Digital Wild West

Below is a memo to staff of the small company I work for. We occasionally terrify or confuse the plebs with a warning if the helpdesk gets 3 or more calls about what they should do with an email that says:

Hello. Please click on the attachment to lose all your data and have your bank account cleaned out.

I tell them to go ahead, open the attachment. They seem pleased.

I jest.

The Northwest (and other airline names) scam is simple and ordinary (see sample at end of this post) but it provoked me to warn staff when two people I consider intelligent nevertheless were not only duped but highly distressed by the email.

One of them tried replying (of all things) while the other got Northwest’s number from directory assistance and waited 10 minutes on the phone - only to eventually lose connection.

My God, I thought, what if it was a scam phone number, too. At a dollar a second.

Anyway, read on:

=== Start message =============

To Staff,

Two items of interest:

1. Criminal hacking gangs are continuing to use the names of legitimate media organizations, such as the BBC, CNN and MSNBC, and of course, celebrities, as a disguise in their attempts to infect the computers of innocent Internet users.

Sophos, our virus vendor, discusses the issue here:

http://www.sophos.com/blogs/gc/g/2008/08/13/hackers-disguise-malicious-email

[If the above link does not work, copy the entire address into your browser]

2. Northwest Airlines credit card scam

An otherwise ordinary hoax is mention-worthy for affecting both an NBN staff member and a close relative of mine. Both were alarmed by the possibility their credit cards had been billed and tried to contact the sender, Northwest Airlines, to resolve the issue.

The email, of course, carried an attachment that, when opened, would infect an unprotected computer with a data-stealing Trojan.

This typical and unremarkable hoax email demonstrates that we are all vulnerable when the contents of an unsolicited email seem to relate to what’s going on in our lives. Since variations are infinite and spam is endless, eventually everyone receives an email that is too believable.

The criminals behind these emails are smarter than us, know what they are doing, and are relentless.

We must adopt a new way of thinking when processing emails and browsing the Internet. Be observant and suspicious online and devote time and attention to personal security. Treat all web pages as potentially malicious or deceptive. Treat all emails as suspicious and simply IGNORE those that make no immediate sense.

Sample Northwest Airlines scam:

Subject: E-ticket #4731381568

Good morning,
Thank you for using our new service “Buy airplane ticket Online” on our website.
Your account has been created:

Your login: yourname@nbntv.com.au
Your password: passDFL6

Your credit card has been charged for $493.67.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printer, and you are set to take off for the journey!

Kind regards,
Trudy Cameron
Northwest Airlines

The hoax randomly uses several different airline names, of course.

Regards, IT Support

==== End message =============

Cyberfraud, Email scam

You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.