Blog Home

May 16, 2012

Spoofed 'Bill Me Later' email has links to 20 Blackhole exploit websites

May 16, 2012

This article is about cybercriminals taking email exploit attacks to a new level. Tonight, I processed an email scam (to SpamCop) that claimed to come from a service known as 'Bill Me Later' - detailing an online payment I was supposed to have made over the phone. Except, my name is not Dr. Mary Olsen, MD!

The message, which was carbon copied (CC) to dozens of other recipients (whose email addresses were viewable in plain text), started off with the following totally fake text:

"Thank you for making a payment over the phone! We've received your
Bill Me LaterĀ® payment of $60.12 and have
applied it to your account."

The scam goes on to list various account numbers and (fake) payment details. It was also loaded with images and clickable links (20) to view many details, including:

Manage your account, Make a payment, View statements, Account Summary, Home, Make a Payment, About Bill Me Later, Offer, Directory, View Statements, Merchant Sign Up, Store, View Account, Summary, FAQs, Register Account
and 4 image links.

What is astoundingly different about this scam is not just the unusually high number of links leading to an exploit kit, but the fact that they all led to different domains. Normally, I see one or two domains used in hostile link scams. Twenty different compromised domain links is a new record for me.

Each one of these 20 links (see compromised website list) leads to a different website, to a sub-directory (folder) containing 8 mixed case alphanumeric characters, then, /index.html. Here is one sample URL (deactivated for your safety): h**p://webprof.ro/Tv2YU8u6/index.html

Continue reading "Spoofed 'Bill Me Later' email has links to 20 Blackhole exploit websites" »

Posted by Wiz at 10:23 PM |

Get Norton 360 Version 6.0 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 6.0.

May 7, 2012

Really lame and blatant Nigerian 419 scam

Today, I received an email containing a Nigerian 419 scam that while laughable for its horrible spelling and punctuation, makes an upfront demand for payment. Normally, these scams hide the fact that victims are asked to pay in advance before the (fake) hundreds of thousands of dollars will be released to the beneficiary (victim).

Let's take a look at this scam from a curiosity point of view.

First of all, the sender has covered his tracks by using compromised email relaying PCs in a botnet. Two computers were used, both belonging to US residents. One belongs to an organization named "Secured Private Network" - which is obviously not so well secured! The second relay occurred via an open relay in a mail server belonging to CrystalTech Web Hosting.

The return path was interesting. It used a (possibly spoofed) account on a Ukrainian domain: terence_m@e-mail.ua. However, the From address shows test@milkom.net, which is obviously spoofed.

The message body claims to be from the "United states ambassador to nigeria
Ambassador terence mccauley" - yet it is filled with incorrect grammer, bad spelling and letter cases. I have to believe that any school kid in the USA knows that titles, countries and personal names always have the first letter capitalized.

The scammer claims to have plans to be: "coming to your country for an official meeting and i will be bringing your funds of ($500,000:00) FIVE HUNDRED THOUSAND UNITED STATES DOLLARS {bank draft} along with me." He goes on to demand an up front payment of $250 processing fee! "the cost of registering it is $250 USD the fee must be paid in the next 48 hours via western union."

Finally, to add insult to injury, the scam contains this outrageous statement:


Please, if you know you will not or can not send the requested $250 USD, please, dont bother replying this mail.

You can read the full text of this 419 scam on my SpamCop report

It is the up front, advance fee demands that gave these scams the name 419 scam. You see, section 419 of the Nigerian Penal Code makes it a serious offense to commit financial fraud involving advance fees. Yet, Nigerians go to Internet Cafes every day and mail out thousands of such scams to people in all parts of the World, but especially English speaking people in North America, the United Kingdom and the lands down under.

Never reply to a Nigerian scammer and never give them your phone number! There is no 500 Gs waiting for you, and you are not the beneficiary of anybody who died and left millions in a Nigerian bank. They will bleed you out of all your money with new fees and bribes and never send you the promised funds (because they do not exist). This has happened over and over to greedy people who fall for such scams. W.C. Fields once said "Never wisen up a chump or give a sucker an even break." That is exactly how Nigerian 419 scammers behave. They target the elderly as well as business owners and town clerks.

Posted by Wiz at 11:59 AM |

Get Norton 360 Version 6.0 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 6.0.

November 5, 2011

Work at home Money Mule job scams abound with holidays approaching

For the last week or so, I have seen a steady increase in the number of illicit work at home job scams arriving by email. So far, just this morning, I have seen 5 different subjects, with slightly different "reference" numbers, all spoofed as coming from one of my own email addresses. This coincides with the approaching Black Friday and Christmas shopping season in the US and Canada.

I have no doubt that my readers are also seeing more mysterious online job offers arriving by unsolicited email (spam). With so many of us struggling to make ends meet, in a middle that keeps getting farther apart, some of you may be tempted to reply to such an offer. Please don't do it! It is a scam and will get you in big trouble. Let me explain...

Work at home job scams have been around for well over a dozen years. In recent years the people running these scams have found that it is more profitable to recruit hapless individuals, in desperate search of a job, into a money laundering, or stolen goods reshipping scheme, than to cheat them out of a few dollars over a fake envelope stuffing, or medical billing position.

What is a money mule?

A Money Mule is a person who knowingly, or unknowingly receives stolen, or illegally obtained funds, allows them to be deposited into their own bank, then transfers that money from their bank to another one, located in another country. This act is known as Money Laundering. The illicit money comes to them by means of the use of banking key loggers, like the Zeus or SpyEye, or by illegal activities like arms or drug sales, or extortion. Sometimes, the money being laundered is done so on behalf of known terrorist organizations.

What is a reshipper scam?

A reshipper scam is where a person is recruited for a job where they receive physical goods delivered by the post office or a parcel delivery service, which they repackage, or re-label, then reship them to a specified, foreign destination. The reshipper may or may not be aware that these goods were obtained with stolen credit or debit cards.

In both of these "job" descriptions, in most civilized, law abiding countries, serious laws are being broken by all participants in these schemes. Money Mules are easily tracked down when victims notify the Police about money illegally transferred out of their bank accounts. The banks have a money trail for all money transfers. Most Money Mules are told to set up a direct deposit account, to receive and transfer stolen funds. As I mentioned earlier, this is known as "Money Laundering" - which is a Federal Felony in the USA and Canada, punishable by lots of time in a Federal Penitentiary and huge fines.

Reshipping job participants are involved in moving stolen merchandise (from auction sites, office supply, computer and electronics stores, catalog stores, etc) to offshore recipients. All reshipping mules are guilty of felonies for trafficking in stolen goods.

Continue reading "Work at home Money Mule job scams abound with holidays approaching" »

Posted by Wiz at 11:43 AM |

Get Norton 360 Version 6.0 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 6.0.

Add to Technorati Favorites

Fight website spammers

Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Get Reliable Web Hosting

Get your websites hosted on Bluehost, for as low as $6.95/month. Unlimited everything! Reliable servers, US based phone support, and 1-click software installs.

We are hosted on Bluehost and couldn't be happier!

Use OpenDNS

MailWasher Pro is an effective spam and web threat filter for your desktop email client.
MailWasher Pro is a POP3 email client spam filter
Download MailWasher Pro Here

Categories

Archives

Recent Posts

Popular Posts

Subscribe to this blog's feed
[What is this?]
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.38

Try TypePad Now to Get a Hosted Blog with Powerful Features.

Get a Blogging Platform built to Grow with Your Business. Download Movable Type Now!