Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Email and Pop-up Scams

News Recommended Links Frequently asked questions (FAQs) Identity theft eMail Security Chronicle of Phishing Expeditions Addressed To Softpanorama Spam
Nigerian "Frozen Assets" Scam Hijacked Identity Problem Postal Forwarding Scam BONZI’s Scams ("Your computer is broadcasting ... ) Malware Related Scams    
Porno Webmaster/money laundering Scam Payroll transfer scam Bank loan spams nstaKiss password-stealing scam Electronic Greeting Card Scam Ebay Identity Theft Scam Bank Account Deactivation scams
Friend Greetings Spam Trojan Fake eBay Escrow sites Con artists troll for patriotic consumers   History Humor Etc

Please be aware that a large number of email users are targeted by con artists.   Two largest growing categories of email scams are:

Here are some  preventive measures that might help to reduce the risk (see also Spyware info and Softpanorama Malware Removal Guidelines ):

A scam email usually contains links clicking on which can lead to undesired consequences. Think twice before clicking on any link in suspicious e-mails. Do not download and install any component or plug-in even if the site is suggesting it is necessary to view the content of email. One of the oldest deceptive pop-up scams was  Gator.  In April 2002, Gator had been implicated in a questionable practice some are calling "drive-by-downloads". In this scheme, a normal banner or popup ad will attempt to install spyware (executable code) on the user's PC. Depending on the browser's security settings, the software will either download silently and without any user action, or present an install dialogue. Novice users may choose "Yes" thinking the browser is asking to download a legitimate page-display plugin. Ben Edelman, a Student Fellow at the Harvard Law School, has performed detailed analysis of the Gator/GAIN software as part of a pending legal case between Gator and sites it displays competitors' advertising on.

Always question Internet promotions in e-mails that came from strangers, including electronic greeting cards. If promotions are too good to be true, they probably are. In case of electronic greetings cards, always verify pertinent information (e.g. check if the site is legitimate or a bogus, never accept greeting cards from domains other than large legitimate free greeting cards services like Yahoo! Greetings or Hallmark Greeting Cards; in case you encounter another you should check it using some list of reputable vendors, for example FreebieList.com Free Digital Postcards and Electronic Greetings).

Do not respond to the deceptive Web or email advertising. Deceptive advertising is illegal. "A nationwide class action lawsuit was filed on November 25, 2002, in the Superior Court of Spokane County against Bonzi Software, Inc. Bonzi is among the world’s most prolific issuers of internet advertising banners. Ads are highly misleading. See some samples. It is Bonzi, which is responsible for those irritating popup ads which say things like 'Your computer is broadcasting an internet IP Address...' and 'Your internet connection is not optimized ...'"

In no way you should disclose any personal information in e-mail or in the Internet form that was send by email (this scam is called phishing, see for example Bank Account Deactivation scams, or  Bank loan spam); In all such ceases email contains a form that the user needs to fill. The form contains sensitive personal data need to withdraw money from the account. The recent scam of this kind pretends to be from company payroll and it asks you where they need to transfer your next paycheck. Please remember that company payroll uses WEB form for this and in no way your bank accounts, credit card numbers or social security numbers can be disclosed in email to anybody.    

Security and trust are major issues for e-commerce and company users should be especially vigilant about Internet fraud and identity theft over the Christmas period. See for example Ebay identity theft scam below

Email scam letters are sometimes customized (with user name in the body of the message). That makes them pretty close to normal business correspondence and thus they are not filtered by the spam filter. 

Internet scam letters are sometimes customized
and thus are not filtered by the spam filter.

Recommended Links

Google matched content

Softpanorama Recommended

 

FAQs

Q1: How to recognize Citibank Spoofing scam

A: While such e-mails appear to be from a well-known company they are easily detectable as real web site the links lead to is different from the web site shown in a link. For example link can be

https://web.da-us.citibank.com/Iogin.ref.49/scripts/cIient_conf.jsp

but actual website  that is shown in the left bottom of IE screen if you move the mouse to the link without clicking on is different, for example

http://213.2.96.94:87/cit/index.htm

In any case banks are now never sen you emails that contain forms, this is a very unsecure practice. This actual link leads to a spoof web site which provide a form for updating or confirming sensitive personal information. To bait you, they may allude to an urgent or threatening condition concerning your account.

Please note that even if you don't provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses.

Q2: I got a email with the subject

 Re: official Information To Citibank Clients [Wed, 10 Nov 2004 12:41:38 +0200]

[The letter with Citibank scam is attached] This seems to be a scam of some sort. I suspect the java script they reference attempts to exploit some weakness in Windows. Should I send such things that make it through the spam filter to you or someone else, or what?

A: No this is a typical Citibank financial scam letter:  they have a form where you can of your financial data that are enough for money transfers and they usually try to withdraw money from this account as soon as they get the data.

Usually you do not need to inform us about such things (unless you acted on them).

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

News

[Dec 1, 2004] Beware fake e-commerce sites offering 'bargain' Christmas gifts.

