Karlonia.com

Approximately one month ago Professor Ross Anderson, one of the world’s top researchers in the field of computer security, gave a very informative lecture for the University of Cambridge on the topics of spamming, scamming, phishing, and other Internet-based activities that he places under the category of “wickedness”. This video of his lecture delves into some of the details of how spammers and scammers operate, with a focus on how we can accurately detect their activities.

The topics covered range from the usual phishing spam-and-scams to fake escrow and banking sites to what he calls “postmodern Ponzi schemes”, known to most of us in the Internet marketing world as HYIP. Professor Anderson describes the ongoing struggle between the various types of scammers and the (mostly futile) attempts by governments, financial institutions, and computer security professionals to thwart their operations.

The video is one hour long and is presented in a fairly academic style, so if you are normally an impatient or easily bored type of person, you may not find it particularly entertaining. However, if you have any interest in the rapidly converging fields of economics, computer security, and good old-fashioned spam, you might want to watch this one whenever you have enough time.

Besides Ross Anderson who was cited above, other contributors to this video include Richard Clayton, Tyler Moore, Stephen Murdoch, and Shishir Nagaraja.

The next installment in my Adventures in Spam series features a fairly common type of scam email that has been getting more popular lately as increasing numbers of people are figuring out that they can actually make money online. It involves what is essentially a fake work-at-home employment offer- the scammer pretends to be a representative of a legitimate (usually offline) company, then offers to hire you as some type of payment processor or clerical worker.

In most cases, the true purpose of the email is simply to solicit a reply from you. If you actually reply with any indications of interest, the spammer-scammers will send another letter requesting some type of “processing fee” so that they can cover the cost of sending the relevant paperwork and materials to you. Usually this fee is a fairly small amount, like $10 or $20. The scammers are hoping that if they can advertise to enough “suckers” by spamming, they will achieve a high enough sales volume for the small amounts to add up to a significant amount of money for them. And of course, if the old cliché about a sucker being born every minute holds true, the same spam mail can be sent out again at regular intervals and provide the scammers with a steady income from “processing fees”. Here is a typical example of such an email that I received a few days ago:
Read the rest of this entry »

Today I received an email from TD Ameritrade, an investment brokerage company that allows its clients to buy and sell stocks and other securities online. Apparently a recent investigation uncovered some “unauthorized code” in their computer systems that was used for harvesting email addresses. This might explain some of the investment-related spam that I have been getting over the past few years, including those infamous stock pumping scam letters. Although I haven’t used it for years, I had opened an account with Ameritrade back in 2000, so my email address probably found its way onto the spam lists.

Meanwhile, the executives at Ameritrade (much to their chagrin, I can imagine) are in full damage control mode, attempting to reassure us that our identities will not be stolen…or, well, at least there is no evidence that they have been stolen, although our social security numbers were probably in there somewhere. And of course, our assets are secure even though their computer systems are, umm… somewhat less secure since they just got hacked by spammers!

Dear Karl Erfurt,

Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:
Read the rest of this entry »

One form of spam that has been on the rise over the past two weeks is stock spam, which is most commonly used to promote a type of scam known as stock pumping. This is a technique in which spammers attempt to manipulate the price of a company’s stock, usually in the upward direction, in order to make a quick profit. The most common tactic used to accomplish this is known as the “pump-and-dump” scheme. With this method, a spammer chooses a stock that is relatively unknown, has a low price per share, and has low trading volume. Most such stocks are traditionally called “penny stocks” because they usually trade for less than one dollar per share and are listed only on the over-the-counter bulletin board (OTCBB) or Pink Sheets exchanges. With this type of stock, the spammer can usually raise the share price relatively easily by disseminating lots of positive (and sometimes fraudulent) information about the chosen company and lure naive investors into quickly buying shares, thus temporarily driving up the price. The spammer, having bought fairly large blocks of shares in advance, then quickly sells the stock by “dumping” it back onto the market before most investors realize that the information being disseminated is exaggerated or inaccurate.

