Monday, February 9, 2026

OSF - 2.20 - scams - organized

OSF - 2.20 - scams - organized

Now, at this point, I want to fulfill my promise to talk about how criminal enterprises, in terms of online scams and frauds operate.

First of all, all the stuff all the movies and TV shows that you have seen about rum runners during the Twenties and the Great Depression, and all the movies that you have seen about drug traffickers in the more modern age, will not be particularly helpful.  This is not about Vinny and his gang walking into a shop, and saying to the owner, "Nice bridal salon you got 'ere gov'n'r.  Be a pi'y if somebody stampeded an herd of cattle through it."

Criminal gangs of all sorts tend to have contacts with each other.  And, of course, some of them will specialize in certain areas, and can sell this expertise to other criminal gangs, who may need that particular service, while operating in a related sort of business.  So, it is entirely possible, and even probable, that gangs who are in the business of drug trafficking, human trafficking, and other elicit activities of that type maybe using the services of specialists in online crime.  For one thing, human traffickers will probably turn to scammers and spammers in order to identify targets that they will want to kidnap, or to advertise false recruiting services.

However, in terms of protecting yourself, it is probably more useful to know that the tasks involved in committing a fraud, and then stealing from someone, laundering the proceeds, or extracting a value from a credit card or a gift card involve a number of different specialties, with different specialized specialists performing different functions in the overall theft.

In the case of the theft of credit card information, your credit card is probably not simply going to be duplicated.  Once you realize that false charges are being made on your credit card, you will probably simply call the bank and cancel that credit card, and be reissued a new one.  Therefore, the credit card will only have value for a short time.  Instead, the organization, which may not be completely under one body, but may be an amalgamation of a number of different groups, each specializing in a different task, may have some people who specialize in social engineering, and therefore handle the fraudulent calls made to you, the people who take the credit card information, and, fairly quickly, make purchases of resaleable items, and have them shipped to people to hold for resale.  The people holding the goods, the people to whom the goods are shipped, and therefore the people who are identifiable in the fraudulent transactions, are, in all likelihood, not criminals at all.  They are, themselves, victims of fraud, recruited by yet other specialists, who have convinced them that they are a part of a legitimate home based business, receiving merchandise, which has been purchased off the Internet, and then reselling and reshipping the merchandise to people who want to buy it.  The management of these holding and reshipping parties, is yet another criminal specialty.

Similar things may happen with regard to gift cards.  If the gift cards are from shops, once again, holding parties, and reshippers, may be dispatched, with the gift card numbers, to purchase resellable items from those shops.  Other types of gift cards will have different means of extracting the value from the card, and laundering the financial benefits.

(These are not the only processes, functions, or specialties that are used in the commission of online frauds.  But these things happen behind the scenes, and knowing about them doesn't help you very much in taking precautions or protecting you against fraud.  The most important point to take away from this is that you are not only up against the person on the phone with you, but a number of others, whom they may not even know.)

As I said, the old movies about rum runners, and the newer movies about drug smugglers, are not very helpful in this in regard to understanding these systems.  However, there is one movie that I can recommend: "The Beekeeper."  Yes, for most of the run of the movie, it's your standard shoot-'em-up.  But, right at the beginning of the movie, there is a five minute segment that really does explain how some of these online fraud organizations work.  The scene has the leader of one such group training conducting a training session for the actual call takers, and goes, step by step, through one particular way of getting someone to install malware onto their computer, and allowing the organization to get access to bank accounts.  (Here ae two versions of video clips from that scene in the movie.)

There are a couple of points that I need to make, but need to be very careful about making.  The first is in regard to theft from bank accounts, and banks.  I am quite sure that just about everybody who works in any banking and financial institution that you will ever encounter are nice people.  However, The Bank, as an entity, is not run by those people. The Bank, as an entity, is run by the owners of the bank, and by policies and procedures.  The people that you will meet, at the front lines, are subject to those policies and procedures.  And The Bank, as an entity, and the people who own The Bank, hire lawyers, and pay other lawyers on retainer, to stay up nights, writing those policies in order to ensure that, if it is a matter of The Bank losing money, or you losing money, The Bank is not going to be the one who loses money.  While the people that you deal with on a daily basis at the bank may very well be very nice people, when it comes to you losing money The Bank, as an entity, very profoundly, does not care.  When The Bank talks about security, it is *their* security that they are talking about.  Yes, I know, The Bank, even as an entity, will make all kinds of statements about keeping your money safe.  And, The Bank, even as an entity, is trying to do that.  But, as I say, if it is a matter of you losing money, or The Bank losing money, The Bank is not going to lose money.

