Slashdot Mirror
Scamming Spammer Hooks the Wrong Person
CrypticSpawn writes "Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users." Her scam targeted AOL users with messages saying their credit cards were refused during the last billing cycle, and linked to a false billing center page which demanded private information.
Really... We have just charged your credit card for 19.95... if you want to cancel the transaction, enter your card number, full name, and expiry date below...
With the same logic, phone someone up, and tell them that if they don't want to be 0wN3d, they should disable their firewall, and tell you their IP address...
The darwin award exists for those who kill them selves in stupid ways... we need to invent an award for idiots that fall for obvious scams like this.
---
Programming is like sex... Make one mistake and support it the rest of your life.
I suspect that a vast majority of spams hit a large number of law enforcement inboxes - it isn't like spammers are selectively making hand-crafted to lists. Of the spams I get (of which there has been a marked increase in the past month), a good percentage are illegal or gray-legal pennystock pump and dumps, PayPal imitators attempting to get your information, or our good Nigerian friends looking for some assistance in rescuing their money.
I can't be the only one that finds it disturbing that the FBI uses AOL.
An electronic trail of stolen AOL accounts and free Web pages led agents to raid the homes of a professional spammer and a credit card thief, both of whom snitched on Carr, naming her as the ringleader of the operation
She isn't the only one going down. But, sadly, there are still many more to go...
Remember: If you buy anything from spammers, you have a small penis.
Uh oh, looks like Phish has made the headlines AGAIN. Ah well.
--matt
a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users.
What this story teaches us:
- Little middle-aged (well, quite ripe already) ladies are not to be trusted
- AOL users are idiots, since they are prime targets of even little middle-aged lady spamsters
- FBI agents too open AOL accounts, which is worrying in a sense
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
No wonder I get so many email offers for Viagra and low-cost prescription drugs!
No, she was smart, she sent her scam mails to AOL users, who are notorious credulous computer idiots. She didn't send it to postmaster@homelandsecurity.gov. She was just unlucky that an FBI agent was on AOL too.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I've had about 2 e-mails a day of this ilk with respect to my Earthlink account for at least 3 months. A similar scam is in work with respect to Paypal. You don't need to be a total dunce to fall for this, either. Just naive and not savvy with raw e-mail source.
Helium balloons want to be free.
The article makes it sound like she wouldn't have got caught if an FBI agent hadn't been a recepient of the email. I hope this isn't the case and that the FBI is taking a more pro-active attack on this kind of thing than what the article seems to say.
... sounds like she got off a lot easier than those caught sharing music via p2p programs. Either the FBI should hire the MPAA or anyone swapping music online should start credit card fraud, it sounds like the lesser offense.
FLR
AOL Billing center sample page.
IANAL, but imagine a beowulf cluster of in Soviet Russia all your belong are base to us welcoming the new SCO overlords.
Danger Will Robinson, Danger! Rant Ahead!
Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent.
Great. So what about:
...? It seems like every day I'm reading about how some guy got screwed over and the FBI/SP/Local cops just didn't give a shit enough to do anything about it, whether it was technology related or otherwise, because it wasn't sexy enough. Crime is crime is crime.
Case and point, you can pretty much scam anyone outside of your state and get away with it because interstate fraud laws have a $5,000 'ground floor'. That single law is probably the most responsible for the prolific fraud we've ever seen, virtual or otherwise. I could loose $4900 tomorrow and the FBI won't do jack shit. Some FBI nerd gets a scam email any moron would know not to answer, and they call out the swat teams. Faaaaantastic.
It's like the local cops who don't give a shit if your laptop, your radio, etc were stolen and hundreds of dollars in damage done to your car. But, mind you, they've got all day to sit out on 'speed patrol'...
Please help metamoderate.
Actually what it teaches us is
- Criminals don't wear stripes and sound like Cagney
- For any scam the best approach is to target the largest user group... more people means more idiots
- The FBI staff use personal email
This is exactly what you should expect, the FBI aren't a mixed race of mutant beings, and large crimes can be commited by pretty much anyone.
