The 419 scam is as old as the internet itself, yet this most basic form of phishing has developed into a standard form for enticing ill-informed users in.
A report recently released by the Messaging Anti-Abuse Working Group claimed that 80 per cent of email users are aware of the existence of bots, and half of those surveyed said that they had opened spam for various reasons.
So with this in mind, it is perhaps of little surprise to find that a new 419 scam is circulating that claims to be from ESPN Soccernet. Dan Bleaken, malware data analyst at Symantec Hosted Services, explained that at the bottom of the messages is a link to an ESPN Soccernet story.
This is because the phishers have used a ‘Send this page to a friend' service provided on the ESPN Soccernet site. He explained that each page, as is common on news websites, has an email option and this is selected by the scammer, from this a window pops up, asking for details of the sender's email and the target email.
Bleaken said that with ‘Your Email' box the scammers are taking advantage of the fact that in the ‘From:' email address, you can provide a name. “We have all seen this when looking at our emails, for example the mail may be from email@example.com, but when you view the mail, the name ‘Dan Bleaken' is displayed.
“The way that this is done, when sending an email, is to put the name in quotes - “Dan Bleaken” - and the email in angle brackets <firstname.lastname@example.org>.”
He explained that the ‘Send this page to a friend' service just picks up whatever is entered in the ‘Your Email' box, validates it, confirms it as a valid email address, and puts it in the body of the message sent. The quote and angle brackets are perfectly valid for an email address, so what is there to stop someone changing the name for an enormous, rambling 419 scam?
He said: “That is how the real 419 examples work. As is the case with webmail, the scammers have been using this technique to add legitimacy to their mails, and hide their identity. It's likely that spammers are abusing other legitimate websites in a similar way.”
So could this be a call for websites to remove the ‘email' button? Working for a media company I can hardly substantiate that theory, but perhaps the solution lies at the email filtering stage to stop the message getting through in the first place, and as Bleaken said, these are often sent through webmail, so should companies be scanning webmail?