Spam scam nets newbies


By Barry Fox FRAUDSTERS are attempting to con people who have just set up accounts with online service provider CompuServe into revealing their bank account details, credit card numbers and log-on passwords. While New Scientist has not yet heard of anyone suffering financial loss as a result of the scam, CompuServe admits it is powerless to stop the practice. The scam came to light when a New Scientist reader became suspicious over an e-mail message soliciting personal information. CompuServe offers anyone a free month’s trial, on condition that they provide credit card or bank account details. A few days after they have set up their trial account, some subscribers have received an e-mail that purports to come from a CompuServe accounts manager. The message says there are “problems with your account” and asks for all financial and log-on details, all over again. But anyone who e-mails their details is sending them to criminals. Martin Turner, CompuServe UK’s managing director, acknowledges that “new users are bombarded with spam”. Asked if he was was aware of the financial details problem, Turner replied: “Yes. I am aware of the problem. We can’t stop people sending e-mails. There is nothing we can do to stop it. This is not the first.” He adds: “There is nothing we can do to stop fraudsters doing this, but our security group tries to track them down. There are some pretty shrewd characters out there —this is fraud.” In a statement, CompuServe says that “very few CompuServe subscribers are ever victims of fraud”. But it has not been able to quote a single case of a prosecution. Rachel O’Neil, a spokeswoman for CompuServe’s parent company, America Online, admits that fraudsters send its users requests for billing details—she even received one herself. But they go to all subscribers at random, while the scam directed at CompuServe users is cleverly targeted at novices, who are less likely to know that it is unwise to reply. One possible way that the fraudsters could find new users’ names is by checking CompuServe’s Member Directory. But the subscriber who contacted New Scientist was not listed in the directory, so the fraudster must have got their target address some other way. Unlike most service providers, CompuServe gives its users numbers, rather than names, even though names can be added as an alias. So fraudsters do not have to try and predict names. Instead, they could sign up for a free trial, note the number they were allocated, and try to use this to predict the next batch of numbers due for allocation. They could then send the scam e-mails to these numbers. The fraudster would then be able to close their trial account and use the details sent back by a genuine user to set up another. CompuServe refuses to discuss how its numbers are allocated and whether they are predictable. It will only say that it tries to “avoid providing addresses that can be easily identified”. The company says that its new service, called Compuserve 2000, which is due to launch next year,
  • 首页
  • 游艇租赁
  • 电话
  • 关于我们