Fraudulent spam

Kaspersky Lab, a leading developer of secure content management solutions, announces the publication of the article “Fraudulent Spam” by Natalya Zablotskaya, an anti-spam analyst at the company. The article describes how spam messages are used to gain access to personal information and con users out of money.

Spam attracts cybercriminals and fraudsters of all types because state-of-the-art spam technologies not only allow spammers to trick users but also conceal their activity. Phishing messages, one of the most hostile types of fraudulent spam, are used by spammers to obtain personal data – user logins, passwords, credit card numbers and PINs – with the aim of stealing money. Most often, phishing attacks target clients of online banking and payment systems. With the development of online banking on the Russian-language Internet phishers are increasingly targeting the accounts of Russian users.

Phishing messages imitate the correspondence of legitimate organizations (banks, financial companies, or payment systems). Unlike legitimate messages, however, phishing messages usually encourage recipients to “confirm” their personal data on some pretext or other. These messages contain a link to a fake page where users are asked to enter their personal data, which will then fall into the hands of criminals. The fake page is usually an exact copy of the official site of the organization that supposedly sent the message (the sender’s address is also false) so that users do not suspect anything. Another variant of phishing entails an imitation web page using vulnerabilities in the software installed on a user’s computer to download a Trojan program, which then collects various data (e.g., passwords for bank accounts) and passes it on to its “owner”.

As well as contrived tricks of this sort, there are more primitive methods of deceiving users. For instance, when a user receives a message sent on behalf of the site administration or technical support service asking him to send his account password on some pretext or other to the address indicated in the message. The user is warned that if he fails to do so, his account will be terminated. Phishers on the Russian-language Internet use this trick to access users’ email accounts.

In addition to phishing, cybercriminals make use of lots of other tricks to catch out hapless users. The article describes the most widespread types of fraudulent messages such as Nigerian letters, notifications of fake lottery wins, offers to use “errors” in payment systems, “magic purses”, code generators or a “hole in the script” making it “possible to win in an online casino”. Those who are tempted by quick profits are promised a good return for doing almost nothing, while more discerning users are sent attractive job offers (usually the result of targeted attacks). Spammers also see nothing wrong in making use of blackmail to extort money.

The Russian Internet has recently been subjected to more than just classic ploys from the Western segment of the Internet. Malicious users have successfully developed new means of swindling money out of Russian-speaking users. For example, fraud in which SMS text messages are sent to short codes is currently very common on the Russian Internet. Short codes are leased out by cellular operators and people are charged money when they send a message to these numbers. Most of the money taken from mobile accounts in payment for texts sent to short codes is passed to the party leasing the code.

Spammers are very good at exploiting human weaknesses. More often than not they play upon the victim’s naivety, greed and love for freebies. The schemes may be different, but the goal is the same – to part the user from his money.