Spam Scams Span From Old to New

The well-publicized phishing attacks were joined by the more recently reported pharming attacks and a few less publicized schemes in receiving the dubious "honor" of being named among the top five spam scams by a recent National Cyber-Forensics & Training Alliance report.

NCFTA is a collaboration between private and public organizations to share information on Internet crimes and promote training to prevent them. The March 2005 NCFTA report on cyber crimes listed pharming as its No. 1 concern. Pharming is the crime whereby an address is redirected from a legitimate Web address to a false one without the user suspecting. For example, an individual using a computer infected by a pharming attack might type in the legitimate address of the bank he or she does business with and the computer will redirect the person to a false site that will collect that person's bank account information. Sometimes the attack is at the domain level by a person posing as an official with the authority to change the destination of a domain name. In either case, users have no idea that the sites they access are not legitimate because they look like the original sites.

The other crimes to make the list included:

No. 2. Google Hacking. NCFTA recently identified a site that advertised several hundred instances whereby persons using customized Google searches retrieved sensitive information from business resumes. That information can include social security numbers, addresses, dates of birth and other personal data.
No. 3 FBI Virus/Spam. NCFTA is working with the FBI to investigate a fraudulent email hoax that threatens a recipient by claiming that the FBI is investigating that recipient's visits to illegal websites. The email comes from official sounding addresses such as web@fbi.gov and police@fbi.gov and it asks the person to answer a list of attached questions.
The No. 4 spot belonged to phishing - spoofed web sites or email addresses that fool a person into giving personal information.
And the No. 5 spot goes to a scam that has been around for many years: the so-called Nigerian scam in which an email claims to be from a person who has come into a large sum of money and needs help "legitimizing" (translated: laundering) the money.