Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam The Internet

Scamming Spammer Hooks the Wrong Person 408

CrypticSpawn writes "Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users." Her scam targeted AOL users with messages saying their credit cards were refused during the last billing cycle, and linked to a false billing center page which demanded private information.
This discussion has been archived. No new comments can be posted.

Scamming Spammer Hooks the Wrong Person

Comments Filter:
  • by Quasar1999 ( 520073 ) on Saturday November 01, 2003 @06:16PM (#7368341) Journal
    Really... We have just charged your credit card for 19.95... if you want to cancel the transaction, enter your card number, full name, and expiry date below...

    With the same logic, phone someone up, and tell them that if they don't want to be 0wN3d, they should disable their firewall, and tell you their IP address...

    The darwin award exists for those who kill them selves in stupid ways... we need to invent an award for idiots that fall for obvious scams like this.
    • Actually, If you read the article, it says that they posed as AOL and said the card had been charge for a legitimate service, but the card was not accepted and they need to submit another card for processing. Seems to be a possible scenario for the average user who has online subscriptions that they normally pay online.
      • I was thinking of a different scam I ran across... This one is still pretty transparent though, considering that AOL (and every other ISP I know) clearly state time and time again that they will never ask you for your password, credit card info, hell, even your name in an email.
        • Grandma has to pay here medical bills some how you know. I knew the older folks were desperate but not this desperate. I must say though I impressed by how sophisticated grandma and grandpa have become.
          • Grandma nothing. This woman is a professional scam artist and thief. Phishing is just a new way for her to scam targets en masse. I'll bet you she was kiting checks long before most of us were born...
    • by skinfitz ( 564041 ) on Saturday November 01, 2003 @06:22PM (#7368382) Journal
      The darwin award exists for those who kill them selves in stupid ways... we need to invent an award for idiots that fall for obvious scams like this.

      There is - it's called "Manager".
    • Amusingly enough my boss's wife (an OB doctor) got an email saying that her credit card was charged to cover up her child pornography web site and asked for a credit card number and expiration date. Given that her clinic's website doesn't have any child porn (not even the stupid "baby in the bathtub" kind that only scaremongers and D.A.s call child porn - every baby picture on the site was fully clothed), and the fact that it was asking for her CC# even though it claimed she was already charged, she showed
    • by Anonymous Coward
      Part of the problem is that the people who DO know about the workings of these sorts of things don't educate others on the matter.

      Think about it, how many /.ers are frustrated with friends and family not understanding why they should patch regularly? Now, think of how many /.ers are completely ineffective at presenting a simple argument on an annonymous message board.

      The fact of the matter is, most of us geeks just aren't good communicators and teachers when it comes to people outside of the community. We
      • Oh yeah? Well you,. . . ummmmmmmmmm, what I mean to say is. . .

        NAZI!!!!!

        Yeah, I think that's it.

        Oh, wait. I can't talk now, there's an important message on the TV just for me and they're waving something shiney that goes "Ping!" It's not even $100, just 79 payments of $19.95.

        Wow! I can afford $19.95

        Gotta go.

        KFG
    • Social Engineering (Score:3, Informative)

      by Detritus ( 11846 )
      Don't be so sure that you would never fall for such an obvious scam.

      I received an email that was purportedly from Citibank, saying that I had received a money transfer. It was slick. The scammer had gone to a great deal of trouble to make it look like a real email from Citibank. The associated web site also looked real.

      What tipped me off? The email asked for too much information, the scammer was being greedy. Examining the HTML source of the email revealed that the web site was in the wrong domain for C

    • These criminals go to great lengths to trick people using cleverly parsed URLs, links back to the original website, etc. They also will have a plausable reason for entering the information. In one case, it was for ebay which I haven't used in a year. The email said that I haven't used the account in more than a year and they wanted to reregister and confirm my information. I almost bought it hook line and sinker until I realized that they asked for a lot of personal information such as back account and cred
    • Password Checker! (Score:5, Interesting)

      by dolo666 ( 195584 ) on Saturday November 01, 2003 @07:25PM (#7368630) Journal
      You wanna know how gullable people are? As a joke last year, I coded a little password checking program, at my site [x47.org]. Users could check their password against a list of a million common English words, to see if their passwords were secure. There was a database with a million words in it, and each time someone put in their password, the site would tell them if it was in the list. It would also tell them that if they are stupid enough to give out the password to just anyone, then it's certainly not secure!

