Detailed Report
This job scam is on-going: I last reported it here, but it has been arriving with great regularity. The government of the state of Western Australia also has a scam alert on the subject. I am reporting it again, and will continue to report it on a month by month basis.
The job scam itself is a money laundering or "money mule" job. It involves handling stolen money, and is illegal: the cover story about payment processing is just that -- a cover story. This particular scam seems to be targeting Australians, and appears to be happening in concert with a phishing campaign against Commonwealth Bank of Australia customers at the moment.
The Spam
This particular scammer currently prefers to send HTML email with the actual visible message encoded as an attached GIF graphic. Whatever actual text appears in the email is coloured so as to be indistinguishable from the background (effectively invisible), and is only present to confound spam filters. A representative sample of the image follows. I will not document all variations of this image: this is just the first one I received in the month. If it changes significantly, I will add further samples.
As mentioned, I believe that the same scammers are responsible for a parallel phishing campaign against Commonwealth Bank of Australia customers. This gives them access to the bank accounts from which they transfer the "payments" to the money mules. The mules are then expected to withdraw the cash and forward it (minus a cut) via Western Union or Money Gram. A sample of the phish (also distributed as a GIF encoded graphic) follows.
If you are a victim
If you have become involved, then the first thing to do is STOP. Don't send any money to the crims, or at least don't send them any more if they've conned you into sending some already. If you have received payments into your account, then you should contact your financial institution (as recommended by the Australian High Tech Crime Centre). Please share your experience here or via email, as the more information we have about this scam, the better we will be able to defend against it in future. I am particularly interested in knowing the NAME and LOCATION associated with any Western Union or Money Gram wire transfer. Please spill the beans on these crims.
Additional data
This is a very frequent spam, and I will not document all details of each copy received. The following is a summary of important details, and will be updated with additional data during October 2006, at the end of which it becomes historical. If you have seen a variant of this spam containing details not shown here, please forward it to me.
URLs encountered
- http://consultinggroupnorway.cn/index.php?sect_id=6&lang=en
- http://groupconsultingnorway.cn/index.php?sect_id=6&lang=en
- http://groupnorwayconsulting.cn/index.php?sect_id=6&lang=en
- http://norwaygroupconsulting.cn/index.php?sect_id=6&lang=en
Subjects encountered
Note that these subjects are sometimes suffixed with a timestamp, like "Sun, 01 Oct 2006 07:11:45 -0200".
- Best job offer - don't miss your chance!
- Got free time? Become richer!
- Join us, earn extra cash with us and be prosperous!
- Top vacancy of the month!
Sender names encountered
- Norway Consulting
- Norway Consulting 2006
- Norway Consulting Group
- Norway_Consulting_Group
- Norway Consulting GROUP 2006
Names used as signature in image
- Annette Nygardsmoen
No comments:
Post a Comment