Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Web Scams

from [Jerry Dixon] Network Security [Permanent Link]
Subject: RE: Web Scams
Date: Sun, 29 Aug 2004 09:22:53 -0400
Actually if you have over 5,000 counts that you can demonstrate that you've recieved via email (the spam piece) and also demonstrate that your users sent financial data or responded to these scams (look or conduct analysis on your outbound logs) then you will most likely be able to get a faster response. These are common counts and questions that a AUSA will ask the LE in order to determine if they'll move forward on it. Also identify those users who fell victim as they can file a report with the locals since they were financially impacted or released their information due to being social engineered.

There are usually task forces and state computer crime teams that can assit depending on where you are located. You can send me an email directly and I'll try to get you the information as a point of reference for you. I will also point out that local LE is getting involved with this emerging field of computer crime hence a lot of them getting involved with computer crime task forces which conducts training for them

Jerry







> -----Original Message-----
> From: shawn [mailto:pakkit@codepiranha.org]
> Sent: Thursday, August 26, 2004 6:27 AM
> To: Lawrence, Michael
> Cc: webappsec@securityfocus.com
> Subject: Re: Web Scams
>
> I can virtually guarantee you that reporting it to any
> "authorities" is useless.  They aren't going to look at it at
> all.  There has been no damage and most likely they have no
> expertise or jurisdiction and, frankly, have more important
> things to do.
>
> You are probably better off looking at the headers of the
> email message, getting the original IP and then finding out
> what company owns that IP from ARIN.  Then send the email
> along with the full headers to the abuse or security contact
> for that company.  If you're lucky, they will track down who
> sent the original email and suspend his account.  Regardless
> of what they do, you also will probably not hear back from them.
>
> Wish I had better news for you...
>

I would forward the message, with full headers, to the organization
being spoofed.  Usually there is an email listed for this, but some
combination of abuse@spoofed.company, fraud@spoofed.company,
spoof@spoofed.company usually works if you're lazy.

Best Buy - bestbuysecurityinfo@postfuture.com
EarthLink - fraud@corp.earthlink.net
eBay - spam@ebay.com
PayPal - spoof@paypal.com

The IFCC (Internet Fraud Complaint Center) is another resource,
http://www1.ifccfbi.gov/



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ASP authentication, pfeito
Next by Date:  Re: enumerate a directory structure on web server, Ramon Pinuaga Cascales
Previous by Thread:  RE: Web Scams, Gilmore, Corey (DPC)
Next by Thread:  Hacker Highschool, Pete Herzog
Indexes:  [Date] [Thread] [Top] [All Lists]