Anatomy Of A Scam

By Ron Benvenisti: Email scams have reached epidemic proportions. Why? Because they have a high rate of return. What exactly is the return? Your valuable private information. According to a study in England most people will use some part or all of their personal information when creating a password or PIN number with all or part of a birth-date being the most common. Because of the limited patterns that people use, they are relatively easy to guess within just a few tries. People invariable create PIN numbers like 0883, 8308 for example, which represents August 1983. Excluding years for those under 18 and those over 70 or an even narrower range, crooks increase the odds. It’s easy to find your birthday and email on the web but why work to find it when the crook can have you give them that and even more of your private info to them on a silver platter. Thus the modus operandi of the email scam.

Here’s how it works. You receive an email from you Google or AOL, for example, telling you your email box has been temporarily suspended due to maintenance or announce a security upgrade, etc., To re-activate your account you click on the link and it takes you right to a site replicating the look and feel of Google or AOL and may even use information and images directly linked to them. The site asks you to re-activate by entering your email and password. Now all your info is compromised including any private data and your contact list which gives the crook more email addresses and can now make the emails come from you! Many of you have been had by this scam. That’s only one example. Similar scams have been done using Airlines (to print out your ticket), ACH transactions posted or debited to your bank account, package notices from UPS, FedEx or DHL, The Department of Motor Vehicles, Your Bank, the FBI and this season’s popular IRS versions. The list is numerous and keeps growing daily. Many times the grammar and/or spelling is incorrect but that doesn’t stop the crooks because chances are the recipient’s skills are not that much better (thanks to decades of a deteriorating education system).

If you take the bait, you click, you enter the information to “validate” your identity, like your name, address, email, user ID and password, PIN and maybe even your social security number. End of story? Your troubles just began. Intercepted mail (checks, credit cards, bank statements), fraudulent transactions on your bank account or credit card. Identity theft is one of the fastest growing crimes in America. Over 20 million victims in 2010 to the tune of 17 billion dollars. Big business. In 2003 that figure was $5 billion and the cost to government and financial institutions was almost $50 billion. Now it’s close to $500 Billion, according to Federal News Radio.

How do you protect yourself? Simple. Never click on anything in an email before you verify the sender with a phone call from their personal or official number. Period. Even emails from recognizable retailers, institutions, organizations or charities. Call or go to their website directly. Any sales or events will be found there. Never click inside the email.

For those of you who might be interested in delving behind the scenes I’d like to present one of the latest techniques. It’s a rather clever way to capitalize or should I say, criminalize on the tax season. We’re going to look at a variation of a scam that is going around as a complaint message, in many cases purportedly from the BBB. Let’s check this new incarnation out.

You get an email that has in the subject line “Termination of your accountant license”. It looks like it comes from the American Institute of CPA’s a well known organization for CPAs, CPEs, students and teachers. It’s from a name with an email address of [email protected]. Looks legitimate enough. Here’s the rest with a blow by blow under the hood analysis:

“Revocation of Public Account Status due to tax return fraud allegations”

This is designed to get the interest of not only an accountant but anyone who might be using or thinking of using an accountant to prepare their taxes. What did I (he/she) do? Is this my accountant?

“Valued AICPA member,

We have received a notice of your possible assistance in tax return fraudulent activity for one of your employers. According to AICPA Bylaw Subsection 700 your Certified Public Accountant license can be cancelled in case of the event of submitting of a incorrect or fraudulent income tax return on the member’s or a client’s behalf.”

Looks like a client complained. AICPA Bylaw 700 does refer to license termination.

For those who still have English language skills the first sentence is severely wanting. No respectable entity would send this out, however it will get by many recipients without undue notice.

“Please find the complaint below below and respond to it within 7 days. The failure to do so within this time-frame will result in cancellation of your CPA license.”

This sentence is passable but the double “below” should raise an eyebrow. No proofreader or spellchecker would let that pass. No corporate word-smith would let that pass.

Here comes the payoff. The link is disguised as an Adobe Acrobat PDF file, something that many of us open all the time and think of as safe. While Adobe PDF files may be safe in their current incarnation, they do have a bit of history on the dark side. Click on this “PDF” (which of course is not a PDF) but a link to a legit site called Divine Pitbulls!!!

Complaint.pdf

But DON’T CLICK because the legit site has been hacked with an install if EditWrx which is a server side editor that was surreptitiously uploaded and used to create an “apica.html” file which will install malware to capture your keystrokes!!!! Notice how “apica” is a misspelling of AIPCA.

It gets worse. All the pretty graphics are hijacked from the real AIPCA site so all those are coming directly from aipca.org and are real but don’t try the email link:

Email: [email protected]

…because it will take you on a trip to sunny Villa de la Gaia in Portugal where you will be mal-bombed at the upscale Hotel Davilina website, also surreptitiously hacked with our not so friendly “apica.html”.

Finally for the finishing touch:

Tel. 888.777.7077

Fax. 800.362.5066

These numbers are legit.

So there you have it. It looks real. Some parts are real. There’s enough of a hook to get you interested but it’s a total scam. Some clever hacker (who can’t write very well – except for EditWrx scripts (which are pretty easy BTW) is getting messages with personal ID info from a site that is oblivious to him (which he will soon take down without notice and move the code somewhere else) while relaxing on the shores of sunny Portugal (its beautiful there) probably at a hotel nearby the historic Davilina wiping the sand and spray off his iPhone making transfers out of your bank account and selling your credit card numbers. Bottom line: DON”T CLICK INSIDE AN EMAIL.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 25,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

5 COMMENTS

5 Comments
Inline Feedbacks
View all comments
?
13 years ago

NEVER do business on the phone either ,if they cannot mail you something then its suspicious right from the start, I never make verbal comitments to anyone on the phone ,you have no idea who is on the other end ,especially if they called you period…………………………

0
0
genius
13 years ago

Thank you Ron!

0
0
morty/jimmy
13 years ago

Thanx for teaching how to avoid being scammed

0
0
ur a lifesaver Ron !
13 years ago

Thank you very much for this info its very much apriciated ! Perhaps we should invest on tracking down these imbeciles and locking them up (I know that’s our tax $$ @ work :()

0
0
Ron Benvenisti
13 years ago

@4 Thanks for your generous words. Truth is for these cases, its hard to find this type of crook because of the ease with which the net allows one to cover their tracks. This hacker is the source of a chain which requires the lower links of the chain to inform law enforcement. The bottom links in the chain are the ones buying the account numbers, printing phony cards and IDs, marking them up, re-selling them and getting in and out of fast transactions with the info the hacker sold them. Credit Card numbers go for $50 on the black market and with millions of numbers compromised its a big business with very little incentive to squeal. Fake driver’s licenses, green cards and SS cards can be had for less than $100 each on the street in less than an hour. Undercover operations are often shielded from the hacker who also has to be caught red-handed which is not easy because of the ease which evidence can vanish into magnetic fairy dust. Even if there is a case to be made, getting law enforcement past the international red-tape to collaborate is frustrating because of the differing rules of engagement. Even if it works is time-consuming and tedious. Most of these crooks are off-shore in countries with very little oversight into these crimes. I will be reporting on a very timely attack where that is a prominent aspect in a forthcoming article.

@3 Shout out to you m/j 🙂 – nice to hear from you.

0
0

© Copyright | The Lakewood Scoop. All Rights Reserved