GCN LAB IMPRESSIONS

'Hit man' phishing scam makes an offer you can refuse

Recently we have seen phishing scams that begin in the private sector make the jump to specifically target federal employees. In one case, attackers targeting Gmail accounts gained access to the accounts of U.S. government officials

Phishing, in fact, is by far the most common means of attack in federal networks, so every fed should be aware of the latest trends in these areas in case the attacks are aimed again at the government.

To an attentive user, many phishing e-mails can be easy to spot — poor grammar, typos, dodgy e-mail addresses and absurd scenarios being some of the tip-offs — but some of them still get through anyway.


Related story:

To hackers, government users are phish in a barrel


A new trend in phishing attacks — which actually is a revival of an old one — is turning violent. Targeted just at users in Australia so far, it’s a pretty scary delivery that comes as a text message.

The message supposedly is sent from a hit man who was contracted to kill the recipient. However, this hit man is supposedly looking to get a better deal than his employer offered, and is willing to let the victim off the hook for a mere $5,000.

The text of the message is: “Sum1 paid me to kill you. Get spared, 48hrs to pay $5000. If you inform the police or anybody, death is promised.”

A Yahoo address is given for the lucky mark to contact the hit man to negotiate for their life. Police in Australia believe this is the work of an organized crime ring. They have advised people to ignore the e-mails, but don’t know if anyone actually has paid the ransom.

Personally, having played the Hitman video game series (one of my favorite), I would be tempted to e-mail the would-be assassin and admonish him for breaking the code. How dare he contact a mark and offer a way out of a sealed contract. If I forwarded such an offer to his employer, it would be he who would be under the gun. No hit man should be that unprofessional. But I digress.

This may well be a local scam and never reaches the United States. But I think there is at least the possibility that this might be a trial run to see how profitable such a scam involving the threat of violence might be in terms of a fishing attack. Call it fishing with dynamite.

In 2007, for example, a similar scam made the rounds in the United States, this one from a supposed hit man who had been contracted for $50,000. The message promised to let the target off the hook for $80,000 and would show evidence that that hit was real for $20,000 (the real goal of the scam).

It’s conceivable that if the technique yields a lot of response, it could be modified in other ways, and re-targeted at feds, especially if the Chinese are behind this as they were with the other known federal attacks.

Think about an e-mail that supposedly came from a hit man, but instead of demanding money, it demanded access to a federal network, or sensitive passwords. What if it threatened a user’s kids or family? Sure, the vast majority of people would never fall for something like this, but past scams have proved that the unlikely can happen.

Let’s hope it doesn’t come to that, but be on your guard just in case.

Reader Comments

Tue, Jul 31, 2012

I would add, since this is illegal notifying the authorities is a good idea. While many times the authorities are not well equipped to deal with cybercrime such as this, as more people report it will draw more attention and more resources...

Mon, Jul 30, 2012 MB

This is a standard 419 scam which only began showing up 2-3 years ago. What can be disconcerting is if the scammer has some info about the victim other than his email address. But even so, it is highly unlikely the recipient is in any danger. Above all, one should NOT EVER reply to such an email. And most definitely, one should never send money, as they will never see the money again, and they will only get further emails from other scammers using the same or other types of scams. Firstly, of course, such an email is illegal. Not only is it a scam, but it could be classified as "extportion". The best defense is to first trace the email by using the full email header. In Gmail, look for the link just above the email that says "show original". Click on it, and the email with full headers will appear in a new tab. In Yahoo, scroll down to the bottom of the email and you will see on the right side a link that says "Show Full Headers". Click on that, and you will again see the email with the full header. Copy the email header, and go to this page: http://www.ip-adress.com/trace_email/ Paste the header into the space provided, and click the button that says "Trace Email Sender". More likely than not you will find the sender is in another country. Or if in the same country as you, pretty far away. It is also most likely they are using a VPN connection, proxy server, or some other way to mask their IP address. This can give the recipient of such an email some peace of mind, knowing the scammer is nowhere near them. The next thing to do, is delete the email, and if possible, use your filter settings to block the sender's email address. The third thing to do is....go on living your life as normal. You will not hear from the idiot again.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above