This comes into play in some very interesting ways.  I frequently tell people, in my seminars on online fraud, to prefer using credit cards, to debit cards.  Many people don't even know what the difference is between a credit card and a debit card.  And, the differences in charges to the merchants, have ensured that merchants are making every effort that they can to encourage people to use debit cards, rather than credit cards.  I am on the boards of enough charitable organizations to know that the differences in fees charged, when somebody pays their annual dues with a credit card, versus when they pay their annual fees with a debit card, to understand why merchants do this.  The thing is that credit cards, in Canada at least, provide you with an extra layer of protection.  If somebody makes a fraudulent charge on your credit card, the law in Canada ensures that your liability for that fraudulent loss is limited.  If somebody makes a fraudulent withdrawal using your debit card, that money is gone.  You will not get it back.

The other point that I have to make with regard to the organization of online fraud, is with regard to nation state actors.  Yes, we have had the idea that hackers, and we tend to believe that the online fraud is committed by hackers, are loners, living in a basement somewhere.  With the organization of online frauds and scams, that tends to not be the case any longer.  These are businesses, even if illegal and illegitimate, and tend not to be conducted by loners, but by groups.  Some of the groups may be quite small.  But some of the groups may be quite large.  And, in some cases, there are various nations which have come to terms with this, and even employ these groups that are involved in frauds and scams.

And this is where I have to be careful, because every time I talk about this, somebody thinks that I am making political statements, and blaming certain countries.  I am not trying to be political about this.  Yes, I do identify certain countries, because that is where the facts point.

The facts are that, because of the organized nature of online frauds, and the variety of specialties that are in use, and the extra layers of protection that communicating across jurisdictional boundaries provides to the groups who are operating in this criminal area, groups of criminals involved in the various specialties of online fraud exist around the world, and pretty much every country.  But there are certain countries where the governmental authorities have seen benefits in making connections with these groups.

How do I know this?  Well, I work in information security.  A lot of the technologies that we use are either used by, or of great interest to, people who are working in the intelligence communities.  No, nobody has ever been foolish enough to give me any kind of security clearance.  After all, I'm a teacher.  It would probably be a bad idea to give me actual classified information.  But, I have an awful lot of colleagues, who are working in the intelligence communities, and I've even taught some of them.  Let's face it, a lot of my friends are spies.  No, they are not going to give me classified information.  However, we do discuss related issues, and, while they are not going to give away any secrets to me, you can pick up an awful lot by listening, and, when you make observations about these kinds of things, in that kind of world, sometimes your friends are good enough to let you know when you are right (or, when you are wrong).

Like I said, this is organized.  But the functions may be organized in a variety of ways.  We know that there are camps in places like Bangladesh, Cambodia, and Myanmar, where people who have been recruited and trafficked, are, basically, kidnapped, and held in boiler room type situations, where they are given scripts, and forced to make fraudulent calls.  This is one type of group that can exist in a variety of places.  But sometimes the government takes a more direct hand.



Of these two buildings, one is in Moscow, and one is in St. Petersburg.  Both of them are office buildings and home to a variety of companies.  Both of them are home to a variety of specialized types of businesses.  Businesses involving hacking and online fraud.  The Russian government is happy to contract services from these organizations, and the businesses registered in these buildings.  The Russians may use the hacking services to attempt to gain access to secured information systems for espionage purposes, or they may be probing using hacking services to probe into infrastructure control systems, in order to see if such services can be disrupted.  And, of course, some of the businesses in these buildings are also specialists in certain functions with regard to online fraud.


This picture is of a type of concentration camp in China, in the Uyghur area.  This particular camp is believed to be a center for forcing the conscripted workers to perform hacking and online fraud functions.

