View Full Version : Guess the language of the Scammer

06-20-2005, 07:34 AM
You would think that someone trying to scam English speaking people would try to at least get the grammar right. If I had to guess, I would say this came from India. It has some of the sentence structure that I get from my Indian friends and coworkers, but that's just a guess. Maybe crime has been outsourced. http://forums.freshalloy.com/images/graemlins/grin.gif

From: "Account Service" <service@paypal.com> Add to Address Book
Subject: Verify your PayPal Account
Date: Sun, 19 Jun 2005 21.33.20 +0200

We recently have determined that different computers have logged into your PayPal account, and multiple password failures were present before the login. One of our Customer Service employees has already tryed to telephonically reach you. As our employee did not manage to reach you, this email has been sent to your notice.
Therefore your account has been temporary suspended. We need you to confirm your identity in order to regain full privileges of your account.
If this is not completed by June 22, 2005, we reserve the right to terminate all privileges of your account indefinitly, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
To confirm your identity please follow the link below:


Thank you for your patience in this matter.

PayPal - Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

06-20-2005, 08:08 AM
Or maybe it's Romanian?


Phisher Tales: How
Webs of Scammers
Pull Off Internet Fraud
June 20, 2005; Page B1

Explanations about the source of the Internet's phishing epidemic often involve exotic tales of Asian gangs or the Russian Mafia. It turns out, though, that your average phisher is much more likely to be someone like "C-Power," who is probably a teenager somewhere overseas with a computer in his bedroom and a lot of alarming friends in his buddy lists.

"I have...PayPal [and] eBay logins...I wanna trade," said C-Power in an Internet chat room last week, talking to anyone who would listen. "Serious traders [contact] me for a legit trade."

How long have you been trading, Mr. Power is asked.

"A long time," he replies.

The person talking to C-Power is Christopher Abad, a San Francisco researcher who has spent much of the last six months stalking the phisher underground. (Phishing involves those scam emails that try to lure you into turning over credit-card information to a Web site that, while designed to look like, say, eBay, actually belongs to a phisher.)

Mr. Abad works for Cloudmark, a San Francisco company whose products combat phishing and other forms of spam. One day late last year, Mr. Abad was on the Internet Relay Channel, or IRC, a global online chat system that is best known as the lair of various digital bad guys.

He noticed a chat room titled "Washington Mutual," after a bank that has been a favorite of phishing scams. (Mr. Abad would discover why soon enough.) One thing led to another, and Mr. Abad found himself spending hours a day online, chatting with phishers and charting out their world.

The typical phisher, he discovered, isn't a movie-style villain but a Romanian teenager, albeit one who belongs to a social and economic infrastructure that is both remarkably sophisticated and utterly ragtag.

If, in the early days, phishing scams were one-person operations, they have since become so complicated that, just as with medicine or law, the labor has become specialized.

Phishers with different skills will trade with each other in IRC chat rooms, says Mr. Abad. Some might have access to computers around the world that have been hijacked, and can thus be used in connection with a phishing attack. Others might design realistic "scam pages," which are the actual emails that phishers send

A phisher, just like his spammer cousin, sends out hundreds of thousands or even millions of emails, knowing that only a tiny fraction of the recipients will respond. These responses vary in quality; the best is a "full," which includes everything about the victim, such as name, account number, PIN and mother's maiden name.

But even if a phisher has a "full," the real work has yet to begin. The goal of most phishers is to use the information they glean to withdraw money from your bank account. Western Union is one way. Another is making a fake ATM card using a blank credit card and a special magnetic stripe reader/writer, which is easy to purchase online.

A phisher, though, may not have the wherewithal to do either of those. He might, for instance, be stuck in a small town where the Internet is his only connection to the outside world. In that case, he'll go into an IRC chat room and look for a "casher," someone who can do the dirty work of actually walking up to an ATM. Cashers, says Mr. Abad, usually take a cut of the proceeds and then wire the rest back to the phisher.

Certain chat rooms are thus full of cashers looking for work. "I cash out," advertised "CCPower" last week on an IRC channel that had 80 other people logged onto it. "Msg me for deal. 65% your share."

The average nonphisher might wonder what would prevent a casher from simply taking the money and running. It turns out, says Mr. Abad, that phishers have a reputation-monitoring system much like eBay's. If you rip someone off, your rating goes down. Not only that, phishers post nasty notices about you on IRC. "Sox and Bagzy are rippers," warned a message posted last week.

Phishers, not surprisingly, are savvy about their targets. For instance, it wasn't just a coincidence that Washington Mutual was a phisher favorite. Mr. Abad says it was widely known in the phishing underground that a flaw in the communications between the bank's ATM machines and its mainframe computers made it especially easy to manufacture fake Washington Mutual ATM cards. The bank fixed the problem a few months ago, Mr. Abad says, and the incidence of Washington Mutual-related phishing quickly plummeted. (A Washington Mutual spokesman confirms the account, but notes that the same vulnerability existed at some other banks as well.)

Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters. One thing that's different about phishers, he says, is how little they like to gab.

"Real hackers will engage in conversation," he says. "With phishers, it's a job."

Send your comments to lee.gomes@wsj.com, and check back on Friday for some selected letters at WSJ.com/Portals.

http://online.wsj.com/public/article/0,,SB111922540322063658-k2iziFe2OaO0z3gRtu_AvHbEtKk_20060620,00.html?mod=b logs