Friday, December 14, 2007

Symantec reveals how the spammers are trying to steal Christmas

Kelly Conley announced the Christmas edition of Symantec's spam report on the company blog:

Here we are the end of another year. As 2007 rolls to a close the December State of Spam Report reviews this past month’s key trends and reflects on some of the year’s most notable spam events and trends.
The report notes that Bill Gates' prediction in 2004 that spam would be eradicated has proven not only to be wrong, but that the amount of spam circulating on the Internet has exceeded everyone's expectations (nightmares?).

This month, three out of every four e-mails sent is spam!

Spammers are even using MP3s, videos, and Google's alerts/searches to spread their seedy marketing ventures to Internet users.

Here are some of the highlights of the end-of-year report:

• Penny stocks use Thanksgiving holiday captions in subject line – spammers using common personal Thanksgiving-related words in the subject of emails

• Replica products a favorite for spammers this holiday season – replica gear has always been a spammer favorite. Spammers are marketing their wares using seasonal words in the subject lines of their mailings

• Spam begins to snowball – spammers collecting email addresses by using a funny .gif that shows a snowball hurtling at you through your computer

• Christmas freebie anyone? – spammers taking advantage of the season to market "free" gift cards for well known companies

• Seasonal lotto scams - in a scam targeted at UK end users, spammers have updated a lottery spam email for a Christmas Bonanza special

The current interest in celebrities like Britney Spears, Lindsay Lohan and the Osmonds were used as lures to get people to open spam e-mails hawking "questionably safe" drugs.

Spammers use whatever is trendy, popular or in the news to trick people into clicking on them. Here is one of the sicker examples of this seen recently:

An attack this month preyed on the public interest in the story of the missing British child, Madeleine McCann. The email contained a link to, which redirected to The second site is designed to look similar to the official McCann family site,, however, it actually is set up to distribute a virus. The site also contains an unauthorized use of the Symantec logo and a number of Google ads for anti-virus products.

It should be noted that although the spam email also contains a link to the legitimate site, there is no connection between the spammers and the genuine site.

The report concludes it's findings with recognition of anti-spam efforts during the year, such as the FBI's Operation Bot Roast, the SEC's Operation Spamalot, ISP's sharing more information and security vendors employing new spam filter technologies.

We need to remember that spam is the vehicle used to spread 99.9 percent of the questionable marketing and scams on the Internet. Clicking on a spam e-mail can cause a person to become victim of anything from a financial scam to using a unsafe product that is a threat to their personal safety.

These reports serve a purpose, which is to educate the average person on what to watch out for and not click on a spam e-mail in the first place. Since it's Christmas and a lot of us are thinking about the young people in our lives, perhaps this is a good time to educate them on the growing problem of spam on the Internet!

I meet a few older people from time to time that might benefit from the education process, also.

Kelley Conley's blog post announcing the December report, here.

Symantec's December (year end) report on the state of spam, here.

On a lighter note, here is the YouTube video on the 12 days of Christmas Spam:

Thursday, December 13, 2007

Counterfeit Visa Travelers Cheques in circulation!

Counterfeit financial instruments are circulated in a variety of Internet scams. The ploy is always to get someone to cash them and then wire the money back to the person behind the scam.

In the past couple of weeks, readers and other sources have brought to my attention that counterfeit Visa Travelers Cheques are in circulation.

Visa has provided resources to identify these instruments.

You can call them at 1-800-227-6811 to verify an item. This can also be done on-line, here.Visa also has a good interactive tool to identify the security features of the Visa Travelers Cheque, here.

The trick is to ALWAYS verify them before you negotiate them using your good name!

Some of the scams being used to trick people into cashing these items are known as work-at-home (job) scams, secret shopper, romance, lottery and auction scams.

A collective name for all of these scams that ask you to cash an item and send the money back to the scammer is called the advance fee (419) scam.

A lot of the sites dedicated to fighting scams are also seeing an alarming trend, which is that people are getting arrested for attempting to cash these items.

I recently had a conversation with the fine folks over at FraudAid about this trend.

A great (new) resource about all the counterfeit paper being circulated is

People, who fall for these scams do so because they are lured with something that is too good to be true. The old saying is that if it is "too good to be true, it is NOT!"

Here are some other counterfeit instruments, I written about that are still in circulation:

Counterfeit MoneyGram Money Orders being passed via Internet Scams

Counterfeit Cashier's Checks Fuel Internet Crime

American Express Gift Cheques Being Circulated in Internet Scams

Counterfeit Postal Money Orders Showing Up in IScams Again

Here is a picture of counterfeit Visa Travelers Cheques that were sent to someone about a week ago. They were sent from the United Kingdom, however the scammer wanted the money wired to Nigeria.