China has an interesting, and somewhat schizophrenic, relationship with hackers.  More than two decades ago, we started to realize that China saw hackers in two different ways.  There were the black guests, as the Chinese called them, who were the standard types of hackers that we always considered to be the case in the West: loners, not connected with anyone in particular, and not particularly important.  But there were also the red guests, as they were referred to, who had connections in Chinese business, academia, and even the government and military.  These people would be used by the Chinese government in various espionage operations, and the connections, and uses of these specialists, have only increased over the years.  Therefore, the people who say that dealing with Chinese technology companies is fraught with peril do have significant evidence for their position.

I should say that acting as a hacker, or a fraud operator, in connection with the Chinese government does have its own difficulties.  Recently, a series of operations, that were conducted primarily in Myanmar, had had connections to official Chinese government operations over the years.  However, even more recently, these operations had been conducting attacks against Chinese citizens, and the Chinese authorities finally got fed up with it.  A number of the leaders of this organization were arrested, and the Chinese conducted a number of show trials in bringing these people to justice.

North Korea has been involved in online scams of various types, but has specialized in the theft of cryptocurrency. At this point, a significant proportion of the countries gross domestic product results from that activity.


Next: TBA
Posted by at No comments:

OSF - 2.15 - scams - robot press 1

OSF - 2.15 - scams - robot press 1

The next scam that I would like to address is also one that tends to come by phone.  Although there are variations on this scam that will come by email, and sometimes even text.

It is difficult to isolate a particular identity for this scam.  The call may purport to come from your bank, your credit card company, or a business with which you may (or may not), have an existing relationship.  The call may purport to come from the government, particularly a taxation department, or even from law enforcement.  The identifying factor that I tend to use is that, for some reason, the call always starts out with a robotic voice.  You are being called by a robot, a machine.

As I say, the call may purport to come from a variety of sources.  Very often the initial message will say that a charge has been made to your credit card, or a payment is being made from your bank, or an invoice for a business has been charged to your credit card, or you are delinquent in your taxes, or you are *so* delinquent in your taxes that law enforcement is ready to arrest you, and take you to jail.  The call, as I say, usually starts out with some kind of machine based, or recorded message.  The gist of the message is that you owe money to somebody, or have agreed to pay money to somebody, and you are then, most often, presented with two options: press one to accept the charge, or press two to dispute the charge.

Sometimes the message only presents you with an option to press one to dispute the charge.  It really doesn't matter.  The reality is, of course, that you have not agreed to purchase anything, and no charge has been made to your credit card, and you are not delinquent in your taxes.  It doesn't matter whether you press one to accept the charge, or two to dispute the charge: whatever you do you are going to be connected to some kind of a call center, where somebody is going to start to work the scam on you.

Probably in most cases you will want to dispute the charge.  The person that you are connected to for the duration of the phone call will probably be very polite, very helpful, apologize for the error, and try very, very hard to get your credit card or banking information so that they can rectify this problem.  Of course, they are not going to rectify the problem; they are going to try and steal your money, either from your bank account, or from by making charges to your credit card.

There is, of course, some social engineering going on here too.  Probably the reason that the call is initiated by machine partly has to do with the cost of having a machine place to call, which is almost nothing, versus the cost of having an actual person making the call.  But there is an additional factor with regard to the machine making the call, and that is that the robotic or recorded voice makes the call seem more legitimate and official.  We do have a tendency to associate, these days, the use of technology with large corporations.  If the call is being made by a computer, then it must be an expensive computer that is owned by a large company.  That, of course, is complete nonsense these days: computers capable of making these calls can be bought or built very cheaply.  And, in any case, as previously noted, most of these scams are highly organized, and the person that you were talking to, eventually, if you press either one or two, is probably in a call center somewhere, with number of other people who are doing similar calls.

There are some additional social engineering factors at work.  Most people don't keep track of all the purchases that they may make.  Many of the companies whose services you have supposedly purchased are companies which you may, in fact, already use.  It may be a fee for the use of PayPal, or your Amazon Prime account, or the Norton or McAfee security software, which tend to be the ones that most people use, because they tend to be the ones that are packaged most frequently with new computers.  So it is highly likely that you may deal with these services, and are not completely familiar with the anniversary date for your annual payment, and may instinctively want to continue the service, and are there for possibly predisposed to ensure that you do pay.

Even if the purchase is not one that you would want to make, and you may not know whether or not you have made this purchase.  Therefore you may wish to get more information about the purported purchase.  And, of course, when you talk to someone on the phone, in order to give you more information about the purchase, and purely for the purposes of ensuring the security of your account, they will be asking you a lot of questions about your account, such as your account number, your name, your address, the security PIN that you use for this account, and so on and so forth.  All of which of course they do to fully record, and sell on to the people who are going to use your credit card, or bank account, to make purchases and steal your money.

There is yet more social engineering involved: as I say, if you dispute the charge, they will be polite helpful, apologetic, and really eager to help rectify the problem.  And, of course, in order to rectify the problem, they will want to have all kinds of banking information and the information about your credit card.  For the purposes of stealing from you.


Posted by at No comments:

Sunday, February 8, 2026

OSF - 2.04 - scams - four seconds

OSF - 2.04 - scams - four seconds

I'm going to start off with some telephones scams.  And, I suppose I should explain my four second rule.

If you call me, on the telephone, either landline or cell, and I answer and say hello, you've got four seconds to start saying something.  If you don't, I'm going to hang up.

No, this isn't arbitrary.  Four seconds seems to be the minimum time that it takes a typical telephone redirection switch to transfer the call that it has dialed, and that you have answered, to an operator or agent.  (Presumably, it needs that much time to determine that the line has picked up and the call has been "answered," which is fairly easy, and that someone has said "hello," which is less easy.  For a computer.  See the series on AI.)  If I'm calling a company, and my call is being redirected that way, of course I'm expecting it.  But, if I'm at home, and the phone rings, and I pick it up, and there's four seconds of silence, it indicates that somebody is using a robot to call me.  So, most of the time I just hang up.  I don't want to talk to the robot.

Possibly the robot calling is part of a spam or scam.  However, possibly the robot may be calling because it's part of some kind of telemarketing scheme.  I don't want to talk to a telemarketer anyway.  But, even if it's a legitimate business, if they're robot dialing me, I probably don't want to talk to them.  I figure that if it's really important, eventually some person will call me.  Or they'll send me an email, or something else.  But anybody who is robot dialing me, and I don't know anything about it, I'm just going to hang up.

You have four seconds to respond.


Posted by at No comments:

OSF - 2.10 - scams - pay attention!

OSF - 2.10 - scams - pay attention!

Yes, I know.  Some of you are getting bored with this, and thinking that this is awfully simplistic, and you don't need to be told these simple things about keeping yourself safe.

Yes, I know.  This is more a reminder than presenting you with anything startling and you.  Please, pay attention.  Please, please, please.

When I first started giving these presentations, here in town, in fact, in the very first seminar that I presented on this topic, somebody showed up who I already knew.  In fact, I had worked with and helped him out with one of his own projects.  And, when I had finished the presentation, he was kind enough to give me some feedback on the presentation, and tell me that he wasn't impressed.  He was an intelligent person, who had run his own business, and he did not need to be told that scammers use social engineering, and try to instill a sense of urgency in you, and that it was never a good idea to buy a bunch of gift cards, and read the numbers to somebody over the phone.  He did admit that, possibly, there were others in the audience who were less intelligent than he was, and who didn't know these things, and so he did admit that I probably did have to speak to the lowest common denominator.  But he wasn't impressed.

About five months later, I got a call from him.  (In the middle of a family dinner, as it happened.)  He, rather frantically, told me that someone had called up, and using various social engineering tricks, had instilled in him a sense of urgency, and had convinced him to go and buy a bunch of gift cards and read the numbers over the phone.  He now wanted to know how to get his money back.

As I have previously pointed out, this is impossible.

More importantly, yes, security very often sounds simple.  Security very often consists more of reminding people, than informing them of anything new and startling.  Please be advised.  Pay attention to this stuff, anyway.  Your friends and neighbors are being scammed, hoodwinked, defrauded, and stolen from.  And probably all of them thought that this stuff was boring and simple, too.

As I noted, you may think that social engineering is just a fancy way of saying "lying."  In regard to scams, that is probably true.  But social engineering is actually a complicated field, which has legitimate uses in all kinds of areas.  I'm a teacher, and we use it in education.  (I worked with another instructor who had a habit of cycling through a series of changes in tone of voice, tempo of presentation, and emotional presentation, that had nothing to do with the topics he was actually presenting.  He just used it to keep students from falling asleep.)  Social engineering is based on areas of psychology, and there is a legitimate billion dollar industry based on its use.  It's called advertising.  (No, I'm not going to argue with you if you want to say that advertising isn't a legitimate business.  But it's not illegal.)  Huge amounts of money go into studies of how to get people to react the way you want them to.  Think of politicians you don't like.  How do you think they get people to support them?

