Crimes of Persuasion

Schemes, scams, frauds.



Cybercrimes, Internet Fraud Online Web Scams, Cyber Crime Consumer Fraud, Website Spoofing Phishing Scams

While nearly all of the covered scams can be sent over the internet there are a few which can only be sent that way. These I will try to place in this section.


Phishing for Suckers

Phishing is the practice of scamsters setting up bogus Web sites that look like those of legit retailers in an attempt to trick unwary consumers into giving up their credit card numbers

Phishers typically spam out e-mails with spoofed addresses that seem to come from respected merchants. Online auctioneer eBay, it's person-to-person payments subsidiary PayPal, electronic retailer Best Buy, and Microsoft are among the most common commercial victims.

The e-mail subject headers warn the recipient of a problem with their account or, in the case of Microsoft, the need to install still another patch. In the e-mail is either a form to fill out with personal information, or a link to the crooks' phony site.


PayPal Payment Pickers Web Scams

In what most likely was a mass email spam, customers of online payment processor PayPal.com got an e-mail disguised as a cheery holiday greeting urging them to "update" their account information.

The message, which included a spoofed return address of service@paypal.com, directed PayPal users to visit a Web site to reenter their account information, including usernames, passwords, credit card numbers and billing data.

"Season's Greetings Valued PayPal Customer. As the New Year approaches and as we all get ready to move a year ahead, PayPal would like to give you a $5 credit to your account!

All you have to do to claim your $5 gift from us is update your information on our secure Pay Pal site by January 1, 2002. A year brings a lot of changes, by updating your information with us you will allow for us to continue providing you and our valued customer service with excellent service and in the meantime, keep our records straight!"

The domain in question – http://www.paypal-secure.com - was registered to a plainly fictitious company name and address.

Last year, PayPal was hit with a similar scam by a Web site called "PayPa1.com," (the numeral "1" being virtually indistinguishable from a lowercase "L" in certain fonts) which encouraged customers to "verify" their account information.


Never Kiss Strangers

01/02 - Phony "InstaKiss" Web sites are being used to dupe AOL users into giving up their account passwords in exchange for an electronic smooch.

The fraud, varieties of which have been used for nearly two years, plays off a legitimate e-greeting service (AOL Keyword InstaKiss) offered by AmericanGreetings.com, and promoted at America Online's singles area, LoveAtAOL.

As in other incarnations of the InstaKiss scam, the operator of the latest password-stealing site sent a bogus invitation to AOL users by instant message and e-mail. The message informed recipients that they had been sent an "AOL InstaKiss" by "someone who thinks very highly of you." By clicking a link in the message, the AOL user could receive his or her InstaKiss, according to the come-on.

One fake site, registered just two weeks ago, bore the AOL logo and instructed visitors to type in their AOL screen name and password to receive their InstaKiss. Besides mimicking AOL's site design, it featured links to destinations at the online service for added credibility.

Many such sites employ the same "phishing" scheme, as hackers refer to such password-stealing techniques, for a variety of purposes, ranging from free Internet access to identity theft.

Most of the bogus sites are hosted by free Web page services which enable the scammers to create a site with an address such as http://aol-instakiss.da.ru.


A Certain Sophistication

Another identity-theft scam, designed to steal credit card information, Social Security numbers and other personal data from unwary Internet users, was built upon Internet resources owned by others and masqueraded as an order confirmation from Ebay.

A bogus e-mail message sent Jan. 11, 2002 to potentially thousands of Internet users informs recipients that they will be charged $460.50 for ordering a Microsoft Xbox video game system.

To cancel the order, recipients of the message, which appears to come from eBayServicesSUPPORT@eBay.com, are instructed to click a hyperlink to visit a Web site and "fill out all the needed information."

The link then re-directed users to a site hosted by AOL Hometown that contained a cleverly designed mock-up of an Ebay form, entitled "Ebay Services - Cancel Order."

