madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

419 scammers using Dilbert.com

By | July 28, 2009, 3:23am PDT

Summary: Scammers too, know Dilbert. On their way to search for clean IPs through which to send out yet another scam email, 419 con-artists (Mrs Sharon Goetz Massey) have recently started  using Dilbert.com’s recommendation feature in an attempt to bypass anti-spam filters — and it works. The use of Dilbert.com’s clean IP reputation comes a month after [...]

Scammers too, know Dilbert.

On their way to search for clean IPs through which to send out yet another scam email, 419 con-artists (Mrs Sharon Goetz Massey) have recently started  using Dilbert.com’s recommendation feature in an attempt to bypass anti-spam filters — and it works. The use of Dilbert.com’s clean IP reputation comes a month after 419 scammers used the same tactic on NYTimes.com ‘email this’ feature.

Isolated incidents or an indication of a trend? 419 scammers are like spammers circa 1997, technically unsophisticated but fully capable of maintaining a fraudulent infrastructure by using legitimate services only.

Case in point - automatically registered email accounts next to compromised ones already represent the source of a close to 20% of the overall spam volume, and these levels remain steady. A logical question arises, why hasn’t 419 advance-fee fraud reached the efficiency levels of phishing or spam in general, taking into consideration the fact that spam is already outsourced as a process? It’s because South Africa-based scammers lack the networking skills necessary to approach international cybercrime groups which would not only manage the entire scamming process for them, but would help them improve the quality of the campaigns.

Data detailing the magnitude of advance-fee fraud varies. According to the U.S Internet Crime Complaint Center, Nigerian letter fraud represented a 5.2% of the total loss reported in their annual 2008 report, with non-delivery scams topping the chart. Internationally, the number of advance-fee fraud cases and the number of victims is higher:

In the last two years, the Electronic and Financial Crimes Commission (EFCC) of Nigeria has been putting scammers in jail. The commission has invited journalists on a successful high-profile operation to apprehend a scamming ring and has helped foil Nigerian-led groups that ran multimillion-dollar fraud schemes. In a 2007 report, the EFCC said it handled more than 18,000 advanced-fee fraud cases, a six-fold increase in just four years.

From a technical perspective, advanced-fee fraud is still in its infancy, however the results of its tactics are pretty evident in the face of the thousands of scammed people across the globe. Don’t be one of them, spot the scam, take a minute and report it.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Fraud, Scammer, Litigation, E-mail, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 21 Talkback(s)

  • You know, you'd think 419 schemes would be famous by now
    Why do people *still* fall for them? Quite aside from the cynicism factor this has been going on for years. Surely everybody's heard about it by now???
    ZDNet Gravatar
    wolf_z
    28th Jul 2009
  • Well, as PT Barnum once said...
    ...there's a sucker born every minute.

    Combine an opportunity cost of near-zero and high
    potential rewards, we'll likely never be rid of
    this.
    ZDNet Gravatar
    JohnMcGrew@...
    28th Jul 2009
  • Well, as PT Barnum once said... (not)
    Actually, David Hannum said that in reference to one of the shows PT Barnum was promoting.
    ZDNet Gravatar
    Darr247
    29th Jul 2009
  • RE: 419 scammers using Dilbert.com
    Wow,Thanks again! replica hermes bags
    ZDNet Gravatar
    lovedong
    13th Sep
  • Greed
    Unfortunately, for many people greed often trumps common sense.
    ZDNet Gravatar
    Divergex
    28th Jul 2009
  • Victim's dishonesty
    From what I have read about most con jobs; the victim's dishonesty is the con's focus. Most people think of themselves as decent and law abiding but yet will entertain receiving a kick back for doing something to help.

