Slashdot Mirror
Scamming Spammer Hooks the Wrong Person
CrypticSpawn writes "Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users." Her scam targeted AOL users with messages saying their credit cards were refused during the last billing cycle, and linked to a false billing center page which demanded private information.
I can't be the only one that finds it disturbing that the FBI uses AOL.
An electronic trail of stolen AOL accounts and free Web pages led agents to raid the homes of a professional spammer and a credit card thief, both of whom snitched on Carr, naming her as the ringleader of the operation
She isn't the only one going down. But, sadly, there are still many more to go...
Remember: If you buy anything from spammers, you have a small penis.
The article makes it sound like she wouldn't have got caught if an FBI agent hadn't been a recepient of the email. I hope this isn't the case and that the FBI is taking a more pro-active attack on this kind of thing than what the article seems to say.
... sounds like she got off a lot easier than those caught sharing music via p2p programs. Either the FBI should hire the MPAA or anyone swapping music online should start credit card fraud, it sounds like the lesser offense.
FLR
AOL Billing center sample page.
IANAL, but imagine a beowulf cluster of in Soviet Russia all your belong are base to us welcoming the new SCO overlords.
Actually what it teaches us is
- Criminals don't wear stripes and sound like Cagney
- For any scam the best approach is to target the largest user group... more people means more idiots
- The FBI staff use personal email
This is exactly what you should expect, the FBI aren't a mixed race of mutant beings, and large crimes can be commited by pretty much anyone.
An Eye for an Eye will make the whole world blind - Gandhi
I once received an email with a link that said that I needed to "update" my eBay account with a new: credit card #, my SSN, DOB. The funny thing is I never had an eBay account - ever.
I was at a hotel in Houston one time and I wanted to use my calling card to call home. After following the directions listed on the phone a few times, i was redirected to some telco that I've never heard of, and someone came on the phone, asked for the number I was calling and my calling card number. He then asked for my PIN. I said no way. He then told me that he couldn't make the call. I hung up.
Later, at the airport, my card worked perfectly. I wish I got the name of the telco that was blocking access to my long distance company so I could have filed some sort of complaint with the FTC.
Is it common practice for hotels to block access to your long distance provider so that you have to use their company for help that they charge you for?
I've gotten so paranoid, I've repeatedly hung up on legitimate calls. It's unfortunate, but this shit is hurting legitimate businesses and making it harder for us consumers to know if we're being taken or not.
There is no spoon or sig.
The 22 year old guy she was working with thought he was breaking the law with a 20-something hottie instead of this 55 year old overweight felon from Akron. He must feel pretty stupid about now.
this story has more detail
I think everyone (not only "spammer") had such an "Oops" in her career. I remember when we counterattacked CIA agents scanning our network... I saw a host slowly and randomly syn/fin/null scanning (something like nmap --randomize_hosts -Tparanoid but with -sS, -sF and -sN changing randomly -- a custom patched nmap or something like that) our hosts, so I answered with directing a broadcast-magnified traffic to its class C (something like "smurf" but with custom tools using UDP and TCP as well as ICMP packets) to disable the offending host, having absolutely no idea that I saturated the backbone of ISP used by a CIA covert operation. Imagine my surprise when I saw agents knocking on my door... Fortunately after I described some of my techniques and explained to them that I am a security professional, not a cracker, they let me go but if I wasn't working for the government at that time I probably wouldn't write this now. I wonder what stories other slashdotters can tell about their biggest "Oops!"
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
There are certain items of the arcana that are only available to the wise. Ok, some MCSEs know them too, but only a few.
Do wish to have arcane knowledge and be the envy of your 133t friends? How on earth those spammers, well know for deep knowledge of the darkside, produce a cent sign when it isn't on the keyboard?
You (sir/madam) have been carefully selected as one the few who have what it takes to secret forces and such power right at your fingertips!
Don't be a clueless dork anymore. Just send $19.95. Your seat at the table of the Illuminati is waiting. . . for you (sir/madam)!!!
KFG
No. The ones I've seen use this:l IPaddre ssindotlessformat/
http://www.myrealbankname.com:whatever@rea
The "www.myrealbankname.com:whatever" before the @ is not a URL, but a value sent to the real site which is denoted by the "realIPaddressindotlessformat".
For example, cut and paste this into your browser:
http://www.kuro5hin.org:section@1109654166/
The above URL doesn't take you to Kuro5hin, it takes you to the Slashdot main page.