By Dancho Danchev
Online scammers often promise you the moon in exchange for virtually nothing besides a modest financial investment. They are largely successful due to the high number of socially engineered customers. However, sometimes they tend to play by the rules in order to avoid legal responsibility for the business failure of those who purchased the “too good to be true” product.
In this post, I’ll profile a currently circulating “Work At Home” scam that’s successfully and professionally impersonating CNBC in an attempt to add more legitimacy to its market proposition – the Home Business System.
Sample screenshot of the spamvertised email impersonating CNBC:
Sample screenshot of the fake CNBC news article detailing the success of the Home Business System:
No matter where you click, you’ll always be redirected to the Home Business System.
Sample bogus statistics sent by customers of the system:
What’s particularly interesting about this campaign is the way the scammers process credit card details. They do it internally, not through a payment processing intermediary, using basic SSL encryption, featuring fake “Site Secured” logos, including one that’s mimicking the “VeriSign Secured” service. Although the SSL certificate is valid, the fact that they even require your CVV/CVV2 code, without providing adequate information on how they store and actually process the credit card numbers in their possession, is enough to make you extremely suspicious.
Sample spamvertised URLs:
Domains participating in the campaign:
worldnewsyesterday.com – Email: email@example.com
worldnewsimportant.com – Email: firstname.lastname@example.org
hbs-system.com – Email: email@example.com
Historically, the following domains were also used in a similar fashion:
homeworkhere.com – Email: firstname.lastname@example.org
lastnewsworld.com – Email: email@example.com
homecompanysystem.com – Email: firstname.lastname@example.org
Users are advised not to click on links found in spam emails, and to never entrust their credit card details to someone who’s spamvertising you using the services of some of the most prolific botnets currently online.