variety of methods to get past spam filters. First, the message itself is an image rather than text so it can’t be analyzed by filters, and that image contains a link to a Twitter account. The spammers did this because they know Twitter would never be blocked due to its size and reputation. The image is of a fake newspaper article which gushes about how great the get rich program is.

These types of scams are rising as spammers take advantage of the 10.2% unemployment rate in the U.S. and of people desperate to make money in order to get out of financial problems. The timing of the new campaign also coincides with the holidays, which is a time when many people are looking for a quick way to make some extra cash.

Experts say the campaign is increasing. Within 24 hours of its beginning it accounted for 4% of the world’s total spam volume.