In the case of scammers on the phone, some of them are really good at it, and may be specialists.  However, it is more likely that the person you are talking to on the phone has been given a script that has been prepared by a specialist in social engineering, and the script has been designed to get the majority of people to fall for it.  Like I said, a bit later we are going to talk about the organizations behind these scams.  They use social engineering to make money.  They've made a lot of money because they are very good at it.

Be prepared.


Posted by at No comments:

OSF - 2.05 - scams - grandparent scams and social engineering

OSF - 2.05 - scams - grandparent scams and social engineering

Now, as I say, I am old.  I am a grandparent, and, in fact, a great-grandparent.  So, I am going to start with the grandparents scam.  No, it is not just because I am a grandfather, and a great-grandfather, but also because talking about the grandparents scam allows me to point out some of the important techniques that scammers will use against you.

This one pretty much always comes by phone.  The phone rings, and I pick it up, and a female voice, sometimes rather shakily, as if the person was in distress, asks, "Grandpa?"  So, of course, being a caring grandfather, I respond, "Sophie?"  And the voice on the other end says "Yes!  Grandpa, I'm in trouble!"

Now, of course, this person is not Sophie.  This person might not even be female.  I have a video of someone, conducting a scam, using a bank of phones in a railway station (which shows you how old the video is), and, using multiple phones, and changing his voice so that he changes gender, job title, and level of authority, is conducting a scam on someone, and using himself, with a different voice, to verify his identity to the person over the phone.  But let's get back to our grandparents scammer.

The scammer on the phone, who I have mentally identified as my granddaughter Sophie, is not my granddaughter.  The person on the phone is using social engineering techniques.  (You can, if you wish, think that "social engineering" is just a fancy way of saying "lying," but there ae a great many techniques, some of them quite sophisticated, and, even when you know about them, they generally do work.)  One of the techniques being, using me to give the scammer information, which the scammer is going to then use against me.  The scammer has only had to say one word, grandpa, and then I have given the scammer the name of my granddaughter.

This is not the only social engineering technique.  These people are specialists, and are using a series of techniques called cold reading, allowing them to "read" information about you, without you being aware of giving that information away.  These techniques are used by entertainers presenting themselves as mentalists and mind readers.

So, by now flustered and distressed myself, I say what about Mavis?  (Making the situation even worse: I have given away another piece of information to the scammer.)  So the scammer goes on to say that, yes, the two of them are together, and they are both in distress.  At this point, the story may vary.  They may be in jail, for a crime that they didn't commit, of course, but, given that it is a Friday night, if somebody doesn't bail them out they are going to be in jail over the weekend, until they can appear before a judge.  As I say, it may be that they are not in jail, but have been in an accident with another driver, it may be that the other driver is intending to call the police and get them thrown in jail unless the damage to the car is paid for immediately.  It may be that they are in hospital, and need funding for medical care.  As I say, there are various types of stories, but the stories all have some common themes.  For one thing, there is a sense of urgency.  The money, and the decision to send the money, must be made right away, it is urgent.  They are in a distressing situation, which is not their fault, but, unless the situation is dealt with right away, they will be in difficulty, and possibly for an extended period of time.  Their need is urgent, but the situation is not their fault, and can be rectified, and the money recovered, at a later date, but they need immediate funding, right now.

This is the grandparent scam.  This is relying on the fact that grandparents do love their grandchildren, and are willing to do pretty much anything for them.  It is also somewhat relying on the fact that the grandparents probably do not have daily contact with the grandchildren.  They probably don't know precisely where their grandchildren are, at any given point in time.  The grandparents believe that they know their grandchildren's voices, but that may be more of a belief than a reality.  When I discuss the grandparents scam, pretty much every time, somebody brings up the fact that artificial intelligence is now capable of generating a pretty good facsimile of any person's voice.  That is true, and there are definitely systems which, given three seconds of recorded audio of someone's voice, can generate an almost flawless version of the person's voice.  But, generally speaking, and partly relying on the fact that voice identification over the phone is somewhat limited by the fact that some of the sounds and intonations of the voice are eliminated by telephone transmission, it is basically the fact that you believe that the person is your grandchild, which makes you identify the person as your grandchild.  Deepfake voice generation is not really necessary, and scammers generally take the easiest route.