      People would show up and type in something that looked like a real password, and then type in another password as a message to me -- along the lines of Fuck You on a Silver Platter, Asshole.

      Hackinthebox.org [hackinthebox.org] posted the site and a pile of gullable flies* showed up to check their passwords. I'm guessing people from HiB would send the site to other unsuspecting people, as a joke. Thing is, eventually some pretty scared people were emailing me. I took it down after while. It was getting to be more annoying than fun.

      There is always someone out there who is greedy or scared enough to be scammed online -- it's just sad when it happens to someone you know.

      * flies: a fly is someone who gets stuck in the web, and a spider is someone who owns it.
    • Actually, what many people don't know is that many businesses don't actually check the expiration date. I've worked with banks before and have discovered that a number of them do not validate the expiration date on credit cards. Blame the incompetent IT monkeys who slinged that code together.
    • "The darwin award exists for those who kill them selves in stupid ways... we need to invent an award for idiots that fall for obvious scams like this."

      Funny you should say that, my first reaction to this was that we should invent some new punishments for these scum-bags that at minimum involves removal of their reproductive organs.

      Both the victims and the perpetrators of such crimes would seem to be a threat to our species.
  • by ergo98 ( 9391 ) on Saturday November 01, 2003 @06:16PM (#7368342) Homepage Journal
    I suspect that a vast majority of spams hit a large number of law enforcement inboxes - it isn't like spammers are selectively making hand-crafted to lists. Of the spams I get (of which there has been a marked increase in the past month), a good percentage are illegal or gray-legal pennystock pump and dumps, PayPal imitators attempting to get your information, or our good Nigerian friends looking for some assistance in rescuing their money.
    • When I had a .gov email address, I almost never received spam, and it wasn't because my email address wasn't available to the spammers, or that the mail server was filtering out spam. I suspect that even the stupider spammers realize that spamming .gov domains is a bad idea.
  • by vspazv ( 578657 ) on Saturday November 01, 2003 @06:17PM (#7368350)
    I can't be the only one that finds it disturbing that the FBI uses AOL.
    • by yintercept ( 517362 ) on Saturday November 01, 2003 @06:24PM (#7368399) Homepage Journal
      I can't be the only one that finds it disturbing that the FBI uses AOL.
      You mean you missed the Time/AOL/FBI merger?
    • by seriv ( 698799 )
      I am surprised the fbi is able to function in the computer world at all. Their internal search was really bad for so long, and the fact that an FBI agent uses AOL comes as no surprise.
      -Seriv
    • I can't be the only one that finds it disturbing that the FBI uses AOL.

      What I found more disturbing was that they don't have any clue about computers whatsoever. I interacted with them once to report progress on tracking an intruder, and to request help. They didn't understand anything I was telling them, since I was using advanced words like "DoS", "packet sniffer", etc. They asked me to mail them my logs... as in print them out an send them by post. They said they didn't have the ability to receive

    • The FBI has "geeks" and like many other geeks in the world just aren't deemed "fit" to talk to outside people! That's what the "lower" scoring field agents are for...duh. It's all about the food chain people.

      That said, even FBI people get to go home sometimes [and contrary to /. opinion they aren't all hot-n-horney doctors or 1-900 addicts] and some of them probably even use AOL. This spammer just mailed the WRONG person. but you're right, normal FBI guys wouldn't have even noticed that the spam was a

  • by ethelred ( 587527 ) on Saturday November 01, 2003 @06:17PM (#7368351)
    An electronic trail of stolen AOL accounts and free Web pages led agents to raid the homes of a professional spammer and a credit card thief, both of whom snitched on Carr, naming her as the ringleader of the operation

    She isn't the only one going down. But, sadly, there are still many more to go...
  • Phish (Score:2, Funny)

    by apraetor ( 248989 )
    Uh oh, looks like Phish has made the headlines AGAIN. Ah well.