The form, which asked people to input their credit card number, Social Security number, bank name, address, phone and other requested information was submitted to an e-mail account at Epimp.com, a free, Web-based e-mail service.

The bogus transaction was completed when victims were redirected to a checkout page at a legitimate business, which simply bore the message "Your order has been canceled."

To capture the stolen data, the scam relied on an improperly secured FormMail program at another legitimate Internet service. Such unsecured FormMail installations have become favored targets with junk e-mailers after a vulnerability was discovered.  Spammers found they could inject destination e-mail addresses directing messages at unwitting recipients instead of the site's Webmaster.

"Below is the result of your feedback form..." Is often the first sentence found in many unwanted e-mail messages these days - from spam missives promoting "X-rated Web cams" to bogus technical support bulletins designed to steal the Internet passwords of the unwary.

Recently, SecurityFocus listed FormMail exploits as being among the top five most-common "attacks" on the Internet while Ebay indicated once again that they will never ask you for your private information, including credit card information, in an e-mail.


Hootmail Secrutity Alurt

Hello,

Hotmail is having alot of problems with under age users using hotmail. Therefore hotmail is asking for you to show idenity of being 18 or have perental permission from a gaurdian.

Please Reply to this message if you would like to keep your hotmail account with a.

- Credit Card Number
- Credit Card ID Number
- Name as it Appears on Card
- Experation Date
- Phone number on back of card
- Address of card holder

Thank you - This will insure you a good hotmail account

Bob Harris


Bogus AOL Billing Update

Dear Member,

We are sorry to inform you, but your current credit card information needs to be updated! We have made it easy for you, with our secure America Online web site. As you may have known, we've told members not to ever give out personal information concerning credit cards, passwords, etc. Due to non - AOL employees posing as employees.

We highly recommend you to never give your personal information through e -mail due to the unsafe environment of Spam (junk e - mail); the best method to verify anything 100% safe is through 128 - bit encrypted websafe anti - fraud servers which we've designed to help members verify their memberships safely.

To re - verify your account, you can access our 128 - bit encrypted websafe anti - fraud AOL verification site by clicking this ( hidden url ) link www.tbns.net/paymentupdate.

We thank you for your time and hope you enjoy the services we offer! Members who do not re-verify their authorization (by our secure web site) will lead to account termination.

Thanks again for making America Online the number one online service, we look forward to seeing you online.

Sincerely,

America Online
Payment Services
BillingMgr@aol.com


Phishing Freshman Foiled

WASHINGTON (Reuters) - 07/21/03 U.S. regulators said Monday they had charged a 17-year-old boy with using "spam" e-mails and a fake AOL Web page to trick people out of their credit card information and steal thousands of dollars.

Officials at the Federal Trade Commission said they had agreed to settle their case against the teen-ager, who was not identified because of his age, after he agreed to pay back $3,500 he had stolen, and to submit to a lifetime ban on sending spam.

It's the first enforcement action the FTC has taken against an Internet "phishing" scam -- the use of spam, or unwanted junk e-mail, to lure computer users to look-alike Web sites, where they are deceived into forking over personal financial data.

"We're only beginning to discover the extent of these e-mails. They're only beginning to proliferate right now," FTC commissioner Mozelle Thompson told a news conference.

In the case cited Monday, the teenager's e-mails told recipients they needed to update their AOL billing information and instructed them to click on a hyperlink connected to the "AOL Billing Center."

The link diverted people to a phony AOL Web site that contained the company's logo and links to real AOL Web pages, the FTC alleged. There, they were instructed to enter their credit card numbers, along with their mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers and AOL screen names and passwords.

A representative of AOL's parent company, media conglomerate AOL Time Warner Inc. , was not immediately available for comment.

The teenager used his newfound information to go on an online shopping spree, the government charged, and to log on to AOL in his victims' names and send more spam. He also recruited other people to take delivery of fraudulently obtained merchandise he had ordered.

An FBI official said at the news conference that the agency gets about 9,000 complaints a month about phony e-mails and Web sites.