So, social engineering is at play here, big time.  There is the fact that you have provided the information which allows the scammer to claim to be your grandchild.  You have provided the name, right at the beginning of the conversation.  The scammer retails a story which identifies a distressing situation.  You do not wish your grandchild to be in distress, and so you are primed to help.  This story that the scammer has relayed also instills a sense of urgency: the money must be sent now, or things will get very much worse, and, in addition, the scammers story indicates that the distress will be of short duration: if you send the money now, the situation will be remedy shortly, and you will receive your money back.  The urgency also shortcuts authentication steps that you might normally take.  All of this is standard fare for the grandparent scam, and for a few other scams as well.

The money is to be sent right away.  It is probably after hours, particularly for a bank, and so sending some kind of wire transfer is not available as an option.  Generally speaking, the way that you were to get the money to the agency on the end of the other end of the line which requires it, is through gift cards.  Sometimes they may also suggest cryptocurrency, but that is still not terribly common, and, of course, one of the major points about the scam is the sense of urgency, and so gift cards seem to present the most viable, and certainly most common, option.

Now, particularly when the situation involves the police, and may require bail money, you should know that the police don't take gift cards.  There are no bail money gift cards available in the store.  The gift cards maybe specified to you, as to a particular type, but, generally speaking, the scammers don't particularly care.  They will instruct you to go to the store, get a bunch of gift cards totaling a few thousand dollars, and then come back, call them back, or sometimes even stay on the line and go to the store, and then read the numbers from the gift cards over the phone.

A little bit later I'm going to go into some detail on the organizations behind these scammers, and particularly, the ability to extract money from gift cards of various types.  At this point, the only thing that you really need to know is that the scammers are organized, and that, as soon as you read the numbers over the phone, the scammer on the other end, even while still talking to you, is reselling those numbers to another specialist in organized crime, whose specialty is extracting the value from the cards.  So, as soon as you read the numbers of those gift cards, over the phone, that value is gone.  It cannot be recovered.  As I say, the scammers are organized, and they have specialized specialists, and that value has been extracted almost as soon as the last digit leaves your mouth.  There is no point in trying to get that value back.  It's gone.

Now, fortunately for the story that I started off with at the beginning of this piece, there is absolutely no one in my family whose name is Sophie.  There is absolutely no one in my family whose name is Mavis.  When my actual granddaughter calls me, and says Grandpa, and I respond Sophie? she knows what is going on, and will immediately respond, in a somewhat exasperated voice, no grandpa, it's me!  They know that I am a security specialist, and they know what is going on here.

What is going on here is that I am giving misinformation to the scammer.  Now, you can do it that way, or you can have a kind of family code word, or password, to identify yourself in a truly distressing situation when you do actually need monetary help.  But, forewarned is forearmed.  Being aware of the nature of the scam, and then discussing it with your family, you can come up with some kind of plan to prevent yourself from being taken advantage of, while still allowing you to help your family if they're truly is a need to do so.


Online scams, frauds, and other attacks (OSF series postings)
Posted by at No comments:

Saturday, February 7, 2026

Grok

The latest Grok ad on the social-media-platform-formerly-known-as-Twitter implies that, had Galileo pulled out a cell phone and called up the Grok app, he would not have been put on trial for heresy.

Mind you, had Galileo whipped out a smartphone and called up the Grok app, he probably would have been burned at the stake for witchcraft.


(Wait.  Does this mean that X is admitting that Grok is based on 16th century technology?)
Posted by at No comments:

OSF - 2.01 - scams - scammers vs spammers

OSF - 2.01 - scams - scammers vs spammers

Even though they are possibly intertwined, and sometimes very tightly, I suppose that I should start out making a distinction between scammers and spammers.

And, in order to do that, I suppose that the Green Card Lottery Spam is fairly instructive in this regard.

Scammers are out to get you.  They want to attack you, and they want to steal things from you.  Scammers are confidence men, and fraudsters, and crooks.  Their intention is to steal from you.  They are bad guys.

