05 Mar Mystery shopper: Beware of Frauds Tatiana Kulikova
05 Mar A ‘gift’ for Apple’s valued customers Tatyana Shcherbakova
26 Feb The ‘Nigerian’ vow: our promises – your money Tatiana Kulikova
26 Feb Are you sure you want to unsubscribe from our mailings? Maria Vergelis
20 Feb Virtual bitcoins vs hard cash Tatiana Kulikova
14 Feb The World Cup: spammers set their sights on goal Tatyana Shcherbakova
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Offers to work as a mystery shopper are a common trick used by fraudsters. They give you a chance to work in your free time, and if you agree, they send you a fake check with a huge sum of money, which is supposed to compensate the costs of goods and research. Any remaining money left over after the work is returned to the fraudsters. When the bank annuls the check as a fake, the secret shopper is left out of pocket.
But as users become more aware of online dangers, scammers have had to resort to various types of tricks to achieve their goals, such as disguising scammer mailings as a mailing from a large company specializing in working with secret shoppers. The message, sent on behalf of Mystery Shopper Inc., prompted the user to look at a description of the vacancy, but the attached link led to another resource that also specializes in this type of market research.
The real address of the scammer’s page was revealed after clicking the attached link. Obviously, it had nothing to do with Mystery Shopper Inc. official resources.
In January we detected a phishing mailing that was sent on behalf of Apple. The messages contained an offer to purchase a card giving a discount of 150 euros in any European AppStore for only 9 euros. The senders also underlined that only valued customers were eligible to receive the card.
To place an order for the card, Apple fans had to open an attached HTML page and fill in all the fields, such as information about the user’s bank card, including the three-digit security code stated on the reverse of the card.
In exchange, the scammers promised to send a discount card via email within 24 hours. But evidently it was just another scam to trick users. The fraudsters also used the Apple logo and automated subscriptions at the end of the message to confuse victims.
The scammers didn’t just target logins and passwords for personal accounts but also users’ banking information, and in order to achieve their goal they are willing to promise anything. Inexperienced users may find it difficult to see through the fraud, but requests for confidential bank information or data that gives access to personal accounts are a clear sign of a phishing scam.
The tales spun by Nigerian scammers often amaze with their ability to exploit and adapt the same type of scam to a whole variety of situations. Most of these situations are tragic, either related to someone’s death or political turmoil. That’s why an attempt to give away one’s money (or huge part of it) as a vow to God may well come as a complete surprise.
The vow was given by an engineer who had decided to give away tens of thousands of dollars to a randomly chosen user from the Internet. According to his story, he signed a very lucrative contract in Australia, but after finishing his part of the contract, his work wasn’t paid. The desperate engineer swore to God to give away $250,000 to some random person if he received his money. Of course, the story had a happy ending and recently, the Australian government agreed to pay up. And now the happy engineer has to fulfill his vow and is ready to give $250,000 to the lucky recipient.
Although Google confirms the existence of Mr. Brady’s company, the promise of a large sum of money shouldn’t be taken too seriously. Suspicions should immediately be raised by the fact that a private businessman is writing from an address with the domain fbi.gov.
We hope that nobody ends up responding and paying for Mr. Brady’s holy vow. After all, a happy end for the scammers often spells tragedy for the victims.
Spammers are relentless in their attempts to bypass anti-spam filters and confuse recipients of spam. Recently we detected a mass mailing disguised as an automated reply to a request to unsubscribe from a news blog. The authors noted their regret at losing one of their subscribers and asked if the user really wanted to unsubscribe.
Phrases like “We regret your decision to unsubscribe” do indeed appear in responses sent following requests to unsubscribe. However, there followed some unusual text in which the senders also regretfully informed the recipient that they had also unsubscribed him from other information mailings on subjects such as:
These are typical spam topics which, in this case, were disguised as information blocks. Why were the messages so suspicious? Because the senders didn’t even mention the name of the blog, site or journal from which the user was supposed to have unsubscribed.
The name of the unsubscribed service wasn’t in the sender’s domain name either – the address contained only one phrase that translates as “driving license right now” (spammers frequently use words related to the topic of the message in new domains), and the messages were sent in the month the domain was created. There were no links to prolong the subscription. It looks like the spammers thought that any interested users would reply to the message and receive a whole variety of spam mailings related to the chosen topic.
An even more insolent mailing stated that for a certain amount of money the spammers would tell the recipient how they found out his/her email address and why the mail box was full of spam messages. The information cost just $3.50. In order to pay for the information, the user had to click a link at the end of the message.
The link led to the site called End of Spam where the user could view a full pricelist. For instance, the user could remove his/her email address from spam mailing lists for a $1.50 payment via PayPal. Information on how the spammers found out about the user’s email address cost $3.50. The fraudsters reminded the user to state their email address so that they “know which email address to unsubscribe”.
All of the links led to a PayPal page with a set payment document. If the user was already authorized in PayPal system, he/she simply had to press the button “Buy Now” and transfer his/her money to goodness knows where.
Of course, this is unlikely to halt the spam mailings – it’s hard to believe that the senders know all the spammers in the world and can stop their mailings at the request of a user. Besides, after the money transfer, the stream of unsolicited correspondence may even increase after the address is confirmed as being valid and the user’s naivety is noted. In the worst case scenario, the user’s personal data from the money transfer payment could be used.
The festive season with its gifts, decorations and costumes can easily put a dent in your finances. No wonder then that after the holidays spam started appearing with suggestions on how to make some money. And increasingly spammers are using bitcoins – a cryptocurrency – as the bait. For instance, bitcoins can be earned in return for access to the computing power of a device. There are plenty of stories about millionaires who have made a fortune with the help of this currency, and spammers have been quick to exploit its current popularity.
Recently, bitcoin’s exchange rate has been steadily increasing (at the time of writing 1 bitcoin is worth $623), making it a rather attractive proposition.
Spammers are exploiting the popularity of the currency in different ways. One of the mailings offered to share the secret of a millionaire who made his fortune with bitcoins. The message stated that with the help of this secret, the recipient could make $1500 per day without even buying any bitcoins.
The link in the message led to a web page that contained promises of great wealth. In order to receive the software required for this type of income, the user had to enter his/her e-mail address.
2014 sees two huge sporting events taking place: the football World Cup in Brazil and the Winter Olympic Games in Sochi. In November we mentioned a mailing exploiting the World Cup – the fraudsters disguising their scam as a lottery. In January the number of these kinds of mailings increased. The stories used in the messages were identical: the user was informed that he/she had been chosen from among millions of other users as the winner of a lottery with a huge prize. In order to claim the money, the user had to contact the organizers using the addresses and phone numbers provided.
The body of the message was either empty or contained just one phrase: “See the attachment for information” or “Open the attachment”. The content of the attached file changed from message to message, as did the file format – JPEG, PDF or DOC. The file contained information about the alleged prize and also had references to FIFA and the World Cup. The scammers even went to the trouble of including official logos and pictures from the ceremony when Brazil was awarded the World Cup.
The Olympic Games are a huge event. And scammers are obviously going to try and exploit the interest they generate. We’ve already written about “Olympic” spam mailings. Now, SMS spammers have also appeared on the scene.
On February 10 we registered a spam mailing, which supposedly led to the live stream of an Olympic event:
«Olympic live stream in Sochi hxxp://mms****.ru/olympic.apk»
If unsuspecting users click on the link, a Trojan will be downloaded to their device. We detect the Trojan in question as HEUR:Trojan-SMS.AndroidOS.FakeInst.fb.
If this Trojan successfully downloads and launches, it addresses the C&C server and transfers the data gathered on the user’s phone, including the list of contacts.
The XXII Winter Olympic Games officially get under way on 7 February. Of course, this major sporting event has not gone unnoticed by the spammers. The “Nigerian” scammers couldn’t resist either: at the end of January we received an interesting mailing from someone looking for a trustworthy person in Russia who they could transfer 850,000 euros to. To explain such an unusual request, the author didn’t use the standard “Nigerian” tales, but instead cited a trip to the Olympic Games - the money was needed for a group of six people who supposedly intended to stay in Sochi. For further information, the recipient of this generous offer had to contact the sender.
A seemingly harmless request for help in organizing a trip turns out to be a trap, with the usual large sum of money as the bait. A reference to a real event is used to persuade the recipient that the request is genuine. But the result is always the same – the spammer asks the recipient to transfer a certain amount of money, for instance, to cover the costs of the transfer, and after that the fraudster vanishes without a trace.
Letters about lottery wins are a standard trick used by ”Nigerian” scammers. Very often, the author of such letters will explain that he is the happy winner of a multi-million lottery win, and he doesn’t know how to spend the unexpected windfall, and has decided to turn to philanthropy.
Mikhail Khodorkovsky, the former head of the Russian oil company YUKOS, was recently released from jail. There is a lot of speculation in Russia as to the reasons for his amnesty, while tabloids around the world are watching the ex-businessman’s every step. For ‘Nigerian’ scammers, the news was used as the basis for a tale of tragedy whose sole aim is to squeeze money out of the gullible users.
According to the ‘Nigerian’ story, an entire group of Russian oil tycoons (an exaggeration that is intended to justify the huge sum of money referred to in the story) faced trial on fraud charges. Luckily for the recipient, they had time to transfer their fortunes to a trust account with a UK bank. And now a mysterious middleman, Mr. Maharais Abash, is asking people to provide a personal bank account that the $50 million oil fortune could be transferred to. Naturally, the affair is strictly confidential – UK and Russian officials should know nothing about it.
Khodorkovsky’s release from jail triggered a surge in creative scams by these writers of ‘Nigerians letters’ – there can be no other explanation for the claim that an entire group of oil tycoons (rather than just one individual) was supposedly given a 15-year sentence. Fortunately, this makes it easier to spot the scam. A simple online search will quickly reveal that there have been no mass arrests of Russian oligarchs, and that the $50 million is merely a figment of Mr. Maharais Abash’s imagination – if indeed he even exists.