Phishing Attacks gradually Rise

The Phishing Activity Trends Report [PDF] for the third quarter of 2009, released by the Anti-Phishing Working Group, paints a grim outlook when it comes to phishing. Almost all information relating to phishing attacks are on the rise.

Phishing attacks used to only be a trouble for the corporate brands being exploited and consumers who got scammed by entering their personal financial details into the snare of a phisher's Web site.

Not any more. Not with the significantly improved quality of many phishing e-mails seen today. They now rival e-mails sent by legitimate businesses. And the ease of spawning a well looking phishing and malware serving web site does not help. Or the speed at which most people will click on anything that appears to have come from someone they belief.

As was famous to those who have been paying attention to the IT risk landscape for some time, but was just newly made clear in the Aurora attacks to the rest of the world, it only takes one wrong click (and a zero-day attack or an unpatched browser) to shake the foundations of any organization's IT security efforts.

Too bad, after nearly a decade of phishing growth, the security industry hasn't enhanced its ability to squash the phishing threat. According to the APWG, the number of unique phishing websites reported to them broke fresh records when it tallied 56,362 in August. The earlier high was way back in April 2007, when they reached 55,643.

Unique phishing reports submitted to APWG during this period also ruined new records, reaching 40,621 in August, a 5.5 percent lift over the earlier record in September, 2007.

And while the total number of malware infected computers dropped to approximately 11 million - more than 48.35 percent of the total sample of scanned computers were impure.

As for the the country that hosted the majority phishing sites in the third quarter of 2009? That would be the United States, taking the prize in July, August, and September. In September, the United States hosted 75.76 percent of all such sites. Second and third place was Hong Kong and China, with 6.49 percent and 3.44 percent correspondingly.

Be careful out there. We're awash in a cesspool of malware.

A businessman has been scammed of R24 000

A businessman has been scammed of R24 000 after he answered to an Absa Bank phishing email that seemed so authentic it appeared to submit to Internet banking problems he had reported to his bank.

Doug Baker, 75, questions whether the scam was an inside job, and accuses the bank of not sufficiently protecting his bank account.

Baker, who lives in Durban, lost R23 812 from his business account in just a few minutes after he respond to an Absa email addressing the problems he had been experiencing with his Internet banking.

Baker had made numerous unsuccessful attempts to log on to his Internet banking. 

The email, got on February 16, read: "Protecting the privacy of your Internet banking access and of the Absa banking network is our primary apprehension. We observed some invalid login attempts into your Absa online bank account; therefore we have momentarily limited access to some aware Internet banking features. Please follow the link below and we will validate and restore your Internet banking access immediately."

Thinking the "invalid login attempts" referred to his troubles logging in to his Internet banking, Baker replied to the email, sending the receiver his personal banking information, including his pin code.

It was only after the scam was exposed that Baker noticed the email address was not an Absa address.
Starting at 7am that day, Baker's money was taken in eight transactions, the first three in amounts of R1 000, then a R12 Vodacom prepaid top-up, and the last four in amounts of R5 200 each. He was called by a bank official at 8.30am and told of the scam. 

"The money was taken out as cash send. Usually any transfer of funds only goes through at 7pm, thus giving the account holder time to stop the payment if it is not authentic. However, the cash send facility makes any transferred amount instantly available. He asked Absa why they do not protect this option with a password or SMS," he said.

Absa did not specify whether they would be refunding Baker's lost money, saying he replied to a phishing email and compromised his personal details.

"The scammers then did three cash send transactions, one Vodacom prepaid and four urgent payments to FNB accounts," said Absa spokesman Patrick Wadula. 

"The fraud was identified by Absa monitoring and the client was advised about the fraud and FNB was advised to block the accounts at FNB.

"Presently we do not have the blocked amounts held at FNB. We are still busy with this via the inter-bank liaison department."

Type Of Nigerian Scam

Web Scam

Cybercrime sufferers almost double FBI figures show huge rise in online miscreant age

US net crime loss complaints almost twice in value from $265m in 2008 to reach $560m last year, according to official figures.

An annual report of the FBI-backed Internet Crime Complaint Center (IC3), relished on Friday, reports that the unit handled 336,655 complaints in 2009, a 22.3 percent increase on 2008.

Approximately 16 per cent of the complaints involved scams where criminals pretend to represent the FBI, while 11.9 per cent involved the non-delivery of merchandise or payment, the second most commonly reported claim of wrongdoing.
419 Advanced fee fraud scams ranked third with 9.8 per cent of complaints. Identity theft and overpayment fraud scams were also frequent causes for complaints.

Of these complaints 146,663 were referred to local, state or federal law enforcement agencies. Referred cases commonly concerned financial loses, focusing on five groups:

  • Non-deliverey of merchandise and/or payment ranked (19.9 per cent).
  • Identity theft (14.1 per cent).
  • Credit card fraud (10.4 per cent).
  • Auction fraud (10.3 per cent).
  • And Computer fraud or hacking (7.9 per cent).

The highest median (average) dollar losses concerned reported incidents of investment fraud ($3,200), overpayment fraud ($2,500), and advance fee fraud ($1,500) complainants.

IC3 takes complaints in many different categories including auction fraud, non-delivery of merchandise, credit card fraud, and computer hacking, spam and child pornography. In addition to fraudulent federal agent cons, popular scam trends for 2009 contains hitman scams, astrological reading frauds, economic cons, job site hustles, and pop-up ads for fake antivirus software.

Verizon Wireless Customers Trget by Credit Card Scam

It’s happening in Bucyrus  city in the U.S. state of Ohio, a small city of about 15,000. people there who have Verizon cell service are getting calls from people asking for credit and debit card details in order to reactivate cards that have allegedly been deactivated as a result of “suspicious activity.”

A police dispatcher in Bucyrus told News that not only has her department received several calls from people, but at least four banks have called to say they are aware of what’s going on. Local police have called in the FBI to take over the case.

Escaping a scam like this can be easy if you follow a couple pieces of advice, police say. Don’t give out information to the caller. Call your Credit Card Company or bank if you think there’s a trouble. Then you know just whom you are dealing with.

Several banks in that country part of Ohio have to close customer accounts and open new ones as a result of the scam.

If you know any information on this case, you’re asked to call Bucyrus police at 419-562-1006.

Spam Evolution

While there has been much argue about what was truly the first spam, these unsolicited messages became well known in the mid 1990's. When people understand that this was the most cost-efficient way to advertise on the web, spam quickly became a serious issue - the RBL (Real-Time Black List) released in 1997 was solid proof.

Over the years, spamming techniques have developed in order to penetrate several filtering programs designed to stop the problem. As soon as new blockers and filters are developed, spammers quickly find a way around them. This had led to a cruel cycle that is spiraling out of control.

Shortest Spam Mailing

Early types of spam were frankly sent to internet users.  In these days, spammers had no need to cover themselves.  While it was a terrible irritation, early spam was relatively easy to block; all it took was black listing a specific sender or the IP address from which the mail originated.  This resulted in spammers spoofing their email addresses and fake contents of the messages.  
Open communicate Spam
The majority mail servers were open relay in the mid 1990's.  This allowed persons to send email to anyone they beloved.  The growing rate of spam and other security problems caused administrators to reconfigure email servers across the world.  Completing this took more time than many spam receivers would have liked.  Aside from that, many owners and administrators of servers were not willing to follow along.  As the process started, security analysts worldwide began searching for all remaining open relay servers.  Black lists became available, giving administrators the ability to block incoming spam from all servers found on the lists.  While this drastically reduced the amount of spam for some, many spammers still target open relay servers for mass mailing campaigns.

Modem Pool Spam  
Once the act of flooding open relay servers became less efficient, spammers started using dial-up connections as a source of distribution.  They became inventive by exploiting vulnerabilities in the structure of ISP dial-up services.  Since dial-up modems utilize a dynamic IP address, spammers were able to spam users from a different IP address per session.  To battle the problem, internet service providers placed a limit on the number of messages an individual could send out per session.  Anything over the set limit was sent back to the user and categorized as a spam message.

Robot Networks         
Robots, more usually identified as zombies, were responsible for the majority of the spam being sent in 2003 and 2004.  This form was much more than an inconvenience for the user.  Spammers used Trojan horses to download malware and crippling viruses onto several machines, allowing them to be controlled from a remote location.
Industry analysts have predictable that Trojans are actively operating on millions of computers throughout the world.  Some are advanced in ways that allow them to install other Trojans, initiate DDOS attacks and much more - all this from opening a single spam message.  

Spammers now use a combination of various methods to be more effective.  This is because many anti-spam programs are incapable of detecting them all.  As spam filters improve to protect receivers, spamming techniques will continue to evolve and keep our mailbox clogged with unwanted messages. 



India is a Spamming Center

Marvel where all those frustrating scam messages come from? Who sends them? Well, you have got some answers here. Panda Security, a player in antivirus and preventive technologies sector, has stated in its report that India is the world's number two spammer. Surprised? Even we were.

Panda Security has released a report stating that Brazil, India, Korea, Vietnam and U.S. head the list of countries from which most scam was sent during the first two months of the year 2010. With admiration to the cities from which spam was being sent, Seoul was first in the list, followed by Hanoi, New Delhi, Bogota, Sao Paulo and Mumbai. 

The five million emails investigated by Panda Labs came from a total of approximately one million different IP addresses. This illustrates that the spam is mostly sent from zombie computers belonging to a botnet. This way, the computers of the infected users themselves are those which send the spam. The cybercrooks have thousands of computers at their removal, which do the dirty work for them.

Spam is nothing but a business and is used mainly either to distribute malware or sell/advertise all type of products. Therefore, as long as there are users, no substance if they are few, who trust these messages, it's sufficient to continue betting on it.

The most universal forms of these fraudulent business proposals fall into the following main categories: 
  • Disbursement of money from wills .
  • Contract fraud (C.O.D. of goods or services) 
  • Purchase of real estate 
  • Conversion of hard currency 
  • Transfer of funds from over invoiced contracts 
  • Sale of crude oil at below market prices

The most common and successful cases of Advance Fee Fraud is the fund transfer scam. In this scheme, a company or individual will normally receive an unsolicited letter by mail from a Nigerian claiming to be a senior civil servant. In the letter, the Nigerian will inform the recipient that he is seeking a reputable foreign company or individual into whose account he can deposit funds ranging from $10-$60 million that the Nigerian government overpaid on some procurement contract.

The criminals achieve the names of potential victims from a variety of sources including trade journals, professional directories, newspapers, and commercial libraries. They do not aim a single company, but rather send out mailings en masse. The sender declares that he is a senior civil servant in one of the Nigerian Ministries, usually the Nigerian National Petroleum Corporation (NNPC).

The letters refer to analysis of previous contracts awarded by prior regimes alleging that many contracts were over invoiced. Rather than return the money to the government, they desire to transfer the money to a foreign account. The sums to be transferred average between $10,000,000 to $60,000,000 and the receiver are typically offered a commission up to 30 percent for assisting in the transfer.
Originally, the intended victim is instructed to provide company letterheads and pro forma invoicing that will be used to explain completion of the contract. One of the reasons is to use the victim's letterhead to forge letters of recommendation to other victim companies and to request out a travel visa from the American Embassy in Lagos. The victim is told that the completed contracts will be submitted for approval to the Central Bank of Nigeria. Upon approval, the funds will be sent to an account supplied by the intended victim. 

The goal of the criminal is to mislead the target into thinking that he is being drawn into a very lucrative, albeit questionable, arrangement. The intended victim must be reassured and confident of the potential success of the deal. He will become the most significant supporter of the scheme and gladly donate a large amount of money when the deal is endangered. The term "when" is used because the con-within-the-con is the scheme will be threatened in order to influence the victim to provide a large sum of money to save the venture.
The letter, while appearing transparent and even ridiculous to most, sadly is growing in its effectiveness. It sets the stage and is the opening round of a two-layered scheme or scheme within a scheme. The fraudster will eventually reach someone who, while skeptical, greatly wants the deal to be authentic. 
Victims are almost always requested to travel to Nigeria or a border country to complete a transaction. Individuals are often told that a visa will not be compulsory to enter the country. The Nigerian con artists may then bribe airport officials to pass the victims through Immigration and Customs. Because it is a serious offence in Nigeria to enter without a legitimate visa, the victim's illegal entry may be used by the scammers as influence to coerce the victims into releasing funds. Violence and threats of physical harm may be employed to further pressure victims. In June of 1995, an American was murdered in Lagos, Nigeria, while pursuing a 4-1-9 scam, and frequent other foreign nationals have been reported as missing. 
Victims are often influenced of the authenticity of Advance Fee Fraud schemes by the forged or fake documents bearing apparently official Nigerian government letterhead, seals, as well as fake letters of credit, payment schedules and bank drafts. The scammer may establish the credibility of his contacts, and thereby his influence, by arranging a meeting between the victim and "government officials" in real or fake government offices. 
In the next stage some alleged problems about the “inside man” will unexpectedly arise. An official will demand an up-front bribe or an unexpected tax or fee to the Nigerian government will have to be paid before the money can be transferred. These can include licensing fees, registration fees, and various forms of taxes and attorney fees. Generally each fee paid is described as the very last fee required. Invariably, oversights and errors in the deal are discovered by the Nigerians, necessitating additional payments and allowing the scheme to be stretched out over many months. 
Numerous reasons have been submitted why Nigerian Advance Fee Fraud has undergone a dramatic increase in recent years. The explanations are as varied as the types of schemes. The Nigerian Government charged the growing problem on mass unemployment, extended family systems, a get rich quick condition, and, especially, the greed of foreigners. 
Signs are that Advance Fee Fraud grosses hundreds of millions of dollars yearly and the losses are continuing to escalate. In all likelihood, there are victims who do not report their losses to authorities due to either fear or embarrassment.