New Nigerian phishing scam targets Hotmail users
Today I received an unusual phishing scam that I traced to Lagos, Nigeria. It is disguised as an urgent message from the Windows Live Team, to all Hotmail subscribers. The subject was: "LAST WARNING (ACCOUNT ALERT)" - in all capital letters - as is typical of Nigerian 419 scammers. The email claims that Hotmail is overloaded with free user accounts and must prune unused accounts to free up resources. What a bunch of hooey! Anyway, the intended victim is asked for his or her Hotmail address and password (Microsoft already knows this), date of birth (why would Microsoft need that?) and your location. The details are supposed to be filled out in the enclosed form and submitted to the scammers.
This is a phishing scam looking to steal active Hotmail accounts for use as spam sending zombies, using Hotmail's good reputation to avoid email sender blockades. The phished date of birth information can be crosschecked against other stolen or looked up details about you, or they can read your personal details saved in your Hotmail account profile, to perform identity theft. This information would then be sold to more advanced cyber criminals.
The scam email I received today was sent from the IP address 62.173.55.107 which is part of the CIDR 62.173.32.0/19, which covers all IPs between 62.173.32.0 and 62.173.63.255. This CIDR is registered to ipNX Nigeria Limited, in Lagos, NG.
I discuss methods of preventing these Nigerian scam emails from reaching your desktop email clients, or forum members, in my extended comments.
How to block Nigerian 419 scammers
If you run a web server and have administrator (root) privileges, you can block all email coming from known Nigerian and other African IP addresses by applying my Nigerian Iptables Blocklist to the mail server (mail blockade), or Linux APF Firewall rules (total blockade). By applying the Nigerian Iptables Blocklist to your Linux/Apache Server firewall you will block all access to all websites hosted on it. This includes databases, email, ftp and http services. It will appear as though there is no server, or websites, at the URL they request or send mail to.
If you don't have root access to the Linux OS you can still block Nigerian 419 scammers from accessing your web pages and forums via HTTP, by applying my .htaccess Nigerian Blocklist to your public web root directory .htaccess file. This requires that your website be hosted on the common Apache Web Server, running on a Linux or Unix OS.
I provide other IP blocklists in both iptables and .htaccess formats. If you lease a dedicated server your server administrator can install the iptables blocklist rules for you. I am available for hire to install .htaccess blocklists, or to customize a blocklist for your individual websites, as long as they are hosted on Apache web servers. Use my Webmaster contact page to request a quote or to arrange for ongoing website security maintenance.
Most commercial web hosting companies offer an mail server for incoming (POP3) and outgoing (SMTP) email for their hosting customers. Most of these mail servers have the free option of turning on an email spam filter of one kind or another. Most spam filters recognize subjects with all capital letters and will flag those messages as "{SPAM}." You can then have your email client* filter messages marked as SPAM to be deleted, or sent to a folder you create for questionable messages.
If you do not have your own web server for receiving your POP3 email, but still use a desktop email client (e.g. Microsoft Outlook, Outlook Express, Windows Live Mail, etc), you still have an option available to block this Nigerian crap email. I use and recommend a spam filtering email screening program called MailWasher Pro. MailWasher Pro sits on your Windows Desktop as an application between your POP3 email servers and your desktop email client. It receives email at an interval you select and screens it to identify spam and either flag it or automatically delete it. I set my Windows Live Mail client to manually download messages only when I press the Send/Receive button, which I do to download desirable messages that have been cleared by MailWasher Pro. I report any spam or scam messages that make it through my automatic deletion filters to SpamCop, through MailWasher Pro itself.
MailWasher Pro uses a combination of learning filters, a blacklist, a friends list, known spam blocklists (like SpamCop) and custom user written filters, to identify and deal with spam. I happen to write custom filters for use with the program and which can identify and either manually or automatically delete about 95% of all incoming spam and scam messages. You can learn about, or download Wizcrafts' Custom MailWasher Filters here. There are 3 sets available, the details of which are explained on the aforementioned web page. My "Subject All Caps" filter flagged the scam message that started this article.
MailWasher Pro is a commercial program that you pay for once and receive free program updates for life. I've been using it for about 8 years now and have only paid once. The current version, as of July 2, 2009, is 6.51. It is fully compatible with all versions of Windows, including the soon to be released Windows 7. The current price is $39.95, for a lifetime registration.
If you use a web browser to obtain your email you are at the mercy of your email service provider to supply their users with spam protection. Check your email options to see what level of Spam blocking is available to you and apply it. You may have to white list your friends and contacts to avoid having some of their messages accidentally deleted as Spam, but it is worth the effort.
If you are one of the intended targets of this phishing scam, a Hotmail user, login to your Hotmail account (in your browser), click on: Options (upper right area), then Junk Mail > Filters and Reporting > Choose a junk e-mail filter. Select either Low, Standard, or Exclusive and Save your choice. Next, choose when to delete junk e-mail. Last, choose whether to report junk mail to Hotmail, to help finetune their spam filters. Note, that your Hotmail login can also be your Windows Live ID, should you need one.
Always be suspicious of any email that tries to panic you into taking an action that is against common sense. Phishing scams are designed to cause panic and make victims respond before they have a chance to think about the claims made in that email scam. This is the same tactic used by high-pressure salesmen and telephone solicitors and scamsters. Always check with the website in question to see if they really did send such an email to their users. Always type the URL manually, or use a link saved in your bookmarks, from a previous successful login. Watch for HTTPS at the beginning of any URL leading to a bank or other secure login location (like Hotmail).
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.