Big Internet (Facebook, Google) gets serious about Email Scams.

And this time, they seem to be serious, joining together these powerhouses:

* Big Internet: Google, Facebook, Microsoft, Yahoo, AOL, LinkedIn etc.

* Big Money (aka financial service providers): Bank of America, Fidelity Investments and PayPal.

* Big Security: Agari, Cloudmark, eCert, Return Path and the Trusted Domain Project

To fight Email Scams, specifically Phishing Scams. Such scams try to trick people into giving away passwords and other personal information by sending emails that look as if they come from a legitimate bank, retailer or other business. When Bank of America customers see emails that appear to come from the bank, they might click on a link that takes them to a fake site mimicking the real Bank of America’s. There, they might enter personal details, which scam artists can capture and use for fraud.

To combat that, 15 major technology and financial companies have formed an organisation to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC – short for Domain-based Message Authentication, Reporting and Conformance. In a nutshell, it is another way (in addition to the SPF and DKIM checking already available) to make sure hat an email is really form the organization that it says it is.

Most Phishing emails pretend to come from a respected institution and it is a simple matter to claimthat the message came from the domain name of the trusted entity. This is the first step in establishing trust – if an email arrives that seems to come from ‘accounts@paypal.com’, one’s guard is just that little bit lower.

DMARC aims to prevent those emails from ever arriving by intelligent checking and has a feedback mechanism that alerts the real organization that the event has occured.

It’s not going to stop email from addresses that use obfuscated (accounts@paypal.com.asjdgh.gyutut.com) or maliciously mis-spelled (accounts@paypai.com) or just completely fake email addresses (accounts@paypalbillingsupport.com)
…but it’s a start and Scamdex for one applauds it!

More information [than anyone probably needs to know] is available at the DMARC website

Swoopo, BidRivals (and other Penny Auction sites) – Are they a Scam?

My answer is ‘Probably Yes‘!

These sites (and there are plenty of copycats) appear to operate as eBay-type auctions, but they have several important differences which people need to be aware of: The main one being, unlike eBay, when the auction ends, it doesn’t!

These are not real, fair auctions like you’d expect – you bid in tiny increments, say a penny – but, every penny costs you around 60 cents (or equivalent local currency) and every bid costs money so the more bids that are made on an item, the more money the ‘house’ gets. Everyone pays, not just the winner and simple math shows that the company nearly always equals or exceeds the value of the item in bids.

It’s obviously a huge money spinner – a few ordinary goods seem to be going for $5, when in reality they can be paid for many times over by the losing-but-paying other bidders. (more…)

Dont try to scam Scamdex, Ok?

I give my cellphone number out to very few people. Friends, relatives, Scamdex-related business and the occasional on-line order, if they insist. So when I get a call, it’s normally someone I know personally or business. So I was surprised to get a call from an outfit called ‘Auction Profits LLC’ (http://www.auctionprofitsllc.com) , asking me if I want to make money with drop-shipping on eBay.

After listening to their inept spiel which seems to involve mentioning eBay and MONEY as often as possible, I asked them where they got my phone number and name. The claim was that I had placed an order with another company called ‘Online Supplier’ (http://www.onlinesupplier.com) . They knew my name, address and phone number and indicated that they had additional credit card information as well.

When I persisted, I was zapped to the supervisor who blustered about how I must have bought something from them before and, anyway, how about making some money on eBay?

He completely missed the point that I made that I run a website devoted to exposing scams (such as his) and he dropped my call. I got a weird ‘private’ call a few minutes later (2 minutes of static followed by a ‘sorry wrong number’) which I strongly suspect was them.


e-Gold indicted on money-laundering charges

e-Gold, in Melbourne, Florida issued the following shock announcement on their website.

“On April 24, 2007, a Federal Grand Jury handed down an indictment charging e-gold Ltd., Gold & Silver Reserve, Inc., and the Directors of both companies with money laundering, operating an unlicensed money transmitter business, and conspiracies to commit both offenses.”

If half of what they claim is correct, they are being subjected to overreaching and unfair treatment by the US Justice Department. Obviously this is a legal area that challenges the most experienced legal & financial minds and breaks new ground on long-founded laws, designed to deal with bricks and mortar institutions (banks) and bricks of actual gold.

They go on to claim that their security measures are more stringent than those of banks, and that as they only ever accept bank-to-bank transfers (no cash or check operations), they cannot be accused of money laundering as no money is involved.


eBay feels the pain of phishing (at last)

A news report in eWeek has me chuckling ruefully. A Romanian calling himself ‘Vladuz’ is causing havoc at eBay and eBay has been forced to take notice. Due to a combination of spam phishing attempts by emails such as these, and (he claims) hacking of the eBay databases, he has been able to get access to thousands of eBay accounts, creating bogus listings, which in turn end up being a one-way conduit of cash for the scammer.

eBay LogoThis is nothing new. The scale is all that has changed. Scamdex has been working with some brave, tireless, selfless individuals who are so incensed with the listing of obviously (to them) counterfeit, bogus or downright fraudulent auctions that they have bombarded eBay customer support to report and bring down the listings before anyone got caught [more].