Entries Tagged "scams"

Page 10 of 15

Researchers Hijack a Botnet

A bunch of researchers at the University of California Santa Barbara took control of a botnet for ten days, and learned a lot about how botnets work:

The botnet in question is controlled by Torpig (also known as Sinowal), a malware program that aims to gather personal and financial information from Windows users. The researchers gained control of the Torpig botnet by exploiting a weakness in the way the bots try to locate their commands and control servers—the bots would generate a list of domains that they planned to contact next, but not all of those domains were registered yet. The researchers then registered the domains that the bots would resolve, and then set up servers where the bots could connect to find their commands. This method lasted for a full ten days before the botnet’s controllers updated the system and cut the observation short.

During that time, however, UCSB’s researchers were able to gather massive amounts of information on how the botnet functions as well as what kind of information it’s gathering. Almost 300,000 unique login credentials were gathered over the time the researchers controlled the botnet, including 56,000 passwords gathered in a single hour using “simple replacement rules” and a password cracker. They found that 28 percent of victims reused their credentials for accessing 368,501 websites, making it an easy task for scammers to gather further personal information. The researchers noted that they were able to read through hundreds of e-mail, forum, and chat messages gathered by Torpig that “often contain detailed (and private) descriptions of the lives of their authors.”

Here’s the paper:

Abstract:

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this paper, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected. While botnets have been “hijacked” before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This opens the possibility to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards.

Another article.

Posted on May 11, 2009 at 6:56 AMView Comments

Low-Tech Impersonation

Sometimes the basic tricks work best:

Police say a man posing as a waiter collected $186 in cash from diners at two restaurants in New Jersey and walked out with the money in his pocket.

Diners described the bogus waiter as a spikey-haired 20-something wearing a dark blue or black button-down shirt, yellow tie and khaki pants.

Police say he approached two women dining at Hobson’s Choice in Hoboken, N.J. around 7:20 p.m. on Thursday. He asked if they needed anything else before paying. They said no and handed him $90 in cash.

About two hours later he approached three women dining at Margherita’s Pizza and Cafe. He asked if they were ready to pay, took $96 and never returned with their change.

Certainly he’ll be caught if he keeps it up, but it’s a good trick if used sparingly.

Posted on April 22, 2009 at 7:04 AMView Comments

Social Networking Identity Theft Scams

Clever:

I’m going to tell you exactly how someone can trick you into thinking they’re your friend. Now, before you send me hate mail for revealing this deep, dark secret, let me assure you that the scammers, crooks, predators, stalkers and identity thieves are already aware of this trick. It works only because the public is not aware of it. If you’re scamming someone, here’s what you’d do:

Step 1: Request to be “friends” with a dozen strangers on MySpace. Let’s say half of them accept. Collect a list of all their friends.

Step 2: Go to Facebook and search for those six people. Let’s say you find four of them also on Facebook. Request to be their friends on Facebook. All accept because you’re already an established friend.

Step 3: Now compare the MySpace friends against the Facebook friends. Generate a list of people that are on MySpace but are not on Facebook. Grab the photos and profile data on those people from MySpace and use it to create false but convincing profiles on Facebook. Send “friend” requests to your victims on Facebook.

As a bonus, others who are friends of both your victims and your fake self will contact you to be friends and, of course, you’ll accept. In fact, Facebook itself will suggest you as a friend to those people.

(Think about the trust factor here. For these secondary victims, they not only feel they know you, but actually request “friend” status. They sought you out.)

Step 4: Now, you’re in business. You can ask things of these people that only friends dare ask.

Like what? Lend me $500. When are you going out of town? Etc.

The author has no evidence that anyone has actually done this, but certainly someone will do this sometime in the future.

We have seen attacks by people hijacking existing social networking accounts:

Rutberg was the victim of a new, targeted version of a very old scam—the “Nigerian,” or “419,” ploy. The first reports of such scams emerged back in November, part of a new trend in the computer underground—rather than sending out millions of spam messages in the hopes of trapping a tiny fractions of recipients, Web criminals are getting much more personal in their attacks, using social networking sites and other databases to make their story lines much more believable.

In Rutberg’s case, criminals managed to steal his Facebook login password, steal his Facebook identity, and change his page to make it appear he was in trouble. Next, the criminals sent e-mails to dozens of friends, begging them for help.

“Can you just get some money to us,” the imposter implored to one of Rutberg’s friends. “I tried Amex and it’s not going through. … I’ll refund you as soon as am back home. Let me know please.”

Posted on April 8, 2009 at 6:43 AMView Comments

Google Maps Spam

There are zillions of locksmiths in New York City.

Not really; this is the latest attempt by phony locksmiths to steer business to themselves:

This is one of the scary parts they have a near monopoly on the cell phone 411 system. They have filled the data bases with so many phony address listings in most major citys that when you call 411 on your cell phone ( which most people do now) you will get the same counterfiet locksmiths over and over again. you could ask for 10 listings and they will all be one of these scammers or another with some local adress that is phony. they use thousands of different names also. It is always the same 55.00 service qouted for a lockout and after they unlock your stuff the price goes much higher. These companys are really not in the rural areas but the are in just about all major citys from coast to coast and from top to bottom. [sic]

More here:

Google wasn’t their first target. The “blackhats” in the industry have used whatever marketing vehicle was “au courant,” whether it was the phone books, 411 or now Google and Yahoo.