This sophisticated fraud works when people search on the internet for items they want to buy, and click on a link. They are then directed to a legitimate looking web page and instructed to 'Click here to download images' of what they want to buy. What they end up downloading is a self-extracting zip file that installs a Trojan on their PC.

This malware then redirects legitimate financial institution links to fraudulent websites allowing the scammer to harvest the user's details.

Between 80 and 100 new phishing websites are starting up daily. Scammers are getting much more sophisticated and they are harder for users to detect.

Please remember, if it looks too good to be true, it probably is.

[Dec 2, 2004] Reminder about the identity theft emails targeting company users

Recently there have been a dramatic increase of identity theft attempts activity directed toward company users: a sharp rise in so-called phishing e-mails, which attempt to steal consumers' user names and passwords by imitating e-mail from legitimate financial institutions (mainly banks). The most recent example of such fraudulent letter is reproduced below:

Please note that all such financial scam attempts usually contain a link in the email and a demand for immediate action to use this link with wording like "process is mandatory", "your account may be subject to temporary suspension." or "This instruction ... is obligatory to follow". Please be aware that presence of such link and any "demanding action" phases is a sign of financial scam.

We advice you to call your bank in case the letter addresses to you looks credible. Never try to answer such requests by mail. Never put your any financial data into the forms that are links to emails.

Thank you for your cooperation.

[Aug 18, 2004] Another Citibank scam

Subject: PIN Number Update From Citibank
From: "Citi Identity Theft Solutions" <[email protected]>

Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

Please make sure you have your Citibank ATM/Debit card and recent statement at hand.

To securely update your Citibank ATM/Debit card PIN please go to:

https://www.citibank.com /signin/citifi/scripts/login2/update_pin.jsp

Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.

Thank you for your prompt attention to this matter and thank you for using Citibank!

Regards,

Beryl Arroyo
Head of Citi® Identity Theft Solutions

Copyright 2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.

[Jun 14, 2004] MSNBC - Survey 2 million bank accounts robbed

'Constant siege'
The trend neatly follows a sharp rise in so-called phishing e-mails, which attempt to steal consumers' user names and passwords by imitating e-mail from legitimate financial institutions. A Gartner study released in May showed at least 1.8 million consumers had been tricked into divulging personal information in phishing attacks, most within the past year.

Phishing attempts designed specifically to steal bank information began to skyrocket about 10 months ago, according to Dave Jevans, chair of the Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000 percent in the past six months, and just last month, Citibank overtook eBay as the most common target. The company faced an average of 16 attacks per day, and 475 separate phishing attacks during April, an increase of nearly 400 percent from March.

Citibank didn't immediately return requests for comment.

"It's working, there's no doubt about that...There's people who are under constant siege now," Jevans said. "It's like people setting up fake ATMs everywhere."

Some days, banks are targeted dozens of times, which not only leads to identity theft, but also jam-packed customer service telephone lines.

"Clearly the issues are far more significant than anyone expected they would be. Phishing and spoofing (setting up look-alike bank Web sites) are really getting to people," said Larry Ponemon, founder of privacy think tank Ponemon Institute, and a bank consultant. "It is an epidemic. It's a very big problem."

Creative ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts, according to industry experts. Computer criminals are becoming increasingly proficient at writing Trojan horse programs and keyloggers that steal passwords and account information. Such secret malicious programs, which exerts say are more widespread than many realize, could be the cause of up to half the account takeovers, Litan speculated.

Such programs can be installed on home users' computers through virus-laden e-mails. People who do their online banking at public computers, such as at Internet cafes, are also at risk from this kind of password swiping.

[Jun 10, 2004] theBakersfieldchannel.com - Money - Protect Your Bank Account From Financial-Aid Scams

With college tuitions skyrocketing, families are looking for creative ways to pay for their children's education.

But unfortunately, the Federal Trade Commission says many families fall prey to scholarship and financial-aid scams in the process.

 

The FTC has taken action against 12 financial-aid companies in the last four years.

In one case alone, at least 12,000 families were taken for more than $13 million. The companies made promises for college money that was never received.

But the best advice from college financial advisors is don't pay for what you can get for free.

John Casdorph has spent 25 years helping students find financial aid at Cal State-Bakersfield. He warned families to be weary of companies that offer financial-aid services for a fee.

"The chancellor's office at CSU has a position on companies that charge to provide a search service for financial aid and they don't encourage students to use those services," Casdorph said.

One New York-based company, Edifi, is coming to Bakersfield this weekend to host a free workshop. However, there is a price tag attached. If consumers decided to use Edifi while at the workshop, they are charged $895. However, if they wait, then the price goes up to $1,295.

Connie Alarcon of the Better Business Bureau said consumers shouldn't sign under pressure.

"If you are going to a workshop and they are telling you that you need to sign 'this document, at this point in time or the discount isn't available to you,' it's better that you are safe than sorry," Alarcon said.

Edifi has an unsatisfactory record with the New York BBB, but has not been investigated by the FTC.

John Braat, the chief operating officer for Edifi, defended his company and said that Edifi has been working to resolve complaints and improve its BBB rating.

Alercon said consumers should rely on the BBB report.

"We are here to help educate consumers and to help them from getting scammed or be in a situation where they aren't going to get their money back," Alercon said.

Casdorph said you should use your free services from local colleges and university financial-aid offices.

"We exist here as a financial-aid office to help students for free. We'll counsel them on financial-aid applications. We'll help them fill out forms. We'll even give them direction on how to search for scholarships, which is the harder part of financial aid," Casdorph said.

You can use CSUB, Bakersfield College, or any community colleges financial-aid services for free, even if you haven't been accepted as a student.

To contact the CSUB financial office, call (661) 664-3016 or stop by during office hours. To contact Bakersfield College, call (661) 395-4427.

[May 12, 2004] Very similar to PayPal scam. Bank account scams: email tries to fool the users into filling a email form with their account information. Can take several forms, see below

Dear U.S. Bank account holder,

In an effort to protect your U.S. Bank account from future fraudulent activities, we have issued this Information Alert.

We hereby recommend that you make an amendment to your account security features. Once you have amended your account information, your access to your bank account will not be interrupted and will continue as normal. However, failure to make this amendment may result in your account suspension for a certain period of time.

Please fill in your account information and make necessary amendments below:

Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.

[Dec 12, 2003] www.smh.com.au/Pickings grow slim in the land of the email scam

Nigerian fraud just doesn't pay like it used to, writes Philip Sherwell in Lagos.

With his gold rings, flashy watch and easy line in patter, Udo Akpan is every inch the professional con man. He slouches in his chair in a noisy bar in Lagos and reminisces about his 11-year career as a fraudster.

It has been a good life, he says, one that has allowed him to support his wife and two children and treat himself regularly to a new Mercedes-Benz or BMW. 

Nothing lasts for ever, however, and Akpan, who is originally from southern Nigeria, is thinking of going straight. Not after a sudden twinge of moral rectitude, he explains, nor because of the Government's clampdown on fraudsters, but because his crimes no longer pay like they once did. 

Akpan is known in local parlance as a 419-er, the nickname stemming from an article in Nigeria's criminal code outlawing junk-mail frauds that promise a share of non-existent fortunes once an advance fee has been paid. 

The email appeals, typically couched in tortuous English, are notorious. "Dear Sir, I am Marian Abacha, widow to the former military head of state, late General Sani Abacha, who died suddenly as a result of cardiac arrest. I currently have $12 million which I wish to transfer out of Nigeria with your help. I will pay you 10 per cent commission for the kind use of your bank account . . ." 

The scam email works because the sender claims to have access to millions but cannot get the money out of the country. In return for providing details of a bank account so the money can be smuggled out - and paying a fee that will be used for essential bribes - the victim is promised a large cut of the cash.

Akpan claims to have made thousands of dollars from such cons. 

Nigerians have become so skilled at their con tricks that the 419 industry is estimated to be the country's biggest foreign currency earner.

Akpan has little sympathy for his victims, regarding most of them as "greedy fools" who were happy to collude when they thought there was easy money to be made.

He also attempts to mount a political defence of his business, arguing that because Africa had been exploited for centuries by the white man, his is a system of reparations. 

The 419 fraud has become so notorious outside Nigeria, however, that Akpan's bogus appeals are falling on stony ground. 

"I've barely made a dime in the last two years," the university-educated 38-year-old laments. "There's too much publicity about the 419 these days. People are catching on."

The Telegraph, London   

Bank account deactivation scams

[Dec 2, 2004] Reminder to about the identity theft emails targeting company users

Recently there have been a dramatic increase of identity theft attempts activity directed toward company users: a sharp rise in so-called phishing e-mails, which attempt to steal consumers' user names and passwords by imitating e-mail from legitimate financial institutions (mainly banks).

Please note that all such financial scam attempts usually contain a link in the email and a demand for immediate action to use this link with wording like "process is mandatory", "your account may be subject to temporary suspension." or "This instruction ... is obligatory to follow". Please be aware that presence of such link and any "demanding action" phases is a sign of financial scam.

We advice you to call your bank in case the letter addresses to you looks credible. Never try to answer such requests by mail. Never put your any financial data into the forms that are links to emails.

Thank you for your cooperation.

An email tries to fool the users into filling a email form with thier account information.  As MSNBC article  Survey 2 million bank accounts robbed suggests:

'Constant siege'
The trend neatly follows a sharp rise in so-called phishing e-mails, which attempt to steal consumers' user names and passwords by imitating e-mail from legitimate financial institutions. A Gartner study released in May showed at least 1.8 million consumers had been tricked into divulging personal information in phishing attacks, most within the past year.

Phishing attempts designed specifically to steal bank information began to skyrocket about 10 months ago, according to Dave Jevans, chair of the Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000 percent in the past six months, and just last month, Citibank overtook eBay as the most common target. The company faced an average of 16 attacks per day, and 475 separate phishing attacks during April, an increase of nearly 400 percent from March.

Citibank didn't immediately return requests for comment.

"It's working, there's no doubt about that...There's people who are under constant siege now," Jevans said. "It's like people setting up fake ATMs everywhere."

Some days, banks are targeted dozens of times, which not only leads to identity theft, but also jam-packed customer service telephone lines.

