Current Insight Community Cases

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Navigating The New Business World After This Recession

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "phishing"
Scams

Scams

by Mike Masnick

Thu, Jan 22nd 2009 6:46pm

Share This


Filed Under:
419, hacking, phishing, scams, social networks

Companies:
facebook



Facebook's Lack Of Hacking Resolution System For Nigerian Scammers

from the seems-like-a-problem dept

In the past week, you may have seen various news stories about Nigerian scammers hacking into Facebook, and then sending their "friends" messages, saying they're stranded in London without money. It is, of course, just the latest improvement on the venerable old Nigerian 419 scam, this time upgraded to use hacked/phished Facebook accounts to trick trusting friends into coughing up their money. However, one of the biggest issues is raised by Yehuda Berlinger, who points out that for those who are hacked, Facebook doesn't seem to have any reasonable way to contact them and fix the problem. Considering how much of your "identity" might be tied up in your social networking profile, you would think that a company like Facebook would have a ready made system in place to handle such "emergency" situations.

15 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Thu, Nov 13th 2008 11:07pm

Share This


Filed Under:
corporate espionage, cybercrime, espionage, organized crime, phishing



Online Criminals Move On To Corporate Espionage

from the plain-old-phishing-doesn't-pay dept

One of these days, someone will do a fascinating study or book on the evolving nature of online crime. It's a constantly changing phenomenon that would be quite interesting to study. A few years ago, we noted that the ease with which script kiddies could jump into the phishing and online extortion market meant that margins were getting squeezed for older online organized crime groups who had focused on such practices in the past. Apparently, the big money now has moved away from standard phishing and into corporate espionage. Organized crime groups are figuring out ways to hack into company networks, suck up as much data as possible, and then sell it off to the highest bidder -- whether it's competing firms or foreign governments.

7 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Mon, Aug 18th 2008 4:54am

Share This


Filed Under:
jailtime, phishing, scams



Phishing Scammer Gets Seven Years

from the this-ought-to-make-some-folks-happy dept

People seem to get pretty excited whenever we have stories of spammers and scammers getting long jail sentences, so I'm sure plenty of folks will be happy to hear that a phishing scammer just got sentenced to seven years in prison. Considering that he was scamming people's passwords to use elsewhere, this seems a lot more reasonable than the folks who get long jail sentences just for spamming. But, with all of these stories about spammers and phishers getting convicted, it always seems like the punishment is rather arbitrary. There's no clear pattern at all.

16 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Mon, Apr 21st 2008 9:01pm

Share This


Filed Under:
hijacking, page not found, phishing, vulnerability

Companies:
earthlink, verisign



Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.

11 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Thu, Apr 3rd 2008 11:47pm

Share This


Filed Under:
army, gullibility, phishing



Army Sets Up Phishing Scam To See How Gullible Service Members Are

from the and-here's-the-list-of-folks-not-to-give-sensitive-info-to dept

Well, since Japan leaked nuclear secrets via a P2P site, perhaps it's nice to know that our military runs its own phishing tests to see how gullible service members are. Slashdot points us to the news that the Army ran its own phishing scam, emailing members with an offer for free tickets to theme parks if they just went to a website and filled in certain information. The test itself was set up by the U.S Army Intelligence and Security Command (INSCOM) and U.S. Army Network Enterprise Technology Command (NETCOM) -- and it involved a "fake" website supposedly from Army Family and Morale, Welfare and Recreation Command (Family and MWR). Amusingly, it appears that INSCOM and NETCOM didn't bother to tell the folks at Family and MWR that they were conducting this test, so the group had rushed out an announcement warning people away from the fake site, only to later be clued in by the security folks. Oh well, it still seems better than using Dungeons & Dragons as a test of whether army members are security risks.

17 Comments | Leave a Comment..

 
Politics

Politics

by Mike Masnick

Wed, Feb 27th 2008 7:21am

Share This


Filed Under:
anonymity, grandstanding, phishing, senators



Senate Looks To Outlaw Phishing, Even Though It's Already Illegal

from the gotta-do-something dept

As the saying goes, when your only tool is a hammer, everything starts to look like a nail. The folks in Congress sure do an awful lot of whacking at various nails these days. The latest is a new bill in the Senate that seeks to outlaw phishing. One tiny point is important here: phishing is already illegal. So, really all this bill does is allow these politicians to claim that they took a stand to stop phishing. Except, it's actually worse than that. Not only will this bill not do anything to stop phishing, it will actually make life worse for plenty of non-criminals. That's because a part of the bill would outlaw hiding domain name registration information. Now, there are plenty of legitimate reasons for not wanting to reveal your info in the whois database -- but according to this bill, it won't be allowed any more. If you want to own a domain, you'll need to cough up your name, address and phone number to whoever wants it -- and they better be legit. If you provide false info, you'll also be breaking the law. So, it won't do anything new to stop phishing, but will make it much more difficult to own a domain anonymously. That's quite a nail.

