Data theft, Trojans and quotes from the Bible: the murky world of spam money lenders
30 Jan 2014
The experts at Kaspersky Lab explain the dangers posed by loan offers sent out in spam, what can happen if users reply to spam messages, and also provide some useful tips on how to avoid falling victim to unscrupulous financial organizations and Internet scams.
Spam money lenders: expensive and dangerous
Small organizations and private money lenders unable to compete with the scale of marketing campaigns available to big multi-national banks often resort to electronic mailings. Quite often, these messages serve as a cloak for unscrupulous organizations whose services turn out to be far more expensive than advertised. Typical Internet scams may also distribute credit spam. In order to collect information about the victim, they can offer their assistance in obtaining a loan and ask either for a password to the online banking system, a three-digit card verification value (CVV) or the user’s passport or contact details. This information can be used for example for drawing up false documents.
The loan scammer’s tools of choice:
- Phishing – an attempt to steal a user’s financial data using fake web pages that imitate official application forms from well-known banks.
- Malware attachments that imitate loan application forms or approved credit agreements.
Responded to a spam message? Watch your inbox fill up with even more spam!
A response to a spam email, even made without any intention to use the services offered in the advertisement, tells the spammers that the email address really exists and is actively used (some spammers send messages to randomly generated address lists). As a result, the number of advertising messages sent to the ‘exposed’ email box will increase significantly.
“We see fraudsters using all kinds of tricks to deceive users. Some senders introduce themselves as charity or Christian organizations that help the needy. Such messages may contain quotes from the Bible to look more convincing. Others want to attract potential clients by promising them large sums of money (sometimes up to several million in cash) which can be granted in a short period of time (from several hours to a couple of days) without any pledge or guarantors, or any certificate of income and with a minimum number of documents,” comments Maria Vergelis, Spam Analyst at Kaspersky Lab. “Please remember that any attempt to open an attached ‘contract’ can lead to system infection and the loss of data stored on the hard drive.”
- Don’t enter your personal details on dubious sites;
- Don’t fill in HTML forms delivered from unknown senders, especially if your computer is not protected by an antivirus program that can promptly identify and block fraudulent links;
- Never provide your personal data to third parties or enter into correspondence on financial issues with unknown “lenders”;
- Do not run executable files or open attachments, especially archives and office documents from unknown senders (in extreme cases, only do this after getting a safety verdict from an antivirus program).
The full version of the report on spam money lenders is available at securelist.com.
Spam evolution 2013