Web 2.0 Site Struck by 419 Scammers

Cybercriminals avoid corporate spam filters by sending messages via Web 2.0 business networking site.

by / May 27, 2008

Experts are warning workers of the dangers of connecting with people they don't know via the business networking Web site LinkedIn following the discovery that advanced fee fraud scammers are using the site to find potential victims.

Advanced fee fraud, also known as 419 scams after the relevant section of the Nigerian penal code, are a common sight in many computer users' e-mail inboxes. Typically they claim to offer a small fortune in the form of a lottery win or inheritance, in exchange for an individual's banking details or payment of a "handling charge."

Scammers obstructed by corporate anti-spam defenses at the e-mail gateway have now turned to sites like LinkedIn to try and lay traps for unwary business workers.

Earlier this week, a 419 scam was sent via the LinkedIn Web site claiming to come from a 22-year-old woman living in the Ivory Coast who has been passed $6.5 million by her deceased father.

Part of the message reads:

Before the death of my father on the 12th December 2007,in a private hospital here in Abidjan,he called me secretly to his bed side and told me that he kept a sum of $6.500 000 (six million five hundred thousand United States Dollars) in a bank in Abidjan Cote D'ivoire. He used my name as the next of kin in deposit of the fund.He also explained to me that it was because of this money he was poisoned by his business partner and that i should seek for foreign partner in a country of my choice where i would transfer this money and use it for investment purpose.

The message goes on to request bank account information and implore the recipient and potential victim to reply to a Yahoo! e-mail address within seven days.

"419 scammers may be hoping that the typical professional on LinkedIn may have more disposal income than the archetypal MySpace or Facebook user, and is potentially a bigger catch. Furthermore, whereas many are used to receiving dangerous spam in their inbox," said Graham Cluley, senior technology consultant at Sophos. "Web 2.0 sites like LinkedIn and Facebook give strangers the ability to contact you, without the defensive umbrella of your corporate anti-spam filter. Computer users should be on their guard about any unsolicited e-mail as it could be from a cyber con-man."

Experts recommend that LinkedIn users who wish to reduce the chances of receiving spam change their communications settings on the site.

"LinkedIn provides the ability to prevent people from sending you an invitation to connect unless they know your e-mail address or appear in your 'other contacts' list," explained Cluley. "That should cut out a lot of the junk mail arriving at your LinkedIn account. Other options can reduce the amount of spam you receive at LinkedIn even further."

Other examples of 419 e-mail scams seen in the past include a message claiming to come from a U.S. Sergeant serving in Baghdad, the grandson of the late General Pinochet, Christian workers offering a puppy being offered for adoption, and even an African astronaut stranded on the Mir spacestation.

"It seems likely that scammers will continue to innovate and ... imagine tricks to separate the unwary from their money for many years to come," continued Cluley. "If more people kept in mind the old adage of 'there is no such thing as a free lunch', and deployed a little skepticism, then maybe the bad guys would find the pool of potential victims beginning to dry up."