An Eye for an Eye will make the whole world blind - Gandhi
I once received an email with a link that said that I needed to "update" my eBay account with a new: credit card #, my SSN, DOB. The funny thing is I never had an eBay account - ever.
I was at a hotel in Houston one time and I wanted to use my calling card to call home. After following the directions listed on the phone a few times, i was redirected to some telco that I've never heard of, and someone came on the phone, asked for the number I was calling and my calling card number. He then asked for my PIN. I said no way. He then told me that he couldn't make the call. I hung up.
Later, at the airport, my card worked perfectly. I wish I got the name of the telco that was blocking access to my long distance company so I could have filed some sort of complaint with the FTC.
Is it common practice for hotels to block access to your long distance provider so that you have to use their company for help that they charge you for?
I've gotten so paranoid, I've repeatedly hung up on legitimate calls. It's unfortunate, but this shit is hurting legitimate businesses and making it harder for us consumers to know if we're being taken or not.
There is no spoon or sig.
I received an email that was purportedly from Citibank, saying that I had received a money transfer. It was slick. The scammer had gone to a great deal of trouble to make it look like a real email from Citibank. The associated web site also looked real.
What tipped me off? The email asked for too much information, the scammer was being greedy. Examining the HTML source of the email revealed that the web site was in the wrong domain for Citibank.
Mea navis aericumbens anguillis abundat
Wanna bet?
Read this. Be sure to read all the way to the end for fairly positive proof that the guilty party was, indeed, a woman. In fact, it was a woman-owned, woman-run, all-female spam gang.
Regards,
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
The 22 year old guy she was working with thought he was breaking the law with a 20-something hottie instead of this 55 year old overweight felon from Akron. He must feel pretty stupid about now.
this story has more detail
She appeared in federal court in Virginia but she is from Akron, Ohio so you're linking to someone else's contact info.
I don't get it. Is this all it takes to get spammers busted? Can I just forward the scams and spams I get to this guy and have all these people caught? Why did this only become an issue when it was a personal attack on someone in a position of power to do something about it. What about the rest of us, how can we fight back? And more importantly why isn't the FBI doing more to attack spammers other than when they're personally feeling the heat?
ôó
Sorry, but it is incredibly naive of you to assume that only "computer idiots" fall for these scams.
They are very convincing... stealing all the branding of a legit informational email. I'll tell you, my mom and dad just cannot tell the difference between http://www.citibank.com/signup/account.jsp and http://www.citibank.com@192.168.0.1/acct.jsp.
These scams can be compelling to people who don't understand that ALL email should be untrusted, and that all URLs within email should be untrusted, and that all forms that you fill out should be untrusted.
Comment removed based on user account deletion
does it take for a spammer to mail the FBI direct before they take action? Surely they must be aware of the volume of scam emails we *all* get, and be taking action anyway?
Its like waiting for a police station to be burgled before the police take action..
Some of these frauds are pretty blatent (penis enlargement pills etc), you dont need to be sherlock holmes to track them..
"You lied to me! There is a Swansea!"
Millions of spam go out, and the named joe gets hit with all the ire and bounced-mail replies. His ISP usually becomes quite upset with him as well, and he's left trying to explain to everyone that he doesn't even know what the hell is going on.
Its a really neat way of framing somebody on the internet - making it appear to all the outside world that 'joe' did it, when in reality joe was completely uninvolved.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
I think everyone (not only "spammer") had such an "Oops" in her career. I remember when we counterattacked CIA agents scanning our network... I saw a host slowly and randomly syn/fin/null scanning (something like nmap --randomize_hosts -Tparanoid but with -sS, -sF and -sN changing randomly -- a custom patched nmap or something like that) our hosts, so I answered with directing a broadcast-magnified traffic to its class C (something like "smurf" but with custom tools using UDP and TCP as well as ICMP packets) to disable the offending host, having absolutely no idea that I saturated the backbone of ISP used by a CIA covert operation. Imagine my surprise when I saw agents knocking on my door... Fortunately after I described some of my techniques and explained to them that I am a security professional, not a cracker, they let me go but if I wasn't working for the government at that time I probably wouldn't write this now. I wonder what stories other slashdotters can tell about their biggest "Oops!"
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
You wanna know how gullable people are? As a joke last year, I coded a little password checking program, at my site. Users could check their password against a list of a million common English words, to see if their passwords were secure. There was a database with a million words in it, and each time someone put in their password, the site would tell them if it was in the list. It would also tell them that if they are stupid enough to give out the password to just anyone, then it's certainly not secure!
People would show up and type in something that looked like a real password, and then type in another password as a message to me -- along the lines of Fuck You on a Silver Platter, Asshole.
Hackinthebox.org posted the site and a pile of gullable flies* showed up to check their passwords. I'm guessing people from HiB would send the site to other unsuspecting people, as a joke. Thing is, eventually some pretty scared people were emailing me. I took it down after while. It was getting to be more annoying than fun.
There is always someone out there who is greedy or scared enough to be scammed online -- it's just sad when it happens to someone you know.
* flies: a fly is someone who gets stuck in the web, and a spider is someone who owns it.
Same thoughts I had.
I used to send crap like this to the FTC all of the time, but now I just send it to them if I accidentally open one instead of deleting. If I am using AOL I ureport the spam using the AOL utility. Does not seem to slow it down one bit.
Eve Fairbanks says I drive a hybrid!LOL
There are certain items of the arcana that are only available to the wise. Ok, some MCSEs know them too, but only a few.
Do wish to have arcane knowledge and be the envy of your 133t friends? How on earth those spammers, well know for deep knowledge of the darkside, produce a cent sign when it isn't on the keyboard?
You (sir/madam) have been carefully selected as one the few who have what it takes to secret forces and such power right at your fingertips!
Don't be a clueless dork anymore. Just send $19.95. Your seat at the table of the Illuminati is waiting. . . for you (sir/madam)!!!
KFG
"Entering Fraudulent information is against the law. If done so on this form you are now hereby notified that AOL will persecute, fine, and charge anybody trying to commit fraud with our accounts.
persecute:
I hear you on the FBI thing. But consider: somewhere a just-not-worth-the-taxpayer's-money line has to be drawn. The FBI is seriously understaffed. (Go figure. The technologically astute are too proud to work for a measly $35K FBI salary, investigating tech crimes. Nooooo, gotta be making glamourous six-digit salaries on high-visibility programming projects.) But anyhow, the reason I'm posting is...
Unless you live in Andy Griffith Town, the officers who sit on speed trap duty are not the same ones who investigate theft. Different division, different rules, different salaries, therefore a different allocation of officers/resources/time/budget.
A traffic cop "sitting all day" on watch costs less than an investigating agent spending even half a day looking for stolen laptops chock full o' pr0n. It's harder to hire investigative officers and detectives, it's more expensive to train them and pay them.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
The lady should have modified the scam a little bit, because it looks like the original scam was against Sympatico users in Canada. That explains the SIN. More reading
me: I've received 3 scam e-mails today which are trying to get me to give up my credit card number. Do you have a special card number I can give them that will set off an alert when someone attempts to use it, so that you can apprehend these people?
CC Company: No, but that sounds like a great idea.
me: Yes. Now do something about it.
What do you think the odds are that the idea ever got past the person I talked to on the phone?
Kind thoughts do not change the world
Caveman eats poisen berries, caveman dies. Friends of said caveman discover berries were to blame for death, note that no one should ever eat the berries. Another caveman comes along, fails to read the large warning signs posted outside the forest. He eats the berries and dies. Original caveman's friends laugh. The End If you ask me, such obvious scams shouldn't be shut down. Instead they should be allowed to eliminate societies stupider members. -SniperBoB-
http://brandonbloom.name
Why email millions of inteligent people, when all you need to do is to set up an "Free IQ" test, that delivers results via email...