Now, a lot of spammers are out to get you anyway.  But, and this was the case with the green card lottery spam, a lot of people just think that spam is the same as advertising.  It's just advertising that's really, really cheap.  At least in the mind of the spammer.  Well, the minds of *some* spammers.  As I say, scammers and spammers tend to be really tightly intertwined, in a lot of cases.

But, there are people who try to make the case that spam is just a form of advertising.  It's just advertising you don't pay for.  Now, of course, if the person who is doing the spamming is running a legitimate business, then they have legitimate business expenses, and legitimate income, and they will have a budget for advertising.  And they will advertise in regular advertising channels.  But, of course, there are always those who are trying to do it on the cheap.  But if they're trying to do it on the cheap, then, very likely, the products that they are trying to sell you are also cheap.

Now, the guy who originated the Green Card Lottery Spam, the originator of the whole field of spam, was actually a lawyer.  The green card is a certain type of visa or residency permit in the United States.  If you have a green card, you are allowed to stay in the United States, and (and this is most important) you are allowed to work and make money while you are doing so.  So in those dim and distant carefree days, before anybody cared what ICE was or did, lots of people wanted to come to the United States and get a green card.  Green cards were available for certain types of jobs, or people coming from certain countries and jurisdictions, and other people could apply for them.  But there was a certain allocation, a certain number of green cards, that would be issued in any given year, and, when various formal applications didn't make up the numbers, then there would be a sort of a windfall allocation of green cards.  These allocations were usually issued to immigration offices in different locations around the United States.  And, if you had an application in at one of those offices, you won the lottery.  You, basically, automatically got issued a green card.

Because of this, people started to think that there was some kind of way that you could game the system.  There was some way that you could predict where the green cards would be issued.  Which immigration offices would get an allocation of green cards at the end of the year.  And, of course, some immigration lawyers, who were less than scrupulous about the actual truth of the situation, would encourage their clients, and particularly potential clients, to believe that they knew how the system worked, and would be able to submit your immigration application to the offices where the lottery allocations would end up.  I have never actually heard that anyone did, really, have such inside information.  And if they did have such inside information, it was more in the way of corruption, than extensive knowledge.  So this myth of the green card lottery was always based pretty much on fraud.

However, lots, and lots, and lots of immigration lawyers did spread the word, and encourage the myth, and solicit clients and customers on the basis that they had an inside track on the green card lottery.  So, the guy who did the green card lottery spam was one of these low-level con artists.  Whether he was actually outright lying to his clients, or just implying that he knew more about the system than it was possible to know, it was basically a fraud.

In any case, he decided to advertise his services, having some kind of an access to a system that allowed him to send email to people on the internet, such as it was, and he did.

This does all mean that there's a bit of a gray area.  Some people think that you need, and sometimes even deserve, to conduct business anyway you can.  And, if sending out a lot of messages, at no particular cost or effort to you, is a legitimate way to advertise for people who need, or might possibly want, your products or services.  But it's still doing it on the cheap.  And, if you really had a decent product, would you really need to use spamming to advertise your product, or service?

So, there is the possibility, that people who are sending you spam are not, necessarily, or inherently, actually crooks.  There might be some legitimate products that are out there being advertised in this cheap way, because the person who has made the product, or is providing the service, just simply doesn't have the money.  So, let's say, that there is a possibility, however small, that people who are sending spam are not actually fraudsters.

The thing is that spam is now a business. And, those who engage in sending spam, on a large scale, with organized utilities to assist it, well, they are crooks.  For a number of years, and actually for a couple of decades, spam was annoying, and increasingly annoying, but it wasn't exactly a business.  And then one day somebody realized how they could use malware, and specifically computer viruses, in order to send spam, and, indeed, to set up a business selling spamming services to someone who want to anyone who wanted to send out spam.  And, most of the time, that meant that people, both those who were creating the spambotnets, and those who were using them, were all crooks.  They were all scammers, and attackers, and fraudsters.  So, these days, the possibility that you will encounter somewhat innocent spam, with no criminal intent, is getting pretty small.

But we'll look at that in some more detail when we start talking about how do I identify spam.  First of all, let's talk about some specific scams, where people are trying to attack you and steal your money, in a variety of ways.


Online scams, frauds, and other attacks (OSF series postings)
Posted by at No comments:
Subscribe to: Comments (Atom)