You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ram <ra...@netcore.co.in> on 2008/01/04 13:57:23 UTC
New credit card scams .. how to catch these
https://ecm.netcore.co.in/tmp/dinner.eml.txt
The scam works like this:
They send you a mail asking wether you accept credit cards at your
hotel
They get you to confirm you will accept credit card for payment. Once
you agree they ask you to bill them extra fictional charges for taxis,
etc on the card, and then wire transfer back (a portion) of the
fictional overcharges. The victim thinks he will make some extra free
money on top of the dinner charges.
The people never show for dinner, and you are out the wire transfer
amount.
And my SA scores nothing on this spam ?
Thanks
Ram
Re: New credit card scams .. how to catch these
Posted by Luis HernĂ¡n Otegui <lu...@gmail.com>.
Hi, Ram,
2008/1/4, ram <ra...@netcore.co.in>:
> https://ecm.netcore.co.in/tmp/dinner.eml.txt
>
>
>
> The scam works like this:
>
> They send you a mail asking wether you accept credit cards at your
> hotel
>
> They get you to confirm you will accept credit card for payment. Once
> you agree they ask you to bill them extra fictional charges for taxis,
> etc on the card, and then wire transfer back (a portion) of the
> fictional overcharges. The victim thinks he will make some extra free
> money on top of the dinner charges.
>
> The people never show for dinner, and you are out the wire transfer
> amount.
>
>
>
> And my SA scores nothing on this spam ?
Well, after doing a little "spamassassin -r < dinner.eml.txt", I get this:
Content analysis details: (11.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
2.0 FREEMAIL_REPLYTO From and Reply-To point in different freemail
addresses
0.0 HTML_MESSAGE BODY: HTML included in message
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.0 DIGEST_MULTIPLE Message hits more than one network digest check
>
>
>
>
> Thanks
> Ram
>
>
>
Pretty decent, eh? My discard threshold is at 8.0, so I guess it's
only a matter of time before these get caught, if you have network
tests enabled...
Luis
--
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
Linux Registered User #448382.
When I grow up, I wanna be like Theo...
-------------------------------------------------
Re: New credit card scams .. how to catch these
Posted by Matt Kettler <mk...@verizon.net>.
ram wrote:
> https://ecm.netcore.co.in/tmp/dinner.eml.txt
>
>
>
> The scam works like this:
>
> They send you a mail asking wether you accept credit cards at your
> hotel
>
> They get you to confirm you will accept credit card for payment. Once
> you agree they ask you to bill them extra fictional charges for taxis,
> etc on the card, and then wire transfer back (a portion) of the
> fictional overcharges. The victim thinks he will make some extra free
> money on top of the dinner charges.
>
> The people never show for dinner, and you are out the wire transfer
> amount.
>
Hmm, that looks like a highly targeted variant of a 419 scam. ie: it
only works against resturant owners, and only those who agree to engage
in shady (and possibly illegal) credit transactions.
I think for now your best bet is hash based systems like razor, etc.
We may have to start looking for this to generalize, i.e. targeting a
variety of businesses and people, but right now there's not really
enough to generate rules based on. In particular, I'd be uncomfortable
deploying rules right now as most of the text looks like it could occur
in a legitimate reservation request, so it might be better to target the
follow-on emails that attempt to get them to engage in credit fraud.
> And my SA scores nothing on this spam ?
That's not too surprising. This is a fairly new scam, and there's
nothing in there that jumps out as "spam like".