OFFICIAL SECURITY BLOG
May 31, 2013 | BY Jérôme Segura
More and more people are working from home these days for a variety of companies, big and small. This is cost effective for firms and remote workers enjoy the ability to work on their own with simply a computer and Internet connection. However, there is also an increasing number of work-at-home and get-rich-quick schemes (we blogged about them before) and some criminals are trying to maximize their return on investment by harvesting email addresses and contact lists from Facebook, as well as email accounts, for more targeted attacks.
In this post, we will explore the business model and the techniques used that are making some individuals a lot of dirty money.
Does the story above sound too good to be true? Just a bit, and yet this scam works really well.
The socio-economic factors:
During their lifetimes, many people will experience a hardship, lose their jobs, get critically ill or find themselves retired with a tight income, struggling to make ends meet. Wouldn’t it sound like a dream come true to be able to work from the comfort of your own home? While there is such a thing, the reality is that it just isn’t as easy as the “report” implies. But hopeful promises are like water in the desert, and need will drive many people to reach out for them. The crooks hammer the same hopeful message over and over again and use all sorts of tricks to reel in their next victim.
The e-marketing scam:
The pages are built in such a way that they catch your interest and keep you scrolling down for more. Not only that, but the offer is personalized based on your IP address, which again is meant to gain the person’s trust. Logos and even videos from news sites are inserted out of context and leveraged to give legitimacy to the offer.
What the crooks are trying to sell ranges from books to DVDs or other materials, all with many promises like “satisfaction guaranteed” and such.
These offers are not only unrealistic but actually could take you down a very bad road. If you think you only lost a hundred dollars by investing in a scam like this, think again. Once the crooks have your name, phone number and credit card details they will try to get as much money from you as they possibly can. In some cases you will be solicited again for more products – or even worse, your private and banking information will be sold on the black market.
Going full circle:
Remember the website from the first picture? Its domain name is workingathomewithgoogle.com. It was registered through the CENTER OF UKRAINIAN INTERNET NAMES (note the country) to a certain Edward Johnson living in the U.S. (a fake identity, of course). Well, now consider the following known phishing website, reported on PhishTank that steals Facebook credentials:
Guess who owns this phishing site? It turns out that this domain, fizibookzz.com, was also registered through the CENTER OF UKRAINIAN INTERNET NAMES by the very same “Edward Johnson”! It’s a reasonable bet that a person who engages in criminal phishing behavior on one of his sites is unlikely to be offering an honest business opportunity on another.
And guess what happens when the bad guys have your username and password? Well, they spread the scam to your family and friends by posting it on your wall, emailing it to them directly, etc.
Other “campaign” methods include hacking Twitter accounts and tweeting away:
All in all, there are entire groups of individuals (most likely from Eastern Europe or India) running these scams and registering these fake sites (which, for the most part, are hosted in the U.S.) under false names, hiding behind proxies, and so on. It’s safe to assume these people also belong to affiliate networks and take part in other illegal activities.
To conclude this post, I thought I would show something quite ironic that I came across during this research. We all know about those infamous Nigerian scams, in which a king in exile supposedly really needs your help to transfer his gold/diamonds out of the country and offers to share half of it with you. Well, guess what? Nigerian crooks don’t just export their scams to the rest of the world. Scams are also used to target Nigerians themselves:
I guess there is just no hope when scammers scam their own people, is there? But I have to admit, the idea of a classic Nigerian scam making the rounds in Nigeria is quite funny…
Other than the phishing pages, we also see many Facebook contact requests sent for the sole purpose of getting your “friends” list and spamming the people on it.
So you should pay attention when you receive a new contact request, as it may turn out to be a spam bot or some other less-than-desirable “friend” to have. It is obvious that targeted spam campaigns or scams that reach you through people you know achieve better results for the crooks who perpetrate them because trust is already established.