    --matt
  • by Rosco P. Coltrane ( 209368 ) on Saturday November 01, 2003 @06:18PM (#7368355)
    a 55 year old woman spammed an FBI computer crime agent. She got caught mailing off a credit card scam to AOL users.

    What this story teaches us:

    - Little middle-aged (well, quite ripe already) ladies are not to be trusted

    - AOL users are idiots, since they are prime targets of even little middle-aged lady spamsters

    - FBI agents too open AOL accounts, which is worrying in a sense
  • No wonder! (Score:4, Funny)

    by l3prador ( 700532 ) <wkankla@gmaTOKYOil.com minus city> on Saturday November 01, 2003 @06:20PM (#7368366) Homepage
    No wonder I get so many email offers for Viagra and low-cost prescription drugs!
  • by Cujo ( 19106 ) * on Saturday November 01, 2003 @06:22PM (#7368381) Homepage Journal

    I've had about 2 e-mails a day of this ilk with respect to my Earthlink account for at least 3 months. A similar scam is in work with respect to Paypal. You don't need to be a total dunce to fall for this, either. Just naive and not savvy with raw e-mail source.

  • by Zuke8675309 ( 470025 ) <ty.zucker@gREDHATmail.com minus distro> on Saturday November 01, 2003 @06:23PM (#7368388)
    The article makes it sound like she wouldn't have got caught if an FBI agent hadn't been a recepient of the email. I hope this isn't the case and that the FBI is taking a more pro-active attack on this kind of thing than what the article seems to say.
    • The article makes it sound like she wouldn't have got caught if an FBI agent hadn't been a recepient of the email. I hope this isn't the case and that the FBI is taking a more pro-active attack on this kind of thing than what the article seems to say.

      The FBI clearly knows this kind of thing is going on, but they can't be bothered to do their job and protect US citizens (to be fair, they are too busy snooping on us and reading our private communications). Heck, you could have reported stuff like this and t

      • Same thoughts I had.

        I used to send crap like this to the FTC all of the time, but now I just send it to them if I accidentally open one instead of deleting. If I am using AOL I ureport the spam using the AOL utility. Does not seem to slow it down one bit.
  • Whenever I hear about these scammer stories I often wonder what the face of scum looks like-- if maybe I could tell it apart from the average car salesman's. So I wonder if this 55 year old woman has got the permanently furrowed eyebrows (like most news anchors), and those squinty, contemptuous eyes.

    --

  • Geez... (Score:5, Interesting)

    by Cytlid ( 95255 ) on Saturday November 01, 2003 @06:26PM (#7368411)
    ... sounds like she got off a lot easier than those caught sharing music via p2p programs. Either the FBI should hire the MPAA or anyone swapping music online should start credit card fraud, it sounds like the lesser offense.
  • See for your selves (Score:5, Informative)

    by littleRedFriend ( 456491 ) on Saturday November 01, 2003 @06:28PM (#7368424)
    AOL Billing center [ciac.org] sample page.

    • My fav line out of that page has to be this
      "Your current information will be stored in a 256-bit encrypted protected server." :)
    • AOL Billing center [ciac.org] sample page.

      Honestly, is amazes me that people fall for crap like this. It always reads like someone in bulgaria wrote it with with an English/Bulgarian dictionary. My favorite misspellings/miswordings are "asterik" and "social insurance number".

    • "Entering Fraudulent information is against the law. If done so on this form you are now hereby notified that AOL will persecute, fine, and charge anybody trying to commit fraud with our accounts.

      persecute:

      1. To oppress or harass with ill-treatment, especially because of race, religion, gender, sexual orientation, or beliefs.
      2. To annoy persistently; bother.
  • by SuperBanana ( 662181 ) on Saturday November 01, 2003 @06:34PM (#7368445)

    Danger Will Robinson, Danger! Rant Ahead!

    Read on SecurityFocus, a 55 year old woman spammed an FBI computer crime agent.