(Photograph courtesy of Raleigh)

Tuesday, December 11, 2007

Human beings are the reason for most security breaches!

If you think phishing is merely a financial crime, think again. Eleven employees at a nuclear research facility fell for a phishy e-mail, which appears to have been an attempt to steal information.

The New York Times reported:

A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Although the article suggests China may behind this attempt, the article suggests they have plausible deniability:

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

I guess it might have been a host of undesirables trying to steal this information. A lot of Internet misfits redirect through China to do their misdeeds on the Internet.

What's scary is that eleven employees at a Nuclear Research Facility clicked on a phisy e-mail and compromised sensitive material.

I recently wrote a post, where an official government audit revealed that 60 percent of IRS employees tested fell for a vishing scheme and gave up sensitive information.

Vishing is stealing information by telephone.

It was recently announced that private investigators are being indicted for vishing infomation in an illegal manner, sometimes referred to as pretexting.

All of these events would suggest that businesses and government organizations have a big opportunity when it comes to raising employee awareness on social engineering schemes that are used to compromise sensitive information.

IT also illustrates that human beings are the common cause for most breaches of security!

New York Times article, here.

Here are the two previous posts on the IRS vishing test and the indictment of private investigators for using social engineering techniques:

IRS audit reveals that the human factor is one the greatest threats to information (computer) security

Private Eyes charged with aggravated identity theft

Monday, December 10, 2007

SIRAS offers guarantee that it will reduce retail crime

The reason SIRAS' product registration and smart return service perked my interest is because it protects people's privacy and is an effective means of reducing losses.

SIRAS tracks an inanimate object (merchandise) instead of a customer's personal information.

Now they are now offering a "guarantee" the technology will add dollars to a organization's bottom line by reducing fraudulent returns.

In their own words from the press release regarding this matter:

Electronic Product Registration, is putting its money where its mouth is with a unique Return On Investment (ROI) Guarantee for any company using SIRAS’s product registration and Smart Return service to manage their product returns and warrantees. The program, designed to eliminate any risk for companies interested in implementing SIRAS’s technology, guarantees that over the course of a year companies will save more money through deflected product returns than it spends in transaction fees.

In case you haven't had to refund any merchandise in a long time, most retailers require you to give them your personal statistics before they approve your return.

This information is all maintained in a database, where it might be exposed to a hacker, or probably more frequently, dishonest employee. Information is worth a lot of money to anyone, who knows where to sell it.

A dishonest Certegy employee recently got caught selling 8.5 million people's information to an undisclosed data-broker. Since the mysterious data-broker still hasn't been identified -- despite being listed as a co-conspirator in court filings -- we really aren't sure where these records went?

Certegy provides check verification services for a lot of merchants.

Personal and financial information is marketed in carder forums (chat rooms) on the Internet. Anonymous payment methods, such as wire transfers, PayPal and eGold add to the problem. They make it relatively easy to buy and sell stolen information.

It also isn't unknown for criminal organizations to plant, or recruit employees to steal information from within an organization.

The press release quotes Peter Junger (SIRAS CEO) as saying, "And in all cases, regardless of ROI, clients retain all of the valuable POS data collected."

This POS data also serves another important purpose. If the merchandise is found in a fencing operation, or on an auction site, it can still be tracked to the point-of-compromise.

This opens up opportunities to recover stolen merchandise and makes it more dangerous for the criminals fencing it.

Mesa Police Department tested these capabilities with SIRAS and FOX News did a story on it, which can be seen, here.

The technology, when deployed properly with a point-of-sale system can also identity fraudulent means of tender used to purchase merchandise.

SIRAS technology can be deployed by a merchant, or at the factory, itself.

They already makes their database available to law enforcement free-of-charge.

With all the identity theft and counterfeit ID available, using SIRAS reduces the possibility that an innocent customer will be wrongfully identified as an "undesirable" in a refund database.

Saying that, who knows how much of the information in these databases is one-hundred percent accurate anymore? With retail crime becoming more and more organized, the possibility exists that it is NOT.

One of the systems targeted in the TJX data-breach was their refund database. The information in this database is probably worth more than simple financial information because it contains the elements necessary to assume a person's identity.

It's relatively easy to shut down a bank account, or credit card number. Once a person's statistics are compromised, they can be at risk of identity theft for a long time.

Data breaches are becoming more expensive. TJX claimed a loss of $118 million in their second quarter earnings. Estimates vary widely on exactly how expensive data-breaches will become, but everyone agrees the cost of them is going up.

SIRAS seems more effective in resolving property crimes because it tracks the property, itself. It also protects customer privacy and protects a merchant from becoming the victim of a data-breach.

I doubt that SIRAS would make this guarantee if they weren't absolutely certain of the results. If they were wrong, I doubt they would be in business very long.

Press release from SIRAS, here.