Sunday, July 01, 2007

Phishermen impersonate DOJ in spam e-mail

DOJ logo. The press release mentions that the e-mail contains their official logo. Copying graphics is extremely easy to do. Internet criminals do this to make their spam e-mails look more official, or even to create totally spoofed (impersonated) websites.

Recently, Internet Phishermen have spoofed the IRS, FTC and the FBI to trick people into giving out personal/financial information. Of course, they spoof a lot of other organizations, also.

Apparently, the e-mail even contains the DOJ logo on it. This isn't very hard to do because copying graphics takes very little technical skill. To demonstrate, I will copy the DOJ logo and place it at the top of this post.

Because this is so easy to do, a lot of fake websites (mostly financial institutions) are all over the Internet.

From the DOJ press release dated June 27th:

The Department of Justice has recently become aware of fraudulent spam e-mail messages claiming to be from DOJ. Based upon complaints from the public, it is believed that the fraudulent messages are addressed "Dear Citizen." The messages are believed to assert that the recipients or their businesses have been the subject of complaints filed with DOJ and also forwarded to the Internal Revenue Service. In addition, such email messages may provide a case number, and state that the complaint was "filled [sic] by Mr. Henry Stewart." A DOJ logo may appear at the top of the email message or in an attached file. Finally, the message may include an attachment that supposedly contains a copy of the complaint and contact information for Mr. Stewart.

Although most phishing attempts are designed to trick people into giving up their personal/financial information, malware (crimeware) automates the process. Here is what the DOJ has to say about that:

Computers may be put at risk simply by an attempt to examine these messages for signs of fraud. It is possible that by "double-clicking" on attachments to these messages, recipients will cause malicious software – e.g., viruses, keystroke loggers, or other Trojan horse programs – to be launched on their computers.
Press release with links of where to report these phishy e-mails, here. There are also some links to government sites designed to educate the public on Internet crime on the news release, also.

If you would like to see how easy it is to copy graphics and make a fraud website look like a legitimate one, Artists Against 419 has a lot of actual examples on their site (see Lad Vampire link), here.

The Anti Phishing Working Group compiles statistics on spam and phishing. Every time they issue a new report (monthly), a new record seems to be set. APWG site, here.

Graphic illustration of what might happen to your computer after "double clicking" on an e-mail attachment from the Phishermen (courtesy of the FBI)!

It appears even the FBI has a sense of humor! Great picture (my opinion).

No comments: