Tag: fraud

Posted on
by

The year is 2006. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

The year is 2011. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

The year is 2022. I’m complaining on my blog about businesses training their customers to fall for phishing attacks.

Corporations haven’t learned. Unfortunately, their customers have learned from all this training. And so has the fraud industry. Even if you’re usually savvy about this sort of thing, you can get caught up if the circumstances put you just off-balance enough to line up the holes in each overlapping layer of security.

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don’t know how to pronounce my bank’s name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch – they didn’t raise red flags. Cory Doctorow on “Swiss-cheese security.”

And here I am, in 2024, complaining on my blog about…well…you know.

Posted on
by

My jaw just dropped at this advance fee fraud scam that showed up in the spamtraps this week. The whole thing is about how the reason you haven’t gotten your funds is because you’ve been dealing with fraudsters who have been impersonating Nigerian diplomats, police, etc., and how could you possibly be so naive?…oh, and if you’ll send me your personal information and bank details, I’ll make sure the real police clear things up so you can get your payment.

Seriously. Does this technique actually work?

Actual text of the email below the cut:

Continue reading

Posted on
by

There’s something delicious about irony in spam. Yesterday, the spamtraps netted an advance fee fraud scam message that started out like this:

Let me be honest with you. This information is just for you alone [emphasis added]. I would suggest that you try to fix it instead of making any trouble with it as my job might be put on the line here.

Your name has been on an awaiting list of payment roaster submitted by the Nigerian Government For your lottery/inheritance reasons of no banking particulars on which transfer should be made to until two days ago when the paying Bank personnel brought in another payment roaster for the replacement of the former that had your name on it.

The funny part? (Well, aside from the “payment roaster.”) There were about 300 recipients in the To: line.

Gee, I don’t think all 300 people have the same account info…

Most spam doesn’t run into this problem, since it’s generated by special programs that don’t even bother filling in complete headers. But from what I understand, a lot of 419 scams are still sent by people sitting in internet cafes, copying and pasting bits from templates. So it’s easy to imagine someone pasting their list into the wrong field. Kind of like the classic “Reply All” fiascos.

Posted on
by

I just spotted an advance fee fraud pitch in the spamtraps that started out with the greeting: Dear Trusting Friend.

I suppose the scammer could have meant “trusted friend,” which is still odd for an introduction, but makes a little more sense. Of course, if you take “trusting” to the extreme—i.e. gullible—you’ve just described the type of mark they’re looking for.

As a bonus: only two* of the ~270 Google hits for the phrase is not a reference to 419-style letters using the same opening. People just don’t write things like that normally, which makes it a pretty good indicator.

*I didn’t look at all 270, but there were only 30 hits by the time Google filtered out duplicates. And most of those were clearly recognizable just from the excerpt on the search results pages. For the record, both of the two non-scam hits used it as a description, not a greeting.

Posted on
by

I just spotted a rather disturbing phishing message in (of all places) our abuse contact mailbox:

Subject: Fraud Prevention Measures

Dear customer!

Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-[removed] and update information on your MBNA card.

This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card.

No HTML tricks. No links to fraudulent websites. Just a phone number.

I can only assume this is a response to high-profile inclusion of antiphishing features in Internet Explorer 7 and in Firefox 2. If there’s no website, there’s nothing for a web browser to check.

And of course by not using sneaky technical tricks in the message, it’s harder for tools like ClamAV, spam filters, or mail clients to detect.

Incidentally, does anyone else find it ironic that one of the most common phishing techniques is to exploit people’s fear of being phished?

Further reading: Anti-Phishing Working Group.

Posted on
by

In the past two weeks, a new variant of the advance fee scam has dropped into our spam traps: supposed UK-based artists needing help selling their works overseas.

The classic Nigerian scam involves someone claiming to be the relative of a deceased or deposed dictator, general, etc. is trying to smuggle money out of the country and needs to borrow your bank account to do it.

It’s usually a third-world country, often one with political strife, so that the average westerner won’t be too suspicious of the level of corruption implied. You never see this scam claiming to come from, say, France, or Japan, because the process would set off too many alarm bells. Someone needing to transfer that much money would either do it through normal banking channels or through organized crime—not by firing off an email to some random citizen in a foreign country.

The first-world variation, at least up until now, has been the “International Lottery” scam. In this variation you get a winning notice, but of course you need to pay them before they can send you the money, etc. This one generally claims to be based in Europe, often several countries in one message. The idea of a lottery seems much more plausible in the first world.

Someone has come up with a way to bring the 419 scam into the first world. The two samples I’ve seen so far both involve UK-based artists trying to sell their works in the US. The premise is that their customers want to pay by some method that is “difficult to cash” in the UK, so they want you, a US resident, to accept the travelers’ checks, or money orders, then wire them the amount minus a 10% commission.

Right.

I’m seriously waiting for someone to offer a commission on the Brooklyn Bridge.

The setting has changed—instead of a dictator’s widow who has hidden away ill-gotten gains in “darkest Africa,” it’s a happy Londoner living with his or her “two kids” and “the love of [their] life” and selling art on the international market. All shiny, happy and yuppie (with just a hint of bohemian). But the script is the same: Someone wants to clear huge amounts of money through your bank account.

I was going to post some quotes, but as I started looking at them, the similarities really go through the entire message. Continue reading