Schneier on Security
A blog covering security and security technology.
« Punishing Security Breaches |
| New York Police Protect Obama from Bicycles »
April 26, 2010
ICPP Pre-Trial Settlement Scam
Nasty scam, where the user is pressured into accepting a "pre-trial settlement" for copyright violations. The level of detail is impressive.
Posted on April 26, 2010 at 12:55 PM
• 30 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This doesn't seem all that different from the RIAA/MPAA tactics.
Except of course that the **AA really does drag people into court when they don't pay up.
How do you differentiate this from normal RIAA/MPAA behavior?
I would ignore anything like this. A legitimate body seeking legal action, even those willing to settle, will contact you through channels other than a pop up window.
Zone Alarm has an option that lets one know if they go to pass their eBay password to a fraudulent site. There has to be a way that some software like ZoneAlarm (or other firewall), anti-Virus, etc., could be enhanced to alert someone before passing a credit card number over the internet.
Of course not. Of course we wouldn't.
But that's just it MOST people don't know it. I've had people get IRS blackmail malware at work. I'd ask if they thought that the IRS (microsoft, Boris Badenouff) knew their email address. Well no, some head scratching and, no there's no way.
So it's a fake?
Through it away?
I think we have a model in our heads on how things work and some of those models think that there is only one email system. That random devices and web pages can diagnose and report security problems. That a child pornographer would really send you an email saying you're child porn is in the mail on it's way to you to cancel order click here and oh-have your credit card ready.
They lost me at "lawsuites..."
And it sure seems to me that that website is using the registered trademarks in unapproved ways. It would be so hilarious to have the RIAA and MPAA haul his ass to court for trademark violations.
"How do you differentiate this from normal RIAA/MPAA behavior?"
The small amount being asked for. The MPAA/RIAA ask for thousands, not hundreds.
The MPAA/RIAA also have some of the copyrights they claim to have; this organization appears to have nothing in the first place.
@BF Skinner -- notice the pattern?
They all go after legally abusive patterns that have everyone terrified. MPIAA does go after little old ladies; the IRS can come in and make your life hell on very little pretext (it was a big issue what, 5-10 years ago that they were focusing on minor violations by folks at the bottom of the economic barrel); attorney's of state have entrapped folks with child porn; and so on.
The mind shuts down under terror. It's not the model of email that's the problem; it's the model of authority that shuts down reason. And the problem is that it's not a terribly inaccurate model -- it's a heuristic that's a bit hysterical, but it keeps you generally safe if you react to authority by immediately dropping into a prostrate position.
And since that causes cognitive dissonance for Americans in particular, they can't be aware they're doing it -- they have to be deluded into believing that it's not just a handy heuristic, but an accurate reflection of reality, thereby further shutting down rational response.
Nasty cultural problem.
@Of course not. Of course we wouldn't. But that's just it MOST people don't know it.
As a side note, this is one problem I've had with harsh fiscal penalties for copyright infringement. It's opened the door for a bit of blackmail room. Even someone innocent, when faced with a settlement of a few thousand dollars or a possible judgment of a few hundred thousands of dollars, some will take it just to avoid the risk. Therefore, the plantiffs may be a little less careful about who they threaten.
I know a man who was charged with a fairly serious computer-related crime that he claims he did not do. I realize he may be lying, but for discussion sake let's assume he's not. Even if he is lying, I do think the legal penalty is too harsh. In any case, he was given the following choice:
* Plea bargain - plead guilty to a lesser charge and well pursue one year imprisonment with probabation after that.
* Plead not guilty and we'll pursue 20 years, no probation.
His lawyer, based on the complex evidence, thought he could make reasonable doubt but admitted that there was likely a 10% chance he may be convicted. He took the plea bargain, because a 10% chance he'd miss his 2 year old son's entire life was just too great.
My point being, certain penalties do leave some blackmail room. In this case, it was perpetuated by an illegitimate party. But considering $400 versus the threat of huge fines and imprisonment, it's not surprising that some people take it.
Extortion comes in so many flavors these days. One serious downside is that it becomes very difficult for the average person to differentiate between those who are legitimate and those who are not, and the legitimate (at least as far as legally defined) firms suffer along with the victims.
Bludgeoning a victim with the dysfunctional legal system plays a large role in US tort (civil vice criminal) law as well.
I paid a builder to build a house for me. Poor business practices caused him to go bankrupt half way thru the construction process, but with most of my money already taken. The plumber, who was a friend of his, had been paid in full for the work even though he only performed half of the required work.
I, having lost my job at about the same time, had lots of time and little money so I completed the plumbing myself, buying the materials out of my own pocket.
The plumber then sued ME to be paid AGAIN for work he had not done AT ALL (I had done it, with my own materials - therefore he could not have done it) and after 5 years in court I was forced to pay him off because his lien was preventing me from refinancing (interest rates had dropped from ~9% to
"The level of detail is impressive."
Agreed, er, the apparent effort that went into it anyhow. The grammar/vernacular, however, is laughable:
"Probably you've been using file-sharing clients [...] Anyway, you've violated the copiryght"
I mean really, how stupid do you have to be to pay a $400.00 fee online to someone threatening to sue you for "copiryght infringement"?
Any numbers on how many folks actually fell for this?
@Shane: "Agreed, er, the apparent effort that went into it anyhow. The grammar/vernacular, however, is laughable: "Probably you've been using file-sharing clients [...] Anyway, you've violated the copiryght""
I thought of that too. Grammar and poor (read: unprofessional) language is usually absent in formal legitimate communications.
@Shane: "I mean really, how stupid do you have to be to pay a $400.00 fee online to someone threatening to sue you for "copiryght infringement"?"