    Great. So what about:

    • the thousands of people getting ripped off daily on eBay
    • the DDoS's against blackhole list services
    • the thousands of script kiddies running loose

    ...? It seems like every day I'm reading about how some guy got screwed over and the FBI/SP/Local cops just didn't give a shit enough to do anything about it, whether it was technology related or otherwise, because it wasn't sexy enough. Crime is crime is crime.

    Case and point, you can pretty much scam anyone outside of your state and get away with it because interstate fraud laws have a $5,000 'ground floor'. That single law is probably the most responsible for the prolific fraud we've ever seen, virtual or otherwise. I could loose $4900 tomorrow and the FBI won't do jack shit. Some FBI nerd gets a scam email any moron would know not to answer, and they call out the swat teams. Faaaaantastic.

    It's like the local cops who don't give a shit if your laptop, your radio, etc were stolen and hundreds of dollars in damage done to your car. But, mind you, they've got all day to sit out on 'speed patrol'...

    • Let me respond to this with two points.

      Crime is crime is crime but there is too much of it and not enough money/resources/people/time to stop it. So you go where your effort has the most impact.

      Cops DON'T care about the little things because they have bigger ones to deal with. It's true. I had to track down a laptop thief myself (and I got my laptop back) because I knew the cops wouldn't do anything about it. When something of yours gets stolen, you need to get on it right away and get it back. Hire
    • I've had things stolen, and had a neighbor whose car was stolen, and had a boss whose car was broken into. You need to move to a better city, because this has been spanning 3 states and I've never had them not care.

      Besides, you may want to learn the difference between a traffic patrol officer and a detective.
    • I could loose $4900 tomorrow and the FBI won't do jack shit. Some FBI nerd gets a scam email any moron would know not to answer, and they call out the swat teams. Faaaaantastic.

      I think you missed the point here. This con artist got caught. It is news because we can all take revenge on spammers vicariously through reading this. It feels better than the end of a bruce willis movie.

    • *bzzzzt* (Score:5, Informative)

      by devphil ( 51341 ) on Saturday November 01, 2003 @07:41PM (#7368689) Homepage


      I hear you on the FBI thing. But consider: somewhere a just-not-worth-the-taxpayer's-money line has to be drawn. The FBI is seriously understaffed. (Go figure. The technologically astute are too proud to work for a measly $35K FBI salary, investigating tech crimes. Nooooo, gotta be making glamourous six-digit salaries on high-visibility programming projects.) But anyhow, the reason I'm posting is...

      It's like the local cops who don't give a shit if your laptop, your radio, etc were stolen and hundreds of dollars in damage done to your car. But, mind you, they've got all day to sit out on 'speed patrol'...

      Unless you live in Andy Griffith Town, the officers who sit on speed trap duty are not the same ones who investigate theft. Different division, different rules, different salaries, therefore a different allocation of officers/resources/time/budget.

      A traffic cop "sitting all day" on watch costs less than an investigating agent spending even half a day looking for stolen laptops chock full o' pr0n. It's harder to hire investigative officers and detectives, it's more expensive to train them and pay them.

      • Re:*bzzzzt* (Score:3, Insightful)

        by oh ( 68589 )

        I hear you on the FBI thing. But consider: somewhere a just-not-worth-the-taxpayer's-money line has to be drawn. The FBI is seriously understaffed

        But how do you cost a crime? If you lose $500 from a stolen Credit Card, well, it's hard to justify a months worth of police time to track down the cuplrit.

        But if say 1,000 people were each defrauded of $500, that half a million dollars obtained illegaly. But each complaint is only $500, too small to be investigated.

        Makes you think, doesn't it.

    • There's a serious disconnect in the priorities of law enforcement, but the correct response is far from clear.

      Consider three cases - a single loss of $10k, a hundred people losing $1k, or 10,000 people losing $100.

      There's no way the $100 loss would be investigated by any law enforcement agency, but it's the largest loss by far. Meanwhile the single loss of $10k is the smallest aggregate loss by far, but most people are going to really feel that loss while the $100 loss is usually (but not always) easily
  • There are so many... (Score:5, Informative)

    by MisanthropicProggram ( 597526 ) on Saturday November 01, 2003 @06:39PM (#7368464)
    Let's see:

    I once received an email with a link that said that I needed to "update" my eBay account with a new: credit card #, my SSN, DOB. The funny thing is I never had an eBay account - ever.