Here is a BBB alert from 2007, BBB Warns Consumers of Nationwide Locksmith Swindle and a recent ABC news article and video. The Associated Locksmiths of America provides a list of over 110 news reports over the past several years from across the nation detailing the abuses. As you can see, consumers have paid the price of these many scams with high prices, rip-off installs and even theft.

Posted on March 11, 2009 at 12:38 PM

New eBay Fraud

Here’s a clever attack, exploiting relative delays in eBay, PayPal, and UPS shipping:

The buyer reported the item as “destroyed” and demanded and got a refund from Paypal. When the buyer shipped it back to Chad and he opened it, he found there was nothing wrong with it—except that the scammer had removed the memory, processor and hard drive. Now Chad is out $500 and left with a shell of a computer, and since the item was “received” Paypal won’t do anything.

Very clever. The seller accepted the return from UPS after a visual inspection, so UPS considered the matter closed. PayPal and eBay both considered the matter closed. if the amount was large enough, the seller could sue, but how could he prove that the computer was functional when he sold it?

It seems to me that the only way to solve this is for PayPal to not process refunds until the seller confirms what he received back is the same as what he shipped. Yes, then the seller could commit similar fraud, but sellers (certainly professional ones) have a greater reputational risk.

Posted on March 6, 2009 at 1:30 PM

In-Person Credit Card Scam

Surely this isn’t new:

Suspects entered the business, selected merchandise worth almost $8,000. They handed a credit card with no financial backing to the clerk which when swiped was rejected by the cash register’s computer. The suspects then informed the clerk that this rejection was expected and to contact the credit card company by phone to receive a payment approval confirmation code. The clerk was then given a number to call which was answered by another person in the scam who approved the purchase and gave a bogus confirmation number. The suspects then left the store with the unpaid for merchandise.

Anyone reading this blog would know enough not to call a number given to you by the potential purchaser, but presumably many store clerks don’t have good security sense.

Posted on January 19, 2009 at 1:23 PMView Comments

How to Steal the Empire State Building

A reporter managed to file legal papers, transferring ownership of the Empire State Building to himself. Yes, it’s a stunt:

The office of the city register, upon receipt of the phony documents prepared by the newspaper, transferred ownership of the 102-story building from Empire State Land Associates to Nelots Properties, LLC. Nelots is “stolen” spelled backward.

To further enhance the absurdity of the heist, included on the bogus paperwork were original “King Kong” star Fay Wray as witness and Willie Sutton, the notorious bank robber, as the notary.

Still, this sort of thing has been used to commit fraud in the past, and will continue to be a source of fraud in the future. The problem is that there isn’t enough integrity checking to ensure that the person who is “selling” the real estate is actually the person who owns it.

Posted on December 15, 2008 at 12:23 PMView Comments

Tourist Scams

Interesting list of tourist scams:

I have only heard of this happening in Spain on the Costa del Sol, but it could happen anywhere. This scam depends on you paying a restaurant/bar bill in cash, usually with a €50 note. The waiter will take your payment, then return shortly after, apologetically telling you that the note is a fake and that you need to pay again. He will return the “fake” bill to you, and any change you’re due. Of course, you gave him a REAL note, he gave you a FAKE note, and you gave him a second real note, so you paid €100 for a €50 meal. What I do now is write unobtrusively on all large notes I get, so I can challenge them if it happens to me.

Posted on December 8, 2008 at 6:54 AMView Comments

Who Falls for those Nigerian 419 Scams Anyway?

This is the story of a woman who sent the scammers $400K:

She wiped out her husband’s retirement account, mortgaged the house and took a lien out on the family car. Both were already paid for.

For more than two years, Spears sent tens and hundreds of thousands of dollars. Everyone she knew, including law enforcement officials, her family and bank officials, told her to stop, that it was all a scam. She persisted.

Spears said she kept sending money because the scammers kept telling her that the next payment would be the last one, that the big money was inbound. Spears said she became obsessed with getting paid.

An undercover investigator who worked on the case said greed helped blind Spears to the reality of the situation, which he called the worst example of the scam he’s ever seen.

EDITED TO ADD (12/13): More about the story.

Posted on December 3, 2008 at 8:20 AMView Comments

The Neuroscience of Cons

Fascinating:

The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS [The Human Oxytocin Mediated Attachment System], the human brain makes us feel good when we help others—this is the basis for attachment to family and friends and cooperation with strangers. “I need your help” is a potent stimulus for action.

This is interesting. They say that all cons rely on the mark’s greed to work. But this short essay implies that greed is only a secondary factor.

Posted on November 18, 2008 at 6:32 AMView Comments

1 8 9 10 11 12 15

Sidebar photo of Bruce Schneier by Joe MacInnis.