Officials said there were more phishing cases under investigation but provided no firm numbers.

In March, Internet service provider EarthLink Inc said it had blocked a phishing scam that sought to collect credit-card and bank-account numbers from its customers.

Many EarthLink subscribers received an e-mail message urging them to resubmit their personal information or face termination of their accounts, due to a "recent system flush."

Copyright 2003, Reuters News Service


No Joke: FBI Calls Spoofing Hottest New Web Scam

By Roy Mark InternetNews.com

07/03 -The FBI says bogus e-mail that seeks to trick customers into giving out personal information is the "hottest, and most troubling" new scam on the Internet. The agency, in conjunction with national Internet service provider Earthlink, the Federal Trade Commission, and the National Consumer's League, began an initiative Monday to raise awareness about the problem.

The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "customer service" type of web site. According to Jana Monroe, Assistant Director of the FBI's Cyber Division, the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.

"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft. Spoofing also often involves trademark and other intellectual property violations.

In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.

"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted port.

"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site.

If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet service provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.

Monroe said the FBI's specialized Cyber Squads and Cyber Crime Task Forces across the country are zeroing in on the spoofing problem. The FBI's Legal Attache offices overseas are helping to coordinate investigations that cross international borders. The IFCC has received complaints that trace back to perpetrators in England, Romania, and Russia.

The FBI is also working actively with key Internet e-commerce stake-holders such as EBay/PayPal, Escrow.com, and a variety of Internet merchants via the Merchants Risk Council to identify common traits of such scams, as well as proactive measures to rapidly respond.


'Cause I'm The Taxman

Some taxpayers have apparently received an e mail from a non-IRS source indicating that the taxpayer is under audit and needs to complete a questionnaire within 48 hours to avoid the assessment of penalties and interest.

The email refers to an "e-audit" and references IRS form 1040. The taxpayer is asked for social security numbers, bank account numbers and other confidential information.

THE IRS DOES NOT CONDUCT E-AUDITS, NOR DOES IT NOTIFY TAXPAYERS OF A PENDING AUDIT VIA E MAIL. THIS E MAIL IS NOT FROM THE IRS. Do not provide the requested information as this may be an identity-theft attempt.

See also Identity Theft


Identity Theft Email Example

Subject: End Distribution of your Social Security Number, etc. PLEASE READ!!

Just wanted to let everyone know who hasn't already heard, the four major credit bureaus in the US will be allowed, starting July 1, to release your credit info, mailing addresses, phone numbers, etc., to anyone who requests it.

If you would like to 'opt out' of this release of your info, you can call 1-888-567-8688. It only takes a couple of minutes to do, and you can take care of anyone else in the household while making only one call, you'll just need to know their social security number.

Once the message starts you'll want option #2 (#1 sounds like the right one but it's not) and then option #3 (#1 is only for 2 years. Make sure you wait until they prompt for the third option which opts you out forever. I received their paperwork in the mail confirming my 'opting out" within less than one week of making the call.

Sent in by Michael Reams 07/11/02


If I Was a Betting Man

01/02 - A 17-year-old high school student who lives at his parents' California home defrauded unwitting investors of more than $1 million in an online scam, according to the U.S. Securities Exchange Commission (SEC).

They claim he ran a business called Invest Better 2001 online and stockpiled some $900,000 of his gains in an account at a Costa Rica-based casino which he has agreed to turn over.

More than 1,000 investors handed over money, apparently believing Invest Better 2001's claims that its sports wagering betting-pool investments were "guaranteed" and "risk-free" and would repay clients between 125 percent and 2,500 percent of their investments "within ... periods ranging from three days to several weeks, depending on the program selected."

The SEC is continuing to target several individuals or groups who helped run Invest Better 2001's investment programs, its Web site and bulletin board promotions.

