WebSpawner.com Blog

Among the most dangerous types of spam e-mail are Nigerian Letter scams, named for the West African country from which many of the messages originate. Nigerian Letter scams are a form of Advance Fee Fraud, in which victims are conned into sending a fee up front in order to receive a promised larger payoff later. Nigerian Letter scams are sometimes also called 419 letters after the specific section of the Criminal Code of Nigeria which applies to these deceptions.

While the details of Nigerian Letter messages may vary, the scam is always essentially the same: a fictional wealthy individual asks for assistance moving millions of dollars out of his country, promising a substantial share of the funds as compensation for helping with the transfer. If the target of the scam responds and is willing to help, the con-man then provides reasons why a fee up front is needed, or requests the target’s bank details so the transfer can take place… but in either instance, the victim loses any fees sent and may lose the entire balance of his bank account as well. And of course, the promised share of millions is never provided, as it is simply bait used to lure the victim.

A variant of the same type of fraud may indicate that the recipient of the message has won a large sum of money in a foreign lottery, and bank account and personal details are requested so the winnings can be transferred. But of course, to those who respond to such messages, the only funds transferred go out of the victims’ accounts and into the con man’s hands.

These scams are not new; by some accounts this type of fraud dates back to the 1920’s in the form of postal mail and later by faxes, and recently by way of electronic mail as well. The victims are many; by some estimates, losses total in the hundreds of millions of dollars annually.

To protect yourself from these types of scams, never respond to a suspected Nigerian Letter. If you respond, even if you do not follow through with fees or bank details, you can bet that your e-mail address will be shared with others who will try to scam you again, keeping your inbox full of unwanted messages.

For more information and numerous examples of the creative messages used to try to lure unsuspecting victims, the following website is a great online resource: http://www.svbizlaw.com/nigerian.419.letters.htm

Another online educational resource on the types of Nigerian Letter fraud is available here: http://home.rica.net/alphae/419coal/

And here is one more online source of information to help you identify and avoid these fraudulent schemes: http://www.snopes.com/crime/fraud/nigeria.asp

The best way to avoid becoming a victim of these cons is simply to be informed, so you’ll know what to be on the watch for, and be suspicious… if you receive an offer in an unsolicited message that seems too good to be true, it probably is. Don’t fall prey to a con man offering the lure of easy money, no matter how many millions he promises you.

Pharming is a name given to a computer hacker’s attempt to redirect traffic from a legitimate web site to a very similar but bogus web site.

Pharming is similar to phishing in that the goal of the hacker is to steal login and other sensitive financial and identifying information from users. However, while phishing depends upon the user clicking a link in an email, pharming can direct numerous users to an impostor web site without their knowledge, where those users are prompted to provide login usernames and passwords and other information. To draw a comparison, while Phishing is similar to actual fishing with a line and a hook to get a single “bite” at a time, Pharming is like fishing with a large invisible net, scooping up several victims all at once.

Victims of pharming begin by entering the URL domain address for a web site they wish to visit into the address bar of a web browser, but instead of reaching the intended web site destination a rather convincing impostor web site is visited instead. Once the user enters his information into the bogus site, the hacker has it.

You may wonder how a correctly-entered URL address can take a user to a bogus web site instead of the real thing. This usually happens through DNS cache poisoning in which the hacker hacks into a Domain Name Server on the internet and changes the settings within to redirect web traffic.

A Domain Name Server is used by Internet Service Providers to allow internet-connected computers to visit web sites through the entry of simple domain name URL addresses (http://www.yahoo.com for example) rather than requiring users to know and enter full numeric IP addresses (http://69.147.76.15 which is the IP address for the Yahoo site). A Domain Name Server functions sort of like a map or traffic cop of the internet, directing connections to destination servers. In the instance of a DNS server which has been compromised or “poisoned” the conversion from the entered address to the numeric IP address is used to re-route the traffic to a different server instead of the intended one through a different numeric IP address, which the viewer usually never sees.

A variation known as “drive-by pharming” occurs when a hacker infiltrates the wireless network of a home or business and changes the settings on the computer’s host file to cause it to use a different DNS server (one which is controlled by the hacker) and then redirects traffic. The “drive-by” attack is so named because most wireless networks penetrate the walls of a building and have a range which reaches nearby streets, allowing a hacker to try to access the network from his car.

The biggest problem with pharming attacks is that they are virtually impossible to notice by the user. Due to this, the best ways to avoid becoming a victim of pharming are all of a preventative nature:

• Be sure to use a password on your wireless router, and don’t use the default password or one that can be easily guessed (for helpful tips see our previous article on Choosing safe passwords).
• Use a Firewall, which may prevent a hacker from accessing your computer’s host file if he penetrates your wireless network. Windows and Mac computers have a built-in software firewall under the Control Panel or System Preferences; make sure it is turned on. Many modems and routers also include a firewall feature. Configure your firewall(s) to offer the highest level of protection while still allowing your activities (email, instant messaging, etc.) to function.
• Use only secure web connections to access web sites where you will provide sensitive personal or financial information. Hypertext Transfer Protocol over Secure Socket Layer (or HTTPS) connections can be established by entering the URL address with “https” at the beginning rather than the usual “http”… for example, to visit the Bank of America web site using a secure connection one would enter https://www.bankofamerica.com/ into the address bar. Most web browsers will then show a padlock symbol to indicate that a secure connection is established, which will encrypt any information you enter into the site.
• Web sites which support the HTTPS protocol are sometimes referred to as “pharming-conscious” (or “PhC”) web sites. if an impostor site attempts to present itself as a pharming-conscious web site, the viewer will see an alert message indicating that “the name on the security certificate is invalid or does not match the name of the site” like the following:

Should you see a message like this one, you should click No as proceeding may expose you to a pharming web site.