Sophos: Criminals try too tarnish name of Anti-Money laundering Website
October 2007 by Sophos
IT security and control firm Sophos has identified an attempt by internet fraudsters to damage the reputation of a website designed to fight online money laundering.
Bobbear is a British website set up to inform the community about websites created by gangs stealing money from innocent internet users. Emails sent by criminal gangs like these often claim to offer lucrative earnings to those recipients who agree to move money in and out of their bank accounts on behalf of a financial institution.
A spam email campaign, intercepted by Sophos, attempts to tarnish Bobbear’s reputation by asking for money to be donated to the website via online payment service e-Gold. However, Bobbear makes clear on its website that this campaign is a spoof, as it never sends spam and never asks for donations.
Part of the email, which includes an e-Gold account number, reads:
’MAKE DONATION TODAY! Donate for website which fights with money laundry and child porno please!! bobbear.co.uk is working for your calm! ’
"Clearly the good people at Bobbear have upset the bad guys. The criminals have retaliated by trying to smear the website by sending spam in Bobbear’s name and asking for donations. Innocent people might be tempted into contributing in the fight against internet child abuse and money laundering, but the only pockets they would be filling belong to the criminals themselves," said Graham Cluley, senior technology consultant for Sophos. "It’s a dirty trick by the cybercriminals to try and undermine an organisation that is actually doing something positive to make the internet a safer place. All email users need to learn to be suspicious of unsolicited emails and not take everything they read at face value."
"I’m grateful to Sophos for their support in this incident. The website bobbear.co.uk exists to publicise criminal fraud on the internet, to fight criminal fraud on the internet, to offer victim support and to offer a one-stop website for evidential data on the major frauds as an aid to abuse reporting. It also offers information on zombie botnet construction and abuse reporting techniques. The whole ethos of the site is that it is purely voluntary and does not accept donations," said Bob Harrison, administrator of bobbear.co.uk. "The fact that criminals have chosen to attack the site shows we must be doing something right."
In April, Sophos reported that the Department of Justice alleged that the owners of e-Gold allowed their service to conduct fund transfers despite knowing that the money being moved was the result of illegal activity such as credit card and investment fraud and child exploitation. The indictment further alleged that e-Gold was operating without a licence and without registering with the federal government, violating money transmitting laws.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.