Share with your network!
Spammers are starting to exploit the widespread publicity around the eBay data breach to attract attention to their emails. Last week we saw a spam attack that looked like this:
Hey [redacted], Did you hear about he eBay Hack Attack? Its the Second Largest in US History. Hackers gained access to its entire database of 145 Mil user records and leaves many questions unanswered. My name was used falsely in an arrest, and I didnt even Know it until I checked my public record. You can check your history as well as the history of your neighbors to see if they have committed similar crimes. Enter Name Here -> / http://[redacted]/identity/arrest/record.index Regards, Alert Systems NotificationsThe attack used various subject lines: "View: updated Identity records", "Identity Report- No. 36-15472a", "Arrest Record: View Updated Report", "Verify: Identity Report Findings", "Identity Report - May 23 Update", and the intriguing "neighbors are doing strange things..." The body of the message, with all its typos and strange capitalization, remained largely the same, with changes only in the parts redacted above. The call to action URL redirected a couple of times and ended up on a web site that sells arrest records, instantcheckmate [dot] com. As any chess player will tell you, the only instant checkmates are the "fools mates" that only work against, well, let's call them people who don't know much about the game. The first thing you see on going to the site is a popup telling you it contains sensitive data, and the second is a progress bar telling you that it is establishing a secure connection. This actually does nothing at all, and neither does the little lock displayed on the page itself. The connection is still only HTTP, and not HTTPS. So why would someone go to these lengths to try to make it look like the connection is secure rather than paying the $70 or so it costs to buy a certificate and set up a genuinely secure connection? Could it be someone doesn't want to have their real identity on file at the certificate authority? Instantcheckmate has been in business since 2012, but there have been regular complaints that the data they provide is inaccurate and incomplete, and that once you sign up, they keep billing your credit card every month, and make it difficult to cancel or get a refund. Here's a few quotes from RipoffReports.com, a consumer complaints web site.
- I authorized a one-time use, but instantcheckmate took the liberty of turning it into a recurring monthly charge.
- I typed in my daughter's name and I was led to believe they had a criminal report on her... I gave them my credit card and 19.95 for one month. When I got the report on her, there was no criminal report.
- I pulled my name and their names and we were in their data base... You can request to have your name removed, but you have to pay a $9.95 opt out fee.
- The information they provided was info easily obtainable for free with any communicative device.
- They do not give you any background on the people you check on. I put a name in there that I know have been in trouble with the law and it will tell me no report.