Go To Home Page
What's New     Contact Us         MyDMA     Home                 Share
Membership Advocacy Events and Education News Research Corporate Responsibility DMA Bookstore About DMA
Search:  

 

Related Content:

Press Releases

DMA Press Room

DMA in DC 2013 Advances the Data-Driven Way of Life

Email Evolution Conference 2013 Presents Outstanding Keynote Lineup

DMA Statement: FTC 'Data Broker' Investigation Will Highlight Invaluable Benefits of Data-Driven Marketing to Consumers and Economy


Suggested Events:

From Big Data To Big Marketing: Seven Essentials

Direct Marketing Institute

2013 Washington Nonprofit Conference

CRM & Database Marketing

Email in the Marketing Mix

full DMA event calendar

KD Mailing

FROM PFISHING TO PFARMING: THE TOP FIVE SPAM SCAMS OF MARCH 2005

FOR IMMEDIATE RELEASE

 

Media Contacts:

                  Louis Mastria                  212.790.1529                  Lmastria@the-dma.org

                  Stephanie Hendricks                  202.861.2407                  Shendricks@the-dma.org

 

 

From Pfishing to Pfarming:

THE TOP FIVE SPAM SCAMS OF MARCH 2005

 

The DMA Announces the Top Scams for the Month,

as Identified by the National Cyber-Forensics & Training Alliance

 

New York, NY, April 21, 2005 – The National Cyber-Forensics & Training Alliance (NCFTA) has identified its top-five spam scams of March 2005.  These include fraudulent e-mail purporting to come from the Federal Bureau of Investigation (FBI) and the redirecting of a Web request to another, bogus location. 

 

The NCFTA is a nonprofit organization focusing on cyber crime issues.  It operates the Direct Marketing Association’s (The DMA) Operation SLAM Spam in affiliation with the FBI.  SLAM Spam is supported financially by The DMA.  The DMA is working with NCFTA, as well as federal authorities, nonprofit organizations, and business organizations, to fight fraudulent spam. 

 

“The Internet represents the ‘New Frontier’ when it comes to fraud,” said Patricia Kachura, Senior Vice President, Ethics and Consumer Affairs, The DMA.  “Everyone, consumers and businesses alike, must be constantly vigilant to scams that seek to collect personal or financial information to be used to commit fraud.” 

 

Online fraud cost merchants $2.6 billion in 2004, an increase of $700 million from 2003, according to a survey conducted by CyberSource Corporation.  Approximately two percent of all online sales are fraudulent.  While significant resources are being dedicated to fighting fraud, it is still imperative that consumers and merchants also take direct responsibility and make sure they know with whom they are doing business before providing valuable personal and financial information. 

 

The top five spam scams for March identified by the NCFTA include:

 

1.  Pharming Attacks: Pharming is the redirecting of an individual’s Web request to another location.  For example, if an individual with an infected computer conducts online business with a specific bank, that person will type the bank link into the address bar, but will be redirected to a designated phishing site that looks very similar to the authentic site but is, in fact, fraudulent.  Because the individual did not click on any obscure link, the site will appear to be legitimate.

 

Pharming can also result from a hijacked Domain Name Server (DNS), an Internet service that translates domain names into IP addresses.  When a hacker poisons a DNS, he or she changes the specific record for a domain, sending individuals to a Web site very different from the one they intended to access – without their knowledge.  Usually, the hacker does this by posing as an official who has the authority to change the destination of a domain name.  DNS poisoning is also possible via software vulnerability.

 

2.  Google Hacking: NCFTA has identified a site advertising several hundred instances of scammers using the Google search engine to retrieve sensitive information from individuals.  Using an explicit search command, it is possible for scammers to find business résumés that individuals have posted on the Web.  These documents often contain information such as Social Security numbers, family history, dates of birth, home addresses, phone numbers, and education.  Individuals who unknowingly provide all this personal information are very susceptible to identity theft.  NCFTA is compiling information about the hacking site to be turned over to law enforcement if specific violations can be identified.  NCFTA through The DMA also has alerted the Federal Trade Commission to this scam. 

 

3.  FBI Virus/Spam Hoax: The NCFTA has assisted the FBI with its investigation concerning a fraudulent e-mail hoax (http://www.ifccfbi.gov/strategy/wn050223.asp).  The FBI has become aware of spam e-mail fraudulently claiming to be from fbi.gov accounts.  The e-mail sounds official, even threatening, in tone, and appears to be sent from the e-mail addresses of police@fbi.gov, fbi@fbi.gov, officer@fbi.gov, and web@fbi.gov.  The recipient is enticed to open an attachment that contains a W32.Sober.K@mm worm.  The actual text of the e-mail is shown below:

 

You have visited illegal Websites.

Dear Sir/Madam,

We have logged your IP address on more than 40 illegal Websites.  Important: Please answer our questions! The list of questions are attached.

Yours faithfully,
M.  John Stellford

Federal Bureau of Investigation – FBI –
935 Pennsylvania Avenue, NW, Room 2130
Washington, DC 20535
(202)324-3000

 

4.  Phishing: Phishing attacks use spoofed e-mails and fake Web sites to fool recipients into revealing personal information or to have a Trojan/virus placed into their computer.  By using trusted brands of well-known companies such as financial institutions, online retailers, ISPs, and credit card companies, phishers attempt to dupe innocent consumers into revealing their personal information.  Phishing schemes are often delivered via spam e-mail.

 

5.  Nigerian Scams: There are several variations of this scam that, at its core, either informs the recipient that he/she is allegedly due a large sum of money or asks for their assistance with some form of illegal money laundering.  The recipient either will be asked to provide money as “processing fees” or personal financial information to facilitate the transaction.  These scams, which were more abundant last year, have reemerged in conjunction with the tsunami scams.

 

The above five spam scams are based solely on limited NCFTA data.  However, this information is then shared with the FBI, which, with assistance from The DMA’s SLAM Spam project, provides law enforcement authorities with a much more robust understanding of the top spam scams.

 

Useful tips to detecting and combating fraudulent spam, include:

 

§         Never reveal personal information to an unverified recipient.  This includes:

o       Login names and passwords

o       Credit card numbers

o       PIN numbers

o       Bank account numbers

o       Mother's maiden name

o       Social Security number

o       Date of birth

 

§         Never respond to requests for the personal information listed above via e-mail.  If the e-mail looks “phishy,” call the company that claims to have sent you the e-mail to verify its authenticity.  Look up the phone number on your own and do not trust any numbers supplied by the e-mail without verifying them.  Never trust hyperlinks in e-mails.  Visit Web sites by typing the URL into your address bar.  Review your credit card and bank statements for any unusual transactions.  Report them immediately if you find any unauthorized transactions. 

 

§         Report suspected abuses of your personal information to the proper authorities.  Do not use the same passwords on multiple sites. 

 

§         Avoid opening spam that contain attachments, especially if they contain an “.exe” or “.d11” suffix.

 

§         Eliminate spyware by following the list of countermeasures offered by the NCFTA.  These can be found by visiting The DMA’s Web site and clicking on the “For Consumers” section (http://www.dmaconsumers.org/).

 

To obtain additional information about fraudulent spam and to learn tips for not getting phished, please visit the following DMA and FTC Web sites:

 

 

About the NCFTA

 

The NCFTA (www.ncfta.net) provides a neutral collaborative venue where critical confidential information about cyber incidents can be shared discreetly, and where resources can be shared among industry, academia, and law enforcement officials.  The Alliance facilitates advanced training, promotes security awareness to reduce cyber-vulnerability, and conducts forensic and predictive analysis and lab simulations.  These activities are intended to educate organizations and enhance their abilities to manage risk and develop security strategies and best practices.

 

About The DMA

 

The Direct Marketing Association (www.the-dma.org) is the leading trade association for businesses and organizations interested in direct, interactive, and database marketing, which in 2004 generated more than $2.3 trillion in US sales, including $143.3 billion in catalog sales and $52.5 billion in Web-driven sales.  In addition to catalogs and the Web, DMA members employ a wide variety of marketing media, including mail, e-mail, telephone, newspapers and magazines, interactive television, and radio, among others.  Founded in 1917, The DMA today has more than 5,200 corporate, affiliate, and chapter members from the US and 44 other nations, including 55 companies listed on the Fortune 100.  Reflecting the significant and growing role that direct marketing plays in today’s advertising mix, The DMA’s membership represents marketers from every business segment, including catalogers, Internet retailers, retail stores, nonprofit organizations, advertising agencies, financial services providers, book and magazine publishers, book and music clubs, industrial manufacturers, and a host of other vertical segments, as well as the service industries that support marketers. 

 

# # #

XML / RSS RSS Subscription

 

© Direct Marketing Association | Privacy Statement | Share