    I was at a hotel in Houston one time and I wanted to use my calling card to call home. After following the directions listed on the phone a few times, i was redirected to some telco that I've never heard of, and someone came on the phone, asked for the number I was calling and my calling card number. He then asked for my PIN. I said no way. He then told me that he couldn't make the call. I hung up.
    Later, at the airport, my card worked perfectly. I wish I got the name of the telco that was blocking access to my long distance company so I could have filed some sort of complaint with the FTC.
    Is it common practice for hotels to block access to your long distance provider so that you have to use their company for help that they charge you for?

    I've gotten so paranoid, I've repeatedly hung up on legitimate calls. It's unfortunate, but this shit is hurting legitimate businesses and making it harder for us consumers to know if we're being taken or not.

    • by eMartin ( 210973 ) on Saturday November 01, 2003 @06:56PM (#7368532)
      After following the directions listed on the phone a few times, i was redirected to some telco that I've never heard of, and someone came on the phone, asked for the number I was calling and my calling card number.

      Maybe a scammer just put his own sticker on the phone when he had the room before you. I doubt that housekeeping checks for that kind of thing.
    • Is it common practice for hotels to block access to your long distance provider so that you have to use their company for help that they charge you for?

      Yes, and it's illegal.

      Complaints should be filed with the FCC.

  • it gets better (Score:5, Informative)

    by monkeySauce ( 562927 ) on Saturday November 01, 2003 @06:54PM (#7368519) Journal
    The 22 year old guy she was working with thought he was breaking the law with a 20-something hottie instead of this 55 year old overweight felon from Akron. He must feel pretty stupid about now.
    this story has more detail [hamptonroads.com]
  • by binarybum ( 468664 ) on Saturday November 01, 2003 @07:01PM (#7368549) Homepage
    I don't get it. Is this all it takes to get spammers busted? Can I just forward the scams and spams I get to this guy and have all these people caught? Why did this only become an issue when it was a personal attack on someone in a position of power to do something about it. What about the rest of us, how can we fight back? And more importantly why isn't the FBI doing more to attack spammers other than when they're personally feeling the heat?
  • But why.. (Score:3, Insightful)

    by adeyadey ( 678765 ) on Saturday November 01, 2003 @07:12PM (#7368589) Journal
    does it take for a spammer to mail the FBI direct before they take action? Surely they must be aware of the volume of scam emails we *all* get, and be taking action anyway?

    Its like waiting for a police station to be burgled before the police take action..

    Some of these frauds are pretty blatent (penis enlargement pills etc), you dont need to be sherlock holmes to track them..
    • Some of these frauds are pretty blatent (penis enlargement pills etc), you dont need to be sherlock holmes to track them..

      Are you saying Sherlock Holmes' little friend was really called Johnson, not Watson?
  • Oops... (Score:5, Interesting)

    by Pan T. Hose ( 707794 ) on Saturday November 01, 2003 @07:20PM (#7368615) Homepage Journal
    I think everyone (not only "spammer") had such an "Oops" in her career. I remember when we counterattacked CIA agents scanning our network... I saw a host slowly and randomly syn/fin/null scanning (something like nmap --randomize_hosts -Tparanoid but with -sS, -sF and -sN changing randomly -- a custom patched nmap or something like that) our hosts, so I answered with directing a broadcast-magnified traffic to its class C (something like "smurf" but with custom tools using UDP and TCP as well as ICMP packets) to disable the offending host, having absolutely no idea that I saturated the backbone of ISP used by a CIA covert operation. Imagine my surprise when I saw agents knocking on my door... Fortunately after I described some of my techniques and explained to them that I am a security professional, not a cracker, they let me go but if I wasn't working for the government at that time I probably wouldn't write this now. I wonder what stories other slashdotters can tell about their biggest "Oops!"
  • "Her scam targeted AOL users" nuf said
  • by Anonymous Coward
    The lady should have modified the scam a little bit, because it looks like the original scam was against Sympatico users in Canada. That explains the SIN. More reading [globeandmail.com]
  • by 3ryon ( 415000 ) on Saturday November 01, 2003 @07:46PM (#7368713)
    me: I've received 3 scam e-mails today which are trying to get me to give up my credit card number. Do you have a special card number I can give them that will set off an alert when someone attempts to use it, so that you can apprehend these people?