Another tactic that is sometimes used by stock spammers is called the “short and distort” method. This is essentially the reverse of the more popular pump-and-dump; instead of hyping up a stock, negative information is sent out in an attempt to drive the share price downward. Rather than buying shares, the spammer short sells them- that is, the shares are borrowed from a broker and immediately sold for whatever they are worth at the current price. In a short sale transaction such as this, the investor hopes that the stock price declines because if it does, the shares can be bought back at a lower price than what they were originally sold for, leaving the difference as profit. However, there is also significant risk involved in this proposition because if the price of the stock actually goes up, the investor can lose money when the shares are eventually bought back in order to settle the short position. For this reason, plus the fact that the possibility of short selling is usually not offered for penny stocks, the short and distort method is not as popular with veteran spammers. However, it is sometimes still used by unscrupulous investors who have inside knowledge of the companies involved and want to manipulate the markets for quick profits.

Read the rest of this entry »

Yes, those infamous HYIP spammers are at it again. The latest site that has come up for ridicule is called zoom-invest.net, a HYIP that promises to triple your money within 15 hours while serving up a generous helping of broken English and inept marketing skills. Fortunately, its promoters were nice enough to send me this spam so that we all have the chance to laugh at them before their official launch:
Read the rest of this entry »

Today I received a spam email with the subject line of “MaxipTrader - Toolbox for HYIP&AutoSurf Investors”. It contains links to a download page that looks fairly legitimate, but the “beta software” is actually a dangerous Trojan virus that is capable of wiping out your e-gold balance. There is not much information about this on the Internet at the time of this writing, but upon doing a standard search of the email text for duplicate content, I found a post from someone at the TalkGold forum who reported that the email was sent to HYIP admins and monitors, and explains that if you attempt to download the software, a Trojan will be installed on your computer which will automatically spend your e-gold funds to the scammer when you log in to your e-gold account.

I also found a post at the McAfee forum from someone who was apparently victimized by this Trojan and was complaining because the McAfee antivirus program did not catch the virus and could not even identify it. Unfortunately the victim, who was foolish enough to download this nasty little piece of malware twice on two separate computers, did not remember or record the name of the Trojan file. Meanwhile, the McAfee technical support staff was virtually clueless as to how to remove it from the victim’s machine.

Because of the potentially costly nature of this spam and scam operation, I will post the contents of the email here in the hopes that some of you will have more information on this and will be able to avoid being scammed. For security purposes, I have removed the actual links to the download page, but you can find the URL by referencing the two sources above, which will allow you to look at the scammer’s landing page. Just remember that if you do this, do NOT follow through with the download!
Read the rest of this entry »

Poor spammers…even after several years of sending their spam and having ample opportunity to refine their messages, they STILL can’t get it right! A few days after receiving the last Chase email phishing scam attempt, they tried it again, this time with a different premise and message. Besides for the fact that I don’t even have an account with Chase, the obvious errors in English usage make this latest phishing attempt look especially pathetic:
Read the rest of this entry »

As I mentioned in an earlier article about the appeal to greed, there is a class of online ventures called High Yield Investment Programs (HYIP) that still has a small but loyal following among online money making enthusiasts. While it is certainly possible to make money with these kinds of programs if you know how to play the game, I have recently discovered a few programs out there that are making such ridiculous claims on their websites that it would seem unwise to “invest” in them even from a gambler’s perspective.

In fact, many people would consider these programs to be scams because there is no way any legitimate company could afford to pay out the kinds of returns stated on the sites. Technically speaking, I cannot say for certain whether any of these programs are scams or not (I consider a program to be a scam after it has been verified that the program has not paid out as promised for 30 days or more). However, I still would not recommend joining any of these programs. Not only have they probably run out of money by now even if they did manage to pay one or two people in the beginning, but if you did manage to join some of them, they could use your email address to send you lots of HYIP spam even if you don’t pay any money into the program.