Cole A. Bartiromo, 17, also conducted an Internet pump-and-dump scheme that manipulated the stock price of fifteen publicly traded companies. He bought large blocks of stock, then made bogus claims in more than 6,000 postings on Internet message boards to boost the stocks' share prices before selling everything he had purchased. He profited more than $91,000 in less than two months, the SEC said.


02/02 - Getting credit card numbers is relatively easy but using them to buy merchandise is risky, as it involves a shipping address, which can be traced.

Instead of stealing merchandise by charging it on a stolen credit card, a new credit-back scheme involves breaking into Internet merchant computers and virtually “returning”merchandise. Funds issued as credits to hacker-controlled debit cards can then be withdrawn at cash machines in amounts up to $1,000 at a time.

At the root of the scheme is a merchant’s ability to issue credits to account numbers that differ from the account that was originally charged. The criminals move money from one stolen credit card to a second card, then liquidate the balance on that card.

 CardCops.com offers amnesty to anyone wishing to reveal details of ongoing Internet fraud.


Dot Con

A federal court has shut down a U.K. based Web site that took advantage of consumers' post-Sept. 11 patriotism by urging them in an aggressive junk e-mail campaign to "Be Patriotic!" and register Internet domain names ending in ".usa".

The e-mails, which netted an estimated $1 million, directed consumers to www.dotusa.com - which offered bogus “.usa,”‘.sex,”“.brit”and even “.god”domain names for $59 apiece.

These and other top-level Internet domains offered in the scam are not included in the Internet’s authoritative addressing system, and therefore will simply not work on the Web.

A court order froze the assets of TLD Network Ltd., Quantum Management Ltd., and TBS Industries Ltd., T.G. and E. H.G., both from London, England.

Information about the case is at FTC case against TLD Network Ltd., Quantum Management Ltd., and TBS Industries Ltd.

Update: I was reminded in Dec. 09 by one of the principals that they "agreed to settle this action without adjudication or admission of any issue of fact or law and without the defendants admitting liability for any of the violations alledged in the complaint or for any wrongdoing whatsoever".

"I am writing to you to inform you of an incorrect posting. It relates to quite a while back to 2002. We had a commercial dispute with the FTC which resulted in a finding of no wrong doing whatsoever. I understand that this posting was made prior to this finding and understand that you were obviously not aware of this outcome at the time of the posting."

Therefore, out of fairness and clarity, I enclose the latest FTC press release on the matter dated December 3, 2002 along with the link above to the settlement documentation.

Domain Extensions ".USA," ".Brit," Deceptively Marketed as Useable

Operators that allegedly used deceptive spam messages and appeals to patriotism to sell Web addresses that don't work, including ".usa," have agreed to settle Federal Trade Commission charges that the scam violated federal laws.

The settlement will bar the defendants from misrepresenting the usability of domain names, require the disclosure of limitations or conditions on the use or function of domain names, and bar the operators from selling their customer lists. The settlement also will provide as much as $300,000 for consumer redress.

In March 2002, at the request of the FTC, a U.S. district court shut down businesses that sold domain names ending with suffixes such as ".brit," and ".scot," and ordered an asset freeze to preserve money for consumer redress.

The FTC alleged that after September 11, the companies launched an aggressive spam campaign in the United States to advertise domain names ending in ".usa." Subject lines in their e-mail read, "Be Patriotic! Register .USA Domains." A hyperlink in the e-mail connected consumers to a Web site where they were offered the advertised domain names for $59 each.

The FTC alleged that the companies were not accredited domain name registrars, that the ".usa" domain names are not usable on the Internet, and that they probably never will be useable. The FTC has asked the court to permanently bar the operation from deceptively selling the domain names and to order consumer redress. The settlement announced today ends that litigation.

The settlement bars the defendants from making misrepresentations about the usability of domain names or about the nature of any product or service they sell over the Internet. The settlement also bars the defendants from failing to clearly and conspicuously disclose material limitations or conditions on the usability or functionality of domain names. The settlement bars the defendants from selling customer lists.

