Negative leadership
One of most successful spoofing campaigns of all time targeted CitiBank. The perpetrators sent out emails that looked exactly like real ones from Citibank, and inserted hotlinks that led unsuspecting customers to a pharming website made to look exactly like the real Citibank site. There, visitors were prompted to fill in their account information, which cybercriminals later used to initiate unwanted money-transfers.
Updated pharming sites often communicate not only with the intended victim, but simultaneously with the site they are spoofing. When you enter your confidential information, the pharming site stores the information and also passes it to the legitimate site. If there's an error, the pharming site helpfully reports back that you've mis-entered your information and encourages you to try again. This tactic not only eliminates harvesting a lot of worthless data, but helps to allay the fears of suspicious victims, who may purposely provide phony information once or twice just to make sure they're on the "real" website. When the information proves correct, these cybercriminals are set up to sack the user's account immediately.
One very sophisticated and newly invented spoofing scam involves Amazon's new Kindle Publishing for Blogs. Cybercriminals have been able to post content they don't actually own, and nevertheless collect royalties on sales of that material.
Similarly, there are individual "spoof-preneurs" using online classifieds and email in scams offering to rent apartments they don't own, and asking for "key money" in advance of actually showing people around.
The rest of this article could be filled -- many times over -- with a litany of cases, examples, prosecutions, and anecdotes from the dark underbelly of internet spoofing and spamming, phishing and pharming. But you've probably heard enough of these from other sources. It's enough to say -- and here comes another of these sensible warnings -- that consumers should never volunteer any confidential information online, and never click on any link, whether in response to an email or a website, until they are 100 percent confident it is legitimate.
Staying clean
While most of us are smart enough -- or have been burned enough -- to know we should watch where we go and what we do on the internet, the simple fact is there are enough newbies coming on line, and enough experienced people who are tired or distracted while at their computers, to keep spoofers and spammers extremely gratified with the success of their malicious campaigns.
Back in the day, you could often identify spoofs and spams by their poor wording, bad spelling, and generally crummy quality. This is no longer true. In many cases, criminals' underhanded work is indistinguishable from legitimate emails and websites.
So your best defense is to be paranoid, suspicious, and as cautious as a canary at a cat convention.
And there's plenty of reason to behave that way.
Rogue operations
In these times of rapid change, modern spoofers and spammers have advanced their scamming art as much as every other online segment. They now put real development time into their products to make them look legitimate. One of the newest and most nefarious scams is the "rogue service provider." These spoofers and spammers either offer real services to illegal operators, or go directly for victims' money by offering their own phony services.
For example, the FTC very recently shut down one rogue operation that knowingly hosted and actively distributed child pornography, malware, and spam under the auspices of an Oregon shell corporation. Servers that the organization controlled in San Jose, Calif., were using more than 600 IP addresses. This operation is now disconnected from the internet, but the main perpetrators -- unknown persons based in Eastern Europe -- remain at large and fully capable of starting up again as soon as they reorganize.
Another rogue strategy is the antivirus scam. Basically, this works by getting your computer to display a message that claims your system is currently infected, and kindly offers to fix the problem -- but only after you pay a fee, usually in the range of $60 to $80.
"When you pay," explains Sean-Paul Correll, threat researcher and security evangelist, with Panda Security, which provides IT security to millions of clients around the globe, "the money goes to the scammer through a payment gateway in a country that doesn't enforce cyber laws, and of course they also collect all your ID information." However, the rogue antivirus scammer doesn't actually provide you with any product or service. He just takes your money and runs, and usually sells your information to other scammers, too."
<< Previous page | Next page >>
