Cybercrimes, Internet Fraud Online
Web Scams, Cyber Crime Consumer Fraud, Internet Crime, Website
Spoofing Phishing Scams
While nearly all of the covered scams can be sent over the internet
there are a few which can only be sent that way. These I will try
to place in this section.
Phishing for Suckers
Phishing is the practice of scamsters setting up bogus Web sites
that look like those of legit retailers in an attempt to trick
unwary consumers into giving up their credit card numbers
Phishers typically spam out e-mails with spoofed addresses that
seem to come from respected merchants. Online auctioneer eBay,
it's person-to-person payments subsidiary PayPal, electronic retailer
Best Buy, and Microsoft are among the most common commercial victims.
The e-mail subject headers warn the recipient of a problem with
their account or, in the case of Microsoft, the need to install
still another patch. In the e-mail is either a form to fill out
with personal information, or a link to the crooks' phony site.
PayPal Payment Pickers Web Scams
In what most likely was a mass email spam, customers of online
payment processor PayPal.com got an e-mail disguised as a cheery
holiday greeting urging them to "update" their account
The message, which included a spoofed return address of firstname.lastname@example.org,
directed PayPal users to visit a Web site to reenter their account
information, including usernames, passwords, credit card numbers
and billing data.
"Season's Greetings Valued PayPal Customer. As the New Year
approaches and as we all get ready to move a year ahead, PayPal
would like to give you a $5 credit to your account!
All you have to do to claim your $5 gift from us is update your
information on our secure Pay Pal site by January 1, 2002. A year
brings a lot of changes, by updating your information with us you
will allow for us to continue providing you and our valued customer
service with excellent service and in the meantime, keep our records
The domain in question – http://www.paypal-secure.com -
was registered to a plainly fictitious company name and address.
Last year, PayPal was hit with a similar scam by a Web site called "PayPa1.com," (the
numeral "1" being virtually indistinguishable from a
lowercase "L" in certain fonts) which encouraged customers
to "verify" their account information.
Never Kiss Strangers
01/02 - Phony "InstaKiss" Web sites
are being used to dupe AOL users into giving up their account passwords
in exchange for an electronic smooch.
The fraud, varieties of which have been used for nearly two years,
plays off a legitimate e-greeting service (AOL Keyword InstaKiss)
offered by AmericanGreetings.com, and promoted at America Online's
singles area, LoveAtAOL.
As in other incarnations of the InstaKiss scam, the operator of
the latest password-stealing site sent a bogus invitation to AOL
users by instant message and e-mail. The message informed recipients
that they had been sent an "AOL InstaKiss" by "someone
who thinks very highly of you." By clicking a link in the
message, the AOL user could receive his or her InstaKiss, according
to the come-on.
One fake site, registered just two weeks ago, bore the AOL logo
and instructed visitors to type in their AOL screen name and password
to receive their InstaKiss. Besides mimicking AOL's site design,
it featured links to destinations at the online service for added
Many such sites employ the same "phishing" scheme, as
hackers refer to such password-stealing techniques, for a variety
of purposes, ranging from free Internet access to identity theft..
Most of the bogus sites are hosted by free Web page services which
enable the scammers to create a site with an address such as http://aol-instakiss.da.ru.
A Certain Sophistication
Another identity-theft scam, designed to steal credit card information,
Social Security numbers and other personal data from unwary Internet
users, was built upon Internet resources owned by others and masqueraded
as an order confirmation from Ebay.
A bogus e-mail message sent Jan. 11, 2002 to potentially thousands
of Internet users informs recipients that they will be charged
$460.50 for ordering a Microsoft Xbox video game system.
To cancel the order, recipients of the message, which appears
to come from eBayServicesSUPPORT@eBay.com, are instructed to click
a hyperlink to visit a Web site and "fill out all the needed
The link then re-directed users to a site hosted by AOL Hometown
that contained a cleverly designed mock-up of an Ebay form, entitled "Ebay
Services - Cancel Order."
The form, which asked people to input their credit card number,
Social Security number, bank name, address, phone and other requested
information was submitted to an e-mail account at Epimp.com, a
free, Web-based e-mail service.
The bogus transaction was completed when victims were redirected
to a checkout page at a legitimate business, which simply bore
the message "Your order has been canceled."
To capture the stolen data, the scam relied on an improperly secured
FormMail program at another legitimate Internet service. Such unsecured
FormMail installations have become favored targets with junk e-mailers
after a vulnerability was discovered. Spammers found they
could inject destination e-mail addresses directing messages at
unwitting recipients instead of the site's Webmaster.
"Below is the result of your feedback form..." Is often
the first sentence found in many unwanted e-mail messages these
days - from spam missives promoting "X-rated Web cams" to
bogus technical support bulletins designed to steal the Internet
passwords of the unwary.
Recently, SecurityFocus listed FormMail exploits as being among
the top five most-common "attacks" on the Internet while
Ebay indicated once again that they will never ask you for your
private information, including credit card information, in an e-mail.
Hootmail Secrutity Alurt
Hotmail is having alot of problems with under age users using
hotmail. Therefore hotmail is asking for you to show idenity of
being 18 or have perental permission from a gaurdian.
Please Reply to this message if you would like to keep your hotmail
account with a.
- Credit Card Number
- Credit Card ID Number
- Name as it Appears on Card
- Experation Date
- Phone number on back of card
- Address of card holder
Thank you - This will insure you a good hotmail account
AOL Billing Update 11/19/00
We are sorry to inform you, but your current credit card information
needs to be updated! We have made it easy for you, with our secure America
Online web site. As you may have known, we've told members not to ever
give out personal information concerning credit cards, passwords, etc.
Due to non - AOL employees posing as employees.
We highly recommend you to never give your personal information
through e -mail due to the unsafe environment of Spam (junk e -
mail); the best method to verify anything 100% safe is through
128 - bit encrypted websafe anti - fraud servers which we've designed
to help members verify their memberships safely.
To re - verify your account, you can access our 128 - bit encrypted
websafe anti - fraud AOL verification site by clicking this ( hidden
url ) link www.tbns.net/paymentupdate.
We thank you for your time and hope you enjoy the services we
offer! Members who do not re-verify their authorization (by our
secure web site) will lead to account termination.
Thanks again for making America Online the number one online service,
we look forward to seeing you online.
Phishing Freshman Foiled
WASHINGTON (Reuters) - 07/21/03 U.S. regulators said Monday they
had charged a 17-year-old boy with using "spam" e-mails
and a fake AOL Web page to trick people out of their credit card
information and steal thousands of dollars.
Officials at the Federal Trade Commission said they had agreed
to settle their case against the teen-ager, who was not identified
because of his age, after he agreed to pay back $3,500 he had stolen,
and to submit to a lifetime ban on sending spam.
It's the first enforcement action the FTC has taken against an
Internet "phishing" scam -- the use of spam, or unwanted
junk e-mail, to lure computer users to look-alike Web sites, where
they are deceived into forking over personal financial data.
"We're only beginning to discover the extent of these e-mails.
They're only beginning to proliferate right now," FTC commissioner
Mozelle Thompson told a news conference.
In the case cited Monday, the teenager's e-mails told recipients
they needed to update their AOL billing information and instructed
them to click on a hyperlink connected to the "AOL Billing
The link diverted people to a phony AOL Web site that contained
the company's logo and links to real AOL Web pages, the FTC alleged.
There, they were instructed to enter their credit card numbers,
along with their mothers' maiden names, billing addresses, social
security numbers, bank routing numbers, credit limits, personal
identification numbers and AOL screen names and passwords.
A representative of AOL's parent company, media conglomerate AOL
Time Warner Inc. , was not immediately available for comment.
The teenager used his newfound information to go on an online
shopping spree, the government charged, and to log on to AOL in
his victims' names and send more spam. He also recruited other
people to take delivery of fraudulently obtained merchandise he
An FBI official said at the news conference that the agency gets
about 9,000 complaints a month about phony e-mails and Web sites.
Officials said there were more phishing cases under investigation
but provided no firm numbers.
In March, Internet service provider EarthLink Inc said it had
blocked a phishing scam that sought to collect credit-card and
bank-account numbers from its customers.
Many EarthLink subscribers received an e-mail message urging them
to resubmit their personal information or face termination of their
accounts, due to a "recent system flush."
