Feeds

Estonian plasma TVs: Phishers fingered

419ers cleared on all counts

  • alert
  • submit to reddit

3 Big data security analytics techniques

We were too quick to point the accusatory finger at Nigerian 419ers for the Estonian plasma TV job offer scam as discussed yesterday.

To recap: you receive a lovely email offering the chance to get involved in the Baltic flat screen market. To do this, you will be asked to transfer certain funds abroad and keep a percentage for yourself.

Seems straight forward enough, but what is really happening, is that you are being enticed to launder money stolen from accounts compromised by phishers. This scam is well-known to the Australians, as Daniel McNamara of www.codefish.net.au notes:

"Basically the main problem for the phishers targeting Australian bank accounts is a majority of Australian Internet Banking systems do not allow overseas transactions (mostly as prevention against these forms of fraud). So what happens is:

  • Phishers compromise a number of bank accounts through either traditional phishing or keylogger trojans.
  • Phishing have no way of directly extracting the money so they recruit people via these fake jobs to act as (unwitting) mules.
  • The mules are asked to have Australian bank accounts (normally within the same bank as the compromised accounts).
  • The phishers then transfer a large amount of money (normally just under $10,000 AUD as that what trips most banks security checks) from one of the compromised accounts to the mule's account
  • The mule is then asked to withdraw the money (minus a percentage which is normal 5-7 per cent for their "wage") and wire it directly to an overseas bank account (so essentially a direct deposit). Since wire transfers are normally anonymous and fast this works very well for the phishers. There have also been cases of people being asked to withdraw the money and hand it to someone here in Australia.
  • When the banks have the missing money brought to their attention the mule is left holding the bag as the that's really where the transaction trail ends."

We spoke to Jemma Smith of the UK's Association for Payment Clearing Services, who confirmed McNamara's scenario. She further explained that Australia was originally targeted by scammers because it was possible to transfer money out of the country online. This loophole was subsequently closed, meaning that phishers based abroad could not use stolen details to themselves move funds overseas. The solution was, as McNamara explains above, to find "mules" to do the dirty work for them. Hence the fake job offers.

Smith told us that, for a UK sting, these scammers will hope to find a willing accomplice who already has an account in the same bank as the phishing victim. Once the stolen funds have been transferred into the mule's account, her or she then forwards it to the scammers, often in cash and via money transfer.

The "audit trail" therefore ends at the mule - who is certain to receive a visit from the authorities, Smith said. Indeed, they are "liable for prosecution within the UK" - and pleading ignorance is unlikely to mitigate in their favour.

Thankfully, Smith confirmed that of the millions of phishing emails received across Britain, "only a handful" ever resulted in a positive for the scammers. As for the mules, Smith expressed surprise that anyone could fall for such a transparently dodgy offer, and concluded with the time-honoured: "If it looks too good to be true, then it is too good to be true." ®

Related stories

419ers plug into plasma TV market
Phishing attacks on the rise
eBay and PayPal go after auction fraudsters
Phishmongers target Lloyds TSB customers
NatWest warns of dodgy email
Phishing and viral tech combines in new menace
Gone Phishin'
Email scammers target Halifax, Nationwide, Citibank
NatWest customers targeted in phishing scam
UK banks and police proffer anti-phishing advice

Related sites

Another fake job offer as noted on Codefish
APACS press release outlining how to protect yourself against Internet fraudsters (PDF).

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.