The Top Five Spam Scams.

April 2, 2005

The National Cyber-Forensics & Training Alliance (NCFTA) has identified its top-five spam scams of March 2005. These include fraudulent e-mail purporting to come from the Federal Bureau of Investigation (FBI) and the redirecting of a Web request to another, bogus location.

The NCFTA is a nonprofit organization focusing on cyber crime issues. It operates the Direct Marketing Association’s (The DMA) Operation SLAM Spam in affiliation with the FBI. SLAM Spam is supported financially by The DMA. The DMA is working with NCFTA, as well as federal authorities, nonprofit organizations, and business organizations, to fight fraudulent spam.

“The Internet represents the ‘New Frontier’ when it comes to fraud,” said Patricia Kachura, Senior Vice President, Ethics and Consumer Affairs, The DMA. “Everyone, consumers and businesses alike, must be constantly vigilant to scams that seek to collect personal or financial information to be used to commit fraud.”

Online fraud cost merchants $2.6 billion in 2004, an increase of $700 million from 2003, according to a survey conducted by CyberSource Corporation. Approximately two percent of all online sales are fraudulent. While significant resources are being dedicated to fighting fraud, it is still imperative that consumers and merchants also take direct responsibility and make sure they know with whom they are doing business before providing valuable personal and financial information.

The top five spam scams for March identified by the NCFTA include:

1. Pharming Attacks: Pharming is the redirecting of an individual’s Web request to another location. For example, if an individual with an infected computer conducts online business with a specific bank, that person will type the bank link into the address bar, but will be redirected to a designated phishing site that looks very similar to the authentic site but is, in fact, fraudulent. Because the individual did not click on any obscure link, the site will appear to be legitimate.

Pharming can also result from a hijacked Domain Name Server (DNS), an Internet service that translates domain names into IP addresses. When a hacker poisons a DNS, he or she changes the specific record for a domain, sending individuals to a Web site very different from the one they intended to access – without their knowledge. Usually, the hacker does this by posing as an official who has the authority to change the destination of a domain name. DNS poisoning is also possible via software vulnerability.

2. Google Hacking: NCFTA has identified a site advertising several hundred instances of scammers using the Google search engine to retrieve sensitive information from individuals. Using an explicit search command, it is possible for scammers to find business résumés that individuals have posted on the Web. These documents often contain information such as Social Security numbers, family history, dates of birth, home addresses, phone numbers, and education. Individuals who unknowingly provide all this personal information are very susceptible to identity theft. NCFTA is compiling information about the hacking site to be turned over to law enforcement if specific violations can be identified. NCFTA through The DMA also has alerted the Federal Trade Commission to this scam.

3. FBI Virus/Spam Hoax: The NCFTA has assisted the FBI with its investigation concerning a fraudulent e-mail hoax (http://www.ifccfbi.gov/strategy/wn050223.asp). The FBI has become aware of spam e-mail fraudulently claiming to be from fbi.gov accounts. The e-mail sounds official, even threatening, in tone, and appears to be sent from the e-mail addresses of po****@*bi.gov, fb*@*bi.gov, of*****@*bi.gov, and we*@*bi.gov. The recipient is enticed to open an attachment that contains a W32.Sober.K@mm worm. The actual text of the e-mail is shown below:

4. Phishing: Phishing attacks use spoofed e-mails and fake Web sites to fool recipients into revealing personal information or to have a Trojan/virus placed into their computer. By using trusted brands of well-known companies such as financial institutions, online retailers, ISPs, and credit card companies, phishers attempt to dupe innocent consumers into revealing their personal information. Phishing schemes are often delivered via spam e-mail.

5. Nigerian Scams: There are several variations of this scam that, at its core, either informs the recipient that he/she is allegedly due a large sum of money or asks for their assistance with some form of illegal money laundering. The recipient either will be asked to provide money as “processing fees” or personal financial information to facilitate the transaction. These scams, which were more abundant last year, have reemerged in conjunction with the tsunami scams.

The above five spam scams are based solely on limited NCFTA data. However, this information is then shared with the FBI, which, with assistance from The DMA’s SLAM Spam project, provides law enforcement authorities with a much more robust understanding of the top spam scams.

Useful tips to detecting and combating fraudulent spam, include:

– Never reveal personal information to an unverified recipient. This includes:

– Login names and passwords

– Credit card numbers

– PIN numbers

– Bank account numbers

– Mother’s maiden name

– Social Security number

– Date of birth

Never respond to requests for the personal information listed above via e-mail. If the e-mail looks “phishy,” call the company that claims to have sent you the e-mail to verify its authenticity. Look up the phone number on your own and do not trust any numbers supplied by the e-mail without verifying them. Never trust hyperlinks in e-mails. Visit Web sites by typing the URL into your address bar. Review your credit card and bank statements for any unusual transactions. Report them immediately if you find any unauthorized transactions.

Report suspected abuses of your personal information to the proper authorities. Do not use the same passwords on multiple sites.

Avoid opening spam that contain attachments, especially if they contain an “.exe” or “.d11” suffix.

Eliminate spyware by following the list of countermeasures offered by the NCFTA. These can be found by visiting The DMA’s Web site and clicking on the “For Consumers” section (http://www.dmaconsumers.org/).

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent system. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent system. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent system. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent system. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent system and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
csrf_token	session	User protection against possible Cross-Site Request Forgery attack. Recommended.
mwsid	session	HispanicAd.com Newsletter cookie should user decides to sign-up. Essential.