Analogies don't equal equalities, they are merely somewhat analogous.
I know some extremely intelligent people who fell for things like that.
It is not about how smart you are, rather it is
whether you choose to belive certain things or have the experience to tell the scam from the real thing.
Eventually the scammers would figure out what numbers were red-flagged and not use them. All they would need is a CC account and they'd be right on top of the fake numbers just like every other customer.
I got a very official looking e-mail from "PayPal" asking for all my information. Then I noticed the URL and that my password wasn't getting asteriked and typed in "howwouldyouliketogotoprison" in the entry fields and hit submit. I also e-mailed PayPal and within minutes the site was gone. I doubt I was the first to report it.
Credit Card companies already have a solid way of dealing with crime. You watch your statement and if something is fishy you report it. What you have is a statement summary. The CC company has far more information at their disposal as companies that take cards have to submit lots of info to get an account.
The CC company can get just as much information a week or two after the fact as they can "during" the committing of the crime. It's not like they can call up the place that's taking the card and say "hold that customer." Especially since most CC fraud is committed through on-line shops.
Some moron years ago bought more e-mail space at Yahoo with my CC. I called up Yahoo and asked them to tell me if that purchase was applied to my account. No. And when was the last time I bought something on Yahoo for my account? "Over a year ago." And it was for hosting. I never had to pay a dime and the charges were reversed quickly. Since they bought themselves a personal account tracking down who did it would be trivial. And wouldn't even matter since it's non physical property. Yahoo just needed to cancel the account my CC was used on and everyone that matters is happy.
I learned at Mervyn's that major credit card companies tend to eat the cost of the fraud. The customer gets their money back and the store the fraud occured at gets their money. Which actually works out better since now the CC company is the only entity taking on the crook. Instead of (not) being sued a million times by all the victims, they're sued and jailed for one massive crime.
The employee probably thought it was a great idea, told his supervisor, and his supervisor walked him through their tried and true method and explained why your method was flawed.
Ben
Work Safe Porn
Now you know that. I know that, but most people don't and it would still be pretty easy to convince someone to visit The Linux kernel website (I think that /. may have sanitized the misleading like, it should read http://www.kernel.org@3632843893/ copy and paste it yourself to find out) and find themselvse at freebsd.org instead. It all comes back to the first rule of Spam, "Spammers Lie.", when in doubt, see rule 1.
I don't want free as in beer. I just want free beer.
Why not forward all the spam you get to the nearest politician that represents you, with the simple message:
"Could you please do something about this?"
Of course, this politician could try and stop you, but imagine the media attention this would get...
BTW after some rigorous pruning of unnecessary accounts and scrambling my email addresses on the internet, I'm down to 2 spams a week (which get caught by mail.app's excellent spam-filter).
I think, therefore I am...I think.
I once received one of those pay pal credit card scam SPAMs, and snooped around the server which hosted the credit card acceptor script. The script wasn't an index.* file, and directory listing was enabled, so I was able to see all the files on the account. There were only two, the script and the resulting credit card database.
There were easily 1,000 credit cards with full name and addresses and even social security #. Do not underestimate how gullible people on the internet can be.
I reported the site to the host, and not surprisingly it took about a week to get the thing offline.
"Carr's sentence will be determined by the amount of fraudulent charges racked up on the stolen credit card numbers -- with a maximum of five years. But the guidelines also dictate that each credit card be valued at a minimum of $500.00, a formula that helped boost Carr co-conspirator George R. Patterson's sentence to 37 months in prison, according to Patterson's attorney."
That's it? 37 months in prison for her cohort.
Yet the RIAA is trying to hit people for $150,000... and Ashcroft wants "hackers" sentenced as terrorists and put in jail for LIFE.
Want to stop identity theft? Jack up the jail term..big time. 3yrs in jail for stealing a ton of credit card numbers is pretty weak.