27 Comments | Leave a Comment..

 
Scams

Scams

by Mike Masnick

Tue, Oct 30th 2007 9:49pm

Share This


Filed Under:
phishing

Companies:
supervalu



Phishing Scammers Convince Grocery Store To Give Them $10 Million

from the the-big-phish dept

By now, most people are familiar with how phishing scams work, usually preying on individuals and tricking them into handing over data that allows the scammers access to bank accounts or other useful info. However, scammers have been aiming a bit higher lately. One tactic is commonly referred to as "spear phishing," where scammers focus on business targets, and attempt to convince them that they're actually coming from partners or suppliers. Apparently one such spear phishing attempt nearly worked to the tune of $10 million. The scammers sent two emails to someone at the headquarters of the supermarket chain Supervalu, purporting to be from Supervalu suppliers American Greetings and Frito-Lay. Both emails claimed that their bank account info had changed and Supervalu now needed to deposit payments into different accounts. Someone at Supervalu followed the instructions, leading approximately $10 million to be deposited into the two accounts over a period of about 4 days. At this point, someone from Supervalu figured out there was a problem and alerted the authorities, who were then able to recover most of the money before the scammers withdrew it. However, it appears that no one has yet figured out who opened the accounts, though Supervalu has filed a lawsuit in order to try to get that information.

20 Comments | Leave a Comment..

 
Studies

Studies

by Mike Masnick

Mon, Jul 23rd 2007 8:34am

Share This


Filed Under:
phishing, research, scams

Companies:
indiana university



Latest Phishing Scam... Actually University Research

from the gotta-trick-you-to-understand dept

Lots of people are trying to research phishing scams in order to better understand them and come up with better ways to protect against them, but some folks are apparently a bit upset at research coming out of Indiana University that involved actually phishing a variety of people to con important information out of them in order to understand what kind of phishing scams work. The researchers and the university are defending the practice, saying they learned a lot from it, and it's legal to be deceptive for the purpose of research so long as the deception is no different than what a person might come across normally and the risk to the person is minimal. Still, if any of the information is eventually misused or gets leaked, it certainly could create some problems for the university (and universities are no stranger to leaking data). The university still claims that this kind of research is key to preventing phishing... but oddly, the article seems to highlight what works for phishing scams, rather than what works to stop phishing scams. So, right now, the research seems to be telling scammers how to be more effective scammers, rather than coming up with ways to stop phishing.

13 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Thursday

4:52pm: What Does It Say When A Comedy Show Does More Fact Checking Than News Programs? (56)
3:33pm: Nordic Music Week: Optimism Galore And Found Songs (11)
2:10pm: Would Top Sites Really Opt-Out Of Google Based On A Microsoft Bribe? (37)
12:57pm: Intel Lawyers Again Go Too Far In Trademark Bullying (22)
11:43am: Mandelson Wants Gov't To Have Sweeping Powers To Protect Copyright Holders (40)
10:47am: Once Again, Walmart Stops People From Printing Family Photos Due To Copyright Law Claims (42)
9:39am: Essayist Writes Popular Essay... Then Sends 'Non-Negotiable' Invoice To Church Who Posts It Online (59)
8:23am: ASCAP, BMI And SESAC Continue To Screw Over Most Songwriters: 'Write A Hit Song If You Want Money' (78)
7:07am: Kicking People Off The Internet Not Enough In South Korea, Copyright Lobbyists Demand More (26)
5:33am: Are The Record Labels Using Bluebeat's Bogus Copyright Defense To Avoid Having To Give Copyrights Back To Artists? (42)
3:53am: Larry Magid Calls For News Tax To Fund Failing Newspapers (29)
1:35am: Judge Says 'There's An Ad For That...' And It's Ok For Now (14)

Wednesday

11:01pm: Oh Look, Some Police Do Know How To Use Craigslist As A Tool (8)
8:43pm: Netherlands The Latest To Propose Mileage Tax That Requires GPS For Tracking Driving (30)
6:40pm: Spain Says Broadband Is A Basic Right (12)
4:22pm: Entertainment Industry Wants More People To Know About OpenBitTorrent Tracker (25)
3:00pm: It's The TSA, Not CSI: Actions Limited To Security, Not Crime Investigation (25)
1:49pm: The More Innovative You Are, The More You Get Sued; Yet Another Patent Lawsuit Over Shazam (7)
12:36pm: Oh No! Nobody Reads! Oh No! It's Too Cheap For Everyone To Read! (18)
11:15am: We See Your 'Copyright Contributes $1.5 Trillion' And Raise You 'Fair Use Contributes $2.2 Trillion' (17)
9:55am: Cable Industry Joins MPAA In Asking FCC To Allow Them To Stop Your DVR From Recording Movies (45)
8:44am: Sony Pictures Having Its Best Box Office Year Ever... Still Blaming Piracy For Killing The Business (38)
7:30am: Jenzabar Finds 'Expert Witness' Who Will Claim Google Relies On Metatags, Despite Google Saying It Does Not (38)
5:52am: China Says Microsoft Violates IP With Windows, Bars Sales (26)
4:01am: Don't Post Comments On StlToday.com Or They Might Tell Your Boss (45)
1:50am: Recording Industry Making It Impossible For Any Legit Online Music Service To Survive Without Being Too Expensive (45)

Tuesday

11:01pm: Crackdown On Loyalty Program Scams Shows How Ridiculously Sucessful They Were (11)
8:56pm: Just Because People Say They'll Pay For Something, It Doesn't Mean They Will (21)
7:02pm: Yes, Bad People Use Facebook Too (8)
5:29pm: Folks Can Digg Shoes For Needy Kids (2)
More arrow
Quick Links
Close
E-mail It