Technology > Internet > Security >
Cybercrime > Scams, Phishing
Illustration: Glenn Harvey
A Guide to Pandemic Scams, and What Not to Fall For
Fraudsters see opportunities to target us in these uncertain
Here are their most popular schemes
and how we can protect
May 13, 2020 5:00 a.m. ET
phishing / phisihing fraud UK / USA
Sending out emails
telling online account customers
they must reconfirm IDs and
When they hit reply
they are sent
to a cloned web page.
mass mailings and
the Internet USA
web scam / scam
UK / USA
online daters > online relationship scams / romance scams
email money scam UK
bogus websites / scam shopping websites
Charged In Web Scam Using Ads
The New York Times
By SOMINI SENGUPTA
and JENNA WORTHAM
It was a
subtle swap: a cheesy advertisement for a vacation timeshare atop the home page
of ESPN.com, in a spot that might have been claimed by a well-known brand like
Those who saw swapped advertisements, federal prosecutors say, might never have
known that their computer had been drawn into a complex Internet advertising
scam that they say generated $14 million for its creators.
Over the last four years, a group of men in Eastern Europe quietly hijacked
millions of computers worldwide and diverted unsuspecting users to online
advertisements from which they could profit, federal law enforcement officials
said on Wednesday.
Six men, all in their 20s and early 30s, are under arrest in Estonia for what
the United States attorney’s office in New York called “a massive and
sophisticated Internet fraud scheme.” A Russian suspect in the case remains at
The malicious software infected four million computers, including 500,000 in the
United States, the prosecutors said. The software was so subtle that most people
using an infected computer were probably unaware of it.
It was a two-pronged scheme, prosecutors said. One component involved
redirecting clicks on search results to sites that were controlled by the
defendants. A search for “I.R.S.,” for instance, would lead a user to the Web
site of the tax preparer H&R Block. The sites to which users were directed would
pay the swindlers a referral fee, prosecutors said. The more traffic they could
redirect, the more fees they collected.
The other way the group made money, according to the indictment, was to swap
legitimate online advertisements on certain Web sites with others that would
generate payments for the defendants. Prosecutors said that Web sites for ESPN
and The Wall Street Journal were affected — but only when viewed on the infected
“On a mass scale, this gave new meaning to the term false advertising,” Preet
Bharara, the United States attorney for the Southern District of New York, said
at a press conference in Manhattan.
The security firm Trend Micro, which was among several private companies that
helped federal officials with the investigation, called it the “biggest
cybercriminal takedown in history.” The group running the scheme had 100
command-and-control servers worldwide, the company said, one of which was in a
data center run in New York.
The scheme came to light after 100 computers at the National Aeronautics and
Space Administration were found to have been infected. The malicious software
spread through infected Web sites.
The most serious aspect of the scheme was that it attacked part of the
scaffolding of the Internet: the domain name system, or D.N.S., which links the
numerical addresses of Web sites with more user-friendly addresses like irs.gov.
“When people start attacking infrastructure, it creates the potential for a
rogue version of the Internet,” said David Dagon, a computer security expert at
the Georgia Tech College of Computing who helped federal authorities in the
Unlike more traditional malware that ferrets out valuable personal information,
the group’s program was not designed to steal data, so it was not easily
detected, private security consultants said. It manipulated the infrastructure
of the Web to do what it does every day in great volumes: display advertising.
All six of the Estonian defendants were in the custody of Estonian police. Four
of them also face charges in that country. One of them, Vladimir Tsastsin, 31,
has been previously convicted of money laundering in Estonia, according to the
Federal Bureau of Investigation. He is identified with a company called Rove
Digital, which investigators say ran the operation’s infrastructure.
According to the indictment, the malware also staved off antivirus software
updates, which meant that an infected computer could not detect that it was
infected. This also made the machine vulnerable to other security bugs.
The malware affected both Windows and Mac operating systems. On its Web site,
the F.B.I. outlines how to detect this particular program and how to get rid of
Mr. Bharara described the scheme as “cyber infestation of the first order” that
reflected the global nature of Internet fraud.
7 Charged In Web Scam Using Ads, NYT, 9.11.2011,
Prey Are Targets of Phishing
The New York Times
By JOHN MARKOFF
FRANCISCO — An e-mail scam aimed squarely at the nation’s top executives is
raising new alarms about the ease with which people and companies can be
deceived by online criminals.