"Clearly the issues are far more significant than anyone expected they would be. Phishing and spoofing (setting up look-alike bank Web sites) are really getting to people," said Larry Ponemon, founder of privacy think tank Ponemon Institute, and a bank consultant. "It is an epidemic. It's a very big problem."

Creative ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts, according to industry experts. Computer criminals are becoming increasingly proficient at writing Trojan horse programs and keyloggers that steal passwords and account information. Such secret malicious programs, which exerts say are more widespread than many realize, could be the cause of up to half the account takeovers, Litan speculated.

Such programs can be installed on home users' computers through virus-laden e-mails. People who do their online banking at public computers, such as at Internet cafes, are also at risk from this kind of password swiping.

It can take several forms, for example

Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

Please make sure you have your Citibank ATM/Debit card and recent statement at hand.

To securely update your Citibank ATM/Debit card PIN please go to:

https://www.citibank.com /signin/citifi/scripts/login2/update_pin.jsp

Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.

Thank you for your prompt attention to this matter and thank you for using Citibank!

Regards,

Beryl Arroyo
Head of Citi® Identity Theft Solutions

Copyright 2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.

===================================================

Dear U.S. Bank account holder,

In an effort to protect your U.S. Bank account from future fraudulent activities, we have issued this Information Alert.

We hereby recommend that you make an amendment to your account security features. Once you have amended your account information, your access to your bank account will not be interrupted and will continue as normal. However, failure to make this amendment may result in your account suspension for a certain period of time.

Please fill in your account information and make necessary amendments below:

Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.

====================================================

 

Hijacked Identity Problem (see also InstaKiss password-stealing scam)

You will usually receive a e-mail from some server on the internet that a particular mail cannot be delivered. When you look at the subject line it's immediately clear that this is spam that is distributed to other people using your address as "from" address.

This is a typical spam senders trick. They used your address as "from" address to send some questionable staff to other users, often hundreds of them.

The other common source is Klez worm. See Virus Information for details.

No need to open the ticket: we can do nothing about this problem -- it's connected with the weakness of current version of mail protocol (SMTP) which was designed in good old days of Internet. It makes forging "from" address trivial and that is the weakness that spammers abuse.

See  Ebay Identity Theft Scam below for more information.

Ebay Identity Theft Scam

This scam involved e-mails that asked recipients to log on to a Florida-based Web site, ebayupdates.com, and re-enter financial data for eBay.

The scam site sported the eBay logo and colors. Representatives of eBay were not immediately available for comment, but the company has issued a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

"Some members have reported attempts to gain access to their personal information through e-mail solicitations that are falsely made to appear as having come from eBay," the company said.

"These solicitations will often contain links to Web pages that will request that you sign in and submit information...eBay employees will never ask you for your password."

The scam e-mail, usually has subject "Ebay billing error" and begins:

Dear Ebay Member,

We at Ebay are sorry to inform you that we are having problems with the billing information of your account.... ... ...

Electronic greeting card scam

Beware of the next electronic greeting card you receive. It may not be quite so friendly.

An e-card scam is circulating, conning people into clicking onto a phony Web site where they can download a virus or enable an attacker to snatch up their address book to spam their co-workers and friends. MessageLabs Inc., a British company with U.S. headquarters in Minneapolis, has put out an alert, warning users to stay clear of the latest online scam.

''It's a scam, really,'' says Angela Hauge, technical director at MessageLabs. ''The email itself does not contain a virus but it directs people to a Web site where they can download a virus... or they might grab up everyone in your address book...''

MessageLabs warns users that the scam, at first, comes off as an actual email greeting, which are becoming increasingly common, even on corporate accounts.

The email often says, ''I sent you a greeting. Please pick it up by clicking on the link below.''

The Web site originally mentioned in the email, according to MessageLabs, was hosted by FriendGreetings.com. But MessageLabs also has seen variations on the original email that contains links to several similar Web sites, such as cool-downloads.com or .net, and friend-cards.com or .net.

Hauge says it's fairly simple to distinguish a real e-card from the scam.

''When you go to a greeting card Web site, you should be able to view your greeting automatically,'' she explains. ''You shouldn't have to download anything. If you're asked to do that, don't and get out of there.''

InstaKiss password-stealing scam

America Online owns the AOL-InstaKiss.com domain, and American Greetings Corp. holds a trademark on the term "InstaKiss," but the companies haven't been able to stop Internet scam artists from trading on the name.

Security experts warned that similar scams are likely to resurface elsewhere on the Internet - and separate unwary users from their online accounts.

The initial variant of this fraud, varieties of which have been used for nearly two years, plays off a legitimate e-greeting service (AOL Keyword InstaKiss) offered by AmericanGreetings.com, the online unit of the greeting card giant, and promoted at America Online's singles area, LoveAtAOL.

The operator of the latest password-stealing site this week sent a bogus invitation to AOL users by instant message and e-mail. The message informed recipients that they had been sent an "AOL InstaKiss" by "someone who thinks very highly of you." By clicking a link in the message, the AOL user could receive his or her InstaKiss, according to the come-on.

