Saturday, November 27, 2004
Spammer Sentenced to Nine Years
Finally someone has taken anti-spamming laws to heart and used it for other than leverage in a settlement. Virginia Attorney General Jerry Kilgore had Jeremy Jaynes and his sister, Jessica DeGroot, prosecuted. Jaynes was sentenced to nine years in prison by the jury, but actual sentencing isn't until February. DeGroot was fined $7,500. These are the first felony convictions for spamming in the US.
Jaynes, a well known "spam-king" would send up to 10 million spams daily. He could gross $750,000 of income monthly in his peak. He advertised everything from software to pornography to work-at-home schemes. It is reported he would get a response to one in 30,000 messages, but could earn $40 for each of them.
Jaynes sent the spam messages with fictitious transmission or routing information. This prevents recipients from knowing who had sent the messages and how to contact the sender. The volume of messages sent elevated this to a felony.
DeGroot used her credit cards to purchase domain address from which the messages were sent.
Finally someone has taken anti-spamming laws to heart and used it for other than leverage in a settlement. Virginia Attorney General Jerry Kilgore had Jeremy Jaynes and his sister, Jessica DeGroot, prosecuted. Jaynes was sentenced to nine years in prison by the jury, but actual sentencing isn't until February. DeGroot was fined $7,500. These are the first felony convictions for spamming in the US.
Jaynes, a well known "spam-king" would send up to 10 million spams daily. He could gross $750,000 of income monthly in his peak. He advertised everything from software to pornography to work-at-home schemes. It is reported he would get a response to one in 30,000 messages, but could earn $40 for each of them.
Jaynes sent the spam messages with fictitious transmission or routing information. This prevents recipients from knowing who had sent the messages and how to contact the sender. The volume of messages sent elevated this to a felony.
DeGroot used her credit cards to purchase domain address from which the messages were sent.
Thursday, November 04, 2004
Yahoo is reporting on a story from London based MessageLabs LTD. about a new tool which could be used to phish for your customers internet banking information.
Once the phishing email is opened a script is launched. Currently this script is targeted at three Brazilian banks. The script changes the users bookmarked address for the bank or redirects the user when they go to that site. So the user believes they have gone to the same site they always did. This time it may look similar, but asks for new information to confirm the users identity. This is where the theft actually occurs.
This script could be modified to any other web address. Thus far only 30 such emails have been found. But this could escalate. The Gartner Group estimates 3% of those targeted by phishers actually reveal personal information. As the crooks get better, that number may increase unless a new level of awareness is created in your user base.
Operating systems with Windows Script Host enabled are vulnerable to this. Windows Script Host lets users run VBScript and JScript scripts within the Windows operating system. Bankers should consult with their IT department to determine if this should be enabled on your systems or not, and adjusted accordingly. You may also consider its use to navigate your site and provide your customers with instructions on disabling this, or of taking precautionary measures.
Once the phishing email is opened a script is launched. Currently this script is targeted at three Brazilian banks. The script changes the users bookmarked address for the bank or redirects the user when they go to that site. So the user believes they have gone to the same site they always did. This time it may look similar, but asks for new information to confirm the users identity. This is where the theft actually occurs.
This script could be modified to any other web address. Thus far only 30 such emails have been found. But this could escalate. The Gartner Group estimates 3% of those targeted by phishers actually reveal personal information. As the crooks get better, that number may increase unless a new level of awareness is created in your user base.
Operating systems with Windows Script Host enabled are vulnerable to this. Windows Script Host lets users run VBScript and JScript scripts within the Windows operating system. Bankers should consult with their IT department to determine if this should be enabled on your systems or not, and adjusted accordingly. You may also consider its use to navigate your site and provide your customers with instructions on disabling this, or of taking precautionary measures.