Thousands of high-ranking executives across the country have been receiving
e-mail messages this week that appear to be official subpoenas from the United
States District Court in San Diego. Each message includes the executive’s name,
company and phone number, and commands the recipient to appear before a grand
jury in a civil case.
A link embedded in the message purports to offer a copy of the entire subpoena.
But a recipient who tries to view the document unwittingly downloads and
installs software that secretly records keystrokes and sends the data to a
remote computer over the Internet. This lets the criminals capture passwords and
other personal or corporate information.
Another piece of the software allows the computer to be controlled remotely.
According to researchers who have analyzed the downloaded file, less than 40
percent of commercial antivirus programs were able to recognize and intercept
The tactic of aiming at the rich and powerful with an online scam is referred to
by computer security experts as whaling. The term is a play on phishing, an
approach that usually involves tricking e-mail users — in this case the big fish
— into divulging personal information like credit card numbers. Phishing attacks
that are directed at a particular person, rather than blasted out to millions,
are also known as spear phishing.
The latest campaign has been widespread enough that two California federal
courts and the administrative office of the United States Courts posted warnings
about the fake messages on their Web sites. Federal officials said they stopped
counting after getting hundreds of phone calls from corporations about the
messages. At midday on Tuesday, one antispam company, MX Logic, said in a Web
posting that its service was still seeing at least 30 of the messages an hour.
Security researchers at several firms indicated they believed there had been at
least several thousand victims of the attack whose computers had been
“We have seen about 2,000 victims, more or less,” said John Bambenek, a security
researcher at the University of Illinois at Urbana-Champaign and a volunteer at
the Internet Storm Center, a network security organization.
Researchers were studying a list of the Internet addresses of infected computers
that iDefense Labs, a research unit of VeriSign, had assembled by monitoring
Personalized scam messages have been on the radar of security researchers and
law enforcement officials for several years, but the latest variant is a fresh
indication of the threat posed by such digital ruses.
“I think that it was well done in terms of something people would feel compelled
to respond to,” said Steve Kirsch, the chief executive of Abaca, an antispam
company based in San Jose, Calif.
Mr. Kirsch himself received a copy of the message and forwarded it to the
company lawyer. “It had my name, phone number, company and correct e-mail
address on it and looked pretty legitimate,” Mr. Kirsch said. “Even the U.R.L.
to find out more looked legitimate at first glance.”
When the lawyer tried to download a copy of the subpoena and the computer
restarted itself, they quickly realized that the file contained malicious
Several computer security researchers said that the attack was the work of a
group that tried a similar assault in November 2007. In that case, the e-mail
message appeared to come from the Justice Department and stated that a complaint
had been filed against the recipient’s company.
The software used in the latest attack tries to communicate with a computer in
Singapore. That system was still functioning on Tuesday evening, but security
researchers said many Internet service providers had blocked access to it.
A number of clues, like misspellings, in the fake subpoena led several
researchers to believe that the attackers were not familiar with the United
States court system and that the group might be based in a place that used a
British variant of English, such as Hong Kong.
“This is probably Chinese-based,” said Mr. Bambenek. “If all the key players are
in China there is not much the F.B.I. can do.”
Several security researchers said that the real danger of the attack lay in a
second level of deception, after the hidden software provided the attackers with
digital credentials like passwords and electronic certificates.
“There are very subtle nuances to their attacks that are well known in the
financial industry but are not well publicized,” said Matt Richard, director of
the Rapid Response Team at iDefense.
Mr. Richard said the criminals were going after a particular area of the
financial industry, but he would not elaborate. He said that law enforcement
officials were investigating the fraudulent documents.
Calls to the Federal Bureau of Investigation for comment were not returned.
Although the software package used to deliver the eavesdropping program is well
known, it was hidden in such a way that it avoided detection by commercial
programs in many cases, researchers said.
“This is pretty well-known code,” said Don Jackson, a researcher at SecureWorks,
a computer security firm. “The issue has to do with repacking it.”
Recipients of the e-mail messages are directed to a fraudulent Web site with a
copy of the graphics from the real federal court site. They are then asked to
download and install what is said to be a piece of software from Adobe that is
used to view electronic documents.
“There are several layers of social engineering involved here,” said Mike Haro,
a spokesman for Sophos, a company that sells software to protect against
malicious software and spam.
Larger Prey Are Targets of Phishing, NYT, 16.4.2008,
Related > Anglonautes >