Spam fraud (letters of joy)
The word "spam" often means only letters of an advertising nature, but this is not quite true: some types of spam are sent for another purpose. Such “non-advertising” spam, in particular, includes one of its dangerous varieties - fraudulent emails.
Spam technologies allow you to organize a mass mailing of fake messages, substitute fake sender addresses and use infected computers of unsuspecting users to carry out mailings. Not surprisingly, this attracts fraudsters and cybercriminals of various calibers: the specifics of spam creates conditions for deceiving users and for hiding traces of criminal activity.
It also contributes to the criminalization of spam and the fact that the initiators of mailings are not easy to find because of the anonymity of the letters sent, which means that cybercriminals can count on impunity. The services of spammers are actively used by sellers of counterfeit or fake products, service providers of a criminal nature, and virus writers.
This article focuses on fraudulent spam emails sent out to lure money from recipients or gain access to confidential data with which users can steal money.
Phishing is the most dangerous spam fraud option.
Using phishing mailings (phishing from fishing), spammers try to get personal user data: logins, passwords (usually to online payment systems), credit card numbers and pin codes - in order to use them for profit . The most common targets of phishing attacks are users of Internet banking and payment systems.
Phishing letters imitate messages from reputable organizations (banks, financial companies, payment systems). As a rule, such letters contain a link to a fake page and, under one pretext or another, call upon the recipient to enter his personal data, as a result of which they end up in the hands of fraudsters. In order for the victim not to guess about the deception, this page is framed in the same way as the website of the organization on whose behalf the message was sent (the sender’s address is also forged).
In some cases, after entering and sending data, the user's browser was redirected to this site, as a result of which the chances of the victim to suspect that something was wrong were reduced to almost zero.
Sometimes a user does not go to a fake website, but to a page infected by an exploit. Using a software vulnerability, the exploit installs a Trojan program on the user's computer that collects various information (for example, about access codes to the accounts) and sends it to its "owner". In addition, a machine infected in this way can become part of a zombie network and be used to carry out cyber attacks or send spam.
To deceive those who still pay attention not only to the appearance, but also to the addresses of visited sites, phishers mask the used URLs, trying to make them more similar to the original ones. Phishers began by registering on free hosting of domain names that are similar to the domain names of the websites of the attacked organizations, but over time they began to use more and more sophisticated methods for this purpose.
A typical look at this disguise can be seen in the following letter, targeting PayPal customers:
Only a very attentive person, pointing the cursor in the link in the letter, can notice that the link actually leads to the phishing site. The link is very similar to the address of a legitimate site, but the domain to which the user falls is completely different: client-confirmation.com.
In this case, the "wrong" address will be displayed when you hover the cursor over the link in the letter, so that an advanced user is able to recognize a fake before clicking on the link.
There are more primitive options for cheating. The user allegedly on behalf of the administration or technical support service of a service receives messages in which, under various pretexts, it is proposed to urgently send a password from his account to the address indicated in the letter - usually under the threat of closing this account.
In RuNet, this technique is used by phishers mainly to gain access to the user's email accounts. It is worth noting that, controlling the user's mail, fraudsters through the password reminder system can take possession of his registration data on other Internet services.
Another common method of collecting passwords to mail is sending letters in which everyone is invited to take advantage of a “password recovery vulnerability”, using which, allegedly, you can find out the password of another user. In order to gain access to someone else's account, the recipient of the spam message must send to the specific address in a certain format the login of the future victim, as well as his password. Do I have to say that the hunter himself becomes the victim of the intruders, taking advantage of the dubious proposal?
However, over time, users realized that serious companies never ask to send passwords in letters, and the effectiveness of such traps began to fall. So now spammers have to carefully mask fake letters, as a result of which it becomes harder for recipients to distinguish them from legitimate messages.
Usually, western payment systems and banks with developed online banking and a large number of customers using them become targets of phishing attacks. However, with the development of online banking in RuNet, phishers increasingly carry out attacks designed primarily against Russian users.
One of the typical examples is phishing attacks on Alfa-Bank clients. The fraudsters worked according to the classical scheme: the e-mails sent by them imitated letters from the bank administration and contained a link to a fake website where the user was asked to enter their login and password to access the Internet banking system. The appearance of the page was an exact copy of the main page of the Alfa Bank website. In addition, fraudsters prepared unwary users an unpleasant "gift": when clicking on a link to users' computers, malware was downloaded. Attacks on users of WebMoney and Yandex.Money systems were similarly conducted; several times been a Citibank phishing target.
Attackers also often try to gain access to users' mail accounts by requesting logins and passwords from them on behalf of the administration of Russian mail systems.
Spamming money with spam
In addition to phishing, Internet fraudsters use many other techniques that allow using hackers to lure hapless users into traps and rob them. Most often, spammers try to play on the naivety and greed of their potential victims, which, however, is typical of all scam artists. To achieve their goals, fraudsters use various schemes, and the most common ones will be discussed in more detail.
This popular fraud scheme was developed and actively used by fraudsters from Nigeria, for which it received its name. However, at present, “Nigerian” frauds are used by scammers all over the world.
When implementing the classic “Nigerian” scheme, spammers send letters on behalf of a representative of a noble family (usually living in some African state) who fell into disfavor at home due to civil war / coup d’état / economic crisis / political persecution. In the classic "Nigerian" letters, the addressee is addressed in broken English with a request to help "save" a large amount of money by transferring it from the account of the disgraced family to another account. For the money transfer service, fraudsters promise a solid reward - as a rule, interest on the amount transferred. During the “rescue operation” it turns out that the voluntary (albeit selfish) assistant needs to transfer a small amount compared with the promised remuneration for the transfer / bribe / payment of a lawyer, etc. As a rule, after transferring money, every opportunity to communicate with the “widow of the former dictator” or “the son of the late disgraced minister” disappears. Sometimes the victim is forced to fork out a few more times, under the pretext that another unforeseen complications have arisen.
Sometimes the sender seems to be a high-ranking official who allegedly managed to earn a fairly large fortune with the help of bribes and frauds, but is now under investigation and cannot take money out of the country. To transfer money, he needs to provide access to a bank account. For assistance, the addressee is offered a certain percentage of the total amount. It is clear that getting the desired control over the account of a gullible user, fraudsters do not leave a penny on it.
What only dramatic stories are not told in the "Nigerian" letters! You cannot deny their authors their fantasies, and it was not for nothing that in 2005 the “Nigerian” scammers were awarded the Antinobel Prize in Literature. The Russian plots were not left without their attention: in the same 2005, typical “Nigerian” messages in English were sent on behalf of relatives and people from the close circle of disgraced oligarch Mikhail Khodorkovsky. At the same time, the Russian specifics ended - otherwise there were no differences from the classical “Nigerian” fraud scheme.
I am Lagutin Yuriy and I represent Mr. Mikhail Khordokovsky the former CEO of Yukos Oil Company in Russia. I would like to pay for a total of US $ 450 million. I will give you the details of the Bank Menatep. This is a legitimate transaction. You will be paid 4% for your "Management Fees".
If you are interested, I will provide you with your details. Please keep this confidential; We can't afford more political problems. Finally, please note. Please write back promptly.
Write me back. I look forward to it.
There is also a romantic version of this scheme of spam-fraud letters from "Nigerian" brides . Touching messages are sent on behalf of girls living in distant exotic countries. The photo of the dark-skinned beauty is attached. As a rule, fraudsters conduct targeted attacks - such letters are most often received by users who register on dating sites. If a potential victim is included in the correspondence, they tell a story in the spirit of soap operas: “They killed the relatives, they don’t let me out of the country, but I’m actually a rich heiress ...” In the third letter, the girl already swears eternal love and asks to take her out of the country along with her millions. All that the savior hero needs to do is to help transfer millions of orphans from the country, and for a solid reward. Of course, the assistant is required upfront costs, which amount to several thousand, and sometimes tens of thousands of dollars. For greater persuasiveness, an imaginary pastor and a lawyer are connected to the case. At the final stage of the scam, false documents are used.
