|Login / Resources for Consumers / Create a FREE Online Account / Contact Us|
|Membership||Issues||Events||Professional Development||Who We Are||Contact|
THE DMA ANNOUNCES THE TOP SCAMS FOR APRIL
New York, NY, May 17, 2005 - The National Cyber-Forensics & Training Alliance (NCFTA) has identified its top-five spam scams of April 2005. These include the identification of Web mobs, well-organized groups of computer-savvy criminals who form hierarchical networks on the Internet in order to commit identity theft and fraud.
The NCFTA is a nonprofit organization focusing on cyber-crime issues. It operates the Direct Marketing Association's (The DMA) Operation Slam Spam in affiliation with the FBI. Slam Spam is supported financially by The DMA. The DMA is working with NCFTA, as well as federal authorities, nonprofit organizations, and business organizations, to fight fraudulent spam.
"Consumers and businesses alike must remain constantly vigilant about personal and financial information," said Patricia Kachura, senior vice president for ethics and consumer affairs at The DMA. "E-mail scams are becoming more sophisticated and scammers are becoming more organized, and efficient in exploiting illegally obtained personal information to the fullest extent possible."
Financial fraud, for example, costs consumers and businesses billions of dollars annually. Based on a 2004 poll of 5,000 people in the U.S., the industry analyst firm Gartner calculated that $2 billion a year is lost to banking scams, including online fraud and phishing.
The top five spam scams for April as identified by the NCFTA include:
1. Web Mobs: Web mobs are well organized groups of computer-savvy criminals who form hierarchical networks on the Internet in order to commit identity theft and fraud with personal identification and financial information. After gathering victim information via phishing schemes, the Web mob buys and sells the information among its members or through online auctions. They use Web sites and chat forums to discuss and exchange techniques and tools.2. Cross-Site Scripting (CSS): CSS vulnerability is caused by the failure of a Web site to validate the intended address of user input, such as personal or financial information supplied to make an online purchase, before returning that data to the client's Web-browser. Instead, that information is sent to another, unauthorized site. This is called cross-site scripting and is caused when an intruder causes a legitimate Web server to unknowingly send a page to a victim's browser that contains malicious script or HTML. The malicious script runs with the privileges of a legitimate script originating from the legitimate Web server and redirects the information to the intruder's Web server. More information on this practice is available at http://www.cert.org/archive/pdf/cross_site_scripting.pdf.
3. Pharming Attacks: Pharming is the redirecting of a Web request to another location entirely. On a computer hijacked by pharmers, for example, a user will type a URL (such as their bank's Web address), but will unknowingly be redirected to a designated phishing site that looks very familiar. Because the user did not click on any obscure link, the site will appear to be legitimate.
4. Phishing: Phishing is by far the most abundant scam witnessed by the NCFTA to-date., Bank and credit card phishing scams are constantly evolving, making it more difficult to identify the forgery. Source codes which have been used to determine where "phished" information was being sent after it was harvested, are now being hidden by phishers. Phishers are also disabling mechanisms such as 'right-click' on the phishing sites for the purpose of masking the compromised URL.
5. Spyware - Trojans & Malicious Code: This is software that surreptitiously performs certain tasks on your computer, typically without the user's consent. This may include collecting personal information about you, or infecting your computer with a Trojan or malicious code. Such instruments can cause your computer to be used for other criminal conduct, such as Denial of Service attacks, or to act as part of a spam relay network.
Spyware and Trojans are downloaded onto a user's computer in two ways. First, the most frequent way is by accessing Web sites containing them. Secondly, such tools can infect a computer through a spam e-mail that includes a link to a site containing spyware or Trojans. In some instances a user need not even open the e-mail attachment for it to execute or load to your computer without one seeing it occur.
These identified spam scams are based solely on limited NCFTA data. However, this information is shared with the FBI, which, with assistance from The DMA's Slam Spam project, provides law enforcement authorities with a much more robust understanding of the top spam scams.
To obtain additional information about how to protect against fraudulent spam, please visit the following DMA and FTC Web sites:
About the NCFTAThe NCFTA (www.ncfta.net) provides a neutral collaborative venue where critical confidential information about cyber incidents can be shared discreetly, and where resources can be shared among industry, academia, and law enforcement officials. The Alliance facilitates advanced training, promotes security awareness to reduce cyber-vulnerability, and conducts forensic and predictive analysis and lab simulations. These activities are intended to educate organizations and enhance their abilities to manage risk and develop security strategies and best practices.About The DMA
The Direct Marketing Association (www.the-dma.org) is the leading trade association for businesses and organizations interested in direct, interactive, and database marketing, which in 2004 generated more than $2.3 trillion in US sales, including $143.3 billion in catalog sales and $52.5 billion in Web-driven sales. In addition to catalogs and the Web, DMA members employ a wide variety of marketing media, including mail, e-mail, telephone, newspapers and magazines, interactive television, and radio, among others. Founded in 1917, The DMA today has more than 5,200 corporate, affiliate, and chapter members from the US and 44 other nations, including 55 companies listed on the Fortune 100. Reflecting the significant and growing role that direct marketing plays in today's advertising mix, The DMA's membership represents marketers from every business segment, including catalogers, Internet retailers, retail stores, nonprofit organizations, advertising agencies, financial services providers, book and magazine publishers, book and music clubs, industrial manufacturers, and a host of other vertical segments, as well as the service industries that support marketers.