A peek inside the online romance scam.
Online dating can be rough, and no matter how many safeguards are in place in the multiple legitimate dating websites out there, the scammers are getting around the blocks and still luring in potential victims. While the reports of these types of scams are out there (even with copy and paste examples of the e-mails used), people still fall for the scams every day. In this particular case, it was my profile on eHarmony that was targeted, and this is my recount of it.
It started with a potential match; a profile with a collection of tasteful photos of a beautiful woman, not too ‘out there’, but a face that stood out from the crowd. The profile was fairly complete, with a few of the smaller-scale questions not answered. Overall, the profile initially raised no suspicion for me. So, I started the song and dance that is the eHarmony way, and back and forth we went with questions and such. That is, until the last stage when the match sent over a cryptic message of not being able to communicate via the system and that I should e-mail her. And up went the red flag.
Now, most systems out there allow communication up to a certain point, and in this case, eHarmony was on a free communication week, and even if it hadn’t been, we had not reached that final ‘free’ part yet. Assuming that many of the companies have basic language and text scanned in their internal mail systems, it can be supposed that the person on the other end was avoiding being flagged.
So with this e-mail in hand (my inbox), I decided to see how far this rabbit hole went. Using a non-personal e-mail address that I setup for mailing lists, I contacted my match with a basic re-introduction and waited. A few hours later, I received back an incredibly long, detailed e-mail with a few photos attached. The e-mail was not well written, and the local geographic locations mentioned in it did not make sense in the description. At this point, I was 100% sure it was a scam and decided to reverse image search the photos, which lead me to a model out of Australia, and then searched the generic line of text to find over 78,000 results showing almost exact copies of the e-mail I had received.
A quick reply back lead to an even longer response from the scammer, again using photos from the model’s profile page and the same content found on many scam reporting websites. But this time, I was being asked for money, as ‘she’ was stuck in London, unable to get home. Conveniently, there was already a bank account setup for me to transfer money. At this point, I had what I needed for this write-up, and so I marked the account as ‘spam’ and reported the profile to the eHarmony team.
So what can we learn from this little experience? Well, a few things. Despite the safeguards in place to help protect those looking for a relationship online, the protection is not perfect, and users need to be educated. Here are a few tips for you to help spot a potential scammer:
- Claims of being from the United States but currently visiting overseas
- Making claims of wanting to fly back to meet, but unable to do so because of work or a tragic incident.
- Wanting to leave a dating site immediately and use personal e-mail addresses to communicate.
- Irregular use of the English language, improper use of slang, and over punctuation.
- Hinting at or asking for money to help secure travel back ‘home’
- Professionally taken photographs that look straight-out of a runway magazine
Remember, you will never know who is on the other side of that screen until you meet them. Use safe and cautious measures, never give out personal information, and be aware of the tricks being used on the digital daters of today.
A peek inside a commercially available Android-based botnet for hire
Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI (return on investment) for their fraudulent activities.
We’ve recently spotted yet another underground market proposition offering access to Android-based infected devices. Let’s take a peek inside its Web-based command and control interface, discuss its features, as well as the proposition’s relevance within the cybercrime ecosystem.
More details:
Sample screenshots of the commercially available Android-based botnet for hire:
Spamvertised ‘Customer Daily Statement’ themed emails lead to malware
Cybercriminals continue to efficiently populate their botnets, through the systematic and persistent spamvertising of tens of thousands of fake emails, for the purpose of socially engineering gullible end users into executing the malicious attachments found in the rogue emails.
We’ve recently intercepted a currently circulating malicious campaign, impersonating Barkeley Futures Limited, tricking users into thinking that they’ve received a legitimate “Customer Daily Statement”.
Successful Launch of Webroot for Gamer at E3
Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association. Used by many of the video game manufacturers across the various platforms, as well as hardware and software developers, the trade show is used to show off the next generation of games-related products. Hosted at the Los Angeles Convention Center, the 2014 conference had over 50,000 reported attendees between June 9th and 12th, 2014.
With this being Webroot’s first appearance at E3, the company was on site to show off Webroot’s new gaming specific antivirus, SecureAnywhere™ AntiVirus for PC Gamers. Designed to keep users protected with maximum performance and protection, the newest protection offering for consumers garnered a large amount of interest from those in attendance, with a busy booth all day. From the gamers themselves to the industry experts, many were impressed with the performance, speed, and direct gaming focus that Webroot was providing with the gamer protection product.
Along with the booth presence, Webroot’s team hosted an online campaign to drive awareness of the products with the #CyborgSelfie giveaway, a contest where entrants had to submit a selfie of themselves with the specific Twitter hashtag in hopes of winning a custom built Origin PC protected by Webroot. With over 40,000 entries, the winner, Johnny Interiano, was drawn at random, and will soon have one of the most powerful Origin PC machines at their disposal for their next gaming conquests. And to not pass an opportunity to work with Webroot’s newest partner Plantronics, twelve runner-up winners from the same contest won Plantronics RIG gaming headsets.
