Log In | Subscribe | | |

Work from home fraudsters and their webform scams

FCRO Subsection: 
Editorial Staff

One has to wonder just how stupid people must be to fall for the scams that some fraudster's perpetrate. Or to find themselves in a position where they suffer drive-by malware attacks. One of the interesting things that's happened since the CoVid-19 outbreak sent people scurrying home is just how many manual submissions we are receiving to enquiry forms. The vast majority are fraudulent or, at worst, using our platform for specifically prohibited purposes - which constitutes illegal access and it therefore a crime. So, what's going on?

"Get paid for filling in on-line forms", the adverts scream. They litter job sites such as freelancer.com and upwork.com. And it's money for old rope: visit websites, fill in their contact forms, copy and paste into the form some text and hit submit.

There are many ways to spot this kind of spam by bots: they fill the forms in too quickly for one. And then there are various forms of "captcha" and even systems that check the visitor's IP address against a blacklist and, if it's a known form spammer, block it.

These systems aren't working as well as they should and the reason is simple - as more people are looking to make some money while they are laid off or just laid back, they are easy marks for criminal enterprises. After all, if you can sit at home and make the advertised USD15 an hour for making only a few clicks of the mouse, why wouldn't you?

From the IT department's point of view, the fact that these attacks are now coming from all over the world, all around the clock, the usual methods of blocking IP addresses isn't working. It's not even a game of cat and mouse any more: the mice are running free and the cat doesn't know which way to turn.

Here are examples from our own files with an explanation of how to spot them - and why they were able to get through the various layers of security we apply - only to end up in our spambox anyway.

Hello, Katie Coffman who gives her e-mail address as expiry@thedomainunderattack.com. This is her pitch

ATTN: financialcrimeriskandcompliancetraining.com / Financial Crime Risk and
Compliance Training including money laundering, terrorist financing, bribery
and more; authoritative, certificated, professional. INTERNET SITE
SOLUTIONS
This notification RUNS OUT ON: Apr 08, 2020

We have not obtained a repayment from you.
We have actually attempted to call you however were incapable to reach
you.

Please Browse Through: https://bit.ly/[redacted] ASAP.

For information as well as to make a optional repayment for services.

04082020060401.

Your IP address has been recorded as:
ATTN: financialcrimeriskandcompliancetraining.com / Financial Crime Risk and
Compliance Training including money laundering, terrorist financing, bribery
and more; authoritative, certificated, professional. SITE SERVICES
This notification EXPIRES ON: Apr 08, 2020

We have not obtained a payment from you.
We've tried to call you however were incapable to reach you.

Please Visit: https://bit.ly/[redacted] ASAP.

For information and to make a discretionary settlement for services.

It's interesting because the user thinks that by deleting the contents of the IP address field (s)he's hiding but it's a trap. We have it somewhere else. It's 209.59.230.67. Note: there really is a double posting of the message in the form. The information is interesting - that's our SEO information for the domain in question. Obviously, it's a fraud - aside from the dismal English, we've no idea who these people are or what services they might have provided if we did. The whole purpose is to get us to click on a bit.ly link which will take us who knows where with all the risky consequences that brings.

And yet, that one's not so badly done. The next one is awful.

There are the more professional ones such as this. But before looking at it, it's important to note that filling in this form with advertising material is in express contravention of the terms of access and, therefore, a crime.

Salutation: Mr.
Your Christian or first name: Lawerence
Your surname: Lawerence Heyne
Your e-mail address: heyne.lawerence@googlemail.com
Your company: Lawerence Heyne
Your company's business area: Lawerence Heyne
Country: Kazakhstan
Which business area are you enquiring about? : Nigel Morris-Cotterill -
seminars / speaker / media enquiry
Your enquiry:
Hi,

We're wondering if you've ever considered taking the content from
antimoneylaundering.net and converting it into videos to promote on Youtube
using Content Samurai? You simply add the text and it converts it into scenes
that make up a full video. No special skills are needed, and there's access
to over 1 million images/clips that can be used.

You can read more about the software here: https://turntextintovideo.com -
there's also a link to a totally free guide called the 'Youtube SEO Cheat
Sheet', full of fantastic advice on how to help your site rank higher in
Youtube and in Google.

Kind Regards,
Lawerence
I accept the legal and privacy terms: I accept the legal and privacy terms
Submission date / time: Tuesday, 7 April, 2020 - 17:46

The IP address is 23.80.97.184 and, again, the captcha has been correctly completed. Captcha is by no means infallible but it's not trivial either.

And then there's the crime of the day - coronavirus face masks.

Submitted on Monday, 13 April, 2020 - 16:15
Submitted by user: Anonymous
Submitted values are:

Salutation: Mr.
Your Christian or first name: Kathy
Your surname: Kathy Ybarra
Your e-mail address: info@thetargetdomain
Your company: Kathy Ybarra
Your company's business area: Kathy Ybarra
Country: British Indian Ocean Territory
Which business area are you enquiring about? : Nigel Morris-Cotterill -
seminars / speaker / media enquiry
Your enquiry:
Good day

Buy N95 Face Mask and Medical Face Mask to protect your loved ones from the
deadly CoronaVirus. The price begins at $1.49 each. If interested, please
check our site: thefacemask. online

Cheers,

I accept the legal and privacy terms: I accept the legal and privacy terms
Submission date / time: Monday, 13 April, 2020 - 16:15

45.152.182.148

There is, therefore a system - but it's not a consistent system. That continues to support the view that forms are being completed by humans.

---------------- Advertising ---------------- --------------------------------------

hahagotcha