Fake lottery notifications
This type of fraudulent spam is close to Nigerian letters . The users are sent fake notifications about winning the lottery , allegedly held among random e-mail addresses / phone numbers, and offers to receive "free" gifts as a win. For credibility, such a letter may contain a photo of the prize and all sorts of “attributes of authenticity” of the lottery - the ticket number, registration / license certificate and other fake information. As in the previous case, in order to receive the winnings, the user is offered to make a payment on a certain amount on the accounts indicated by the scammers under various pretexts.
There were Russian versions of such letters, the text of which was clearly translated from the original English using an automatic translator.
Recipients of such notifications should first of all remember that participation in any lottery is impossible without the consent of the user. If you have never given such consent (and, most likely, do not know anything about the lottery in which you allegedly won), then you are dealing with a typical message from scammers who seek to lure the recipient from the recipient, and not at all make him happy.
"Errors" in payment systems, magic wallets, code generators
In spam letters of this type, the user is informed that a vulnerability has been discovered in a certain payment system that allows “to make a profit”. Next comes a description of the nature of the vulnerability and offers a recipe for earnings, which usually consists in sending a certain amount of money to a “magic” wallet. Fraudsters promise that some time after the transfer, the money will be returned to the user in doubled (tripled, etc.) quantities. Of course, such a "magic" wallet belongs to fraudsters, and the money transferred to it for the user will be irretrievably lost. And the victim will not be able to complain (submit a statement to the police: “I tried to hack the payment system and as a result I lost money”).
Hello! I want to tell you how I was deceived on 150 WMZ, but I won back. I found somewhere in the network an article of approximately the following content: "There is a magic WMZ purse in the WebMoney system, and everything you send to it will be returned to you in tripled size !!! Any amount! Send a thousand - get three thousand" and t .d ... I did not believe it, but curiosity took its toll and sent $ 5 for the test. Checking the next day, I saw that I had not returned any money. I thought that this was the way it should be, and therefore I did the right thing to send such a small amount of everything.
For those who do not know what WebMoney is all the information on www.webmoney.ru
Another type of fraud is when the victim is offered a program that generates credit card numbers, systems for covertly debiting money from other people's accounts / wallets, etc. Often, such programs are offered for money, but it is reported that 1-3 accounts can be hacked for free to get an idea of how the program works. The key point is that for the operation of such programs, you must enter your card / wallet number and password. When attempting such a “hack”, the entered data is transferred to the attackers, which allows them to get money from an account or an electronic wallet for an easy moneymaker.
The scheme in which fraudsters offer a program that generates card codes to pay for cellular services or to connect to the Internet is similar to the previous one, but it is proposed to enter the code of an unactivated card, which will serve as a kind of reproduction model, into the “code generator”. As in the case of credit cards, the entered data are transferred to fraudsters, and the program simulates the rapid process of computing. While the victim is waiting for the result, the fraudsters are already using their data to pay their bills using a “model” user card.
Another type of fraud is as follows: the user receives a letter with a text similar to the following: “After long hours of play, a hole was found in the script, allowing you to win at an online casino guaranteed. We just wonder how the admins didn’t notice this! .. ”The“ winning ”betting strategy is described in detail and a link to the casino site is given. Of course, it is not the love of humanity that is driven by the authors of such messages, and no “hole in the script” actually exists. The fact is that a spammer gets a certain percentage in case of a very likely loss of a casino visitor who comes to the site through his affiliate link.
In other variants of letters with a proposal for exploitation of a vulnerability found in a casino, attackers propose to download (and sometimes buy) and install a program that supposedly allows exploiting the vulnerability. In fact, such a program turns out to be malicious spyware.
Tempting quick money offers
Such letters are characterized by such beginnings: “This letter is NOT spam. This is a really good offer that will be hard to refuse. This message is sent to you only once, and if you ignore it, you will have been sorry for the lost opportunity all your life ... ” As a rule, later in the text of the letter it is said about the financial pyramid: the user is offered to pay the author of the letter (curator) a certain amount, and then forward this letter further, having received the same amount from each of the recipients (become their curator) plus some part of the profits from their "wards" of the lower level. Such a scheme promises fabulous incomes to each of the participants, but in reality, people who have taken the bait of scammers will part with their money for good.
