Wednesday, March 28, 2007

Scammers With A Death Wish

By Coenraad De Beer

Scammers come up with the craziest ideas these days. It is hard to believe that people still fall for the ridiculous e-mail scams in circulation all over the web. It is even harder to comprehend how scammers think they are going to swindle people into believing their devious lies and unbelievable stories. Unfortunately, online scams are a harsh reality. On the one side you have innocent, uninformed victims walking into the traps of merciless con artists and on the other side you have scammers following a "shoot in the dark with a shotgun" approach to claim as many victims as possible.

Online fraud is a serious matter, but you can't help laughing at the creative, yet ridiculous ideas of online scammers. Last month I received a link exchange request from someone running a password recovery website providing a password recovery service for people who lost their e-mail account password. The only problem is that they hack e-mail accounts without confirming the real owner of the e-mail account. The other absurdity is that you can normally contact your service provider when you loose your password and don't need a password recovery service if you are the real owner of the e-mail account. Sometimes I wonder whether cyber criminals have any brain cells between their ears or whether they are simply looking for attention. It is even more absurd, even hilarious, when they are trying to scam anti-fraud activists and cyber law enforcement agencies. I know that many of these scam e-mails are sent in bulk by spam bots and the spammers never really know who receive their junk e-mails, but some scammers make it just too easy for cyber law enforcement agencies to track them down.

It is not odd for one person to receive several phishing scams on a single day, each one pretending to come from a different bank or financial institution. The best of all is the fact that these phishing scams are carbon copies of each other, the only difference in each e-mail is the logo and trading name of the financial institution. Scammers discredit their fellow scammers by sending similar e-mails on the same day to the same recipient. If I receive a phishing scam from a bank, of which I'm not even a client, I will most definitely not respond to a similar e-mail, received on the same day, using exactly the same message, even if I am a client of this institution. If everyone starts to read their e-mails more carefully and in detail, you will soon see the ordinary e-mail user being able to identify a scam just by looking at the pattern, words, techniques, formatting and writing style used by many scammers.

One of the latest schemes used by 419 scammers is the Law Enforcement Agency scam. 419 scammers seem to be less successful with their usual e-mail scams, most probably because of what I mentioned in the previous paragraph. Lottery scams, company representative scams, scams involving war victims, cancer victims, plane crash victims, you name it, have flooded our mailboxes so much that we can smell these scams a mile a way just by reading the subject line. Unfortunately you still get people who are unaware of these threats and 419 scammers usually claim victims among these people. The Law Enforcement Agency scam involves 419 scammers trying to swindle previous victims of these scams. The "agency" allegedly apprehended a group of fraudsters and recovered millions of "pounds sterling" stolen from innocent victims. (I wonder why they haven't recovered any dollars). These funds will then be disbursed to victims filing a claim with this "agency". Victims need to supply loads of personal details as well as the amount of money stolen from them. The scammers claim that the victim will not spend any money until the cheque (notice a cheque and not a secure electronic transfer) is issued to him/her. Just ask yourself, why the need to pay money to reclaim something that was lawfully yours? Do the scammers honestly believe that people will fall for a lousy scam like this? People desperate enough to get their stolen money back will most certainly walk into this trap and spend more money only to loose more money and scammers are bargaining on this. Luckily you get people who learn from their mistakes and will never make the same mistake twice, so the scammers can forget to scam vigilant people who already experienced the trauma of loosing a lot of money to empty promises from a total stranger.

Scammers from Nigeria have tried to become partners of cyber security agencies in an attempt to infiltrate and destroy anti-fraud organisations from the inside. Online scammers have become nut cases, fanatics, digital suicide bombers and kamikazes, trying every trick in the book (and some stupid tricks of their own) to reach their idiotic goals. It is just sad that they continue to claim victims with their amateurish schemes. Perhaps these scams are so amateurish that people struggle to see through them. It is a case of horribly underestimating your enemy, the worst part being unable to identify your enemy, even worse, not even realising that your are dealing with an evil opposing force.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software. Visit our Hoaxes, Spams and Scams Section and educate yourself with real life examples of online fraud.

Thursday, March 22, 2007

Spammers Replying To E-mail You Did Not Send

By Coenraad De Beer

Spammers are always on the lookout for ways to bypass our spam filters. Lately they have been very successful at this, because many people are complaining that tons of e-mails are getting past their spam filters. Spammers are combining old techniques with new ones, making it hard for even the most advanced and best trained Bayesian spam filter to keep junk mail out of our mailboxes.

Last year I came across a poster on Yahoo! Answers asking for advice on a strange e-mail she received. According to this poster she received a reply from someone on an e-mail she never sent. She immediately thought that the spammer hacked her e-mail account, sent an e-mail to himself and then replied to it. This is not impossible, but there are easier ways to do this, without hacking an e-mail account.

E-mails are plain text documents that can be modified and manipulated with a simple text editor like Notepad. The spammer simply saves any e-mail to a file, opens it with Notepad and puts your e-mail address in the "From" field. The spammer then imports it into an e-mail client and replies to this manipulated e-mail. This is only one of many ways to manipulate an e-mail message.

