Announcing smarter searchI've made a long overdue improvement to Purportal's scammy-spam search. You can now type multiple words into the search box and it will find all messages that contain all those words. Simple, right? Wasn't that way until now. A great way to use this: copy a line from a suspicious email you received, and paste it into the search box (don't worry if it doesn't fit). The results page will show the entries in the database that match your search. It will show up to 50, with the newest ones always at the top.
February 28th, 2011
So-called "one-click fraud""After the boy enters the Web site, it flashes notifications that demand a registration fee. The boy is also threatened with legal actions and told his family will be contacted if a payment is not made. Although the threats are meaningless, without any legal backing, the victims of one-click fraud are led to believe the single click they made to enter the Web site puts them at fault. They often pay the fee."
January 28th, 2011
Scams aimed at job huntersOne of the new populations that scammers have started to target is job hunters. I think the scammers' calculation is: they might be desperate for money, and that might impair their judgement.
In my recent job search I received some of these "offers". Familiar stuff to a scam buff like me, but often with an extra touch -- my full name, which they had gotten from my resume. For some reason, hotjobs.yahoo.com was the source of the majority of scammers -- maybe they make it easier for non-employers to see candidate info, or maybe that's just the the current flavor of the month in scamming circles.
Monster.com has run a series of articles on these scams. If you or someone you know is job-seeking, check it out.
December 24th, 2010
Did you know there was an Association of Certified Fraud Examiners?
Well, from the ACFE World Headquarters in Austin, TX comes Fraud Magazine, an online journal devoted to some of our favorite topics. Recent article subjects include:
- Use the Proof-of-Cash Method When Casting for a Fraudster
- Anatomy of a Social Engineering Scam
- How CFEs Can Save Firms from Bankruptcy
You have to pay for membership to get full access to their content (students can join free). It's still interesting even if you don't sign up. Check it out.
December 15th, 2010
Phishing quiz from SonicwallThe security vendor Sonicwall has a fun online quiz to test your ability to spot phishing email scams. Think you're good? See if you can get 10 out of 10. Still need to tune up your skills? Read their detailed explanations for any questions you get wrong. It's quick and easy.
October 24th, 2010
Fulltext Purportal phishing archives availableThe Purportal archive contains over 6000 email messages from perpetrators of phishing scams and other related fraud. In addition to the rendered text versions made available here, the full original source of each message is stored. This includes the email headers, which contain information that can reveal the origin of the message. Anyone working in relevant areas of law enforcement or academic research is welcome to have full access to this corpus. For more info, contact me at the email address linked in the footer.
April 28th, 2010
Spam collection updates via TwitterEvery night, the Purportal fairies import new scammy spams into the collection. Now each of these additions is announced via Twitter. Follow us to remain on the cutting edge of sleazy spam!
November 17th, 2009
2300 websites you shouldn't shop atRecently a friend was victimized by one of those sleazy spammer scripts that hijacks your web-based email account (Hotmail, in this case) and uses it to send spam to everyone in your address book.
I took a look at the site that the email promoted. It's a China-based ecommerce site claiming to sell everything from cellphones to electric guitars to motorcycles. I've inquired by email as to how they can sell motorcycles at sub-retail prices with free shipping, but I don't expect an honest reply!
While researching this, I discovered that the scam had been going on for a long while, under a steady stream of different domain names. Then I came across a mind-blowing list of 2300 domain names that are implicated in this type of fraudulent activity. The list includes winners like china-wow-ebay.com.
July 21st, 2009
The good ones never sound like con men
Erin Arvedlund, a reporter for the financial news publication Barron's, talked to the now-notorious Bernard Madoff in 2001. Back then Arvedlund was one of the few who went public with her doubts about him. The doubts were well founded: Madoff reportedly admitted to senior employees that his business was "basically, a giant Ponzi scheme".
In a recent interview with NPR she commented that when she spoke to him directly, he said that he "didn't sound like a con-man".
Understandable. The good ones never do!
December 19th, 2008
Catching a thief via synchronized cellphone contactsA guy who had his iPhone stolen was able to recover it once the thief started adding people to the address book -- because those contacts were showing up on the victim's *new* iPhone via the MobileMe synchronization service. "Rob made quick work of wrangling a name and phone number from the provided contacts, supplying the police with everything they needed to get Rob his phone back. By the end of the night, he had his original iPhone in his possession."
December 18th, 2008