Spamtrackers.org

News Blog and Archives:

December 2010

The highest number of spam-spewing computers is in the U.S. -- Is yours one of them?

August 2010

A pleasant discovery, thanks to spammers

Spammers spoofing antispammers' email addresses

June 2010

Google Groups: "This site could harm your computer."

April 2010

Your friend is freaked out at the moment

December 2009

Malware writers vying to violate virgin computers

Fake security scan scamming Skype users

Google scammers take aim at Barack Obama

November 2009

Favicons and fake-icons

Spamit Must Fall

Spamming universities

June 2009

May 2009

April 2009

March 2009

February 2009

January 2009

December 2008

 

Resource Links

April 2010

Your friend is freaked out at the moment


This site is best viewed in Firefox or Seamonkey browsers. We do not recommend the use of Internet Explorer browser due to the risk of getting infected with malicious software without any warning while surfing the web.

April 3, 2010
Your friend is freaked out at the moment

Subject: my predicament
From: [your friend's full first and last name] <[your friend's email username]@msn.com>

Hi,
I'm writing this with tears in my eyes,sorry I did not inform you about our trip.We actually made a quick travel to London and unfortunately attacked and mugged at gun point on the way to our hotel,all cash,credit card and cell phone were taken away from us but luckily we still have our passport with us.

We`ve been to the embassy and the Police here but they're not helping issues at all and our return flight leaves anytime from now but we`re having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills.

Am freaked out at the moment.

[your friend's first name]

That email might get anyone "freaked out." And if you know how to read email headers, you would see it came from a mailserver called "bay0-omc3-s5.bay0.hotmail.com [65.54.190.143]," showing it really came from a Microsoft sevice like msn.com, hotmail.com, or live.com. In fact, it really did come from her email account, and it was sent to people in her address book. Unlike spams that spoof the recipient's name in the "from" field, it used her real name, which is not the same as her username. Her friends' email filters probably all marked it as "not spam" and let it through. There was no indication of how many people it was sent to: Instead of having the recipient's name and email address in the "to," it came as a blind carbon copy (bcc).

Hopefully, none of her friends would be fooled by this. This particular woman wouldn't easily be "freaked out" enough to lapse into such horrendous grammar.

In this case, the victim believes her computer was infected by a trojan that accessed her email account. After sending this message, it proceeded to erase her address book, making it difficult to warn her contacts once she was alerted to what had happened.

Another common ploy would be to simply guess someone's email account password and take over her account. The scammers can change the account's password, backup email address, and challenge question. The real owner is locked out and can't easily regain access. The criminals can then proceed with sending the email and erasing the address book.

The email did not give any way to contact the scammer except by responding to the friend's real email address, and it did not directly ask for money or give instructions for how to send it. Someone who responded to it would have had to make direct contact with the criminal and have a further exchange of emails. The criminal needed to continue to have control of the email account in order to receive the replies and to impersonate the friend. It is very similar to a 419 scam, but it takes advantage of people's willingness to help friends/relatives in trouble, rather than taking advantage of greedy people's desire to acquire large sums of money that doesn't belong to them.

A lot of people are being hit with this. Someone who took the step of contacting the criminal got this reply and posted it on a forum:

I am very glad to read from you, I’m good, just mentally bad due to the hotel bills and other bills.Honestly,I wound have love to call but I have no access to a cell nor even a cent for a payphone. All I need now is $2,000 but anything you wired will be appreciated, You can get it wire to my name via Western union so that i can use my passport for verification here at western union outlet in London

This is the details you need at western union location below -

Name - XXX

Location - 30 Leicester Square London United Kingdom WC2H 7LA

Kindly email me the transfer details as soon as you have it done I will definitely refund it back once we get home tomorrow.

Thanks........

That means the criminal has a fake ID in the victim's name, too. They aren't asking for the Western Union office to require any secret words, as might be used when wiring money to someone who doesn't want to reveal his real name. Other people have reported their cell phone accounts were even changed to prevent incoming calls. There's a long description in a column by Bob Greene.

A similar scam was used against some members of the British Parliament recently. But no one is immune. You don't have to be famous for your email account and identity to be valuable to scammers. And you don't have to be careless or clueless to get infected.

How do you protect yourself? Some general safety guidelines:

* Don't use Internet Explorer for your web browser. Internet Explorer 6 is very bad (though many businesses haven't upgraded their own systems to work with anything more recent), but even IE8 allows ActiveX controls that give websites way too much control over your computer. Some websites won't work with anything else, and you have to consider how much you need to use those websites and how much you trust them. Remember that even good websites can get hacked. The websites of antivirus companies have even been hacked, and at least one was infecting visitors with trojans for a long period fo time. So it's not just a case of careless, uninformed webmasters getting burned. Firefox is a free and easy to use alternative to IE. It doesn't run ActiveX.