Spammers normally use a technique called hash busting. Hash busting is when you add random text at the beginning or at the end of an e-mail. The text makes no sense and consists of excerpts from books, articles and news bulletins. This text randomises the size, as well as the contents of the e-mail, making it hard for spam filters to find a pattern in the e-mail to base its filtering decisions on. For instance, an e-mail consisting of an image only will normally be flagged as spam, but if someone adds random text below the image, it changes the pattern of the e-mail and the spam filter can no longer use the criteria mentioned earlier to label the e-mail as spam. There are legitimate e-mails like this and the spam filter needs additional training to know which e-mails with embedded images, containing text below the image, are spam and which ones are not.

Some spammers realised that people became suspicious of the senseless text in spam e-mails, so they started to hide the text by making the colour of the text the same as the background colour. Other spammers make the size of the text so small that it appears like a horizontal line between paragraphs or at the bottom of the e-mail. The techniques used to conceal the hash buster text are easily detectable by a good spam filter because no decent person will send someone else an e-mail with hidden text or text that cannot be seen with the naked eye. So the spammers fail more often to get their e-mails through the spam filters when they use cloaking techniques like this.

Spammers needed a way to make the hash buster text look legitimate to the user as well as the spam filter. This is when they came up with the idea of pretending to reply to an e-mail message that was never really sent to them in the first place. The spammer creates the forged e-mail with hash buster text and then replies to it. The spammer still enjoys the benefits of the hash buster text coupled with a better chance to get past any spam filter, because the e-mail appears like a legitimate reply to a previous e-mail sent by the victim. A reply to an e-mail you sent to someone else is seldom unwanted and the spam filter will therefore be less suspicious about it, unless it contains specific keywords and phrases that trigger the spam filter.

But there are more consequences for the victim than just a spam filter not being able to filter the e-mail as spam. Spammers can include anything in these fake e-mails. They can even pretend that you enquired about one of their products. Instead of spamming you with an unwanted e-mail, they pretend to send you a reply to your initial enquiry, an enquiry you never sent. Abuse departments can easily use this as an excuse not to take action against the spammer. They may argue that the spam victim did not receive an unwanted commercial e-mail, because the victim enquired about something and the accused simply replied to that enquiry. Luckily abuse departments need to prove that the original e-mail was really sent before rejecting the complaint, but we all know that very few abuse departments actually take any spam reports serious these days.

It is because of the lack of proper legislation as well as poor implementation and enforcement of existing legislation that we have to deal with waves of spam every day. We are constantly one step behind cyber criminals and our current spam filters cannot keep up with all the tricks and techniques used by spammers to force their junk down our throats. There is a widespread appeal for better filtering and alternative communication methods. There is merit in developing better spam filters, but how do you replace a communication medium like e-mail without disrupting individuals and businesses that depend on it every day to stay in contact with friends, family and clients? What's the use of taking away a communication medium if you do not take action against the individuals who abuse it? It will only be a matter of time before spammers start to abuse the system replacing e-mail. You need to take action against the root of the problem and not the infrastructure through which the problem occurs.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.

Thursday, March 01, 2007

United Against Cyber Crime

By Coenraad De Beer

Two heads are better than one. This is true and this is what we need to combat cyber crime effectively. There is much collaboration between organisations fighting cyber crime and it is important that these organisations work together to make the Internet a safer place for everyone. But there are still a lot of organisations that prefer to work alone and the abuse departments of well-known service providers are ignoring reports from the public and anti-cyber-crime organisations.

Why are people reluctant to report spam to the abuse departments of well-known e-mail and hosting service providers? Many people don't know that such departments exist and other are fed up with the ignorant approach of these departments towards reports from the public. What's the use of an abuse department if it doesn't do anything about the problems and abuse reported to it? But it is not only members of the public who experience these frustrations, anti-cyber-crime organisations have the same problem. These abuse departments eventually decide whether it is necessary to suspend the services of the guilty party or not, no matter how much evidence you provide to support your claim.

It revolves all around money, even the free services generate revenue for these companies. Free web site hosting normally involves adds of the hosting company displayed on the web site. Web sites involved in spamming activities bring in a lot of visitors which means the ads of the hosting company also gets exposure. Why would they want to terminate a web site that brings them a lot of revenue? This means that they are not enforcing their own terms of service, or you can even say their terms of service are only applicable to those who abuse the services without generating any revenue for the company. The problem becomes even worse when the abusing party pays for the services. Why would they want to cancel the account of a loyal client if it is going to cause revenue loss for them? What these companies don't understand is that they are making themselves less popular by being so reluctant to take action against these abusers and they will eventually only attract the criminals, effectively making them accomplices to these criminal activities. I believe most world-class companies will stare bankruptcy in the face if they terminate the accounts of all the spammers and unethical companies making use, or I should rather say, abusing their services.

Money is also the stumbling block for collaboration between cyber crime fighters. A web site owner will not want to refer visitors to a partner's web site without getting something in return. This is understandable to some extent because many anti-cyber-crime organisations provide their services free of charge and generate revenue mainly through advertisements. Without visitors they cannot make money from the ads displayed on their site. But is this enough reason to refuse a helping hand from a partner? A united force is much stronger than a divided force. The scammers love the fact that law enforcement agencies are not working together with anti-cyber-crime organisations to battle cyber crime. Spammers love it when e-mail and hosting service providers do not respond to the reports from anti-cyber-crime organisations and complaints from the public. Cyber criminals are laughing out loud at the divided force against cyber crime, battling to keep their heads above the flood of spam and scams reported to them on a daily basis.

The cyber criminals are constantly one step ahead of cyber law enforcement, it is time we turn the tides and stand united against cyber crime.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users about online scams and malicious software.