Friday, August 18, 2006

Fighting Spam Scams

In God we trust, all others we virus scan. ~Author Unknown

A while back I wrote a little number called “Spam Scams”, which covered the topic of dealing with the pile of detritus that many people are unfortunate enough to find in their e-mail inbox each day. I thought I would pass along some more information about the continuing battle.

First, on a positive note, Google is trying to save us from ourselves. They have begun putting up notices that say “Warning –the site you are about to visit may harm your computer!” These sites might be known to load spyware or trojans on your PC, so the warning may save you from an agonizing round of cleaning or, worse, reinstalling your operating system and programs.

This isn't foolproof, of course. There will be people who go on anyway, just like there are people who dive into areas marked “No Diving! Rocks!” Moreover, the sites pop up all the time, use tricks to increase their search ranking, and can catch the unwary before Google can be made aware that they're scum.

It's an important start, though. Hopefully, the gang over at Yahoo and MSN will take note. Oh, and by the way, Google, Yahoo, and MSN are all trademarks of their respective companies, all of which have many lawyers.

Moving on, I mentioned 419 scammers in the previous post. These charming people send out e-mails claiming to be relatives of or friends of relatives of deceased bigshots who were ousted in a coup or killed off by the current evil government in whatever country the scammer claims to live in. The deceased is said to have left a fortune lying around which the writer can't touch for variously convoluted reasons. BUT, with your help, they can get their hands on the fortune, and, to show their gratitude, they are willing to give you a sizable hunk of the swag. To do this, all they need is your bank account number, social security number, and maybe a few thousand bucks worth of seed money.

Despite how phony this all sounds, people end up being parted from their life savings on a regular basis. The center for this sort of activity is, for some reason, Nigeria; the term “419” is supposed to represent the part of the Nigerian criminal code these dirtbags are violating.

There are spins on this idea. For example, there's the YOU HAVE WON A BAZILLION DOLLARS IN A LOTTERY YOU DIDN'T KNOW YOU ENTERED scam. Apparently, people equate this to the “You May Already Be A Winner” legitimate junk snail mail they get all the time, so they aren't put out by the fact that they have just won a Belgian lottery they never heard of. All they have to do to claim the prize is send a pile of money to the “commission” to facilitate the transfer of your bazillion dollars.

One technique the 419'ers use is to refer to Interpol with respect to particulars in their heartrending appeal. Just to show how far these people can go, they have created a fake Interpol web site to which they link in their message. From all reports, this is a very good fake, not that it's that hard to do. Phishers have created fake bank sites by the boatload, as well as fake eBay and PayPal sites (trademarks are the property, oh, you know). The beauty of the fake Interpol site is that the e-mail address on it is faked. Presumably, if you attempt to check out the 419'er by sending "Interpol" an e-mail, you get back a (hopefully more literate) response from “Interpol” telling you that Dikembe is one righteous dude.

The fake Interpol site is being run from a server in China. The Chinese are not always cooperative in taking down this sort of thing, at least as long as it doesn't mention democracy or freedom anywhere. I guess scamming capitalist pigs is okay.

But, by golly, there are people fighting back. They're called “Scambaiters”, who are, fundamentally, Internet vigilantes, determined to stop scams or, if they can't stop them, determined to make the scammers suffer a little. One of the ringleaders of this merry band goes by the nom-de-Internet of –get this-- “Shiver Metimbers”. One thing the baiters try to do above all is to get photographs of the scammers to post on their sites. However, a simple photo is not sufficient; the idea is to get the scammer to do something humiliating, like say, hold up a sign saying “SCUM”. Metimbers, though, wins the ultimate prize with his photo of a 419'er getting a tattoo that says, “Baited by Shiver.” That's chutzpah.

Unfortunately, much as I chuckle at what these guys (and girls) are doing, it isn't stopping the scammers. According to the article, even though a baiter might acquire a boatload of e-mails back and forth with demands for money, bank accounts, and/or the victim's first-born, law enforcement groups are loathe to do anything until something of value actually changes hands.

We can hope that as the fame of the baiters increases, law enforcement might see a way to use their efforts to do more than get humiliating pictures. It would seem like once a baiter has a dialog going with the scumbag, the law could pick up the trail, and snare the dirty dogs.
It's not that 419'ers are never caught. In fact, these scammers are probably arrested more often than any malware authors. But there are so many of them, and so few of the enforcers that the baiters could be a valuable weapon. Besides, it's a lot easier to tie a guy to a scam if he's got a tattoo that says he's a thief.

It is important to recognize that this baiting business is not for the average surfer. It's too easy to give out legitimate information while trying to keep the scam artist on the hook. These guys are greedy, but they're not stupid. In most cases, baiters spend a long time getting these guys to do something as crazy getting a tattoo. So, I don't recommend that everyone go out and be a 'Net vigilante. In fact, if you get one of these scams, just delete it and forget about it.

One final thought. Please exercise some common sense about mail you choose to open. For example, in the pile of suspected spam that I slog through daily, I found this gem of a subject line the other day (honest):

TRY IN-HOME COLON CLEANSING

I mean, why wouldn't you just delete that immediately? I have trouble imagining anyone seeing that subject and thinking, “Yeah! I gotta get me some of that!”

Some things don't bear thinking about.

No comments:

Post a Comment