When I paid up, they provided me with an authentication mechanism. They sent me a check for $2600 to prove their legitimacy. All I had to do from there is send a check for $3,000 to the ICPP, c/o the Nigerian National Bank. I'm sure it will be fine.
(Kidding of course)
A nigerian scammer tried to get my wife once, but messed with a former ID Theft victim who happens to be married to a seasoned certified auditing professional. He even attempted to call her (it started with a car sale that had our phone number listed), and he used the relay center service for the deaf, presummably to hide his contact information and his voice. While he was trying to play us, we were stringing him along.
In any case, I thought that tidbit may be useful about the TDD usage. Smart on their part, but would only work on dummies since a legitimate institution is unlikely to recruit a deaf individual to work their phone line.
A couple weeks ago I got an email from a law firm saying that I was being sued for copyright infringement. It offered a similar settlement option. I was concerned because I hold many copyrights, have produced videos, written articles and have an extensive website and you never know when someone might accuse you of something, make a mistake in recording your music license or photo release or you might have actually inadvertently infringed. This generally happens when you have a license to use music in a video but they don't have a record of you having licensed it or licensed it for that specific use. But being smarter than the average bear I Googled the name of the law firm who sent it and their home page had an announcement that if you got such a notice to ignore it, as "millions" of email notices had been sent out as a scam. Unfortunately I didn't save the name of the law firm for you to contact for more information but apparently this is the new scam on the block.
Mikko here from F-Secure - I wrote the original article which Bruce links to.
About the number of people who fell for this: Obviously nobody has accurate numbers, but we do know for a fact that a number of them did.
The scam worked in multiple languages, depending on your location (English, Czech, Danish, Dutch, French, German, Italian, Portuguese, Slovak & Spanish). It even linked to EU or US law text depending on your location.
We believe that the main reason why this attack stopped was that we were able to take down the main websites used in the scam (icpp-online.com and 18.104.22.168).
Also note that the scammers apparently did not immediatly charge the credit cards (no live credit card back-end). They seemed to be just collecting the CC details for later use.
To Steve Keller: Check your browser history -- would love to know the name of the firm in question. Are they a real law firm sending out these notices, or is the whole thing a scam?
@kangaroo "notice the pattern? "
I've always thought of it as trying to provoke a fear response. Fearful people don't think, they react; as you note.
But any strong emotion is probably useful, greed, desire, vanity, fear, even altruism. How standard is it that now following every disaster to see fraud emails?...wait check that add -- anger and recognition. Am I missing any? (well there was the I love U virus but I'd lump that into desire/vanity). I've seen emails/websites that vector to each of these
Fear came before authority. Authority came before reason. Our reason is a very late evolutionary addition with the development of the cerebral cortex. Because it's wiring is so much newer than the hipocampus it almost always gets overrulled during emotion storms.
I'd say nasty culture/biological interface problem.
But it does lead me to wonder if people/organizations who are legally using and abusing (cf RIAA, frivolous lawsuits) the legal system are reducing our security society-wide. If an individual or sets of us develop no faith in the mechanisms (police, courts, elections) that restore justice they are more willing to act on their own to seek redress (witness the growth in the US for private security).
Authority was a cultural development to keep the peace--first for the king, then for his tribe, finally for the nation and it's metaprocesses (inter-national trade, travel and so on).
Bottom feeders use the strategy of camoflage to appear legitamite but then there are other bottom feeders (cf Green Card Lawyers) who are legitamite (for a given value of legitimacy.)
(and then I stopped thinking about this for something else to do)
I have heard a similiar story from another person but this came from a homeowner supplying the bricks to have a fireplace built (from bricks left from the initial construction of his home) and after the contractor built the fireplace he then charged the homeowner for the material even though he never purchased it!
The fake advisory does include the rather stark misspelling "bulleting" (for bulletin), though.
And on second glance, actually, lots of typos and awkward language.
@Brian Tung: "And on second glance, actually, lots of typos and awkward language."
That's one of the typical things of scams, and honestly one of the most puzzling.
I've long wondered why such clever scamsters with meticulous technical details of the workings of their plot are not a little more careful with stupid yet visible mistakes such as poor grammer. You'd think their high tech computers would at a minimum have a spell checker.
Reminds me of some of the ways people are caught transporting drugs. They'll have tens of thousands of dollars of enough illegal drugs to send them to the slammer for decades, yet they are traveling more than 30 mph over the speed limit, have no license plates or an expired sticker, tail lights busted out, no insurance, driving without a license or with a suspended licenses, etc. May as well paint a bullseye on their vehicle.
I guess figuring out how to do it and programming the fraudware is more fun than writing the note.
An interesting note. The scamware mentioned time in prison. Time in prison can only be awarded if a crime has been committed (not a tort). If a crime has been comitted it is illegal to use a civil settlement and the "drop the charges".
If I steal $500 from you you can't come to me and say "if you give me $1000, I won't press charges." -- it's just illegal.
how do you get rid of this scam? I can't access anything, when I reboot all I get is the scam page, and I can only get to IE by clicking a link (that doesn't work) on the scam page.
@getitoffmycpu, I had one of those fake security viruses.
My husband first brought up Task Manager & read down the list until he spotted something that he didn't recognize. We then checked it online on another computer to confirm - maybe you don't need to do that - then deleted it.
Then he went to File Manager & looked for the time that the program was installed. He then searched by time for anything that arrived then, & deleted them. That crippled the program but my computer still wasn't right. We checked the Microsoft online material & found a discussion of the problem which told us what to do & we did it. Then we downloaded & installed MalwareBytes which found more files which were also deleted.
This appears to be a newer problem but there must be some discussion of it to which you can refer.
Hi. My daughters PC just got this pop-up. there seems to be no way to get around it to access the desktop. I only got online by a link in the window. How do I stop this?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.