Posted by: Ken Harthun
E-mail scam, email, Email security, IRS Phishing, Nigerian 419 Fraud, Phishing, Scam, Trojan
In Part 2 I gave you some real examples of common email scams and some analysis to help you recognize them. In this, the final installment, we’ll explore Trojan horse emails, phishing scams, and the Nigerian 419 scam. I’ll also leave you once again with the US-CERT tips on how to avoid the common scams.
The Trojan Horse
Just like that historical gift the Greeks gave to the citizens of Troy, the Trojan horse email is a masquerade. Regardless of whether it appears desirable or something requiring attention, it actually contains a dangerous payload. Here’s a copy of a real email reported to snopes.com that contains Trojan-laden attachments, the usual means of spreading the malware:
From: Internal Revenue Service (email@example.com)
Subject: Complaint Case Number 98473953 against Edward Walsh
Dear Edward Walsh,
You have received a complaint in regards to your business services .The complaint was filled By Mr. Kevin Ferguson on 05/29/2007/
Complaint Case Number: 875487596
Complaint made By Consumer Mr. Kevin Ferguson
Complaint registered against : – TildenPacific Property Trust
Instructions on how to resolve this complaint as well as a copy of the
original complaint are attached to this email.
Disputes involving consumer products and/or services may be arbitrated.
Unless they directly relate to the contract that is the basis of this
dispute, the following claims will be considered for arbitration only if
all parties agree in writing that the arbitrator may consider them:
Claims based on product liability;
Claims for personal injuries;
Claims that have been resolved by a previous court action, arbitration, or
written agreement between the parties.
The decision as to whether your dispute or any part of it can be
arbitrated rests solely with the IRS.
The IRS offers a binding arbitration service for disputes involving
marketplace transactions. Arbitration is a convenient, civilized way to
settle disputes quickly and fairly, without the costs associated with
other legal options.
© 2007 Council of IRS, Inc. All Rights Reserved.
Just so you know, the IRS does not initiate taxpayer communications through email and I’m sure other countries’ revenue authorities don’t either.
The Phishing Scam
Phishing scams are emails designed to obtain someone’s private personal and financial information such as credit card accounts, bank account logins and passwords and other sensitive information. They are often disguised as being from the financial institution or credit card company itself, like this actual PayPal phishing scam:
Security Measures – Are You Traveling?
PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.
We recently noted one or more attempts to log in to your account from a foreign country. If you accessed your account while traveling, the attempt(s) may have been initiated by you.
Because the behavior was unusual for your account, we would like to take an extra step to ensure your security and you will now be taken through a series of identity verification pages.
IP Address Time Country
126.96.36.199 Oct 27, 2005 12:47:01 PDT Germany
188.8.131.52 Oct 29, 2005 18:37:55 PDT Germany
184.108.40.206 Nov 14, 2005 16:42:16 PDT United Kingdom
220.127.116.11 Nov 15, 2005 16:58:03 PDT United Kingdom
Click here to download PayPal security tool
Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.
We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.
Thank you for using PayPal! The PayPal Team
Looks official, doesn’t it? Well, if the person clicks the link, an executable, named ‘PayPal-2.5.200-MSWin32-x86-2005.exe’ is downloaded. That program is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for ‘paypal.com’ will be transparently redirected to a phishing website. Were the person will be asked to enter credit card information. Gotcha!
The Nigerian 419 Scam
The perpetrators of Advance Fee Fraud (AFF), known internationally as “4-1-9″ fraud after the section of the Nigerian penal code which addresses fraud schemes, are often very creative and innovative. They are also often quite gullible, if not downright stupid. If you want a good laugh, visit www.419eater.com and see what the scambaiters are up to. The email exchanges posted there are absolutely hilarious at times. A WARNING, though: 419 scammers are not nice people, they are thieves, liars, and generally very nasty, therefore you can expect some small use of adult language and themes on that website.
The dead giveaway that you have received one of these scam emails is an offer by the sender to transfer millions of dollars to you for whatever reason they invent in their particular version of the scam. Here’s an actual letter:
Subject: HELP ME TO SPREAD GOODNESS
It is my pleasure to contact you for a business venture which I intend to establish in your country.Though I have not met with you before but I believe, one has to risk confiding in someone to succeed sometimes in life.
There is this amount of FIFTEEN Million US Dollars which my Father deposited with a security company which he wanted to used for his political ambition in our Country before he was kidnapped and killed by unknown gun men. Hence my father and mother is dead, I do not have any other hope rather than this funds which is why I contacted you.
Now I have decided to invest these money in your country or any where safe enough outside Africa for security and political reasons. I only give all praises to God who made every thing to be like this, my father is gone, I can count you as my father if you wish to be a Daddy to me. [Pass the sickbag]
Hence this investment shall be made in your company upon your withdrawal of the consignment, I do not have money to work on this and will commit suicide and die [And die? Suicide just isn't good enough these days] if I cannot secure my late father’s treasure which he got for his family.
I want you to help us claim and receive the consignment which will be sent to you through diplomatic means to your address to avoid any traces of the funds and to enable you plan for the investment in your Country.
I will like to invest part of the money into these three investment in your Country but, if there is any other business that is better than my suggestion, I will be very glad to follow your advice.
1). Real estate
2). The transport industry
3). Five star hotel
If you can be of an assistance to me, I will be pleased to offer to you 20% Of the total fund while the balance will be invested by you. I need your understanding and honesty to this project, I assure you to always be your brother.
I await your soonest response.
Miss Jani Adams
I hope you are now better equipped to spot email scams on your own and know how to handle them (DELETE!). Nevertheless let me refresh your memory on those tips from US-CERT:
- Filter spam
- Don’t trust unsolicited email
- Treat email attachments with caution
- Don’t click links in email messages
- Install antivirus software and keep it up to date
- Install a personal firewall and keep it up to date
- Configure your email client for security