A few more cunning way came up with the creators of fake jobs. Usually, in such letters, spammers on behalf of employers promise high incomes to future employees and state that nothing special needs to be done to receive them. After establishing contact with a potential victim, fraudsters are often not even interested in confirming the qualifications of a future employee, but they ask him to send a certain amount of money for detailed information or for postage, and urge to hurry, as someone else may take the place.
Sometimes fraudsters carry out targeted attacks by sending out “lucrative offers” to the addresses of users who have posted their data on job search sites. Applicants are offered to take part in a real international project related to the extraction of gold or diamonds, the manufacture of medical equipment, vaccines, chemicals; with investment, construction and / or service contracts. As a rule, this business is related to the field of employment of the applicant or his business contacts and requires him to have professionalism and experience. But then invariably comes the stage of paying for “administrative expenses”, and the money of the victim is deposited in the pocket of the scammers.
Subject: Prospective Employee
Attn: Prospective Employee,
Spiralnergy Exploration, United Kingdom.
The United Kingdom Central North Sea.
In the United States of America, it is a process of exploration.
Spiralnergy Exploration, UK hereby inform that you have to be shortlisted for your upcoming project.
The project includes the Liquefied Petroleum Gas (LPG) Plant and Oil Wells at the UK Central North Sea, UK.
More than 5 (five) days of the administration of this email.
All resumes / application should be in MS Word format.
Thanks for your interest.
This is a confidential and may be privileged. It is for the use of the recipient (s). It is strictly prohibited to use it. If you have received this email in error message, please send it to your sender (Spiralnergy Exploration).
To extract money, spammers resort not only to gingerbread, but also to the whip, namely to threats. Most often, these threats are quite “innocent” in nature: we will stop sending spam only if you pay. But there are also less harmless ones, for example, letters on behalf of an assassin demanding a ransom in exchange for life from the addressee.
Subject: BE WARN !!!
SMS to short numbers
In parallel with the use of fraudulent schemes characteristic of the western segment of the Internet, the fraudsters of Runet invent new ways to defraud money. In particular, they rent short numbers from mobile operators and send spam, the task of which is to provoke sending SMS-messages to the leased number. The fraud scheme is based on the fact that when sending an SMS to a short number, a certain amount of money is automatically withdrawn from the sender’s account, a part of which is received by the tenant. To achieve their goals, fraudsters use various tricks: from offers of free Internet access and promises of winning to threats to block the mailbox if the user does not send SMS.
In one of these lists, recipients were even asked to unsubscribe from spam. The spammer claimed that he wanted to "be a law-abiding citizen," and, referring to the Law on Advertising, which came into force on July 1, 2007, suggested that those who wish to exclude their address from the spam database sent a free SMS message. The spammer promised that after sending the SMS, the user will receive a link to the web page where the spam database of addresses is allegedly published, and will be able to remove his email from them. Needless to say, non-compliance with the law was the main goal of the letter's author!
In more complex combinations, a letter may contain only a link to a site specially created by spammers. On the site, the user (already involved, for example, in the process of obtaining a "win") is invited to send an SMS message to a short number. Such a lengthening and complication of the scheme leading to the SMS sending sent for spammers is intended to lull the attention of even the most vigilant users.
According to the classification of Kaspersky Lab, fraudulent spam emails are related to Computer Fraud, which in 2007 accounted for about 7% of all spam. In the first quarter of 2008, this figure more than doubled to 2.5%.
Although the proportion of fraudulent emails in spam has decreased, observations show that fraud using spam is becoming more dangerous: attackers hone their skills and increasingly conduct targeted attacks. And if, in order not to fall for the bait of "well-wishers" who offer easy and quick ways to enrich themselves, e-mail users have enough ordinary prudence, then it is much more difficult to recognize more sophisticated options of fraud. As for phishing, in the fight against this type of fraud can not do without software protection.
We can advise users not to believe the good intentions of spammers and use software that provides reliable protection from spam, phishing and malware. Despite the seemingly triviality of these recommendations, their implementation will allow you to keep safe not only data on computers, but also money.