Note that I have not actually linked to any of the programs listed below but instead have simply indicated the root domain of the home page. The reason for this is that many of these sites tend to by “fly-by-night” operations, which means that they could disappear soon and create lots of broken links after the sites are pulled. It is also not a very good SEO practice to link to sites that are likely to become scams or engage in spamming activity. If you are a relatively recent reader of this post and the program is still extant, you can verify the information by copying and pasting the domain into your browser bar and pressing the Enter key. This will usually generate the full URL for you and take you to the home page of the site.
Read the rest of this entry »

Today I received an email that appeared to come from the “online department” of Chase Manhattan Bank. The sender is listed as Chase Online Services and the subject is “Congratulations Valued Customer”. This particular phishing spam was a little more scary for me than most of them that I have seen because it almost fooled me into clicking the link, which is why I want to warn readers about it here.

Read the rest of this entry »

Another popular “spam & scam” method that is often used by phishing artists is the notification of fake lottery winnings. This tactic takes advantage of the fact that despite the incredibly small odds of winning, many people play in the various state and national lotteries around the world in the hopes of miraculously solving all of their money problems in one fell swoop. Since many such people are already fairly desperate, they are vulnerable to being more easily duped by scams such as this one. People in these situations sometimes get fooled even if their better judgment suggests that not only is it unlikely that they could ever win the lottery in the first place, but it is even less likely that they would somehow win a lottery for which they did not even purchase a ticket, not to mention the fact that they do not even reside in the same country in which the lottery took place.

This latest spam mail that I have received is a good example of the above method, but was very poorly targeted in this case. Not only do I generally not play in lotteries (the odds of winning in an HYIP “gold game” are actually much better than the odds of winning a state or national lottery), but I do not even live in Ireland and certainly do not remember purchasing a ticket for this particular program:
Read the rest of this entry »

Another spam mail arrived today, this one from someone with the username of “Super Bomber 388″ and a referral ID of “topsponsor”. The spammer seems to be advertising some kind of randomizer program, so I might as well take this opportunity to explain what randomizers are and why they usually do not work.
Read the rest of this entry »

While spammers will often use all sorts of interesting tactics to disguise the content of their messages, I have received an email earlier today that shows that even legitimate marketers sometimes resort to tricky techniques because so many emails get blocked by spam filters even when they really shouldn’t.
Read the rest of this entry »

Earlier today, I noticed a site called DrumCash.com that I had not seen for a long time being promoted in the StartXchange traffic exchange. I also saw this site appear at least once over at Crazy Traffic as well. Since I have some prior experience with this particular program, I figured that it would be a good idea to inform whoever is still promoting this page (along with any other innocent newbies out there who may have recently signed up) that this program is almost certainly a scam.

Drum Cash (also often spelled as DrumCash) is supposedly an affiliate program that allows members to promote their referral page and receive 5 cents per click for every unique visitor that lands on the page within a 24-hour period. One of their “hooks”, aside from the too-good-to-be-true $.05 just for getting a visitor to the page (no action or sales required) is that they will accept a wider spectrum of traffic than most other affiliate programs, including adult and even warez sites. They also offer 10% referral commissions on clicks from anyone that signs up through your referral link.

According to their terms, they are supposed to pay on a “Net 30″ basis, which means that paychecks are sent out 30 days after the end of the last month in which you had earnings that exceed the minimum payment threshold, which in this case is $100. I signed up with DrumCash back in mid-2004 and tallied $142 worth of clickthroughs but have never been paid, nor have I ever received even a single email from the company. At the time, I searched through many of the popular online money making forums hoping to find out more information about the program, and although there were several other people that had joined, there was not a single report of anyone actually being paid.

Read the rest of this entry »

One of the world’s most notorious spammers was arrested this week and indicted on some 35 counts ranging from mail fraud to money laundering.
Read the rest of this entry »

More of those inedible varieties of Spam have been arriving in my email over the past few days, and the latest batch of them has been using an old tactic that I like to call the “sandwich technique”.
Read the rest of this entry »