Researcher finds major phishing flaw in Yahoo network
Read More… (From Phishing News)

You got to give scammers credit where credit is due. This latest wave ofe-card spam at least exhibits some imagination on the part of the sender: At first it was from a friend, then a colleague, then a classmate; now…
Read More… (From loose wire blog)

“Excel is a natural progression after the recent spate of PDF spam, which itself is a natural development from basic image spam”

July 23, 2007 — Pump-and-dump stock scammers have begun using Microsoft Excel spreadsheets to deliver their get-rich-quick schemes, another in a series of moves they’ve made trying to slip past anti-spam … via ComputerWorld
Read More… (From Email Spam News)

Last November, Christopher William Smith, known as “Rizler” was convicted of running an illegal online drug operation.

Today, SpamSuite placed the legal documents on-line for all to read. Highlights include Smith’s request for a new trial, the detention order placing him in solitary with limited visitation rights, the sentencing document that lists Smith’s long career as a scammer.

Long before Christopher Smith established his illegal online pharmacy, he was already an experienced Internet scam artist. Beginning at least in the 1990s, when he was in his teens, and continuing well into his 20s, Smith sold a wide variety of dubious if not outright fraudulent products through large-scale unsolicited email (spam) campaigns. The products Smith spammed included human growth hormones, penis enlargement pills, phermone concentrate, and an online gambling casino (in which winners were not paid their winnings). Smith also set up a fake escrow service to receive proceeds from the purported sales of Dell laptops and plasma TVs. Customers who paid Smith never received any product. On November 20, 2002, one of the victims of his scams, Time Warner, obtained a permanent injunction against Smith, his business at the time, Rizler, Inc., and others from the U.S. District Court for the District of Minnesota (Case No. 0:01cv1077 (DDA/FLN)), enjoining them from selling cable TV descramblers which illegally stole cable signals. While there were very few laws governing spam email campaigns until the CAN-SPAM act was passed in late 2003, Smith nonetheless engaged in a wide-variety of illegal activity surrounding his spamming endeavors. For example, in addition to defrauding customers out of their money as discussed above, Smith stole email accounts and used computer programs to obtain customer account information and passwords. He also set up fake email accounts using stolen credit numbers, and in turn used those fake email accounts to spread his spam.

Other scary information: Smith took in on the order of $24 million, most of which he was able to hide from authorities. He paid $1.1 million in cash for a house. The techniques he used to illegally communicate with his associates from jail are also fascinating. The death threats are a little scary.
Enjoy your weekend everybody.
Read More… (From The Spam Diaries)

A former spammer known only as “Ed” or “Spammer X” has been talking about spam at an event hosted by Ironport Systems. I know I’m going to Hell, Spammer X told the assembled attendees, before making a plea for them to think of him as a nice guy, really.
Read More… (From Spamnation)

Just in from SpamSuite: Marat Nigmatzyanov, Yevgeniy Leshchinskiy and MySpace have agreed to the terms of a permanent injunction. The injunction covers about what you’d expect: Nigmatzyanov, Leshchinskiy, and anybody working with or for them are permanently enjoined from accessing MySpace, from helping anybody else access MySpace illegally, having ownership interest in any entity that attempts to access MySpace illegaly, from phishing MySpace accounts, from helping anybody else phish MySpace accounts, or from having ownership interest in any entity that attempts to phish MySpace accounts.

Meanwhile, Scott Richter has obtained a new local counsel. Documents don’t explain why Richter changed lawyers.

See my post from January, Details in the MySpace vs Richter case, for more.

Bonus: A search on Marat Nigmatzyanov turned up this GetAFreelancer.com page in which he solicits for assistant spammers to attack Craig’s List.
Read More… (From The Spam Diaries)

Last month, scam and fraud spam surged to 14% of total spam traffic, up from 9% in March according to Symantec. Overall spam levels remained consistent in June, at about 65% of basic e-mail traffic, and image spam declined.
Read More… (From Spam News)

1. Phish an hotmail acount.2. Send email from the stolen acount to all the friends listed for the person, saying you are stuck in Nigeria and are in an emergency, asking your friends for money to be wired.http://www.rediff.com///news/2007/jul/16tps.htmHillarious!(thanks Suresh)Gadi Evron,ge@linuxbox.org.
Read More… (From SecuriTeam Blogs)

OK, here’s a new one for the books. You have to admire them though.

Here’s how this retelling of the classic Spanish Prisoner scam works: somebody breaks into your hotmail account, most likely by phishing. They then send an “emergency” email to everybody on your contacts list claiming to be you. The email says that you were attending a conference in Nigeria, and that you’d lost your passport, tickets and money. The letter asks you to wire some emergency money to your friend in Nigeria. Step three, profit!

See this article in Rediff: Nigeria Calling: Indians Beware.
Read More… (From The Spam Diaries)

“This latest step in the Commission’s anti-spam initiative is intended to protect investors from fraud artists who would treat the investing public as their personal ATM machines”

A Katy man faces organized crime charges in connection with an alleged scheme to sell worthless stocks over the Internet, according to the Texas Attorney General’s Office. via Houston Chronicle
Read More… (From Email Spam News)

I recently gave a talk at Google recently entitled “Drive-By Pharming and other WebSec Bummers.” I talk about the previously publicized drive-by pharming attack, and also other related web 2.0 issues, giving an overview of what we think the problem boils down to.

Read More… (From Stop-Phishing @ IU)

Federal regulators filed civil fraud charges Monday against two Houston-area men, accusing them of hijacking personal computers to send out spam e-mails and bilk investors out of $4.6 million. Separately, state and local authorities announced indictments charging Darrel T. Uselton and his uncle, Jack E. Uselton, with engaging in organized criminal activity and money laundering.
Read More… (From Spam News)

Openmind Networks, a global pioneer of messaging router solutions today announced that they have released the latest version of Protect for the mobile wholesale carrier community. via PR-inside.com
Read More… (From Email Spam News)

419 spoof turns real

Nigerian comedian and actor Nkem Owoh was one of the 111 suspected 419 scammers arrested in Amsterdam recently as part of a seven month investigation, dubbed Operation Apollo.
Read More… (From The Register - Security: Spam)

Spoof turns realNigerian comedian and actor Nkem Owoh was one of the 111 suspected 419 scammers arrested in Amsterdam recently as part of a seven month investigation, dubbed Operation Apollo.Original post by Dougal and plugin by Elliott Back
Read More… (From The War on Spam)

The Bank of Ireland is the latest target of a phishing scam.
Read More… (From Phishing News)

Phishing and identity theft will be two hot topics at this year’s CeBIT IT fair in Hanover.
Read More… (From Phishing News)