The InfoSec Blog

419 scammers using Dilbert.com

Posted by Anton Aylward

http://blogs.zdnet.com/security/?p=3809&tag=nl.e539

Oh, the ignominy!

On their way to search for clean IPs through which to send out yet another scam email, 419 con-artists (Mrs Sharon Goetz Massey) have recently started using Dilbert.com’s recommendation feature in an attempt to bypass anti-spam filters -- and it works. The use of Dilbert.com’s clean IP reputation comes a month after 419 scammers used the same tactic on NYTimes.com ‘email this’ feature.

One thing in InfoSec is certain: the bad guys will always in a way round whatever controls we put up an find ways to subvert legitimate tools an protocols.

Reblog this post [with Zemanta]

Billion and Billions.

Posted by Anton Aylward

No, not a Google its a Sagan!

I'm sure that like me you get mails that read something like

From:Mr.John Lewis
Phone No: 44-702 409 9061

This is to inform you that your funds of US$15 Million
has been approved for immediate delivery to you.

For the purpose of clarification,you are advised to
reconfirm your Full Names,Direct Telephone
Numbers,Physical Address with Zip Code so that there
will be no error during the delivery of the funds to
you in your country of residence.

Your quick response will be highly appreciated.
Congratulations in advance.your mail to this email address .
johnlewis477@yahoo.com.hk
Please Try and call me now Phone No: 44-702 409 9061.
It is very Urgent.
Mr.John Lewis

The Cardsharps

Its always struck me as illogical that these are rarely addressed to me personally, they are usually to 'undisclosed recipients'. That's plural.
Lots of people have been sent this offer for $15M then.

The second thing that is illogical is that if there is this much money surely they could do the background check on me so they don't need to ask for my name, address and all the other stuff. I'm in the phone book. And the on-line phone book.

Some of these even give physical addresses and phone numbers in countries - is that '44' UK and not HK? - which may look convincing but s a bit stupid in this day and age when so many people travel and have relatives and friends in other countries. I do recall reading on the net of someone who did scam one of these people by having friends in that country following up.

But that 'lots of $15M' raises an interesting question.
Presumably the scam artist is appealing to greed.
The trouble is that its unrealistic.

What would be realistic?
Would $15,000 sound more reasonable for some long lost relative?
After all what if I am the eldest son of an eldest son of an eldest son, so some collateral branch of the family we lost contact with during the war leaves a legacy part of which follows that path?

Yes, I know its more than most scamers would think worth while, but just as the 'Net has pushed down the cost of unsolicited mail, so to has it pushed down the cost and effort of genealogical research.

Does being sucked in by the smaller but more reasonable amount make more sense that the obviously impossible millions?

Because lets face it, pitches like

We happily announce to you the draw (#1106) of the UK
INTERNATIONAL LOTTERY,online Sweepstakes International program
held on 12th May, 2007.

Your e-mail address attached to ticket number:56475600545 188
with Serial number 5368/06 drew the lucky numbers:
04-05-16-19-21-49 (bonus no.20), which subsequently won you the
lottery in the 2nd category i.e match 5 plus bonus. You have
therefore been approved to claim a total sum of �500,000 (Five
hundred thousand pounds sterling) in cash credited to file
KTU/9023118308/03.

That went out to 'undisclosed recipients' as well.
But since when do these jackpots get disbursed in cash rather than cheques with lots of publicity. And why should the cash be credited to a file and not the winner?

So what it comes down to is that these scams are targeted to people who are dazzled by big numbers and don't have a lot in the way of critical thinking and scepticism. Scott Adams, the author of the Dilbert cartoon strip, would call them "In-duh-viduals".

I'm tempted to say that there's a lot of that about in the western world today for a number of reasons, religious fanaticism, lack of education in statistics, believing that you have a right to gobs of money with no effort ... One school of thought is that civilization needs the Marching Morons to act as consumers and keep the machinery of society working, but we don't want the to be too smart or
they might rebel. Fred Pohl and Cynic Kornbluth explored this idea in their short story
"The Marching Morons". (I recall the false speedometers in cars that gave the impression you were doing the Ton when you were only just doing a bit over 60. This too has come to pass.) Its been explored in other utopian/dystopian novels such as Ira Levin's "This Perfect Day" or the sex slaves of Charles Fourier's (yes THAT Fourier) Utopian vision.
Utopia for some.

If you want to see it applied to our society - yes Virginia, we do have sex slaves and a 'conspiracy' (or at least an emergent property) to dumb us down. While John Gatto has written about how our school system is rigged for this (See
http://antonaylward.com/articles/2006/12/01/dumbing-us-down)
he omits that in many ways the society we have NEEDS the Marching Morons. Large scale questioning of roles and existence would be too disruptive. Isaac Asimov touches on this in his stories, for example 'Strikebreaker' (someone has to do the dirty jobs like garbage collection and build and maintain the sewers...) and "Profession"

But doesn't that in and of itself mean that the under-educated classes must exist and must therefore be susceptible to scams like the ones I describe above?

Its a sad, sad world.

Reblog this post [with Zemanta]