In addition, the defendants will turn over as much as $300,000 being held in merchant accounts for consumer redress. Redress payments will be available to consumers in the UK and other countries, as well as the United States. The settlement also contains record-keeping requirements to allow the FTC to monitor compliance with the court's order.

The original complaint named TLD Network Ltd., Quantum Management (GB) Ltd., TBS Industries Ltd., T.G., and E.H.G. of the United Kingdom. The FTC amended its complaint to dismiss E.H.G. as a defendant and to add another entity, Quantum Management U.S., Inc., as a defendant.

Editors Note: May 2010 - After several polite and reasonable requests by the principal of the named company, his name has been removed. This was only done after a search for any further questionable activity in the past eight years produced negative results. Should any future events indicate that the name should be relisted, it will be. Other sources are available which list the name if your research requires it.


Putting a Number on Porn Redirections

04/02 - According to Ben Edelman, a senior at Harvard College, 4,525 Internet domains currently funnel unsuspecting visitors to an adult entertainment site called Tina's Free Live Webcam at Tinawebcam.com using an "URL forwarding" service from Namezero.com.

Edelman, a technology analyst at Harvard's Berkman Center, compiled the list this week after his innocent Web search for a bike fix-it shop in Boston landed him in the Internet's red light district.

According to former site owner, Domain Strategy Inc. of Montreal snatched away his domain, Bicyclebills.com, last year when he failed to renew the registration in time.

Even with low-price registration services charging approximately $10 per name annually, Domain Strategy's domain expenses could easily reach $50,000 per year but it was speculated that they may attempt to sell back the domains back to original owners.

Visitors who click a link at Tinawebcam.com are whisked off to Ifriends.net, a site operated by Intimate Friends Network of Lake Worth, Fl. who in June, 2000, were threatened with a lawsuit from the State of Michigan over its privacy practices.

Even John Zuccarini, a notorious domain-name pirate who was sued by the FTC last year for using more than 5,500 copycat Web addresses to divert surfers from their intended Internet destinations to one of his sites lost some registrations to the Canadian based Domain Strategy.

Edelman's study is at http://cyber.law.harvard.edu/archived_content/people/edelman/renewals/.


Xbox Emulator Actually a Pandora's Box

05/02 - A new fraud by Internet scam artists attempts to tap into video game aficionados' burning desire to play Microsoft Xbox games on their personal computers.

An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse designed to covertly rack up money for its authors using pay-for-click and other schemes.

Instead of working as promised it merely produces error messages before secretly installing a "back door" program called "NetBUIE.exe", which silently attempts to contact numerous remote servers for the likely purpose of generating revenues for its creators by tallying up ad impressions and click-throughs.

In a further effort to prevent infected users from detecting or uninstalling the back door, the authors of NetBUIE.exe gave the program's file attributes an air of legitimacy. When viewed using the Windows "file properties" feature, the program shows a Microsoft copyright notice and is described as a "Network Connection Verification Utility."

Nearly 30,000 people have visited the bogus emulator's download site since mid-April, according to a counter linked from the site and was the first item listed at Google.com in a search on the phrase "Xbox emulator."

Anti-virus software vendors have recently added detection for the NetBUIE.exe Trojan to their products. No functioning Xbox emulators currently exist.


Tips for consumers to fight the 'phishing' scam:

Don't trust e-mail headers, which can be forged easily.

Avoid filling out forms in e-mail messages. You can't know with certainty where the data will be sent and the information can make several stops on the way to the recipient.

Try not to click on links in an e-mail message from a company. Too many scam artists are making forgeries of company's sites that look like the real thing.

If you go to a link offered in an unsolicited e-mail, check to see if there is an 's' after the http in the address and a lock at the bottom of the screen. Both are indicators that the site is secure.

If you want to do business online, don't click on an e-mail link. Go to the company's Web site yourself and fill out information there.


Phishing for your Identity

CNN - 01/26/04 - E-mail users are being warned about a new identity theft scam that tries to snare victims by accusing them of violating the government's anti-terrorism Patriot Act.

The fraudulent message appears to be from the Federal Deposit Insurance Corporation (FDIC) and asks people to verify their identity by clicking on a bogus Web link.

"In cooperation with the Department of Homeland Security, Federal, State and Local Governments [sic] your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act," the fraudulent e-mail states.

It goes on to claim that the person's deposit insurance will be suspended until certain private information, such as a bank account number, is submitted.

Hundreds of complaints have been registered throughout the United States since Friday, the FDIC said, but there's no way of knowing exactly how many consumers may have fallen victim. The FDIC and the FBI are investigating the source of the fraudulent e-mails and seeking to disrupt them.

An FDIC official said Monday the federal agencies seemed to have effectively shut down the scam over the weekend, but the originators of the e-mail have changed their tactics. The agency said there are now a few versions of the fraudulent e-mail circulating, each steering users to different Web sites.

"Unfortunately, they're still at it," the FDIC representative said. "But it appears that most consumers are calling to ask about it before doing anything."

No one should access the Web link provided within the body of the e-mail in case it spawns a computer virus, the FDIC official added. She said although the fake Web sites look like the FDIC page, there was no computer intrusion at the FDIC offices.

The e-mails initially appeared to come from Pakistan, but now they seem to be coming from computers in Taiwan and China, the FDIC said. However, the stolen data appears to be funneled through an Internet address in Russia.

It's not unusual for Internet scam artists to hijack "innocent" computers in various parts of the world to cover their online tracks.

Spoofing a particular agency or company in an e-mail message is known as "phishing" or "carding."

If someone receives an apparent "phishing" message, the Federal Trade Commission (FTC) recommends that people contact the firm requesting the data by phone to verify the information. The FTC also suggests reviewing bank and credit card records on a regular basis, and reporting suspicious activity to the agency.

Previous "phishing" scams have targeted customers of companies such eBay, Citibank and PayPal.


It Doesn't Pay to Assist Criminal Syndicates

01/05 -A/P SYDNEY, Australia -- Four Sydney high school students have been charged in connection with a Russian-based Internet scam that stole people's banking passwords and siphoned their cash into accounts in eastern Europe, police said.

The four students were promised a cut of the profits for letting their bank accounts be used for laundering money stolen from Internet bankers via a computer virus that dropped a program for secretly recording passwords, police said.

They said 13 Australians, including the students, have so far been charged. New South Wales state police on Thursday said the four students, ages 15-17, cannot be named for legal reasons.

Authorities say the suspects robbed 61 people of at least $457,000. They say the total could ultimately reach millions, and more arrests are expected.

Fraud Squad commander Detective Superintendent Col Dyson said one student told police she was paid $990 to channel nearly $75,000 through her account.

Dyson said students were targeted because they were naive.

"Word has gotten around on the grapevine that it's an easy way to make money," he said.

New South Wales police were working with international authorities to recover stolen money.

A suspect police identified as a ringleader, Derrick Cheng of Sydney, appeared in court in November. Cheng, 21, pleaded guilty to obtaining money by deception. He'll be sentenced in Sydney's Burwood Local Court on Jan. 12.

Other defendants charged over the scam will face a Sydney court on Jan. 28.

It wasn't immediately clear what penalties they face if convicted.


B&W Photography Forum,  www.biphoto.com/bwforum/  through one James Shuster (jim@itsajeepthing.net) has been sending us spam emails for services that have never been requested. He claims that we went to his public forum and posted a message for which payment of $100.00 US is due.

Borde Global Impact Designs 08/03/02


Protection Against Phishing Sites - article

Website Spoofing Scams Security Issues - technical article

Scamerica.org - an informational site dedicated to helping fight the rise in online fraud and phishing, marketing scams, spyware and identity theft.

ScammerNation - Collection of internet scams and work at home frauds.


Non-telephonic Scam Approaches
Frauds involving Airline Tickets