Email Scam News and Editorial
This is the Scam News Roundup - I combine feeds from all my favorite websites to present a snapshot of what's happening right now.
Here's the deal - you signup with a company that sells products realted to your websites and display their ads on your website. Then you wait for your 'commission' on new sales, clicks, leads etc to roll in..... and wait, and wait. Eventually, the company folds or your account never ever quite reaches the minimum cash out amount or (in my case) the company 'forgets' that you ever signed up in the first place, after thousands of impressions.
Affiiate schemes are more and more being run by consolidators (eg. Commission Junction) Their profits must be staggering considering they get virtually free ads on millions of 100 hits/day websites. DOes anyone ever get a payment out of them??? Let Scamdex know Click.
Feb 8, 2008: IRS Phishing Email 'Refund Notice'.
Dec 15, 2007: DV (USA Green Card) Lottery Scams on the increase.
Online Merchants need to be alert too!
Internet Fraud costs merchants too. In most cases, the charges levied by the
payment processing organizations far exceed the actual value of the goods/services supplied.
ICANN licenses domain name registrars (RAAs) to collect information on registrees. They have a duty to make sure the information is correct, and take reasonable steps to get obviously invalid information corrected. Scamdex is concerned that hoax websites always have fake information, that could presumably be easily verified. Phone numbers, email addresses and names are easy to verify - why arent they?
Read the report here (pdf)
Sept 29 2007: Now the Nannies are a target!
Scamdex has seen a recent rash of emails offering employement to nannies - but before they come to take up their position, there's just one little job that needs doing - accepting a payment and sending on the rest, after taking out your commission.
Eastern Europe is becoming the capital of hi-tech crime. Gangs operate in Russia, Romania, Ukraine, Estonia, Latvia and Lithuania. The gangs are well organized.
Lance James, chief technical officer for Secure Science, who spends his time tracking down hi-tech crime groups estimates that each phishing gang is making between $100,000 to $300,000 per month.
His investigative work leads him to believe that there are between 50 and 60 Eastern European groups involved in phishing. Approximately 75% of all the phishing e-mails sent out originate from only 42 of these crime groups.Read the full article here
Sept 22 2007 : New Employment Scams
Updated October 4 2007: Here are the latest incarnations of this scam:
Avangar Technologies (AVANGAR.ORG, AVANGAR.COM, AVANGAR.BIZ, AVANGAR-EUROPE.ORG)
BioPerformance etc. - I only got interested in this because it was sent around by email and the CEO/proponent was a well known Texas preacher. I'd better get back to the spoof job websites, lottos and recently deceased nigerian contractors. More here.
The scam goes like this: You sign up with a company that promises 300-500/week receiving payments and forwarding them on. The payments arrive (certified check/cheque, natch!) and you forward on the payment (by Western Union, natch!) after deducting your 5% commission.
All looks good until the bank rejects the 'Certified check', perhaps two weeks later. By this time, you've sent a bunch of payments on........ Gotcha!!
This oufit has been doing this for a while: Domain owner of AVANGAR.COM and AVANGAR.ORG is :
Name : LeiMomi01 Design Email : -+-email@example.com Address : P.O. Box 351019, Brooklyn, NY Zipcode : 11235 Nation : US Tel : 718-213-4074 Fax : +1.302-338-7956
Email address is pretty constant: firstname.lastname@example.org, only the domain names change. My guess is that they operate out of Singapore.
Update Sept 15/2007
Update Sept 29/2007
Sept 1 2007 : 'Sickening' Scamsters Target Katrina Victims
Computer users are being urged to be on guard for a bogus e-mail that pretends to offer news updates about Hurricane Katrina as a means to infect their PCs.
The malicious e-mail gives a brief news bulletin on the disaster before urging people to click "read more" and be taken to the full story on a website. Yet once directed to the website, a virus is sent to the user's computer.
People are also being told to watch out for fraudulent e-mail scams pretending to raise cash for Katrina victims.
The separate virus and fake donations bogus e-mails have been discovered by com+p-uter security firms SophosLabs and Websense Security Labs. They are similar to previous fraudulent e-mails connected to last year's Indian Ocean Tsunami.
Under the virus scam, the hackers send a "Trojan" virus to the victim's computer, which can give them complete access to, and control of, its files.
While the user is not infected if he or she simply read the e-mail without opening the attachment, people are urged to delete such e-mails immediately. It is also recommended that people check that their virus-protection is up to date. To avoid being conned out of money, people are being urged to double-check the validity of any charity which asks via e-mail for a Katrina donation.
"The hurricane is a dreadful natural disaster, and it's sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft," said SophosLabs senior technology consultant Graham Cluley.
I've been disturbed by the lack of any real effort by some of the organizations that are being used (fraudulently) to spin scams, particularly Phishing scams. I believe that all organisations should have a 'spoof@<insert_name_here>' email address that is monitored 24/7 to catch these scams the very second they are first seen. In this business, a few hours can mean the difference between a bicycle and a limo for the scammer, and make some people's lives very unpleasant indeed.
I suggest you all send an email to your favorite company (banks especially), using the 'spoof@' email address and see which ones bounce. This would probably be a good indicator of that organization's commitment to on-line fraud.
National Westminster Bank (UK Bank) email@example.com
... and some good organizations who HAVE implemented the spoof@ email address::
July 2007 : A word about Western Union....
Everywhere I look, one name keeps coming up time and tme again... Western Union (Money Transfers). Every scam I have ever seen eventually comes down to this... send me some money via Western Union. Almost every reputable website says something to the effect of 'Do not use Western Union;
Here is Their FAQ Note that they can only cancel or refund money if you- catch ot before they'vve paid out - after that you are very much on your own. They at least have the decency to state:
"Western Union does not recommend sending money to anyone you don't know. Only transfer money to someone you know personally or whose identity you can verify!
If you are purchasing goods or services and paying through the Western Union network, you do so at your own risk. Western Union does not recommend use of its money transfer service when doing business with a stranger and is not responsible for the non-receipt or quality of any goods or services."
Don't just take my word for it - here is what everyone else says about this very profitable company:
May 2007 : One in 20 'fall for online fraud'
A BBC report says that online frauds are becoming more sophisticated. One in 20 UK internet users say they have lost money through online scams, research into spam emails suggests. Almost half say they have received so-called phishing emails aimed at tricking them into revealing details like online banking passwords. Other frauds include paying for items which never arrive and sending cash following a demand from a bogus email.
Online frauds often totalled less than £100 ($190) which might make it easier for criminals to carry on undetected as such amounts may be overlooked. See the full article here .