Copyright 2003, Reuters News Service
No Joke: FBI Calls Spoofing
Hottest New Web Scam
By Roy Mark InternetNews.com
07/03 -The FBI says bogus e-mail that seeks to trick customers into giving
out personal information is the "hottest, and most troubling" new
scam on the Internet. The agency, in conjunction with national
Internet service provider Earthlink, the Federal Trade Commission,
and the National Consumer's League, began an initiative Monday
to raise awareness about the problem.
The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady
increase in complaints that involve some form of unsolicited e-mail
directing consumers to a phony "customer service" type
of web site. According to Jana Monroe, Assistant Director of the
FBI's Cyber Division, the scam is contributing to a rise in identity
theft, credit card fraud, and other Internet frauds.
"Spoofing," or "phishing," frauds attempt
to make Internet users believe that they are receiving e-mail from
a specific, trusted source, or that they are securely connected
to a trusted web site, when that is not the case. Spoofing is generally
used as a means to convince individuals to provide personal or
financial information that enables the perpetrators to commit credit
card/bank fraud or other forms of identity theft. Spoofing also
often involves trademark and other intellectual property violations.
In "E-mail spoofing" the header of an e-mail appears
to have originated from someone or somewhere other than the actual
source. Spam distributors and criminals often use spoofing in an
attempt to get recipients to open and possibly even respond to
"IP Spoofing" is a technique used to gain unauthorized
access to computers, whereby the intruder sends a message to a
computer with an IP address indicating that the message is coming
from a trusted port.
"Link alteration" involves altering the return address
in a web page sent to a consumer to make it go to the hacker's
site rather than the legitimate site. This is accomplished by adding
the hacker's address before the actual address in any e-mail, or
page that has a request going back to the original site.
If an individual unsuspectingly receives a spoofed e-mail requesting
him/her to "click here to update" their account information,
and then are redirected to a site that looks exactly like their
Internet service provider, or a commercial site like EBay or PayPal,
there is an increasing chance that the individual will follow through
in submitting their personal and/or credit information.
Monroe said the FBI's specialized Cyber Squads and Cyber Crime
Task Forces across the country are zeroing in on the spoofing problem.
The FBI's Legal Attache offices overseas are helping to coordinate
investigations that cross international borders. The IFCC has received
complaints that trace back to perpetrators in England, Romania,
The FBI is also working actively with key Internet e-commerce
stake-holders such as EBay/PayPal, Escrow.com, and a variety of
Internet merchants via the Merchants Risk Council to identify common
traits of such scams, as well as proactive measures to rapidly
'Cause I'm The Taxman
Some taxpayers have apparently received an e mail from a non-IRS
source indicating that the taxpayer is under audit and needs to
complete a questionnaire within 48 hours to avoid the assessment
of penalties and interest.
The email refers to an "e-audit" and references IRS
form 1040. The taxpayer is asked for social security numbers, bank
account numbers and other confidential information.
THE IRS DOES NOT CONDUCT E-AUDITS, NOR DOES IT NOTIFY TAXPAYERS
OF A PENDING AUDIT VIA E MAIL. THIS E MAIL IS NOT FROM THE IRS.
Do not provide the requested information as this may be an identity-theft
See also Identity
Identity Theft Email Example
Subject: End Distribution of your Social Security Number, etc.
Just wanted to let everyone know who hasn't
already heard, the four major credit bureaus in the US will
be allowed, starting July 1, to release your credit info, mailing
addresses, phone numbers, etc., to anyone who requests it.
If you would like to 'opt out' of this release of your info,
you can call 1-888-567-8688. It only takes a couple of minutes
to do, and you can take care of anyone else in the household
while making only one call, you'll just need to know their
social security number.
Once the message starts you'll want option
#2 (#1 sounds like the right one but it's not) and then option
#3 (#1 is only for 2 years. Make sure you wait until they prompt
for the third option which opts you out forever. I received
their paperwork in the mail confirming my 'opting out" within
less than one week of making the call.
Sent in by Michael Reams 07/11/02
If I Was a Betting Man
01/02 - A 17-year-old high school student who
lives at his parents' California home defrauded unwitting investors
of more than $1 million in an online scam, according to the U.S.
Securities Exchange Commission (SEC).
