Introducing the Advance Fee Fraud Loan Scam

I recently have seen a new scam hitting Facebook and my Inbox - the "Loan Scam".

How it works:

Example scam from Facebook

A random person on the Internet offers you a loan, over Facebook or Email. The loan offers extremely low rates, and promises that since it's not a bank, only a few documents are needed, and that they lend to anyone regardless of credit.

Once you express interest, you'll be asked to provide some basic information. They may or may not ask for information which can be used in identity theft, such as Social Security number, or bank account numbers.

Eventually, you'll be asked to pay some sort of "processing fee". In fact, you'll probably find yourself being requested one fee after another, until you finally realize that you're being scammed.

It's very unfortunate that this scam targets those who are already having financial difficulties - because it ends up making their situation even worse.

It's important to make your friends and family aware of these scams, so that they don't fall for one of these scams.

419 Scammers Target Victims of 419 Scammers...

I got this email today.  Really made me chuckle...

Economic And Financial Crimes Commision
No.5, Bill Clinton Crescent, Off Adetokunbo Ademola
Wuse II, Abuja, Nigeria.


ECONOMIC & FINANCIAL CRIMES COMMISSION (EFCC).in collaboration with United Nation, (UN) and United State GOVERNMENT.


Attention: Beneficiary

SCAMMED VICTIM/ $2.5million COMPENSATION FUND-REF/PAYMENTS CODE: 06654.

We were delegated by Economic and Financial Crimes Commission [EFCC] Nigeria in conjunction with the United Nations to pay 200 Americans, Asia, Europe countries etc, In view of this recommendations, I want you to know that during the last UN and EFCC meetings held in Abuja Nigeria, it was alarmed so much by the rest of the world in the meetings on the loose of funds by various foreigners to the scams artists operating in syndicates all over the world today.

In other to retain the good image of this great country, the president (Goodluck Jonathan) has instructed the immediate compensation payment of $2.5million each, to each scam victim through Guarantee Trust Bank, which is the approved Bank that will be responsible for your compensation fund transfer and issuance of International certified bank draft via under funding assistance by the Central Bank of Nigeria.

85 scam victims who were scammed by scam artists/perpetrators has been paid sum $2.5million each so far, and you are listed and approved for this payments as one of the scammed victims.
Kindly contact EFCC foreign operating assistant commissioner Mr. Mike Johnson for your compensation fund release.

Email: edujlgs@ig.com.br
Phone: +2348037165537

Option 1: Fund through Bank Transfer,

1 Your bank name:
2. Bank address:
3. Your account number:
4. Routing number:
5. Swift code/IBAN:
6. Beneficiary name:
7. Phone/Mobile no:
8. Address:
9. Nationality
10. Gender
11. Occupation
12. Age
OPTION 2: to receive fund through International Certified Bank delivery, fill in the listed details below:

(1) Full name:
(2) Delivery address:
(3) Direct mobile/ phone /fax:
(4) Occupation
(5)Gender
(6) Nationality
(7) Age

You are hereby warned not to communicate or duplicate this message to anybody in email exchange for any reason or whatsoever, EFCC in support of the US secret service is already tracing tracking the criminals for your own good make sure you stop dealing with scammer and imposter, and also make sure you forward the daily scams letter you received to us be warned.

Yours faithfully,
Danson Bowell, DE-factor Chief Compensation Officer

Target Customers' Credit Cards Now Available on Black Market

If you shopped at Target any time between November 27th and December 15th, cancel your card now. Target is giving very bad advice that you won't be held responsible for any fraudulent transactions. Even if caught, fraudulent transactions could quickly become a complete nightmare, resulting in the inability to pay bills or buy groceries.

As an update to my post  Target Should Offer Free Credit Monitoring for Impacted Customers, customer credit cards have now been posted to the black market.

This is in complete contrast to statements previously made by Target claiming that there is no reason to cancel your credit cards.

Target is now claiming they will offer free credit monitoring services for everyone affected. If you shopped at Target during this time period with your credit or bank card, you should hold them to their word on this.

Target is also offering a 10% discount to customers who shop on the 20th and 21st. Personally I think this is a slap in the face to their customers, and many will have a hard time shopping and they probably won't have a credit card anymore, since they should cancel their card and have the bank issue a new one.

Target Should Offer Free Credit Monitoring for Impacted Customers

In case you haven't heard, Target has been the victim of a massive network breach potentially impacting all credit card customers who shopped between November 27 and December 15 of this year, including Black Friday.

Normally when this happens, organizations try to make amends with their customers, often with free credit monitoring and identity theft protection for a year.

However, Target has chosen to take a potentially more damaging route (from a PR perspective), and simply direct customers to monitor their own accounts and request a free credit report.

Now it is understandable that Target is hesitant to do so, since credit monitoring services could potentially cost between $100 and $200 per person. Since 40 million customers are affected, this means Target would need to take a loss between $4 and $8 billion. According to MarketWatch Target's yearly profit has been approx. $20 billion. This would significantly impact their bottom line - but the potential loss of customers could be even more damaging.

Target - the ball is in your court. This could potentially make or break your company. Do you want to do the right thing and provide credit protection for customers? Or do you want to risk tarnishing the Target brand forever?

For historical reference, T.J. Maxx was forced to provide credit monitoring for customers.

Note: The blog author's family is most likely included in the list of affected customers.

Hurricane Sandy Fake Webcam - A Social Engineering Experiment

Yesterday I decided to perform a bit of a social engineering experiment on USTREAM.

I provided "live" coverage of Hurricane Sandy from space.

The Anonymous Lies Keep Building - GoDaddy and Apple

UPDATE 9/11/2012: Anonymous Own3r is a fraud.  The GoDaddy outage was caused by an internal router issue, and not a hacking or denial of service attack. 

EDITOR'S NOTE: As of writing this article, "Anonymous Own3r" has not provided proof that he/she was responsible for this attack.

Earlier this year I wrote about an Anonymous plan to take down the internet through a massive Denial of Service attack against the root DNS servers, and how to take steps to avoid being affected.  However, this attack never impacted anyone.

Today a member of the group Anonymous, who goes by "Anonymous Own3r" claimed responsibility for knocking GoDaddy's DNS servers offline.  According to the hacker fraudster, he/she acted alone in this attack, and it was not assisted by the Anonymous collective.  However, no explanation has yet been posted as to how he/she took down GoDaddy's DNS servers further investigation reveals that Anonymous Own3r is a fraud, and was not responsible.

This revelation comes on the same day that it was revealed that leaked Apple device IDs were from a US company BlueToad, instead of the FBI, as Anonymous has claimed.

According to Netcraft.com the GoDaddy outage lasted approximately 3.25 hours, and affected eight out of GoDaddy's ten hosting locations.

While the percentage of the Internet affected by this attack is not clear, what is clear is that the thousands of web sites and email servers hosted by GoDaddy went dark today during business hours, wreaking havoc on businesses relying on GoDaddy for their web and email presence.

Does your Disaster Recovery Plan and Business Continuity Plan include massive outages by your hosting provider?  If not, now would be a good time to add it, especially if your organization relies on web and email for your critical business functions.

Related Reading:
Solution Brief: Disaster Recovery
Pre-Testing Disaster Recovery and Business Continuity Plans
Recent Lessons in Disaster Recovery

Mission Critical (FREE Subscription!)

The Lottery Scam - Jeani's Story

Advance Fee Fraud scams don't always come through email.  This is a true story from a friend.

During the holiday season in 2008, Jeani received notification that she had won a lottery in Russia.  This notification was through postal mail, and included a $6,000 check.

The scam offered Jeani $25,000 in exchange for her cashing the $6,000 check and returning the money via Western Union within 24 hours.

Luckily Jeani suspected this was a scam.  Continue on to read the rest of her story...

Research Project: To Catch a Scammer

My first featured research project on this site will be "To Catch a Scammer".  I'm sure you've heard of NBC's To Catch a Predator.

The idea behind this research project is to examine internet scams and frauds, such as Advance Fee Fraud aka Nigerian 419 scam, auction scams, stock scams, etc.

I am currently researching the techniques used by Advance Fee Fraud scammers.

Surely this will be filled with fun.  I'm already conversing with one of the scammers, and will be uploading some rather interesting findings soon.