iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Trailing A Spam Transaction
Search:
[ insider_reports_insider ]

Trailing A Spam Transaction



David Utter
Staff Writer
2007-10-29

SecurityProNews: Insider Reports Insider Reports RSS Feed


A security researcher at CA took a trip through a typical spam offer, by making a purchase to see how the pieces of a scam all fit together.

Trailing A Spam Transaction
Trailing A Spam Transaction

The presence of an SSL certificate for a purported retail site does not mean the website represents part of a legitimate business.

That was one of the observations by "Alain Tibberman," the alias used by security researcher Mark Wade posting on the CA blog. Through the use of a prepaid $100 GreenDot debit card, Alain made a purchase at a site advertised in spam messages.

The offer of "Dreams can cost less repl1ca w4tches from r0lex here" started the journey, with Alain finding nine different URLs all registered in NanChang, China, many using the name of a famed Chinese actress as the registrant.

Spams arrived after being pushed through a compromised machine at a church in Washington state. Alain noted these spams have come from a variety of PCs, some of them part of Fortune 500 companies.

At the site offering the faux watches and other items. Alain could find no sneaky malware downloads or malicious Iframes. The valid SSL certificate protected Alain's payment details as they crossed the Internet; the spammers didn't want anyone else stealing his funds before they could!

"The owners mention that they have been the leading online retailer of quality luxury timepieces since 2003," he said of the site's About Us link. "Oddly enough, every one of the aforementioned websites was only in operation for one or two weeks."

After ordering earrings and seeing a $77 charge appear on the GreenDot card, Alain received a confirmation message, and an email address for support. That address belonged to a company that used to have operations in Nevada, but its owner has been charged with running fraudulent financial websites.

The money ended up in Cyprus, but Alain never got his earrings, and certainly never will. His tale shows just how far criminals will go to rip people off: to the ends of the Earth.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds