Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: SPAM pretending to be from Habitat for Humanity - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SPAM pretending to be from Habitat for Humanity

I received a disturbing (to me) piece of SPAM this morning:

As happens occasionally, this one sailed through our SPAM filter, but it got my attention for a number of reasons

The spelling and grammar are pretty good - this does not look like your typical spam

  • It doesn't ask for money
  • It does ask for your personal information
  • It pretends to come from a charity that has a long history of delivering services via volunteering.
  • After a bit of digging, this looks like a new specimen, just cropping up over the last few days (I could be wrong on this, please correct me if so)
  • I think it bothers me so much at a personal level because H for H is a favourite charity of mine - where else can you do so much good, and get to use your power tools at the same time?


As you'd expect, the text of the "reply to" looks like a legit-sounding address, but under the text, the actual link goes to a bogus gmail account.

So, I thought - what to do?  I haven't been an admin responsible for a corporate mail server in several years - is this kind of spam normal these days?  My best answer to this question was "ask the readers at ISC" - any comments that any of you might have on this spam-bit, or any trend that it may represent would be very much appreciated. Please use the comment button, and pass along any info you may have.

As a trend, we see that SPAM tends to follow the news.  I'd expect that we're seeing SPAM about the BP oil disaster in the Gulf of Mexico, and also about the Pacaya volcano eruption near Guatemala City.  Are you seeing spam taking advantage of these events?

Just to feed the discussion a bit more - what's next? Will we be seeing SPAM from bogus medical labs - "There may be an issue with your recent blood test, please enter your information to verify" or some-such?  How far will these low-lifes go to get our info or cash? 

I'd like to say I'm disappointed in our fellow online denizens, but really the worse these get, the more I almost seem to expect them.

 Please comment, let us know what you're seeing out there spam-wise !

=============== Rob VandenBrink Metafore ===============

Rob VandenBrink

513 Posts
ISC Handler
SPAM usually markets products or services. This email is nothing of the sort. This is cyber money mule recruiting, and is "legit" in that you could definitely make money. Unfortunately, you would be making money pilfered from victims who opened the wrong email attachment. The perpetrators are Eastern European cyber criminals target small US business money managers with Zeus Trojan email attachments, which they then leverage to hijack the victim's online business checking account. To complete the movement of cash out of the country, these criminals need US-based bank accounts and a "money mule" willing to make a run to Western Union every few days. The gig is great until investigators come knocking on the money mule's door asking what was done with all the money wired into their bank account.
Anonymous
Like this: http://krebsonsecurity.com/2010/05/cyber-thieves-rob-treasury-credit-union/
Anonymous
Habitat for Humanity does not operate with staff that get commission based on donations. See http://www.habitat.org/how/factsheet.aspx.
AndrewB

24 Posts
This just sounds like a variation of the Nigerian scam with a charity twist. Lend me your bank account, I'll give you a 10% cut.
AndrewB
2 Posts
This just sounds like a variation of the Nigerian scam with a charity twist. Lend me your bank account, I'll give you a 10% cut.
AndrewB
2 Posts
Did you report that Gmail-account to Google's abuse-address?
hsalo

3 Posts

Sign Up for Free or Log In to start participating in the conversation!