Phishing

Scamdex Data used in Research – if only they’d asked!

So a routine search turned up a little Research Paper from the University of Nebraska in Omaha.

Trends in Phishing Attacks: Suggestions for Future Research (2011) | Ryan M. Schuetzler | University of Nebraska at Omaha, rschuetzler@unomaha.edu

While I’m flattered by being used as a creditable source, I am upset that they:

  1. Used the Scamdex Email Archive without permission.
  2. Did not contact Scamdex to get permission.
  3. Used ‘Screen Scraping’ tools to (in their words)

    …To obtain a corpus of phishing emails, we scraped 2709 emails from Scamdex.com (“Email Scam, Internet Fraud, IdentityTheft & Phishing Resource,” n.d.). This corpus contained emails over a 3-year period from November 2006 to June 2009.These emails were submitted to Scamdex by recipients of phishing attacks..

  4. Did not credit Scamdex in their references.

The legality of screen-scraping, a term used for software tools that extensively mine or extract information or complete contents of a website, is debatable – Generally speaking, if commercial use is made of the result then it gets a bit tricky, but for research purposes a lot more latitude is generally given. The Electronic Frontier Foundation has a good one-pager on Fair Use.

If asked, Scamdex would have been completely happy to collaborate. We do ask (nicely) that …

“Any derived content from the Scamdex.com website must clearly show attribution to Scamdex.com as the source and must include a link to the original information”. –http://www.scamdex.com/About-Scamdex.php#use

Scamdex is happy to be used as a research tool, but in future – ask first, then make sure it is credited – is that too much to ask for?

Facebook Phishing Attempts and How To Spot Them

Facebook users often use the email notification service to inform them of events on the site, whether it’s a new friend request, a reply to a comment or a photo tag. The notifications always have a handy button to get to the exact point in the site of interest. The problem is trying to work out whether to trust the links.

FaceBook doesn’t exactly help it’s users to feel comfortable – it uses long complex strings in it’s URLs, odd domain names and a range of different email formats and senders. If it just sent a link to the item (eg. http://facebook.com?id=987112) then we could be sure we’re not going to suddenly become friends with a scammer or perform some other action.

Ed Bott over at ZDNet has compiled a set of real and fake Facebook notifications and invites you to try to see which is which. The fact that this is so difficult is a perfect illustration of the problem.
The simple answer is to never click on links purporting to come from Facebook unless they have some obviously personalized information that you recognize (and perhaps not even then). Scam/Spammers don’t often have the time or skills to hand-craft each email so they will be very generic.

Best practice to avoid phishing attempts is to NEVER click on any links received by email. Always type in the URL yourself or use a bookmark then you won’t get any nasty shocks!

Read Ed Bott’s article in full Here

Another good tip is to keep your computer updated with the top cloud security software to make sure that your data does not get phished or other computer data attacks occur. It is less likely to have that happen if you have a good security program installed.

Golden 1 Phone Scam hits Sacramento

Social engineering is an approach used to gain unauthorized access to or acquisition of information assets. This approach relies on misrepresentation and the trusting nature of individuals, and is often carried out through the use of phishing telephone calls or email.
A phishing telephone call or phishing email may sound or look as though it comes from an organization you do business with, such as a bank or government entity, but they are generally from a scammer trying to obtain your personal information under false pretenses.

This particular scam is being carried out by telephone as follows:

An individual leaves a message on an employee’s work phone number, stating they are with the Golden 1 Credit Union. In this scam, the message states that the targeted person’s credit and/or debit card has been temporarily suspended and instructs them to push “1” to reach security. Do not push “1”. If you push “1”, a second recording will ask you put your card number. DO NOT PUT IN YOUR CARD NUMBER!!!!

The following are general practices to avoid becoming a victim of these types of scams:

• Do not respond to unsolicited (spam) e-mail. Simply delete it.
• Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail, telephone or other means.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
• Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.
• Do not provide personal or financial information to anyone who solicits information.

The Golden 1 Credit Union has been made aware of this scam. Additional information from Golden 1 Credit Union regarding fraud is available on their website at: https://www.golden1.com/privacysecurity/phonefraud.aspx

Round-up of Internet Scams in the News

USA

Door-to-door scam in Watertown
News 10 Now – Syracuse,NY,USA
WATERTOWN, NY — Police in Watertown are warning homeowners of a possible scam involving a person claiming to be from the Toys for Tots program.
At about 3 p.m. on Thanksgiving Day, police say a white male came to a door on Portage Street asking for a cash donation for Toys for Tots. His request was denied and he left.

GEORGETOWN: Man charged in package scam

Delmarva Daily Times – MD,USA
GEORGETOWN —
The Delaware State Police charged a 39-year-old Milford resident for theft by false pretense after he reportedly intentionally stole packages he was supposed to deliver for victims. The investigation began Nov. 16 after two victims came forward to police and reported Luis D. Bravo, 39 of Milford Harrington Hwy, Milford, had defrauded them.

Craigslist scam cheating Denver residents
United Press International – USA
3 (UPI) —
Some Denver homeowners say they and unsuspecting renters have been victimized by a Craigslist scam apparently based out of Nigeria.Homeowner John Kurowski said the Web site had featured an advertisement that placed a property he owned up for rent at a cheap price without his consent, KCNC-TV, Denver, reported Wednesday.

New Scam: Pay up, or Die!
Tampa Bay’s 10 – St. Petersburg,FL,USA
Brooksville, Florida —
The Hernando County Sheriff’s Office wants to warn people about a new email scam trying to scare people out of their money. You can read the entire email below.The subject line of the email reads: “I felt very sorry and bad for you” from “jackbrown1@centrum.cz.
Bogus IRS e-mail aims to steal identities

Rocky Mount Telegram – Rocky Mount,NC,USA
Local residents risk falling prey to identity theft if they respond to a recent e-mail in which someone bogusly claims to be the Internal Revenue Service in need of personal information. The IRS had nothing to do with the latest letters that were sent out via e-mail to Rocky Mount residents, a spokesman said. “It is a phishing scam. The IRS doesn’t send out unsolicited e-mails.” Hanson said people who respond to the e-mails risk identity theft or worse.

Salina Man Ripped-Off in Internet Scam
KSAL – Salina,KS,USA
A Salina man is bilked out of nearly $18500 in an internet scam. Police say that back in August a 39-year-old Salina man met a woman on the cupid.com.
AG: Lakewood charity a scam
Denver Post – Denver,CO,USA
Authorities said the scam has been going on since 2007. According to court documents, Smith and Stokes told donors that Family Relief Fund collects money.
Autocall Scam Rings local Phones Well Into The Night
Rome News Wire – rome,ga,USA
hang up and do not give you bank account number. It is not yet clear where the calls are originating from or if anyone local has fallen prey to the scam.
New Scam Out Of Africa Rents Homes On Craigslist
cbs4denver.com – Denver,CO,USA
One look at the price in the ad and it was clear this was a scam. The ad listed the price as $1300 a month for a five bedroom, incredibly charming home.
Alleged Fresno Scam Rents Out Foreclosed Homes
KMPH Fox 26 – Fresno,CA,USA
Kinard says she is just one of about 20 families in Fresno who were fooled by the scam. “One of the best pieces of advice is always do your homework,” said
Phone scam targeting North Iowa again
Mason City Globe Gazette – Mason City,IA,USA
Please submit your comment only once. Your comment will be posted immediately after submission. By submitting this form you agree to our Comment Policy.
Consumer agency warns about holiday scam
WACH – Columbia,SC,USA
The South Carolina Department of Consumer Affairs warns consumers about a class-action lawsuit scam. The scam involves an unknown person who calls consumers
Sheriff’s Department warns of bond scam
Grand Haven Tribune – Grand Haven,MI,USA
AP Breaking News Video The Ottawa County Sheriff’s Department is warning residents of a phone scam asking for bond money. According to Lt. Lee Hoeksema,
San Francisco Chronicle

A restaurant reservation scam
San Francisco Chronicle – CA, USA
Part of the answer came last week from an East Bay restaurateur who emailed me about a recent scam. During a two-month period the restaurant owner received

Ohioans are warned of insurance scam
Chillicothe Gazette – Chillicothe,OH,USA
COLUMBUS – The Ohio Department of Insurance is warning people about a recent phone scam in which the caller claims to be from the person’s auto insurance
United Kingdom

Lapland ‘scam‘ costs woman £3000
BBC News – UK
A woman fears she has lost £3000 after buying more than 100 tickets to a Lapland-style theme park described as a “scam” by scores of angry visitors.

Updated 12/2: Phony grandson sets up ‘grandma’ in money scam
Pioneer Press Online – Glenview,IL,USA
By JENNIFER JOHNSON jjohnson@pioneerlocal.com A Park Ridge woman lost $3600 last week after she wired money to a person she believed was her grandson.
See all stories on this topic
Aimetis Symphony Thwarts Card Skimming Scam at One of the Nordic’s
MarketWatch – USA
that its surveillance platform, Aimetis Symphony(TM) played an instrumental role in thwarting a card skimming scam at ICA Maxi Superstores in Sweden.
Phillipines

LOCAL NEWS: House resumes hearing on fertilizer scam
Philippine Star – Manila,Philippines
By Alexa Villano Updated December 02, 2008 02:58 PM The House Committee on Agriculture resumed its hearing today on the controversial fertilizer scam with


US-CERT Re-Issues Warning about Shopping Online

This is a notice that you should send to your family and friends, (especially the ‘silver surfers’) and maybe even stick on the ‘fridge door and on the side of your monitor, just so you remember. Help make this a Scam-Free Christmas!

