October 23, 2008Spear 419ing
You've probably heard of spear phishing, a technique of targeting employees—if not specific employees—of an organization to fool them into revealing information about computer system security (e.g., username/password combos). There is less automation in spear phishing than regular phishing because the crook makes an effort to simulate details about the organization in the phishing email message, thus making the recipient believe the message originated from within the system.
Today I saw an example of "spear 419ing," a highly targeted advance-fee fraud attempt tailored just for li'l ol' me as book author. Here is the message:
I AM TUNDE GLOVER.THE MANAGING DIRECTOR OF FRANKLING.KINDLY BE INFORM THAT I WILL LIKE TO ORDER THE BELOW BOOK TITTLES:
Dynamic HTML: The Definitive Reference, 3rd Edition--------------------15 copies
CALCULATE THE TOTAL COST AND THE SHIPPING COST TO MY
FEDEX PRIORITY OR DHL WORLDWIDE EXPRESS OR GLOBAL
MAIL.LET ME HAVE YOUR
TERMS OF PAYMENT.
2 odunlami street
AWAITINNG TO RECEIVE THE QUOTE BY TODAY
The message was sent through the real yahoo.com email system. It therefore included the DomainKey signature to help guarantee its delivery through server-side spam filters that look for such things.
All three links in the HTML message were to book listings at my dannyg.com web site. This guy did his homework.
And so did I.
Discounting the excessive use of all caps and a claimed address in Nigeria, there were (for me, anyway) two additional giant red flags that this message was a scam:
- He's using yahoo.com email for criminy's sake!
- In a part of the world where nothing gets done today, he's insisting on a quote today.
Next stop: Google.
The name Tunde Glover turned up only a handful of references to a computer game artist or designer. There were no listings for a Franking Inc in Nigeria.
Then I tried the street address, "2 odunlami." Holy crap!
If such a place exists, either it is a reputable building with which the crooks want to feel associated, or it's a massive den of thieves.
One point is certain: This isn't the first time these crooks have targeted books in their scams. I found tales of small publishers who accepted credit card orders, rushed the books out by FedEx, and then had the credit card charged back later—leaving them out both the books and hundreds of dollars in unrecoverable shipping charges. In fact, according to one victim, before the chargeback came through, the scammer placed an additional order. The crook also wanted the publisher to buy him a cell phone and put it into the next shipment. It wouldn't surprise me if some of the "payments" for this scam also come by way of bogus foreign bank checks for more than the invoice amount. Such checks literally take weeks to (not) clear...meanwhile the "customer" had insisted on instantaneous shipment of the goods and the excess payment amount immediately wired to Africa.
I had seen ship-it-to-Africa-today scams for years and years. Most commonly, the crooks target eBay sellers of expensive goods (jewelry and electronics mostly). The game is to yank the chain of customer satisfaction—something that legitimate merchants take great care to meet. And, let's face it, merchants deal with new, unknown people all the time. Spotting a scammer isn't always easy. In a business downturn, it's too easy to get caught up in the excitement of a big order that has to be handled right away. But it's exactly at that moment when you have to keep your wits about you and protect yourself or your company first.
Interestingly, the version of the scam that I received doesn't explicitly say that payment will be by credit card (as most of the others did). He says (allow me to lowercase it for you), "Let me have your terms of payment." I'll bet if I insist on a Western Union money transfer—the way scammers want money sent to them—the crook would come up with enough excuses to fill a 747 Freightliner. Today.Posted on October 23, 2008 at 08:53 AM