Posted by: David Harley | April 17, 2010

Londoning and SEO: is that why Mums go to Iceland?

I’ve just posted something else on “Londoning” or the “Friend in Need” scam at the ESET blog, as it’s based on a question someone asked me there. However, I’ll post the link here, as it would have been just as appropriate for this blog (and kind of follows on from my last post here).

http://www.eset.com/blog/2010/04/17/seo-poisoning-londoning-and-icelanding 

It ranges from the possible exploitation of the Iceland volcanic eruption at Eyjafjallajokull for SEO poisoning, to a variation on the “friend stranded and moneyless in London” scam that I haven’t seen yet, but seems all too likely to be used sooner or later.  The possibility was actually flagged by Zeljka Zorz in a post at Help Net Security:

Also, this situation made me think and realize that we will probably soon witness scam emails that take advantage of this “Iceland volcano erupting” situation and will try to claim that your friend has been stranded in the UK because of the lack of flights and has run out of funds, so would you please send some? Thanks!

By the way, if you’ve ever wondered why I never do podcasts, it’s because I never want to be heard trying to pronounce names like Eyjafjallajokull…

There’s a lot more detail (and more links) in the ESET post, but I thought it was worth summarizing some of my suggestions for lessening your exposure to this sort of scam here.

  • Be very suspicious of messages like this, however they arrive and wherever or whoever they come from. The message described in Zelkja’s post may give you some ideas about what constitutes “suspicious” in the email context: it’s clear from the headers that it was sent to more than one person, doesn’t indicate that the sender actually knows anything about the recipient other than their address, and so on.
  • Don’t even think of responding to the request for money until you’ve verified the source.
  • Absence of personalization (personal touches in the message that actually indicates the sender knows you well) is a pretty good indicator of untrustworthiness and characteristic of all generalized phish and 419 messages (as opposed to spear-phishing, for example, where the scammer or cyberspy is targeting an individual and researches him or her accordingly).  However,  not all social engineering attacks are untargeted, and someone who compromises your Facebook account, for instance, already has quite a lot of information about you.
  • If the way the message is expressed is uncharacteristic (especially if it sounds more “foreign” than you’d expect), that’s a pretty good indication that you’re not talking to the person you think you’re hearing from.
  • Be particularly sceptical when a “friend” (or, even more suspiciously, an acquaintance) wants you to send them cash by a scam-friendly channel such as Western Union.
  • 419 scams sometimes inventive in social engineering terms, but not necessarily hi-tech: take reasonable precautions to avoid having your accounts (email, Facebook, other social networking sites) compromised.
  • David Harley FBCS CITP CISSP
    Mac Virus
    Small Blue-Green World
    AVIEN Chief Operations Officer
    ESET Research Fellow & Director of Malware Intelligence

    Also blogging at:
    http://www.eset.com/blog
    http://avien.net/blog/
    http://smallbluegreenblog.wordpress.com/
    http://blogs.securiteam.com
    http://blog.isc2.org/
    http://dharley.wordpress.com
    http://macvirus.com
    http://amtso.wordpress.com

    Advertisements

    Responses

    1. […] I posted at Mac Virus about a new Mac malware variant at http://macviruscom.wordpress.com/2010/04/17/hellish-mac-malware/. I also posted more about Londoning and blackhat SEO at https://chainmailcheck.wordpress.com/2010/04/17/londoning-and-seo-is-that-why-mums-go-to-iceland/. […]

    2. […] I posted at Mac Virus about a new Mac malware variant at http://macviruscom.wordpress.com/2010/04/17/hellish-mac-malware/. I also posted more about Londoning and blackhat SEO at https://chainmailcheck.wordpress.com/2010/04/17/londoning-and-seo-is-that-why-mums-go-to-iceland/. […]

    3. […] allows them to use impersonation for more direct fraudulent purposes such as the London scam:  (https://chainmailcheck.wordpress.com/2010/04/17/londoning-and-seo-is-that-why-mums-go-to-iceland/; […]

    4. […] allows them to use impersonation for more direct fraudulent purposes such as the London scam:  (https://chainmailcheck.wordpress.com/2010/04/17/londoning-and-seo-is-that-why-mums-go-to-iceland/; […]


    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    Categories

    %d bloggers like this: