E-mail scams stoop to new low
6th February 2006 (The Star)
BY SHOM TEOH

PETALING JAYA: Get-rich quick e-mail scams that solicit small amounts of money purportedly in exchange for large returns are not new to Internet users in the country.

However, fraudsters have recently upped the ante by manipulating names of some local law enforcement agencies in a bid to convince unsuspecting e-mail recipients of their legitimacy, said the Malaysian Computer Emergency Response Team (MyCERT).

In its latest quarterly security report - which spanned September to December last year - there were two reports of such cases.

"The situation is considered serious compared to the previous years, and is in fact becoming a trend now," said Kol Husin Jazri, director of the National ICT Security and Emergency Response Team (Niser).

MyCERT (www.mycert.org.my)is a unit of Niser and is responsible for tracking and logging security incidents, as well as analysing major security incidents and trends.

Husin said fraudsters today are getting more sophisticated and are using clever "social engineering tactics" to dupe users into thinking e-mail sent by these "organisations" were truthful and valid.

"They would add a line in their e-mail stating that it has been approved or endorsed by Malaysian law enforcement agencies but in fact are not," he said, declining to reveal the names of these agencies.

Husin said one of the scams reported to MyCERT involved an e-mail sent to a victim claiming that he had won a lottery.

"They (the fraudsters) lured the victim to deposit cash into the their accounts, promising him huge amount of money in return," he told In.Tech in an e-mail interview last week.

The victim only discovered that he had been fooled when he did not receive "his returns" after making the deposit.

In another scenario, fraudsters set up a website designed to entice users to invest money with the promise of a good return. Initially, users would receive returns, but after a while, itwould stop coming in, said Husin.

Based on MyCERT's analysis, the websites used to run such scams are registered and hosted in foreign countries, Husin said.

However, MyCERT believes some operators of such scams are based in Malaysia, judging by the nature and modus operandi of the scams.

"Users should be careful not to deposit any amount of money to another party except to financial institutions that have been approved and licensed by Malaysian law enforcement agencies," he said.

More harassment, less spam

Meanwhile, MyCERT's quarterly report noted that there was a two-fold increase in the number of harassment cases that were committed via e-mail, chat and web forums, with a total of 14 cases of harassment in the last quarter, compared to only seven cases in the previous quarter.

Husin said the increase of such cases could be due to greater awareness of harassment threats and that such threats could be reported to the relevant channels.

"The increased number of users going to web forums also elevates the chances of users getting harassed.

"To protect themselves, users should never reveal personal information such as their contact numbers, photos, home and office address on these forums," he warned.

MyCERT's quarterly report also noted that spam - defined as unsolicited bulk e-mail - was the top online scourge, comprising 3,247 out of 3,404 reported incidents last quarter.

Despite the increase, the total number of spam cases reported last year decreased 35% to 9,282 from 14,371 the previous year.

"More organisations, including ISPs (Internet service providers) have installed antispam filters at their respective e-mail gateways to minimise spam, he said, adding that users are also applying appropriate filters in their PCs to minimise spam.