Network News

X My Profile
View More Activity

How Many Spams Can a Scammer Scam If a Spammer Can Scam Spams?

See if you can say that headline three times fast. I absolutely love the scamming-the-scammer stories because they're generally so convoluted that they're almost funny (that is, if you can forget for a moment that there are thousands of victimized consumers involved.)

The latest tale of deceit and intrigue from the criminal underground comes from CipherTrust, an e-mail security company based in Alpharetta, Ga. The company monitors online spam and fraud forums to keep up with the latest junk e-mail trends, and some discussions the company's experts spotted over the weekend indicate that "carders" -- or individuals who deal in stealing, selling and/or cashing in on stolen credit card data -- are starting to break into the spam-scamming business.

According to CipherTrust, some carders are signing up as spammers. But instead of sending out any spam, the carders use stolen credit-card information to purchase products from whoever is running a spam operation, like an online pharmacy or a pirated software business. By generating more sales to the spam operation, the carders can earn a cut of the sales.

Normally, the way a spamming outfit works is that a "sponsor" organizes the entire operation: He obtains a product or creates a service to "sell" via spam, then sets up the Web sites and the powerful Internet servers that keep the spam sites online under heavy traffic loads (or attacks from anti-spam vigilantes). The sponors also creates the merchant accounts needed to process credit card transactions for the goods that will be advertised through spam e-mails. The sponsor then hires a bunch of spammers who manage the actual sending of millions of spam e-mails (the spammers generally use targeted e-mail lists and send the spam through personal computers that have been infected with a computer worm that configures them to relay junk e-mail.) In most spam operations, the sponsor will pay a spammer between 40 and 50 percent of all sales that a spammer's e-mail campaign generates. So if an e-mail sent by a spammer generates $200 in sales at a online drugstore, that spammer makes between $80 and $100 off of that purchase.

Sounds like a match made in scammer heaven, right? The carders generate extra sales, and everyone involved takes a bigger cut. But in reality, the spam sponsors are getting scammed. When carders charge up lots of activity, it causes serious problems for the sponsor, who all of sudden has to deal with a much higher percentage of chargebacks when fraud victims find boxes of generic Viagra stuffed into their snail-mailboxes before they even discover that a credit card has been compromised. Chargebacks also mean higher credit-card processing fees and draw unwanted attention from merchant account operators, banks and law enforcement.

"Basically, we're seeing the carders and phishers starting to look for other ways to make money and starting to discuss new methods of making profits from their scams," said Dmitri Alperovitch, a research scientist with CipherTrust.

The truth is that in the online criminal underground, there is honor among thieves -- and even fairly intricate systems for checking on fellow crooks to make sure they're not going to rip you off or (worse yet) get you busted. In any scam, be it spamming, phishing (impersonating trusted online sites), or carding (squeezing actual goods or cold hard cash out of stolen credit card accounts), the greatest risk comes from dealing with unfamiliar criminals. These are the individuals -- often teenagers -- who think they can outfox other scammers or game the system. And just like in real life, the system always adjusts, adopting new mechanisms for separating the respectable scammers from the "rippers."

At any rate, it occurred to me that we may actually have a scam that the PR folks at various security companies haven't yet managed to label with an oh-so-clever name. So perhaps you can coin the next security slang-word. "Philching" maybe? "Pharding?" Use the comments section below to weigh in with your ideas.

By Brian Krebs  |  May 23, 2006; 2:21 PM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft: Hackers Exploiting Unpatched Flaw in MS Word
Next: Mozilla to End Support for Older (1.0.x) Firefox Versions

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company