Slashdot Mirror
Scamming Spammer Hooks the Wrong Person
CrypticSpawn writes "Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users." Her scam targeted AOL users with messages saying their credit cards were refused during the last billing cycle, and linked to a false billing center page which demanded private information.
Really... We have just charged your credit card for 19.95... if you want to cancel the transaction, enter your card number, full name, and expiry date below...
With the same logic, phone someone up, and tell them that if they don't want to be 0wN3d, they should disable their firewall, and tell you their IP address...
The darwin award exists for those who kill them selves in stupid ways... we need to invent an award for idiots that fall for obvious scams like this.
---
Programming is like sex... Make one mistake and support it the rest of your life.
... sounds like she got off a lot easier than those caught sharing music via p2p programs. Either the FBI should hire the MPAA or anyone swapping music online should start credit card fraud, it sounds like the lesser offense.
FLR
Danger Will Robinson, Danger! Rant Ahead!
Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent.
Great. So what about:
...? It seems like every day I'm reading about how some guy got screwed over and the FBI/SP/Local cops just didn't give a shit enough to do anything about it, whether it was technology related or otherwise, because it wasn't sexy enough. Crime is crime is crime.
Case and point, you can pretty much scam anyone outside of your state and get away with it because interstate fraud laws have a $5,000 'ground floor'. That single law is probably the most responsible for the prolific fraud we've ever seen, virtual or otherwise. I could loose $4900 tomorrow and the FBI won't do jack shit. Some FBI nerd gets a scam email any moron would know not to answer, and they call out the swat teams. Faaaaantastic.
It's like the local cops who don't give a shit if your laptop, your radio, etc were stolen and hundreds of dollars in damage done to your car. But, mind you, they've got all day to sit out on 'speed patrol'...
Please help metamoderate.
Wanna bet?
Read this. Be sure to read all the way to the end for fairly positive proof that the guilty party was, indeed, a woman. In fact, it was a woman-owned, woman-run, all-female spam gang.
Regards,
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
After following the directions listed on the phone a few times, i was redirected to some telco that I've never heard of, and someone came on the phone, asked for the number I was calling and my calling card number.
Maybe a scammer just put his own sticker on the phone when he had the room before you. I doubt that housekeeping checks for that kind of thing.
I think everyone (not only "spammer") had such an "Oops" in her career. I remember when we counterattacked CIA agents scanning our network... I saw a host slowly and randomly syn/fin/null scanning (something like nmap --randomize_hosts -Tparanoid but with -sS, -sF and -sN changing randomly -- a custom patched nmap or something like that) our hosts, so I answered with directing a broadcast-magnified traffic to its class C (something like "smurf" but with custom tools using UDP and TCP as well as ICMP packets) to disable the offending host, having absolutely no idea that I saturated the backbone of ISP used by a CIA covert operation. Imagine my surprise when I saw agents knocking on my door... Fortunately after I described some of my techniques and explained to them that I am a security professional, not a cracker, they let me go but if I wasn't working for the government at that time I probably wouldn't write this now. I wonder what stories other slashdotters can tell about their biggest "Oops!"
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
You wanna know how gullable people are? As a joke last year, I coded a little password checking program, at my site. Users could check their password against a list of a million common English words, to see if their passwords were secure. There was a database with a million words in it, and each time someone put in their password, the site would tell them if it was in the list. It would also tell them that if they are stupid enough to give out the password to just anyone, then it's certainly not secure!
People would show up and type in something that looked like a real password, and then type in another password as a message to me -- along the lines of Fuck You on a Silver Platter, Asshole.
Hackinthebox.org posted the site and a pile of gullable flies* showed up to check their passwords. I'm guessing people from HiB would send the site to other unsuspecting people, as a joke. Thing is, eventually some pretty scared people were emailing me. I took it down after while. It was getting to be more annoying than fun.
There is always someone out there who is greedy or scared enough to be scammed online -- it's just sad when it happens to someone you know.
* flies: a fly is someone who gets stuck in the web, and a spider is someone who owns it.
me: I've received 3 scam e-mails today which are trying to get me to give up my credit card number. Do you have a special card number I can give them that will set off an alert when someone attempts to use it, so that you can apprehend these people?
CC Company: No, but that sounds like a great idea.
me: Yes. Now do something about it.
What do you think the odds are that the idea ever got past the person I talked to on the phone?
Kind thoughts do not change the world
Eventually the scammers would figure out what numbers were red-flagged and not use them. All they would need is a CC account and they'd be right on top of the fake numbers just like every other customer.
I got a very official looking e-mail from "PayPal" asking for all my information. Then I noticed the URL and that my password wasn't getting asteriked and typed in "howwouldyouliketogotoprison" in the entry fields and hit submit. I also e-mailed PayPal and within minutes the site was gone. I doubt I was the first to report it.
Credit Card companies already have a solid way of dealing with crime. You watch your statement and if something is fishy you report it. What you have is a statement summary. The CC company has far more information at their disposal as companies that take cards have to submit lots of info to get an account.
The CC company can get just as much information a week or two after the fact as they can "during" the committing of the crime. It's not like they can call up the place that's taking the card and say "hold that customer." Especially since most CC fraud is committed through on-line shops.
Some moron years ago bought more e-mail space at Yahoo with my CC. I called up Yahoo and asked them to tell me if that purchase was applied to my account. No. And when was the last time I bought something on Yahoo for my account? "Over a year ago." And it was for hosting. I never had to pay a dime and the charges were reversed quickly. Since they bought themselves a personal account tracking down who did it would be trivial. And wouldn't even matter since it's non physical property. Yahoo just needed to cancel the account my CC was used on and everyone that matters is happy.
I learned at Mervyn's that major credit card companies tend to eat the cost of the fraud. The customer gets their money back and the store the fraud occured at gets their money. Which actually works out better since now the CC company is the only entity taking on the crook. Instead of (not) being sued a million times by all the victims, they're sued and jailed for one massive crime.
The employee probably thought it was a great idea, told his supervisor, and his supervisor walked him through their tried and true method and explained why your method was flawed.
Ben
Work Safe Porn
Why not forward all the spam you get to the nearest politician that represents you, with the simple message:
"Could you please do something about this?"
Of course, this politician could try and stop you, but imagine the media attention this would get...
BTW after some rigorous pruning of unnecessary accounts and scrambling my email addresses on the internet, I'm down to 2 spams a week (which get caught by mail.app's excellent spam-filter).
I think, therefore I am...I think.