Good con artists make an art of preying on people’s fears, hopes, dreams and good intentions, and there’s probably no end to the list of con schemes being perpetrated via the Web. A little knowledge can be a dangerous thing, and the Web’s openness is proving to be a seduction too strong to resist for ever-greater numbers of largely self-taught Web fraudsters around the world.
The very same attributes of Net culture that appeal to the better aspects of human nature — the urge to learn, to inform and to communicate across boundaries — also appeal strongly to its darker side. Largely beyond the reach of national governments and supranational agencies, the fast-growing threat of increasingly large-scale, organized financial crime lurking on the Web raises the question of what public and private IT security organizations can and are doing to address it.
Take Internet job boards, for example. Not the biggest, best-funded job sites, such as Monster.com necessarily, but certainly the hordes of smaller, more specialized bulletin boards, such as those that cater to the EFL (English as a Foreign Language) teaching community, a field that has gone through a tremendous growth spurt in the past decade.
Running a Teaching Job Con
Though it seems that only a small percentage of job advertisements on EFL job boards are fraudulent, due to the boards’ relatively small size and limited financial resources, they are a regular haunt of Internet con artists, who are going to ever greater lengths to gull unfortunate victims. I nearly fell into one myself recently.
It turned out that said job scam was one that, besides posting fraudulent job ads on prominent EFL job boards, involved the use of forged official forms and documents from a government ministry, running traffic through a domain name server (DNS) run by a registrar offering free domain name registrations, and Western Union.
Arousing my suspicions that the EFL job post, which ostensibly offered relatively well-paid teaching positions through the United Arab Emirates’ Ministry of Education, was a scam was the inclusion of a “.tk” domain tag on a Web site link and return e-mail address; that and atypically rapid and repeated responses to my initial indication of interest.
Digging around the Web to “authenticate” the offer, it became apparent that this was another pernicious fraud, one that, like a hydra, seems to grow new heads as soon as one is cut off. When they asked me to wire US$350 via Western Union to a certain person in Dubai, there was no doubt left in my mind.
In a February article, Gulf News reported on an almost identical scam that lured teachers from the United States, Great Britain and elsewhere aspiring to teach EFL in the UAE.
The fraud ring, which apparently included a known-to-be-bogus recruitment agency operating out of Nigeria, forged UAE Ministry of Education documents, signatures and visa forms, which they used to perpetrate the crime via e-mail exchanges with applicants who replied to a fraudulent Ministry e-mail address with a “.tk” domain tag.
The UAE’s Minister of Education, Hanif Hassan, warned job seekers to verify the authenticity of their appointment letters, while Brigadier Mohammad Ahmad Al Merri, director general of Dubai’s naturalization service, told Gulf News that investigations are under way to find the fraudsters.
Nice, Juicy Targets
Similar EFL job scams pop up regularly on EFL and other job boards. The increasing sophistication exhibited and the difficulty of tracking down — much less punishing — perpetrators is indicative of the increasingly organized nature of Internet financial crime and the challenges government authorities face in trying to combat it.
“Any high traffic site is going to be a ripe target for the criminal element. I’m not sure that the job board operators have the profit margins or incentive to screen those purporting to offer jobs. This really is a case of caveat emptor,” Randy Abrams, director of technical education at ESET, told the E-Commerce Times.
Before sending anyone money on the Internet, it is incumbent on the consumer to do a little research, Abrams said. For example, a simple Google search on the term, “[email protected]” returns a fraud report dating to February 2008.
“Consumers should always do at least a little research before sending any money. Googling phrases in the message is one way to quickly find scam reports,” Abrams said.
“Most of the job scams I have seen so far involved either money laundering or the deposit of fake checks. With a reporter from Montreal, we answered to one such job ad,” recounted Pierre-Marc Bureau, an ESET researcher. “The ’employer’ sent us a contract that we didn’t sign, but it didn’t seem to matter too much to him. After that, he sent us a fake check and asked us to change it and return part of the money through wire transfer. We didn’t make the deposit but it was enough to understand his ‘business model.'”
Free DNS Registrations
Internet frauds such as these also point out how perpetrators are taking advantage of free DNS registration offers and abusing regulations set out by ICANN (Internet Corporation for Assigned Names and Numbers), the only authority charged with permitting and establishing ethical use of Internet DNS registrations.
The UAE EFL job fraud ring took advantage of free DNS registrations offered by the government of Tokelau, a New Zealand territory in the South Pacific — hence the “.tk” locator tag — whose state telco partnered with Taloha, a company that lists offices in San Francisco and Amsterdam, to launch and operate its DNS registration service.
So-called free domain registrations “offer a lucrative business opportunity to unscrupulous operators,” Abrams commented. “For the ‘legit’ operator it can potentially mean advertising revenue, but for the criminal element it can mean income for providing domains without meeting ICANN regulations.”
To receive ICANN authorization to offer and manage domain name registrations, registrars have to fulfill certain obligations, but enforcement seems to be weak at present. “The real question is when will ICAAN step up to the plate to make the value proposition unattractive to those who exploit their roles as registrars, or who will not take expedient action against abuse,” Abrams maintains.
Dynamic, Fast Flux DNS
Free DNS registrations are often “loss leaders” for registrars and Internet service operators looking to attract buyers for additional for-fee services, or they’re looking to derive revenue from advertisements served to users of their free services, explained David Harley, an ESET research author.
“The disadvantage is that it’s not necessarily cost-effective for a scrupulous provider to police possible abuse; at best, they are at least partially reliant on what’s reported to them, either by individuals or through specialist lists and networks.
“The bulk of the problem is less with more or less static scam pages than with the exploitation of ‘fast flux’ techniques using dynamic DNS to maintain the resilience of a botnet. Among other things, these techniques make it very difficult to trace and close down malicious sites.
“Spoofed e-mail addresses are a different issue: You don’t need a domain to spoof an e-mail address. ‘419-ers’ do make frequent use of free e-mail services; botnets tend to bypass commercial mail services altogether, as malware has done for many years now.”