Skip to content

Day: May 5, 2010

New Banking Scam via ISC

Following up on yesterday’s social engineering post, the banking scammers don’t just rely on ZBot – the good old “paper based” advance fee or fake letter approaches still work, too.

ISC reader David, for example, got a fedex envelope with an unexpected check over 2’850$, with him as recipient. Diligent security specialist that he is, he called the issuing bank .. and found out that the account against which the check was drawn had zero funds. The way this works is that the bad guys follow up the first letter with a second, where they apologize for the mistake, ask the victim to “wire back” 2500$ and “keep the 350$ for your trouble”. If you go ahead with this, by the time the check bounces, you have wired the money, and wired money is gone or at least very very hard to get back. Given that the crooks incur quite some expense and risk in this scenario (fedex isn’t cheap and often traceable back to the source) they must still be making a killing out of this scam.

The second scheme is phishing via old-fashioned paper mail. You get a letter stating that “for security reasons” calling the bank now requires a pin code, included below. Follows a pin code of a length and complexity that makes it unlikely anyone would want to remember it, and two lines down, the helpful comment that the pin code can be changed by calling 1-800-whatever. You do so, and here’s what happens next:

Voice: Please enter your account number, followed by the pound key [you type] Voice: Please enter your current telephone access code [you type in the access code in the letter] Voice: This access code is incorrect. Please try again. [you type – correctly again] Voice: This access code is incorrect. Please hold for an operator. [you hold] Operator: XYZ Bank, my name is QRS, how may I help you [you explain] Operator: To identify you, we have to ask a couple of security questions. What are the last four digits of your social security number ?

Yep. You get the drift. After this exchange, they have everything they need.

Lesson learned: Do not ever call “your bank” on a telephone number included in a letter, email or left on your voice mail. Get to know some employees at the bank branch you do business with, and call them with any questions you might have. Recognizing someone’s voice beats a “security pin code” any day.

New Banking Scam via ISC

Following up on yesterday’s social engineering post, the banking scammers don’t just rely on ZBot – the good old “paper based” advance fee or fake letter approaches still work, too.

ISC reader David, for example, got a fedex envelope with an unexpected check over 2’850$, with him as recipient. Diligent security specialist that he is, he called the issuing bank .. and found out that the account against which the check was drawn had zero funds. The way this works is that the bad guys follow up the first letter with a second, where they apologize for the mistake, ask the victim to “wire back” 2500$ and “keep the 350$ for your trouble”. If you go ahead with this, by the time the check bounces, you have wired the money, and wired money is gone or at least very very hard to get back. Given that the crooks incur quite some expense and risk in this scenario (fedex isn’t cheap and often traceable back to the source) they must still be making a killing out of this scam.

The second scheme is phishing via old-fashioned paper mail. You get a letter stating that “for security reasons” calling the bank now requires a pin code, included below. Follows a pin code of a length and complexity that makes it unlikely anyone would want to remember it, and two lines down, the helpful comment that the pin code can be changed by calling 1-800-whatever. You do so, and here’s what happens next:

Voice: Please enter your account number, followed by the pound key [you type] Voice: Please enter your current telephone access code [you type in the access code in the letter] Voice: This access code is incorrect. Please try again. [you type – correctly again] Voice: This access code is incorrect. Please hold for an operator. [you hold] Operator: XYZ Bank, my name is QRS, how may I help you [you explain] Operator: To identify you, we have to ask a couple of security questions. What are the last four digits of your social security number ?

Yep. You get the drift. After this exchange, they have everything they need.

Lesson learned: Do not ever call “your bank” on a telephone number included in a letter, email or left on your voice mail. Get to know some employees at the bank branch you do business with, and call them with any questions you might have. Recognizing someone’s voice beats a “security pin code” any day.

Glenn Palin, the PErfect Candidate for 2012 … yes, perfect….

Glenn Palin, the PErfect Candidate for 2012 … yes, perfect….

You can’t trust Science!

Evolution Exists, of this I have no doubt….

But this does not provide proof of ongoing evolution:

But farmers sprayed so much Roundup that weeds quickly evolved to survive it. “What we’re talking about here is Darwinian evolution in fast-forward,” Mike Owen, a weed scientist at Iowa State University, said.

Farmers Cope with Roundup resistant weeds

In all likelihood what the farmers are seeing is the rapid population of a mutant breed of weeds that already existed but is now thriving in the absence of any non-roundup based weed control.  It’s nice to think that this is an example of macro-evolution in action, but I suspect that this is simply the proliferation of an existing species.  Maybe not, but it’s more likely.

Evolution Exists, of this I have no doubt….

But this does not provide proof of ongoing evolution:

But farmers sprayed so much Roundup that weeds quickly evolved to survive it. “What we’re talking about here is Darwinian evolution in fast-forward,” Mike Owen, a weed scientist at Iowa State University, said.

Farmers Cope with Roundup resistant weeds

In all likelihood what the farmers are seeing is the rapid population of a mutant breed of weeds that already existed but is now thriving in the absence of any non-roundup based weed control.  It’s nice to think that this is an example of macro-evolution in action, but I suspect that this is simply the proliferation of an existing species.  Maybe not, but it’s more likely.