* Consider not using a Windows operating system. Microsoft has the largest market share, so most trojans are written to run on it. Other operating systems also aren't as promiscuous as Windows, which allows random software to alter system files. If your computer is running MacIntosh or Linux, you can download most trojans and still not be harmed, because the trojans can only run on Windows.

* Don't allow Javascript to run by default when you visit websites. The easiest way to do that if you use Firefox is to install the Noscript add-on. That allows you to evaluate the site and easily decide if you want to allow Javascript -- and whether you want it to be permanent or temporary. You can even allow it for the main site and not for the ads. (Remember that ads on websites are often supplied by third party companies and vary from day to day, without the site owner having the ability to screen them. Criminals have managed to get dangerous content in the ads on otherwise safe websites.)

* Be highly suspicious about anything that arrives in email and asks you to provide any kind of information. Paypal, your bank, your email provider, your credit card company, your cell phone company, your airline, etc., are not going to send an email asking you to give them your password. They aren't going to ask you to provide information they already know. And if they need you to log in, they will tell you to go to their main website, not give you a link to follow, except to confirm an action you already initiated.

* Be suspicious of email attachments. Unfortunately, an increasing number of business users will send emails where the entire message is in the attachment, apparently thinking it will be taken more seriously if it is formatted as a .doc or .pdf file. But criminals can disguise malware in attachments. Attachments that end in .zip, .exe, .cmd, .vbs, .pif, .scr, and .bat are particularly risky. But there have been exploits that took advantage of formats like .pdf that are generally safe.

* Consider using an email program other than Outlook, or using a text-only program to check emails before opening them in Outlook. Outlook limits your ability to see the source code in emails, making it harder to evaluate whether a particular email is safe. There are programs like MailwasherPro that allow you to toggle between the source code and the viewable email and make it obvious when dangerous links are being disguised.

* Keep your computer's software programs up to date. You need to update your antivirus and antimalware programs daily due to the constant stream of new malware being created. But vulnerabilities are often found in browsers and other applications that interact with websites. You need to get the patches before the bad guys develop malware to exploit those vulnerabilities.

* Don't give access to your address book to any website. I know that sites like Facebook, LInkedIn, Classmates.com, etc. will ask, so they can search for your friends. They shouldn't ask. It requires your password, which you should never give to anyone.

* Make sure your home wireless network has encryption and a strong password. And don't access any website or account that requires a password from a public computer or an unsecured wireless network. A computer in an internet cafe is likely to be full of trojans from other people's surfing. And criminals honest-to-god do sit in their cars in hotel parking lots or on residential streets running "sniffer" programs that collect other people's passwords. Accessing your email account from a shared workplace computer is risky if you don't know what everyone else's level of security awareness is.

* Choose very strong passwords. A criminal doesn't need to make repeated guesses to find your password. They can try the same password on many different people's accounts. There are lists of commonly used passwords out there. You should make sure your passwords aren't on any of those lists. In general, a password should be very long. It should have upper and lower case letters, numbers and special characters in it. It should not be a dictionary word or a word with a few numbers added at the end. Except for trivial websites, you should use different passwords for each site. But ... you have to be able to remember it without writing it down anywhere. Think "passphrase" rather than "password." Some people use passages of text that they have memorized and use the first letters or last letters of each word in the passage, inserting capital letters, numbers and special characters in the middle as well.

The reports posted on the web by people who have been affected mention their other accounts, like Facebook, also being accessed. Once the scammers have access to the victim's computer, they can do a considerable amount of snooping, and they can even lay in wait before launching the email hijack, logging keystrokes to collect passwords. The victim needs to clean the infection off her computer, but she also needs to be ready for further attempts at identity theft. All passwords saved in the browser or other programs need to be changed, especially things like passwords to online banking. She needs to contact one of the credit monitoring bureaus to put a "fraud alert" on her account, as the person in England probably has a fake passport with her information on it and can use that to take out new credit cards. She should change her current credit card account numbers if they are saved on her computer or if she has saved them in her account profiles at merchants like Amazon.com. It's a huge pain, but it's easier to deal with it immediately rather than trying to get fraudulent items removed from her credit history after someone has taken out a car loan in her name.

One more thing -- since the thief is using a Western Union office in England, it's worth notifying the Metropolitan Police at fraud.alert[at]met.police.uk. I wouldn't recommend contacting these criminals using your real email account. (The reply listed above is vague enough that they probably aren't keeping track of which addresses they have or have not sent email to, anyway.) But if you have replied, the second email, with the instructions for sending the money, would be particularly useful.

 

Blogs:

Forums:

Reference, tools, and organizations:

Contact

How to get help if your identity was used to register a spamvertised website

About us

The InboxRevenge fallback sites

Due to frequent retaliation attacks by spammers, InboxRevenge.com keeps a list of alternate websites where members can remain in contact and continue their spam fighting efforts throughout the duration of attacks:
ikillspammers
spamitmustfall
blogspot
live.com
webs.com
twitter
wordpress.com
spamtrackers.org
tebweb
spywarehammer
cybercrimeops