US-CERT Issues Warning about Cyber Shopping

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers.  Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

  • Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
  • Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
  • Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

  • Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.
  • Keep software, particularly your web browser, up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
  • Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information . Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
  • Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information . Legitimate businesses will not solicit this type of information through email.
  • Check privacy policies – Before providing personal or financial information, check the web site’s privacy policy. Make sure you understand how your information will be stored and used.
  • Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock icon in the bottom right corner of the window.
  • Use a credit card – Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can
    further minimize damage by using a single credit card with a low credit line for all of your online purchases.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

This document can also be found at  on the US-CERT Website, HERE

Two REALLY good reasons to use FireFox as your web browser…

I know I keep banging  on about this, but one of the easiest and cheapest ways to protect yourself from online scams and phishing is simple: Change your Web Browser!

Here are two really good reasons why you should use FireFox to surf the web instead of the ubiquitous Internet Explorer.

Firefox includes strict anti-phishing and anti-malware measures and it’s open source so it has thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.

1. Anti-Malware

Firefox 3 protects you from viruses, worms, trojan horses and spyware. If you accidentally access an attack site, you’ll receive a full-sized browser message as a warning. A continuously updated list of attack-sites tells us when to stop you from browsing, so there’s nothing for you to update or maintain.

Anti Malware Warning in FireFox

Anti Malware Warning in FireFox

2. Anti-Phishing

Shop and do business safely on the Internet. Firefox gets a fresh update of web forgery sites 48 times in a day, so if you try to visit a fraudulent site that’s pretending to be a site you trust (like your bank), a browser message—big as life—will stop you.

PhishTank.com – Anti Phishing Website that Gets Results!

PhishTank.com – Anti Phishing Website!

Here’s the thing – from now on, ANY TIME you get an email that sends you to a PayPal/Bank of America/Google Adsense/eBay/your-bank-name site that you know is a scam site [that just wants your login/password/credit card/bank details] – immediately report it to PhishTank.com.

Image

They are the database that many browsers and security firewalls automatically use – within seconds, millions of people are protected!.  To see if YOUR browser/network is using this service, try this url picked at random from Phishtank’s database this morning – http://bloccatoinlinea.net/

I use Firefox mainly and for me, I get a nice message like this:

Firefox Warns about visiting a Phishing Site

Firefox Warns about visiting a Phishing Site

If you get ‘straight through’ without any warnings then you need to seriously consider upgrading your browser to FireFox 3 or even the spiffy new Google Chrome.

Is it worth the effort of reporting it?

Trust  me , this isn’t the same as sending an email to abuse@hotwebsites-r-us.cn and hoping that something will happen – this is the real deal – Your submission goes into the Phishing database, people are invited to check your submission and vote on it (for or against) and (assuming it’s approved) one more scam website is defeated!

Once you’ve done it once, you might like to signup and join the band of selfless individuals who monitor, verify and discuss these things (look out for ‘scamdex’!).

Good for your sense of moral outrage and good for the general public – help stamp out Phishing – go to Phishtank.com and sign up NOW!

Anatomy of a Secondary Scam – Taking down a Nigerian Scam

After receiving this email …

Attention:

This email is not in any manner directed to you, but its purposely and specifically directed to Nigeria Scam victims. . However, if you have fallen for Nigerian Scams, do not hesitate to contact us or visit our website for more details on how we can help.

We shall be waiting to hearing from you been certain that you were truly scammed by a Nigerian and you have proves to back your claims. Please read the full report at our website: http://www.nigeria-scamvictims.itgo.com/

Yours faithfully,
Brian Adams
Nigerian Government Reimbursement Committee

I was interested enough to play them along to see where it lead. so I sent this email in reply …

I have been scammed by some Nigerians – they took $30,000 from me – how can I get it back?

Mark

The reply was ….

Snapshot of the ScamsRefund.Org website, before it is taken down

Dear Mark,

Thank you for responding to our mail, Please find the attached Application Form and fill it appropriately. Please complete the form and return to us for an immediate processing, ensure that you provide sufficient information that might lead to the arrest of the Scam Artist.

Make sure that you attach all necessary proofs, facts and payment receipt made when transacting or communicating with the Scam Artist as this would help us to trace the true identity of the person behind the wall.

Under this act, the Federal Government of Nigeria with an effort to fight internet fraud and other immoral and illegal use of the internet, the government has also complied with the United Nations regulations in a recent meeting held at Abuja, the Federal Capital of Nigeria, to reimburse 150 scam victims. This is done to redeem the image of Nigeria both home and abroad.

We are hopeful that your Application meets the required standard and thus qualify you for the reimbursement which would be done without any problem.

Moreover, ensure that there are no discrepancies in the information you are submitting because we are going to speak with you over the phone and ask you some few technical questions as regards your application in order to authenticate your request.

If you need further assistance, please do not hesitate to contact us, and if you experience some difficulty downloading the Application Form, kindly let us know so that we can resend it in another format or you log on to our website to complete the form.

Yours faithfully,
David Bamko
Anti Nigeria Scams Dept.
www.scamsrefund.org

So, I filled in the form Scams Refund Form and waited …

(more…)