Through a strong awareness campaign and booth presence, all backed by an innovative security product designed specifically for gamers, Webroot’s presence at E3 was a major success for all that were involved.
Spamvertised ‘June invoice” themed emails lead to malware
Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population through the systematic and persistent rotation of popular brands.
We’ve recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment.
More details:
Malicious Web-based Java applet generating tool spotted in the wild
Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem’s primary infection vector, in a series of blog posts, we’ve been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on ‘visual social engineering’ vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a cybercriminal’s botnet.
We’ve recently spotted yet another Web based Java drive-by generating tool, and decided to take a peek inside the malicious infrastructure supporting it. read more…
Webroot returns from Automation Nation 2014
Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the fifth annual Automation Nation in Orlando, hosted by LabTech Software. Labtech, a robust remote monitoring and management (RMM) platform design and built for managed service providers, hosted the event at the Hilton Bonnet Creek from June 2nd through the 4th. Hosting over 425 MSP partners and 600 attendees, the event has grown significantly since the previous years. This was Webroot’s first time attending the conference, coming in as a Diamond Sponsor.
Kicking off the event, Webroot CMO David Duncan helped present during the keynote with the support of Andrew Bagnato, a system engineer for Webroot. Speaking on how security doesn’t have to suck, and that with the integration into LabTech and the advances in the Webroot Intelligence Network (WIN), MSPs had the opportunity to not only manage their clients remotely, but ensure they are protected as well.
Talking about the Webroot Partner Program and the security solutions offered, the onsite team showed that the solutions provided just work, can drive profits, and ultimately don’t suck. With pigs flying left and right, over hear and over there, it was not long until the booth was filled to capacity with partners wanting to learn about the intelligent cloud-based security solutions. Also shown were demos of LabTech Software integration, which was designed to bring the tools of the Webroot console direct to the MSP’s most used console, saving time in the monitoring of Webroot protected endpoints.
While at the conference, Andrew Bagnato also hosted a breakout session presenting on the next generation of anti-malware, packing the room beyond capacity. Showing how legacy solutions were not keeping up with the new tricks of incoming threats, Andrew presented on the power of the Webroot Intelligence Network and just how it can help protect endpoints across all the networks from even the most advanced threats.
With the event going non-stop for 3 days, the team is glad to have some rest, but excited to have introduced the security offerings to the LabTech partners.
Long run compromised accounting data based type of managed iframe-ing service spotted in the wild
In a cybercrime ecosystem dominated by DIY(do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we’ve been detailing the existence of commercially available server-based malicious script/iframe injecting/embedding releases/platforms utilizing legitimate infrastructure for the purpose of hijacking legitimate traffic, ultimately infecting tens of thousands of legitimate users.
We’ve recently spotted a long-run Web-based managed malicious/iframe injecting/embedding service relying on compromised accounting data for legitimate traffic acquisition purposes. Let’s discuss the managed service, its features, and take a peek inside the (still running) malicious infrastructure behind it.
More details:
A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services
Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious ‘know-how’, further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we’ve been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated through the TTPs (tactics, techniques and procedures) described in our “Cybercrime Trends – 2013” observations.
We’ve recently spotted a newly launched all-in-one cybercrime-friendly E-shop, offering a diversified portfolio of managed/DIY services/products, exposing a malicious infrastructure worth keeping an eye on. Let’s take a peek inside the E-shop’s inventory and expose the fraudulent infrastructure behind it.
More details:
Malicious JJ Black Consultancy ‘Computer Support Services’ themed emails lead to malware
Relying on the systematic and persistent spamvertising of tens of thousands of fake emails, as well as the impersonation of popular brands for the purpose of socially engineering gullible users into downloading and executing malicious attachments found in these emails, cybercriminals continue populating their botnets.
We’ve recently intercepted a currently circulating malicious campaign, impersonating JJ Black Consultancy.
More details:
Spamvertised ‘Notification of payment received’ themed emails lead to malware
PayPal users, watch what you click on!
We’ve recently intercepted a currently circulating malicious spamvertised campaign which is impersonating PayPal in an attempt to trick socially engineered end users into clicking on the malware-serving links found in the emails.
More details:
Sample screenshot of the spamvertised email:
A peek inside a subscription-based DIY keylogging based type of botnet/malware generating tool
Cybercriminals continue to systematically release DIY (do-it-yourself)type of cybercrime-friendly offerings, in an effort to achieve a ‘malicious economies of scale’ type of fraudulent model, which is a concept that directly intersects with our ‘Cybercrime Trends – 2013‘ observations.
We’ve recently spotted yet another subscription-based, DIY keylogging based botnet/malware generating tool. Let’s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it.
More details: