Green Eggs and Spam? E-Mailed Scam Gets Into the Wrong Hands

FBI Homepage ^ | Friday, December 19, 2003

[Kaslin]

Talk about bad luck! A previously convicted felon from Ohio and an Internet addict from Pennsylvania met in an online chat room and soon joined forces to operate a profitable spamming venture. The pair sent hundreds of e-mails world-wide that tricked people into giving out personal information--also known as "phishing." But they made one mistake--one of their "marks" turned out to be a Norfolk, VA, FBI Agent who received the e-mail on his home computer. And this was not just any FBI Agent--he was a specialist in computer crimes!

The duo, who had never met in person, exchanged information on "spamming" (sending mass unsolicited e-mails) and "carding" (using stolen credit cards). Through various schemes, the pair got their hands on a large online service provider's customer user names and passwords, allowing them access to that provider's chat rooms where they unleashed several spamming programs, including a particular one known as "Green Eggs and Spam." The company's subscribers were flooded with spam messages claiming to be from "Security" asking for updated credit card information and linked to a phony "Billing Center" web page. But in fact, the info went to web-based e-mail accounts accessed by the pair. Unfortunately, many customers--believing the e-mail to be legitimate--obliged by sending their personal information.

One customer who didn't fall for the scam was the Norfolk FBI Agent. What made the Agent suspect the e-mail? He had just created the e-mail address literally a minute before the e-mail reached his inbox and he knew there no way to have contact on an e-mail that had existed for only a matter of seconds. When he clicked on the link in the e-mail, he noticed that his browser was going to a non-company web page--another red flag. He could also tell that the e-mail sender's address was fake and the message was sent to almost 20 other users at the same time. The Agent sent a copy of the phony web page to staffers in what was then the Bureau's Special Technologies and Applications Unit of the National Infrastructure Protection Center to confirm his suspicions--and they did.

The investigation eventually uncovered the electronic trail of stolen accounts and free web pages... and ultimately to the identity of the two main culprits. One has already been sentenced and the other is currently awaiting sentencing. One of the computers used in the scam was found to have over 400 stolen credit cards numbers on it.

These types of "phishing" e-mail schemes have been steadily on the rise, but on 12/16/03, President Bush signed the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (or the CAN-SPAM Act) to federally regulate spam. Under the new law, the Federal Trade Commission is authorized to set up a "do-not-spam" registry, and violators face multi-million dollar fines, jail time, and could be sued for damages.

[Kaslin]

I thought this was quite interesting

[martin_fierro]

I STILL get a chuckle out of the spammer Rodona Garst / Man In The Wilderness story.

[Trampled by Lambs]

I just got one of these recently. It claimed to be from Citibank and wanted my card number and my PIN to "verify my email". Of course, I knew right away it was a scam, right down to the spoofed address which appeared to be authentic but wasn't, of course.

I almost sent a reply to laugh at the sender and ask how many chumps actually are dumb enough to send him the info but was afraaid of getting my address added on to yet more spam lists.

I saved the email though (see below if interested and you want to know what to look for..I removed my email addy)and wouldn't mind finding somewhere to send it for investigation.

BTW, I wouldn't click on the link, you never know what you might be linking to.

-=-=-Phoney Email Scam-=-=-
Dear Citibank Member,

This email was sent by the Citibank server to verify your e-mail
address. You must complete this process by clicking on the link
below and entering in the small window your Citibank ATM/Debit
Card number and PIN that you use on ATM.
This is done for your protection -- because some of our members no longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account,
click on the link below. If nothing happens when you click on the
link (or if you use AOL), copy and paste the link into the address bar of your web browser.


http://www.citibank.com:ac-FZZ24fJlIb8WEJQWZXwm@jq8dzhjey.Da.rU/?OX3YecGXoJp4Jo7">http://www.citibank.com:ac-FZZ24fJlIb8WEJQWZXwm@jq8dzhjey.Da.rU/?OX3YecGXoJp4Jo7

---

Thank you for using Citibank!

---

This automatic email sent to: myemail@net.com
Do not reply to this email.

R_CODE: OEQbn3ijH3cE39aqZ7uX

[Kaslin]

What business is it of Citibank or any bank what your password to your email address is? This should definitely raise a red flag

[anonymous_user]

If you get one of these, go to samspade.org to decode the Web site address.

Your address
http://www.citibank.com:ac-FZZ24fJlIb8WEJQWZXwm@jq8dzhjey.Da.rU/?OX3YecGXoJp4Jo7"

That actually goes to jq8dzhjey.da.ru which then loads a page at lovedrive.kir.jp which looks exactly like the Citibank page or perhaps is a proxy that can read your information.

Long story short, don't fall for these B.S. letters. A little research will expose them as frauds, and when in doubt, ignore them. If Citibank was really threatening to cut a person off or give them a $1000 prize, don't you think they'd CALL or send it on PAPER?

[Calpernia]

This is actually the best spoof site I've seen yet.

In my browser address space it says www.citibank.com

Only by viewing in the task bar below can I see the true site address by hoovering over it:

http://www.citibank.com/domain/redirect/cbna/global_nav/pands.htm?BVE=http://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/&M=S&US&_u=visitor

web.da-us.citibank.com

Wow, this is bad.

[Trampled by Lambs]

Yes, they're pretty good. I could see how someone might be convinced.

But the biggest red flag for anyone should be that the bank will NEVER ask for your PIN. Why would they? They can look it up on their computers if they actually needed it (which they don't, unless you forget it and they look it up for you, I suppose.)

[Indrid Cold]

Great story, but *damn*, nasty pop-ups.