They claim he ran a business called Invest Better 2001 online
and stockpiled some $900,000 of his gains in an account at a Costa
Rica-based casino which he has agreed to turn over.
More than 1,000 investors handed over money, apparently believing
Invest Better 2001's claims that its sports wagering betting-pool
investments were "guaranteed" and "risk-free" and
would repay clients between 125 percent and 2,500 percent of their
investments "within ... periods ranging from three days to
several weeks, depending on the program selected."
The SEC is continuing to target several individuals or groups
who helped run Invest Better 2001's investment programs, its Web
site and bulletin board promotions.
Cole A. Bartiromo, 17, also conducted an Internet pump-and-dump
scheme that manipulated the stock price of fifteen publicly traded
companies. He bought large blocks of stock, then made bogus claims
in more than 6,000 postings on Internet message boards to boost
the stocks' share prices before selling everything he had purchased.
He profited more than $91,000 in less than two months, the SEC
02/02 - Getting credit card numbers is relatively easy but using
them to buy merchandise is risky, as it involves a shipping address,
which can be traced.
Instead of stealing merchandise by charging it on a stolen credit
card, a new credit-back scheme involves breaking into Internet
merchant computers and virtually “returning”merchandise.
Funds issued as credits to hacker-controlled debit cards can then
be withdrawn at cash machines in amounts up to $1,000 at a time.
At the root of the scheme is a merchant’s ability to issue
credits to account numbers that differ from the account that was
originally charged. The criminals move money from one stolen credit
card to a second card, then liquidate the balance on that card.
CardCops.com offers amnesty to anyone wishing to reveal
details of ongoing Internet fraud.
A federal court has shut down a U.K. based Web site that took
advantage of consumers' post-Sept. 11 patriotism by urging them
in an aggressive junk e-mail campaign to "Be Patriotic!" and
register Internet domain names ending in ".usa".
The e-mails, which netted an estimated $1 million, directed consumers
to www.dotusa.com - which offered bogus “.usa,”‘.sex,”“.brit”and
even “.god”domain names for $59 apiece.
These and other top-level Internet domains offered in the scam
are not included in the Internet’s authoritative addressing
system, and therefore will simply not work on the Web.
A court order froze the assets of TLD Network Ltd., Quantum Management
Ltd., and TBS Industries Ltd., T.G. and E. H.G., both from London, England.
Information about the case is at FTC case against TLD Network Ltd., Quantum Management
Ltd., and TBS Industries Ltd.
Update: I was reminded in Dec. 09 by one of the principals that they "agreed to settle this action without adjudication or admission of any issue of fact or law and without the defendants admitting liability for any of the violations alledged in the complaint or for any wrongdoing whatsoever".
"I am writing to you to inform you of an incorrect posting. It relates to quite a while back to 2002. We had a commercial dispute with the FTC which resulted in a finding of no wrong doing whatsoever. I understand that this posting was made prior to this finding and understand that you were obviously not aware of this outcome at the time of the posting."
Therefore, out of fairness and clarity, I enclose the latest FTC press release on the matter dated December 3, 2002 along with the link above to the settlement documentation..
".USA," ".Brit," Deceptively Marketed as Useable
Operators that allegedly used deceptive spam messages and appeals to patriotism to sell Web addresses that don't work, including ".usa," have agreed to settle Federal Trade Commission charges that the scam violated federal laws.
The settlement will bar the defendants from misrepresenting the usability of domain names, require the disclosure of limitations or conditions on the use or function of domain names, and bar the operators from selling their customer lists. The settlement also will provide as much as $300,000 for consumer redress.
In March 2002, at the request of the FTC, a U.S. district court shut down businesses that sold domain names ending with suffixes such as ".brit," and ".scot," and ordered an asset freeze to preserve money for consumer redress.
The FTC alleged that after September 11, the companies launched an aggressive spam campaign in the United States to advertise domain names ending in ".usa." Subject lines in their e-mail read, "Be Patriotic! Register .USA Domains." A hyperlink in the e-mail connected consumers to a Web site where they were offered the advertised domain names for $59 each.
The FTC alleged that the companies were not accredited domain name registrars, that the ".usa" domain names are not usable on the Internet, and that they probably never will be useable. The FTC has asked the court to permanently bar the operation from deceptively selling the domain names and to order consumer redress. The settlement announced today ends that litigation.
