10/05/2011

Spammers pose as German Federal Ministry of Finance

Spammers pose as German Federal Ministry of Finance CyberCrime

One noticeable fact is that the amount of money granted (EUR 378.25) seems to be pretty reasonable and actually suggests more credibility than the countless Nigeria-Scam mails we’ve seen, that promise thousands and millions of Euros or Dollars.

But, even though the German officialese can drive you nuts at some point, this present email makes it even worse. Some phrases are just odd and one receives the impression that the translation got wrong, even though, compared to the mass of spam mails, this one definitely is a more sophisticated one.

Looking at the attached HTML document, we notice that the German Federal Ministry of Finance implemented an effective way of warning the potential victims. As the spammers copied the ministry’s website’s HTML code, they obviously integrated the original photos. The ministry reacted and exchanged the original photos with tagged ones:

This is the photo displayed in the HTML form after the ministry changed its website’s HTML code. A clever initiative to spread a genuine warning within a fake data submission form!

The phishers implemented a cgi script that most probably sends the data to their servers. The script is not available anymore, it was hosted on a website that was most probably copromised to host the script and was now cleaned again.

The German Federal Ministry of Finance explains that so called notices of amendment would never be sent by email and bank account details would never be asked for in this way. Furthermore, the German Federal Ministry of Finance is not responsible for issuing notices of amendment – this is done by the respective tax offices.


Useful rules of conduct:

  • Emails from unknown senders should be treated with caution. If an email looks very strange, here's what to do: ignore it, delete it, but under no circumstances open attachments or click on URLs.
  • Spam email should never be responded to either. All a response does is indicate to the fraudsters that the address they wrote to is actually valid.
  • Never disclose any personal information and/or bank data - either via email or on dubious websites.
  • Never transfer money to an unknown person.
  • Never thoughtlessly publish your own primary email address online, e.g. in forums and guest books, as it can be accessed by fraudsters there. It is useful to enter a secondary address for these purposes.
  • A security solution for the computer with an integrated spam function will use a filter to protect the PC against such incoming email.