Feeds

Estonian plasma TVs: Phishers fingered

419ers cleared on all counts

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

We were too quick to point the accusatory finger at Nigerian 419ers for the Estonian plasma TV job offer scam as discussed yesterday.

To recap: you receive a lovely email offering the chance to get involved in the Baltic flat screen market. To do this, you will be asked to transfer certain funds abroad and keep a percentage for yourself.

Seems straight forward enough, but what is really happening, is that you are being enticed to launder money stolen from accounts compromised by phishers. This scam is well-known to the Australians, as Daniel McNamara of www.codefish.net.au notes:

"Basically the main problem for the phishers targeting Australian bank accounts is a majority of Australian Internet Banking systems do not allow overseas transactions (mostly as prevention against these forms of fraud). So what happens is:

  • Phishers compromise a number of bank accounts through either traditional phishing or keylogger trojans.
  • Phishing have no way of directly extracting the money so they recruit people via these fake jobs to act as (unwitting) mules.
  • The mules are asked to have Australian bank accounts (normally within the same bank as the compromised accounts).
  • The phishers then transfer a large amount of money (normally just under $10,000 AUD as that what trips most banks security checks) from one of the compromised accounts to the mule's account
  • The mule is then asked to withdraw the money (minus a percentage which is normal 5-7 per cent for their "wage") and wire it directly to an overseas bank account (so essentially a direct deposit). Since wire transfers are normally anonymous and fast this works very well for the phishers. There have also been cases of people being asked to withdraw the money and hand it to someone here in Australia.
  • When the banks have the missing money brought to their attention the mule is left holding the bag as the that's really where the transaction trail ends."

We spoke to Jemma Smith of the UK's Association for Payment Clearing Services, who confirmed McNamara's scenario. She further explained that Australia was originally targeted by scammers because it was possible to transfer money out of the country online. This loophole was subsequently closed, meaning that phishers based abroad could not use stolen details to themselves move funds overseas. The solution was, as McNamara explains above, to find "mules" to do the dirty work for them. Hence the fake job offers.

Smith told us that, for a UK sting, these scammers will hope to find a willing accomplice who already has an account in the same bank as the phishing victim. Once the stolen funds have been transferred into the mule's account, her or she then forwards it to the scammers, often in cash and via money transfer.

The "audit trail" therefore ends at the mule - who is certain to receive a visit from the authorities, Smith said. Indeed, they are "liable for prosecution within the UK" - and pleading ignorance is unlikely to mitigate in their favour.

Thankfully, Smith confirmed that of the millions of phishing emails received across Britain, "only a handful" ever resulted in a positive for the scammers. As for the mules, Smith expressed surprise that anyone could fall for such a transparently dodgy offer, and concluded with the time-honoured: "If it looks too good to be true, then it is too good to be true." ®

Related stories

419ers plug into plasma TV market
Phishing attacks on the rise
eBay and PayPal go after auction fraudsters
Phishmongers target Lloyds TSB customers
NatWest warns of dodgy email
Phishing and viral tech combines in new menace
Gone Phishin'
Email scammers target Halifax, Nationwide, Citibank
NatWest customers targeted in phishing scam
UK banks and police proffer anti-phishing advice

Related sites

Another fake job offer as noted on Codefish
APACS press release outlining how to protect yourself against Internet fraudsters (PDF).

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.