    An honest person would refuse to accept a fee in exchange for their help, especially if the help is to by pass a law (fair or unfair laws. It is said that an honest man can not be cheated; Diogenes searched but could not find an honest man.
    ZDNet Gravatar
    sboverie@...
    28th Jul 2009
  • Think of it as Evolution in Action
    Sorry! I just had to say that, but Larry Niven was one of my favourite SF Authors in my younger days. Unfortunatelely as I get older I believe in TOIAEIA less and less. Western society seems to have evolved to protect the terminally stupid over and above the rest of society. I am afraid that I have no solution, just continuing disillusionment with human stupidity.
    ZDNet Gravatar
    adrian_grover@...
    29th Jul 2009
  • not quite the "natural selection" process
    >>>Western society seems to have evolved to protect the terminally stupid over and above the rest of society.

    Unfortunately, this "terminal stupidity" is not something that nature seems to reject. It is a persistent defect.
    ZDNet Gravatar
    David A. Pimentel
    30th Oct 2009
  • It's the new users, not the old hacks
    The Internet has 1.661 billion users (see http://www.internetworldstats.com/emarketing.htm).
    The growth is linear with about 65 million new users per year.
    That's 65 million fresh targets per year who have never heard of any Internet scams.
    Just because you and everybody you might know has heard of it, don't generilize to the entire Internet. The Internet is a heck of a lot bigger than you think.
    ZDNet Gravatar
    GrimmReaperSound
    28th Jul 2009
  • Sometimes they're nearly believable
    I'm as suspicious about these spam letters as the next
    person - to the point that that I've trashed legitimate
    email questions. But, every once in awhile, one of
    those spam mails is crafted well enough and - more
    importantly - coincidentally is coming from
    (supposedly) a company that I might actually be doing
    business with. Sometimes, on occasion, I am looking
    at a message and thinking that this time it might be
    legitimate. Then I check the embedded email link.

    I suppose I am talking more the fake security alert time
    emails, and not the 'so-and-so has died and left you a
    ginormous $ of an estate' .

    I came across an alert the other day, supposedly from
    a bank, that claimed it was a security reminder - told
    me that no action was required on my behalf,
    just to be careful about clicking email links. And if I
    had any questions I should fill in the form at this link.
    And of course it was that form that was the culprit.
    Reverse psychology. Since it claimed to be coming
    from a bank I do business with, I could see how falling
    for this would be easy.

    I tried forwarding the email to my bank's security
    department, but my email provider bounces these back
    to me - since their system identifies them as spam.
    Ironic.
    ZDNet Gravatar
    snberk341
    28th Jul 2009
  • anyone still filtering on pure IP is retarded.
    IP filtering now is simply useless and has been for several years. I might give more favor to a static ip system than a dynamic ip, but its not the sole reason i may block/junk it.

    a good spam filter looks at the entire message, where it came from, the time it came in, the time it was sent and where its going.
    ZDNet Gravatar
    Been_Done_Before
    28th Jul 2009
  • RE: 419 scammers using Dilbert.com
    I respond to NO requests. Period. No matter how formal they look. If my bank wants me, they send me a #10 envelope in the mail.
    ZDNet Gravatar
    robert145
    28th Jul 2009
  • Bravo
    I went one further and demanded proof of identity from my bank when they called me unsolicited.
    ZDNet Gravatar
    adrian_grover@...
    29th Jul 2009
  • RE: 419 scammers using Dilbert.com
    I would think that 419 scammers are using as much technology as they need to do their deed. Their penetration through antispam measures is probably higher compared to botnet spam because there is always a human behind the creation of each message. The various contents they include and the services they abuse add many vectors to defend against.

    We have also seen these fraud messages from Dilbert.com ourselves:
    http://www.sophos.com/blogs/sophoslabs/post/5633

    Of course, Dilbert.com is just another service they are abusing. Other services, such as Yahoo! Calendar invites, has been abused for a number of years now.

    Savio Lau - SophosLabs
    ZDNet Gravatar
    savio.lau
    28th Jul 2009
  • RE: 419 scammers using Dilbert.com
    Sic Catbert on 'em! They'd better pucker their many sphincters to keep their souls from being sucked out! Bwaah!
    ZDNet Gravatar
    John N.
    28th Jul 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources