In this interview he talks about cunning scamming techniques and their evolution.
What are some of the most clever scamming techniques you've seen in the past few years?
December 2010: Christmas was an interesting proposition for Amazon merchants not paying attention to their sales. A program appeared designed to create perfect copies of Amazon sales receipts - the scam being that the ‘order’ was missing and the merchant would have to send out a replacement.
The key to success was worrying the merchant enough to cause them not to check their sales correctly (who would assume somebody made a fake receipt generator in the first place?) and to take them outside the safety net of Amazon itself - the more "unofficial" the method of issuing a replacement, the better. A very unusual tactic, and we've since seen various fake receipt generators aimed at multiple products and services.
March 2011: Scammers taking aim at the Japan Tsunami disaster sent out fake Red Cross emails asking for donations. The difference here was that the scammer asked the end-user to reply to an email address using the real Red Cross UK domain to appear legitimate, but CC'd a fake address "in case spam filters reject the message". Asking victims to potentially mail a real, legitimate entity while copying in an unrelated free email account is a very clever thing to do and would catch many people off guard.
July 2011: Whaling - the practice of stealing another phisher's phished logins - became an appealing prospect in 2011 with the arrival of an "autowhaling" program which claimed to scan common website locations for login drops. Unfortunately for would-be scammers, the autowhaler in question turned out to be a password stealer dabbling in gaming accounts, IM logins and stored browser passwords.
While fake infected apps are a rather old feature of the web, presenting a lazy phisher with the promise of untold stolen accounts is a hook too good to resist for the would-be scammer.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.