For example one such site was located at http://www.webcomps.org/instakiss/  and used to have a fake AOL logo and instructed visitors to type in their AOL screen name and password to receive their InstaKiss. After users complained about the site, EarthLink Network shut down the page. But an Internet search using Google search engine can produce several still functional bogus sites that employ the same InstaKiss "phishing" scheme, as hackers refer to such password-stealing techniques. Besides mimicking AOL's site design, it featured links to destinations at the online service for added credibility.

Most of the bogus InstaKiss sites are hosted by free Web page services such as Lycos' Angelfire.com. Several rely on Web address redirection services such as Russia's Da.ru, which enable the scammers to create a site with an address such as http://aol-instakiss.da.ru.

This scam belongs to the so-called "social engineering" techniques employed by hackers.

Average Internet users, who are generally not security savvy are very likely to fall for this kind of scam.  The "phish accounts" are used for a variety of purposes, ranging from free Internet access to identity theft.

Friend Greetings Spam Trojan

The controversial Friend Greetings software create by Panama-based Permission Media ( www.friendgreetings.com ) is currently causing spam outbreaks. A message arrives inviting the recipient to view an e-greeting on its website.

To see the card users must launch an ActiveX control, which automatically sends marketing material to everyone on the user's Outlook contacts list.

The company does mention this, but it is buried in a lengthy licence agreement.

Naive users are still clicking on the 'yes' button and installing the software, despite all the warnings.

Details of this can be found on the McAfee website here.

In truth Friends Greeting isn't a Trojan, much as I hate to defend the company that put it out. It does tell users what it is doing to do.

BONZI’s Decective Advertizing Banners

Deceptive advertising is illegal. "A nationwide class action lawsuit was filed on November 25, 2002, in the Superior Court of Spokane County against Bonzi Software, Inc. Bonzi is among the world’s most prolific issuers of internet advertising banners. Ads are highly misleading. See some samples. It is Bonzi, which is responsible for those irritating popup ads which say things like 'Your computer is broadcasting an internet IP Address...' and 'Your internet connection is not optimized ...'"

Bonzi’s website has been ranked as one of the most frequently visited websites in the world.

Fake eBay Escrow sites

Escrow companies act as a third-party referee, taking payment from Internet aution buyers, but not releasing the money to sellers until the goods are delivered. They help to avoid fraud in Internet auction sales of big-ticket items such as jewelry or cars. This option is widely used on eBay.

Scam artists try to tricking auction buyers into wiring money to fraudulent bank accounts. The criminals build elaborate fake escrow Web sites, with convincing names like Simple-Escrow.net and WhyEscrow.com. Often, the Web sites are set up to imitate legitimate escrow services; to an untrained eye, it can be impossible to tell the difference.

The criminals then set up a trap auction on a popular auction site like eBay. When a winner asks how to make payment, the seller insist on the use of a particular escrow service. Then, the winner is steered to the fake service essentially wiring money to the con artists’ bank account.

A legitimate escrow service which was mimicked by the con artists told MSNBC.com that it had heard from over 50 victims during the past two months. A company employee, who requested anonymity, said the average victim had lost over $10,000, with some having sent as much as $30,000 thinking they were buying items like gold watches, jewelry, or cars.

Since the money was sent via wire transfer, there is often no recourse for victims, especially if they were destined for overseas accounts.
Consumers should never buy or sell items to anybody who insists on using a specific escrow service. Propose an alternative — if that disturbs the other party, they are almost certainly con artists.  If the escrow service and the seller appear to be working closely together, that’s also a bad sign. One victim MSNBC spoke to got instructions on how to send money to the escrow company from the seller’s e-mail address, for example. And wiring money to a bank outside the country is always a bad idea, experts say.

For more information, see


Phishing for your identity

The newest scams to hit the Web are authentic-appearing e-mails requesting verification of financial information. The scam technique, nicknamed "spoofing" or "phishing" (as in "fishing for information" but with a "p" like "phony"), is causing so many problems that the FTC, the Federal Bureau of Investigation, the National Consumers League and Earthlink held a press conference recently in Washington, D.C., to raise the public's awareness of the problem.

"Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet," says Jana Monroe, Assistant Director of the FBI's Cyber Division.

In this scam, the phisher sends out a legitimate-looking e-mail that claims to be from a company the reader does business with and tells the reader that there is an account error, possible fraud or other problem with the account. The reader is asked to click on a link in the e-mail and enter account information on the linked Web site. The link takes the reader to a phony Web site that gathers the information and could use the information to drain the reader's bank account, charge up their credit card and steal their identity.

Recently, it was reported that con artists were attempting to trick EBay, PayPal, AOL, BestBuy.com and Discover Card users into revealing their Social Security number, bank account and credit card information. Now, we learn that the same trick is being used on customers of Earthlink and SonyStyle.com.

All of these companies have stated that they would never ask their customers for personal information in an e-mail.

Remember that anyone can build a legitimate-looking Web site. Don't fall for this scam.

Tax rebate scam

Knowing that many parents are eager to get their Advance Child Tax Credit, con artists having been calling American homes, promising to speed up the rebate process for a fee of $39.99 -- to be placed on a credit card. While the tax credit of as much of $400 per child, issued by the government is real, the promise of the cons is not.