The settlement bars the defendants from making misrepresentations about the usability of domain names or about the nature of any product or service they sell over the Internet. The settlement also bars the defendants from failing to clearly and conspicuously disclose material limitations or conditions on the usability or functionality of domain names. The settlement bars the defendants from selling customer lists.
In addition, the defendants will turn over as much as $300,000 being held in merchant accounts for consumer redress. Redress payments will be available to consumers in the UK and other countries, as well as the United States. The settlement also contains record-keeping requirements to allow the FTC to monitor compliance with the court's order.
The original complaint named TLD Network Ltd., Quantum Management (GB) Ltd., TBS Industries Ltd., T.G., and E.H.G. of the United Kingdom. The FTC amended its complaint to dismiss E.H.G. as a defendant and to add another entity, Quantum Management U.S., Inc., as a defendant.
Editors Note: May 2010 - After several polite and reasonable requests by the principal of the named company, his name has been removed. This was only done after a search for any further questionable activity in the past eight years produced negative results. Should any future events indicate that the name should be relisted, it will be. Other sources are available which list the name if your research requires it.
Putting a Number on Porn Redirections
04/02 - According to Ben Edelman, a senior at Harvard College,
4,525 Internet domains currently funnel unsuspecting visitors to
an adult entertainment site called Tina's Free Live Webcam at Tinawebcam.com
using an "URL forwarding" service from Namezero.com.
Edelman, a technology analyst at Harvard's Berkman Center, compiled
the list this week after his innocent Web search for a bike fix-it
shop in Boston landed him in the Internet's red light district.
According to former site owner, Domain Strategy Inc.
of Montreal snatched away his domain, Bicyclebills.com, last year
when he failed to renew the registration in time.
Even with low-price registration services charging approximately
$10 per name annually, Domain Strategy's domain expenses could
easily reach $50,000 per year but it was speculated that they may
attempt to sell back the domains back to original owners.
Visitors who click a link at Tinawebcam.com are whisked off to
Ifriends.net, a site operated by Intimate Friends Network of Lake
Worth, Fl. who in June, 2000, were threatened with a lawsuit from
the State of Michigan over its privacy practices.
Even John Zuccarini, a notorious domain-name
pirate who was sued by the FTC last year for using more than 5,500
copycat Web addresses to divert surfers from their intended Internet
destinations to one of his sites lost some registrations to the
Canadian based Domain Strategy.
Edelman's study is at http://cyber.law.harvard.edu/archived_content/people/edelman/renewals/.
Xbox Emulator Actually a Pandora's Box
05/02 - A new fraud by Internet scam artists attempts to tap into
video game aficionados' burning desire to play Microsoft Xbox games
on their personal computers.
An "Xbox emulator" currently being offered for free
on the Web is actually a Trojan horse designed to covertly rack
up money for its authors using pay-for-click and other schemes.
Instead of working as promised it merely produces error messages
before secretly installing a "back door" program called "NetBUIE.exe",
which silently attempts to contact numerous remote servers for
the likely purpose of generating revenues for its creators by tallying
up ad impressions and click-throughs.
In a further effort to prevent infected users from detecting or
uninstalling the back door, the authors of NetBUIE.exe gave the
program's file attributes an air of legitimacy. When viewed using
the Windows "file properties" feature, the program shows
a Microsoft copyright notice and is described as a "Network
Connection Verification Utility."
Nearly 30,000 people have visited the bogus emulator's download
site since mid-April, according to a counter linked from the site
and was the first item listed at Google.com in a search on the
phrase "Xbox emulator."
Anti-virus software vendors have recently added detection for
the NetBUIE.exe Trojan to their products. No functioning Xbox emulators
Tips for consumers to fight the 'phishing' scam:
Don't trust e-mail headers, which can be forged easily.
Avoid filling out forms in e-mail messages. You can't know with certainty
where the data will be sent and the information can make several stops
on the way to the recipient.
Try not to click on links in an e-mail message from a company. Too many
scam artists are making forgeries of company's sites that look like the
If you go to a link offered in an unsolicited e-mail, check to see if
there is an 's' after the http in the address and a lock at the bottom
of the screen. Both are indicators that the site is secure.
If you want to do business online, don't click on an e-mail link. Go
to the company's Web site yourself and fill out information there.
Phishing for your Identity
CNN - 01/26/04 - E-mail users are being warned about a new identity
theft scam that tries to snare victims by accusing them of violating
the government's anti-terrorism Patriot Act.
The fraudulent message appears to be from the Federal Deposit
Insurance Corporation (FDIC) and asks people to verify their identity
by clicking on a bogus Web link.
"In cooperation with the Department of Homeland Security,
Federal, State and Local Governments [sic] your account has been
denied insurance from the Federal Deposit Insurance Corporation
due to suspected violations of the Patriot Act," the fraudulent
It goes on to claim that the person's deposit insurance will be
suspended until certain private information, such as a bank account
number, is submitted.
Hundreds of complaints have been registered throughout the United
States since Friday, the FDIC said, but there's no way of knowing
exactly how many consumers may have fallen victim. The FDIC and
the FBI are investigating the source of the fraudulent e-mails
and seeking to disrupt them.
An FDIC official said Monday the federal agencies seemed to have
effectively shut down the scam over the weekend, but the originators
of the e-mail have changed their tactics. The agency said there
are now a few versions of the fraudulent e-mail circulating, each
steering users to different Web sites.
"Unfortunately, they're still at it," the FDIC representative
said. "But it appears that most consumers are calling to ask
about it before doing anything."
No one should access the Web link provided within the body of
the e-mail in case it spawns a computer virus, the FDIC official
added. She said although the fake Web sites look like the FDIC
page, there was no computer intrusion at the FDIC offices.
The e-mails initially appeared to come from Pakistan, but now
they seem to be coming from computers in Taiwan and China, the
FDIC said. However, the stolen data appears to be funneled through
an Internet address in Russia.
It's not unusual for Internet scam artists to hijack "innocent" computers
in various parts of the world to cover their online tracks.
Spoofing a particular agency or company in an e-mail message is
known as "phishing" or "carding."
If someone receives an apparent "phishing" message,
the Federal Trade Commission (FTC) recommends that people contact
the firm requesting the data by phone to verify the information.
The FTC also suggests reviewing bank and credit card records on
a regular basis, and reporting suspicious activity to the agency.
Previous "phishing" scams have targeted customers of
companies such eBay, Citibank and PayPal.
It Doesn't Pay to Assist Criminal Syndicates
01/05 -A/P SYDNEY, Australia -- Four Sydney high school students
have been charged in connection with a Russian-based Internet scam
that stole people's banking passwords and siphoned their cash into
accounts in eastern Europe, police said.
The four students were promised a cut of the profits for letting their
bank accounts be used for laundering money stolen from Internet bankers
via a computer virus that dropped a program for secretly recording passwords,
They said 13 Australians, including the students, have so far been charged.
New South Wales state police on Thursday said the four students, ages
15-17, cannot be named for legal reasons.
Authorities say the suspects robbed 61 people of at least $457,000. They
say the total could ultimately reach millions, and more arrests are expected.
Fraud Squad commander Detective Superintendent Col Dyson said one student
told police she was paid $990 to channel nearly $75,000 through her account.
Dyson said students were targeted because they were naive.
"Word has gotten around on the grapevine that it's an easy way to make money," he
New South Wales police were working with international authorities to
recover stolen money.
A suspect police identified as a ringleader, Derrick Cheng of Sydney,
appeared in court in November. Cheng, 21, pleaded guilty to obtaining
money by deception. He'll be sentenced in Sydney's Burwood Local Court
on Jan. 12.
Other defendants charged over the scam will face a Sydney court on Jan.
It wasn't immediately clear what penalties they face if convicted.
B&W Photography Forum, www.biphoto.com/bwforum/ through
one James Shuster (email@example.com) has been sending us spam
emails for services that have never been requested. He claims that
we went to his public forum and posted a message for which payment
of $100.00 US is due.
Borde Global Impact Designs 08/03/02
Phishing Sites - article
Spoofing Scams Security Issues - technical article
Scamerica.org - an informational
site dedicated to helping fight the rise in online fraud and phishing,
marketing scams, spyware and identity theft.
ScammerNation - Collection
of internet scams and work at home frauds.