    CC Company: No, but that sounds like a great idea.

    me: Yes. Now do something about it.

    What do you think the odds are that the idea ever got past the person I talked to on the phone?
    • haha, I was talking to an Executive ofr a CC company at a financial event and suggested the same thing. He thought it was a good Idea to. that was 9 years ago.

      based on that, I'd say the odds are pretty damn slim.

    • by KalvinB ( 205500 )
      Eventually the scammers would figure out what numbers were red-flagged and not use them. All they would need is a CC account and they'd be right on top of the fake numbers just like every other customer.

      I got a very official looking e-mail from "PayPal" asking for all my information. Then I noticed the URL and that my password wasn't getting asteriked and typed in "howwouldyouliketogotoprison" in the entry fields and hit submit. I also e-mailed PayPal and within minutes the site was gone. I doubt I was
    • Actually, there are poison numbers in some credit card databases, that if are used, will redflag that as being stolen-card activity. I don't recall the details, but this was used back in the era when they mailed blacklists to merchants, who then had to manually check your card against it before they were allowed to take it. (1970s-80s)

      The problem with the general public having its own poison number for inputting into scam forms, is that someone with a grudge could input said number into legit forms, and ca
    • Do you realize that the person you talked to is probably a wage slave working in an outsourcing company you may have never heard of in a country you've never been too? In most cases the agent you talked to probably had no way of actually communicating that request with the actual company they represent.

      I work in such a company - while I don't work on a financial contract there are several in the office I'm in for banks everyone of you has heard of.

      In many countries they don't have as many privacy laws as
      • In many countries they don't have as many privacy laws as the US does.

        The US has privacy laws? You mean the ones that allow companies to sell the information they collect on you, without your permission? And the ones that have no requirement for companies to protect said information against theft by outside agencies?
        Yes, those're mighty impressive laws.

        If you want to see privacy law, try looking at New Zealand's Privacy Act, or some of the European legislation. The US may as well not bother pret

  • By providing no way to authenticate themselves in a secure manner and by contacting their customers asking for sensitive information. Happens to me all the time. I never got a scam attempt that was even remotely plausible.

    On some occasions I have said I would call back so that I would be sure of their identity, and they get upset. (Yes, from a legitimate business calling for a legitimate reason).
  • Caveman eats poisen berries, caveman dies. Friends of said caveman discover berries were to blame for death, note that no one should ever eat the berries. Another caveman comes along, fails to read the large warning signs posted outside the forest. He eats the berries and dies. Original caveman's friends laugh. The End If you ask me, such obvious scams shouldn't be shut down. Instead they should be allowed to eliminate societies stupider members. -SniperBoB-
  • So, the obvious question is: why can't they catch these people on-duty? Why does it take a spam email directly to an FBI agent to get action?
  • by arose ( 644256 ) on Saturday November 01, 2003 @08:13PM (#7368844)
    Why email millions of inteligent people, when all you need to do is to set up an "Free IQ" test, that delivers results via email...
  • Light punishment? (Score:3, Insightful)

    by EvilStein ( 414640 ) <spam@BALDWINpbp.net minus author> on Sunday November 02, 2003 @01:38AM (#7369936)
    "Carr's sentence will be determined by the amount of fraudulent charges racked up on the stolen credit card numbers -- with a maximum of five years. But the guidelines also dictate that each credit card be valued at a minimum of $500.00, a formula that helped boost Carr co-conspirator George R. Patterson's sentence to 37 months in prison, according to Patterson's attorney."

    That's it? 37 months in prison for her cohort.
    Yet the RIAA is trying to hit people for $150,000... and Ashcroft wants "hackers" sentenced as terrorists and put in jail for LIFE.

    Want to stop identity theft? Jack up the jail term..big time. 3yrs in jail for stealing a ton of credit card numbers is pretty weak.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...