Friday, April 25, 2008

80 year old man loses over $700,000 to advance fee (419) scammers

With spam e-mails offering too good to be true come-ons filling up our mailboxes, we often forget that there are some very real people who get victimized after falling for one of them.

Of course with the availability of botnets -- which command legions of spam spewing zombies (compromised computers)-- even if only a few people fall for the scheme, the scammers still make a tidy sum off of other people's misfortunes.

An example of this can be found on the Newport Beach Police website, where an elderly gentlemen lost a lot of money (probably his life savings) to one of these schemes:

Recently, an 80 year old resident of the city learned he was a victim of an international lottery scam. He originally received an email claiming he had won an overseas lottery which required him to pay a processing fee to have the funds released. This scam continued for a two year period and ended with the victim losing over $700,000.00.

Scam operators (often based in Canada) are using email, telephone and direct mail to entice U.S. consumers to buy chances in high-stakes foreign lotteries from as far away as Australia and Europe. These lottery solicitations violate U.S. law, which prohibits the cross-border sale or purchase of lottery tickets by phone or mail.
This type of scam is often referred to as an Advance Fee (419) scam.

Of course, the lottery scam isn't the only one out there. There are work-at-home (job) scams, secret shopper, romance, lottery and auction scams being sent out in millions (billions ?) of e-mails, also. And if you don't have your own financial resources, the scammers will gladly provide you with a wide array of counterfeit financial instruments to negotiate. They could care less if you get arrested and expect that you will wire them any proceeds if you successfully pass the bogus instrument.

Please note, that just because you initially are able to pass the instrument doesn't mean that someone won't come after you, later.

The news release from Newport Beach Police Department offers the following advice on how to report scams like this:

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

They also point to a page on the FTC website about cross border scams, which can be seen here.

If you are a more "visual type," I recommend going to, which has a series of video presentations on this subject.

Wednesday, April 23, 2008

WTC construction plans/hundreds of worker's personal information trashed at Ground Zero

When it comes to information being compromised, a lot of it can be traced to simple human error a.k.a. "stupidity."

A glaring testament to this fact is being reported by the New York Post:

Hundreds of Ground Zero workers were exposed to potential identity theft when stacks of payroll sheets - which included their names and Social Security numbers - were dumped in the trash along with confidential plans for the new World Trade Center.
Plans for the new Port Authority Police Station were also found.

Fortunately, a homeless person discovered the plans for the new Freedom Tower (presumably while dumpster diving).

This prompted two unnamed individuals, described as "salvage experts" to turn in the other sensitive documents found in the trash:

Included in the stash were blueprints for World Trade Center 4 and the temporary PATH station, construction specifications for World Trade Center 7 and plans for the PA Police headquarters.
In this instance, we are probably lucky that salvage experts and a homeless person found this sensitive information instead of a criminal, or even worse, an Osama Bin Laden "wannabe."

If you would like to see other examples of human error, or stupidity being the cause of information being compromised, the DLDOS database at and PogoWasRight have a lot of examples that they share with the public-at-large.

PogoWasRight's mantra, "WE HAVE MET THE ENEMY AND HE IS US" certainly applies in this instance!

New York Post story by Lukas I. Alpert and Matthew Nestel, here.

Tuesday, April 22, 2008

Nowadays, all you need to do is visit the wrong site to have your personal information stolen!

On his birthday, Uriel Maimon of RSA reflected about a lot of personal things (as most of us do), as well as, how spam and phishing are becoming more sophisticated and dangerous.

One major player in the spam and phishing game are known as the "Rock Phish." In his birthday post, Uriel gives us a little historical perspective on the group:

The Rock Phish group is a phishing gang believed to be based out of Russia -- and, by some accounts, is responsible for roughly 50% of phishing attacks by volume. The Rock gang has also pioneered several new approaches in phishing: in 2004 it was the first (and, for a long time, they were the only) gang to employ bot-nets in its phishing infrastructure in order to make the attacks live longer and be more scalable. It also pioneered new techniques in its spam mails so the mail could more easily evade spam filters.

Apparently, the Rock Phish are now setting up a double whammy for anyone foolish enough to click on a socially engineered link received in a spam e-mail. Counting on the fact that a lot more people go to phishing sites than will actually type in their personal details, the Rock Phish are loading the sites with crimeware that steals personal information, automatically.

More specifically, Uriel describes the phenomenon of "drive by infection" as when:

This is done via a technique called "drive-by infection", wherein a vulnerability in the victim's operating system, browser, or software is exploited in order to infect the victim without his/her knowledge (and much less his/her consent, or with the victim having to proactively download software). The vulnerabilities that are exploited in these situations are often unknown to the software vendors and therefore often not addressed, leaving the victims defenseless (just like your humble servant finds himself when in the company of a beautiful woman).

Even worse, it appears that the Rock Phish make this easy for any criminal to mount a pretty sophisticated phising expedition by selling all the "tackle" necessary to do it for a measly $700.00.

Known as the "Zeus kit," in honor of the Zeus Trojan, the kit is pretty resistant to computer security programs and has the ability to mask itself using a binary generator. The binary generator sends out a unique set of numbers every time it is used, making it hard for security programs to detect since they rely on spotting what is known as a "signature." Even if a security program recognizes one signature, the binary generator changes it the next time, and the security program will probably fail to recognize it.

For the less technically inclined, the Zeus Kit offers a lot of operational capabilities for the information thief. Some of these capabilities are "the ability to take screenshots of a victim's machine, or control it remotely, or add additional pages to a website and monitor it, or steal passwords that have been stored by popular programs," according to Uriel.

There is little doubt that the criminal groups like the Rock Phish are making the Internet more dangerous all the time. So far as getting infected while "driving by" a site, Websense announced today that a mass attack via malicious JavaScript injection is infecting thousands of trusted sites, including government ones. According to report released today, this activity has exploded by a "factor of ten."

Sophos also mentioned in it's Q1 Security Threat Report that they are finding infected web pages at a rate of one every five seconds.

In simple terms, all the average web surfer has to do is visit one of these sites to become infected and have all their information stolen from them.

It's probably a good time to make sure you've updated the protection on your computer and to just say delete to any spam getting past whatever filer you are currently using. By the way, has anyone noticed besides me that more and more spam has been getting past these filters in the past couple of weeks?

Blog post at RSA by Uriel Malmon, here.

By the way, I noticed that despite a lot of us commenting on this great post, no one bothered to wish him a Happy Birthday. The post has a lot of good information on it and it would be nice to thank him for educating the rest of us.