The Internal Revenue warns that persons who give the cons their credit card number may find large charges on their bill -- and their tax credit won't be coming any sooner.

The IRS began sending out the tax credit checks July 25.

"The only thing the taxpayer needs to do is cash the check," said Mark W. Everson, IRS Commissioner. "If you qualify, we will send you a notice. There's no need to call, no need to apply, no need to fill out another form. The IRS will do all the work. A few days after the notice, you will get the check."

This scam is similar to other tax scams the IRS has reported in the past.

Con artists troll for patriotic consumers

When U.S. troops shipped out to Iraq, con artists headed for Americans' wallets, using patriotism to make a profit. Unfortunately, this is not a new phenomenon. "Fraud perpetrators pick newsworthy events to trigger interest in their marketing ploys," says Ken Hunter, president and CEO of the Council of Better Business Bureaus. The latest batch of con artists are profiting off the war effort in a number ways -- from hawking deals on unnecessary survival gear to collecting for bogus charities.

Would you pay $100 a month to get daily updates on your family member serving in the military? Many families would, but that's not a service the government is selling. It's a scam thought up by con artists. Jerry Maness of Service, Ala., has a nephew named William who is serving in the Navy. Maness received a call in early April from a man who seemed to think he was talking to William's father -- not his uncle. The caller promised that for $100 a month his company would give Maness a daily update on William's status. The man asked for Maness's credit card number. Maness didn't fall for it. He called the sheriff.

Bank Load Scams

Federal banking regulators say scam artists are impersonating banks around the country and committing both ID theft and wire fraud. The scam starts with fake ads in newspapers, complete with authentic bank logos, regulators say. The ads offer great loan terms, but the supplied phone numbers actually connect callers to the alleged perpetrators. Consumers who agree to refinance their home loans then lose all their personal information, and usually the first month’s payment, too. Fifty financial institutions have been so impersonated, the Federal Deposit Insurance Corp. says.

The Federal Deposit Insurance Corporation recently released a warning to consumers about bogus ads placed in small or community newspapers. The bogus ads offer mortgage, small business, debt or consolidation loans. The ads look real because they use the logos of real banks -- but with different contact information. The contact numbers in the ads have been traced to prepaid cell phones.

Potential victims who apply for these bogus loans are asked to provide their Social Security number and are then told their loan has been granted. The scammers fax the victim a loan application, requesting bank account information and sometimes a copy of the applicant's driver's license and Social Security card. The scammer then asks for an advance payment through a Western Union wire transfer. Only when the fake loan never appears does the victim realize what has happened -- he's wired cash to a thief and his identity has been stolen.

The FDIC warns that you should be suspicious of any bank that requests you to wire money outside of the banking system or to what the scammers are calling a "third-party consultant."

If you think you may be a victim of this scam, you should file a complaint with the Federal Trade Commission and contact one of the credit bureaus to request a fraud alert be placed on your credit report.

The FDIC has discovered that the scammers are communicating with the newspapers through prepaid cell phones purchased in Canada. This scam sounds remarkably similar to another advance loan scam being run out of Canada.

Payroll transfer scam

The recent scam of this kind pretends to be from company payroll and it asks you where they need to transfer your next paycheck. Please remember that company payroll uses WEB form for this and in no way your bank accounts, credit card numbers or social security numbers can be disclosed in email to anybody.    

Porno Webmaster/money laundering Scam

ID thieves are very inventive in trying to provoke consumers into disclosing credit card information. On Oct 23, 2003, a new identity theft scam that uses a sensational and upsetting email to attempt to shock consumers into giving up valuable financial information is surfaced on the Internet.

The scammers' email states:

We have just charged your credit card for money laundering service in the amount of $234.65 because you are either a child pornography webmaster or deal with dirty money, which requires us to launder them and then send to your checking account. If you feel this transaction was made by our mistake, please press 'No.' If you confirm this transaction, please press 'Yes.

If you press "No" you are asked to enter your credit card number and expiration date in the form at the bottom of the email.  The form with this information must be filled out in order for the recipient to be able to press "No" (and thus deny being involved in any of the criminal activities mentioned in the message.)

The email scam was first reported in North Carolina by officials with the Land-of-Sky Regional Council of Governments in Asheville and has since been reported by recipients across the state.

company users who receive this email should delete it and should not attempt to respond in any way. Consumers who have responded to the email and provided their credit card information should contact their credit card company immediately.


Postal Forwarding Scam

MSNBC - Online job scammers steal millions

Catherine, a recruiting specialist, was out of work for nearly a year when a friend sent her a job opening listed at Vault.com.  Ready to try almost anything, she quickly responded to the ad and e-mailed her resume, applying for a position as "correspondence manager."

And just that quickly, she became an unwitting member of an Internet scam that's being blamed for a half billion dollars in attempted thefts from U.S. firms during the past 18 months.  The crime has Internet merchants, along with the FBI and U.S. Postal Inspection Office, fit to be tied. 

Within days, before Catherine even knew she had been hired, packages containing a digital camera and a computer monitor arrived at her door. Her instructions were simple: repack the items and ship them to an address in Russia. For her trouble, she would earn 13 percent of the sale price. It seemed reasonable enough, so she sent the package along.

Days later, she got a phone call from a man who said he was told to wire  $10,000 into her bank account.

"I had no idea what he was talking about," she said.

Her caller was an eBay.com user, who had recently won the bidding for a classic electric guitar and then been told to wire the large payment to Catherine.  She was then instructed to move the money overseas, to an account controlled by her new boss.

Catherine knew right away something was terribly wrong. She called the FBI, which informed her that she'd unknowingly helped a global crime ring. An agent then told her the FBI had an ongoing investigation into the crime ring, and asked that she "play along" with the con artists for a while in an attempt to unearth more information about them.

Within a week, dozens of packages and wire transfers were headed Catherine's way — some $35,000 in money and merchandise in less than 10 days.

"These people are very, very organized." she said.

Out of control

Catherine had unwittingly signed up to be part of a new scam that's raging on the Internet, dubbed "postal forwarding," or "reshipping fraud" by the U.S. Postal Inspection Service.  According to authorities, thousands of job seekers have been caught up in the con.

"It's out of control," Barry Mew, spokesman for the Postal Inspection Service, said. "My phone rings off the hook. ... There are hundreds more like (Catherine)."

At best guess, Mew said, the con artists have already made off with between $5 million and $10 million. One major credit card company has seen losses of $1.5 million to the scam, and a payment processing company for an Internet site is out $1 million, he said. Mew declined to name the companies.

Some of the recruited helpers are losing big money, too, Mew said. One woman passed on $25,000 to Eastern Europe before she caught on to the con. When one of the victims who sent money to her stopped payment on his $2,500 check, his bank withdrew the money from her account — leaving her with a $2,500 loss. She had to sell a mutual fund devoted to her child's college education fund to cover the loss, Mew said.

FBI spokesman Paul Bresson said he couldn't comment on specific investigations, but that the agency did have ongoing investigations into reshipping frauds. 

"This is something we are familiar with," he said.

'This is a huge crime. It's phenomenal. It's been hovering under the radar a bit, but it's giant.'


— Susan Henson

spokeswoman, Merchant Risk Council

During a sweep of Internet-related arrests announced last month by the FBI, the agency issued a warning about reshipping schemes. As part of that warning, the Merchant Risk Council, a non-profit organization created by a consortium of electronic commerce firms, released the results of a 120-day study of fraud at the top eight Web retailers.

The council found 5,000 consumers had participated in the scam from July to October, enabling con artists to steal $1.7 million from those eight sites during that 120-day period. A host of other fraud attempts were stopped by the sites.  Total attempts to steal merchandise using the reshipping scam add up to an estimated $500 million, said Susan Henson, spokeswoman for the Merchant Risk Council.

"This is a huge crime," Henson said.  "It's phenomenal. It's been hovering under the radar a bit, but it's giant."

The elaborate scam is a mixture of credit card fraud, identity theft, and auction fraud. The Net of victims is wide, ranging from eBay auction winners, to credit card firms, to major online retailers. Catherine said she received packages purchased from Amazon.com with stolen credit cards. 

Amazon spokeswoman Patty Smith denied the scam had hit online retailer very hard.

"This really isn't a big issue for us," she said.  "Our fraud detection systems are sophisticated enough ... to catch these kinds of things."

But Jonathan Lane, a fraud investigator for online retailer PCMall.com, said major Internet retailers are indeed being hit by the scam.

"There's a substantial number of merchants involved," Lane said.

Ads all over the Web
It starts with hundreds of recruiting advertisements on job sites like Monster.com and CareerBuilder.com.  At any given time, Mew said, he can spot ads on 25 different Web sites. Other victims have been approached in Internet chat rooms and pointed directly to the fraudulent company's Web site, where the job postings are listed.

The help wanted advertisements are innocuous enough.

"Our company is engaged in correspondence managing, distributing different goods worldwide, buying and reselling these goods," says one version of the ad, which appeared on CareerBuilder.com for about a week, until it was removed after MSNBC.com brought it the Web site's attention.

Con artists have even managed to change billing addresses on stolen credit cards to match with their recruits.


 

 

The ad explained the need for U.S-based employees to ship products overseas: "Everybody knows Russia is a part of Europe, but most of foreign people are afraid to have business with {sic} country ... We would like to prove our respectableness, but when we communicate with people from other countries they can't avoid stereotypes. So, we are looking for the persons who can represent our company in his country. Their duty will be to accept money and different goods, because often people don't want to send money to my country."

Put simply, the employees are used to move merchandise or money out of the United States.  But behind the scenes, the organized crime ring is using a variety of confusing tactics.

One flavor of the scheme is designed to circumvent fraud protections at mail order companies and Web sites while stealing popular items such as handheld computers, digital cameras and DVD players. To avoid raising suspicion, the con artists make sure the shipping address -- the address of the "recruit"  -- is in the same state as the billing address on the stolen credit card. To do so, the con artists have a wide variety of employees and stolen credit cards to choose from. They have also managed to change billing addresses on stolen credit cards so they match the recruit's locale. Some 1,300 accounts were updated with new billing addresses at one credit card company victimized by the con artists, Mew said.

Auction bidders, such as the man who was trying to purchase a $10,000 classic guitar, are also targeted. Con artists impersonate a recruit and place auction items for sale. They then tell the winners to wire funds to the recruit's U.S. bank account, avoiding any suspicions aroused by the mention of overseas wire transfers. The recruit, of course, is then instructed to wire the funds overseas.

Enticing terms
In tough economic times, the promise of a 15 percent cut is enticing. Catherine wasn't the only one who fell for the ad she answered at Vault.com. At one point, her new boss accidentally sent a bulk e-mail that listed 17 other e-mail addresses, all recruits who had signed up to work for the alleged company.

The homebound are at special risk of being caught up in the scam, said PCMall's Lane.

"When the recruits are Social Security recipients, people on disability, single parents, and unemployed people from coast to coast, it's a story that hits pretty hard," he said.

Not every recruit catches on as quickly as Catherine. One California recruit sent 750 packages — average value, $1,500 — to Russia between October 2002 and March 2003, Mew said.

While often not legally guilty of theft, recruits are often guilty of falsifying government documents, as they are instructed to declare the packages as "gifts" on Customs forms. They might also be guilty of income tax evasion, Lane said. And then there's the humiliation.

"Not only was I arrested for theft by receiving," one anonymous victim posted to a Web site, "[I] lost my computer, my dignity, the humiliation, my dog went to the pound, had to bail him out to! Attorney cost $2000.00," he wrote. "I was only involved with them for 3 weeks before I was arrested and I only made $200.00."

Recruits are also at risk of identity theft, since they usually give the con artists their bank account information and other critical data while signing up for the job. A victim named Brenda said that after she realized she'd been scammed, and went to the police, the con artists threatened her.

"These people have my identification; Social Security Number, address and handwriting sample," she said.  "Since this investigation began, I have received emails that state 'I KNOW WHO YOU ARE.' I fear for the safety of myself and my family." She eventually moved, believing she wasn't safe at her old address.

'It's surreal. You're sitting here looking for a job, and all these thousands of dollars are slipping through your hands.'

— Catherine

recruited to work for online scam

Catherine said she received calls from dozens of angry auction winners as she played possum for the FBI.  When she tried to explain she was an unwitting character in the con, many didn't initially believe her.

"I was getting threats from people saying, 'I'm going to sue you,' " she said.  "It's surreal. You're sitting here looking for a job, and all these thousands of dollars are slipping through your hands."  Her bank ultimately accepted about $4,000 in wire transfers, even though she told the firm to reject all wire payments. Meanwhile, she lost the $108 she spent shipping the initial package to Russia.  She also learned a disturbing lesson about human nature when she sent an e-mail to all her 17 "co-workers," warning them that the job was really a scam.

"One guy wrote, 'I don't care where the money is coming from,' " she said. "It's amazing this person wrote this to a stranger. The FBI's going to take a look at him."

Surfers trust online job postings
Pam Dixon, executive director of the World Privacy Forum, said she has been studying the growing help wanted scam for several months. It works because unemployed people are vulnerable and an easy target for con artists, she said. One victim she spoke to "had been out of work for a year. That's a common factor," Dixon said.   

"We are capable of extraordinary rationalization" when unemployed, she said.

'There’s no job at home receiving and forwarding packages. ... People like to think there are jobs like that, and that’s why it's so successful.'


— Barry Mew

spokesman, Postal Inspection Service

Making matters worse, online job sites often give users a false sense of security, Dixon said, because consumers have the impression the ads have been vetted by the site -- as newspaper classified ads often are.  What's more, many surfers arrive at CareerBuilder.com by clicking "help wanted" buttons while browsing local newspapers online, as the sites act as the employment section for hundreds of newspaper Web sites around the country. CareerBuilder.com is owned by newspaper conglomerates Gannett, Knight-Ridder, and The Tribune Company.

"I believe there's an implied trust when job seekers go there," Dixon said.

Jenni Sullivan, a spokeswoman for CareerBuilder.com, said her company has employees who regularly review job listings on the site for fraud. 

"Customer service representatives use different search methods. ... They continually monitor the site and if they come across anything suspicious they take immediate action," she said.  "This is not as prevalent as I believe other people are saying it is. We haven’t seen an indication that there’s been a rise in this activity (at CareerBuilder)."

Monster.com spokesman Kevin Mullins said some of the fraudulent ads have been placed on his company's site, but said their appearance is "rare."

"Most often we take the job down within a couple of hours," Mullins said.

The use of fraudulent postal forwarding companies in a scam was first chronicled in April by MSNBC.com, but there is evidence the crime rings has been operating since April 2002, Lane said.

Mew said said he's not optimistic the criminals will be caught any time soon; only consumer education can even slow them down.

"We need to educate the masses. There’s no job at home receiving and forwarding packages," Mew said.  "And there's no job sitting at home receiving money and sending the money to Eastern Europe. People like to think there are jobs like that, and that’s why it's so successful."



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: February, 19, 2014