A Trojan from Nigeria

Cybercrime has moved on from amateur teenage hackers to a sophisticated business run with all the trimmings

Recently, the email account (Hotmail) of Kumar Ketkar, editor of Marathi daily Loksatta was hacked into, and the hackers sent out fraudulent mails to his friends and acquaintances asking for money. Fortunately, all these people called him and found out that it was a hoax created by cyber-criminals.

I checked with Mr Ketkar and he told me that he received a mail asking him to verify his name, date of birth and password immediately, failing which his Hotmail account would cease to exist within 48 hours. The overall 'get-up' of this mail looked so authentic that Mr Ketkar innocently gave away his data by clicking on the link. He has been using this email account since 1998 and was even paying $10 per month for usage in the initial days of this email service. For someone like Mr Ketkar, the loss of data and contacts matters more than the loss of his email ID. However, he told me that he may get access to his mail account very soon.

But the point is, I am surprised by the language used in the verification mail sent by the hackers—they are becoming really smarter day by day. Otherwise, how can someone well-learned like Mr Ketkar get fooled so easily? Generally, mails from spammers and hackers have followed similar wordings like signing off with ‘Mr XYZ’, which nobody with some knowledge of manners would use. Also, the hackers used to trick you by inviting you to share their 'fortune' or via an online lottery. (Read more about Nigerian scams, here). But now, I can say that these hackers have become more sophisticated.

The hacking of email accounts and then using them to siphon off money from contacts and selling 'earn-from-home kits' have now become the new modus operandi of criminals. There have been some instances in India where Nigerian hackers befriended some locals and used the contact individual’s bank account to siphon off the money sent by victims.

Carl Leonard, senior manager, Websense Security Labs, had said, “A new wave of scams has emerged using a combination of legitimately bought advertising space, false news stories and the lure of job opportunities with well-known companies. This aggressive campaign, which preys on a population weakened by the economic downturn, demonstrates how cybercrime has moved on from the spotty teenage hacker in his bedroom to a sophisticated business run with all the trimmings.” 

According to a recent report by online market research company Juxtconsult, the burgeoning online landscape has a population of 49 million Internet users in India, out of which 44 million use emails and close to 25 million browse the Internet every day. On any given day, AVG, the free antivirus services provider, estimates that around 8 million to 14 million unique users worldwide are exposed to social-engineering scams.

So how can you protect yourself from such scams? There are some very basic, simple steps that you need to take to start with. First, never ever give away any information by clicking on a link. If at all you need to update your personal information on any particular website, do it by typing the default address of the site manually and then proceed to the respective link. Second, use strong passwords (Know how to create robust passwords here) and change them frequently. Ideally, any online password should be more than eight characters long, must contain numeric and special keywords like—!, @,#,$,% etc.

Third, whenever you get some link that asks you to verify your personal information, check the credentials of the link. Copy the link and paste it in your search engine. Most often, you will get necessary information in the first search window—otherwise just delete other words, except the name of that linked site and you may find out whether it’s genuine or fake. I would advise you to use Mozilla Firefox with plug-ins like web of trust (WOT), no scripts and cool previews. With the WOT plug-in, whenever you enter any phrase or word in the Google search window, if the link is genuine or trusted, you will see a green circle on the right side of the link. The colour of the circle changes with the authenticity of the link, so you would know what not to click.

There is one more method, if you can find out the IP address of the link, then simply log into www.maxmind.com that offers geo-location and online fraud prevention services. Here you will know the location of the site, its ISP and the organisation which is using that IP address.

Similarly, you can go to www.scamomatic.com and check the contents of your mail for possible scams.

For those who have received mail asking for help, if you know the mailer, just pick up the phone and call that person, and if you don’t know the mailer, then why bother? Just delete the mail.
 

Comments
Ketan B
1 decade ago
One of my freind who was on a overseas assignment in Germany got a mail offering him a job in UK that pays astronomical sums. I got sceptical when he reffered that mail to me, and I found after initial cross-checking that the its a total scam. He got disappointed initially but was ultimately happy that he did not fall prey to the scamsters pretending to offer salivating offers.
Shadi Katyal
1 decade ago
Such mails in name of Punjab National Bank. Bank of India had been sent all over but if anyone has fallen for such Fraud , it is carelessness.
even today there was a mail in my box from Yahoo of similar type.
Other days there was one where Indian Income Tax Department ws giving away $250.60 Rupees to you by bank transfer. If you are greedy and do not note that it said $ and Rupees both mean the fraudster did not know Indian currency.
There is lot of lottery money being offered which is nothing but FRAUD and letters might have name of any reputable company.Even UN and World Bank has not escaped of their names being used.
Deleted it and forget there is no Goild pot at the end of Rainbow
Free Helpline
Legal Credit
Feedback