Author Archives: Joe Wein

About Joe Wein

Software developer and anti-spam activist

Robert Scoble on “How Bill Gates beat Gary Kildall”

Posted on by
Reply

Gary Kildall, creator of CP/M, the first industry standard operating system for personal computers

If you’re interested in the history of personal computers and the software industry, Robert Scoble’s one hour show on “How Bill Gates beat Gary Kildall in OS war” is well worth watching. In an interview Tom Rolander, who worked with Gary Kildall when IBM came to talk about an operating system for their yet unannounced PC, talks about how Microsoft came to pick up the contract that set the foundation for its Windows empire, while DRI lost it’s role as the operating system standard of the early microcomputer industry.

Also mentioned is the dismissal of a lawsuit by Tim Paterson, the author of QDOS aka SCP-DOS, which was renamed IBM PC-DOS and MS-DOS by IBM and Microsoft. You can download the ruling here. Paterson had sued author Harold Evans for defamation after being mentioned in a chapter of Evans’ book “They Made America” on Gary Kildall.

On July 25 judge Thomas S. Zilly ruled that:

Plaintiff Tim Paterson has failed to provide evidence that statements in Sir Harold Evans’
chapter on Gary Kildall are provably false or defamatory. The statements in the Kildall chapter constitute non-actionable opinion protected by the First Amendment, or statements
that are not provably false. In addition, as a limited purpose figure Mr. Paterson has failed to
provide any evidence that Sir Harold Evans acted with actual malice.

Denial-of-service attacks hit anti-spam sites

Posted on by
1

If you’re a regular vistor to some of our websites you may have noticed that the server was down for much of the last 48 hours. This was due to an online attack known as a ‘distributed denial of service attack’ (DDoS). In the first two hours alone computers with over 1000 different IP addresses worldwide were involved. At the peak 3.6 GB of requests per hour (i.e. 1 MB per second) were sent to the server, which was unable to keep up with the load and became unresponsive.

We took several countermeasures and managed to bring some websites online again. As of today it appears the attacks have ceased.

Concurrent with this attack on our main server several other anti-spam servers underwent similar attacks. The website of URIBL.com was offline for some time. Several servers that are of the SURBL project were affected by attacks.

The large number of IPs involved suggests that the attack involved a botnet, a large number of remote controlled zombie computers infected with malware. This criminal abuse of stolen internet resources illustrates the dangers that infected computers pose to others, against which there are few effective defenses.

It also shows that anti-spam tools such as SURBL and URIBL are effective against the spammers, or they wouldn’t be trying so hard to sabotage our legitimate efforts.

(Update 2007-06-12): SpamHaus was also affected by the attack, according to an article by Ryan Naraine (ZDNet), which quotes a usenet posting by Steve Linford of SpamHaus. According to this information the DDoS was carried out using a variant of the ”Storm” malware by the same gang that also launched a DDoS attack against BlueSecurity last year.

SEC takes action against stock spammers

Posted on by
2

On March 8 the US Securities and Exchange Commission annonunced a 10-day trading suspension for securities of 35 companies quoted on the Pink Sheets quotation service. The suspensions aims at protecting the public from fraudulent stock price manipulation by stock spammers.

All of these stocks have been advertised to millions of email users via pam, usually sent from “botnet” zombie computers. Buyers are tempted into purchasing penny stock already held by the spammers or their paying customers and as soon as prices start inflate due to rising demand, the criminals sell at a profit, leaving the new buyers to take a loss when the stock price deflates back to pre-spam levels or below.

This practise is widely known as “pump and dump”. The SEC welcomes information about such stock scams at email address 35suspensions(at)sec(dot)gov.

We have already reported 14 other companies to them whose stock has been advertised via “pump and dump” spams during the course of the past week.

A tale of two abuse departments

Posted on by
3

In the last two days I was in contact with two abuse departments at webhosters. Though the reasons for contacting them were similar, I came away with impressions that were as opposite as could be. I called because of two websites, both highly illegal. Both were advertised in spam and I encountered them when checking suspect domains found by my spam filter.

The first encounter was prompted by a phishing site, a clone of a Wachovia bank website designed to obtain account information to steal money via online banking. The email, subject line “Update Your Account Now!” claimed to be from Wachovia Bank, but predictably the links to the site that asks for your password led elsewhere, to a domain named (Wa-) “choviainfo.com”. The domain resolved to an IP address that, according to a WHOIS lookup, belonged to Hetzner, a leading webhosting company in South Africa.

I dialled the customer service number listed in the WHOIS entry and spent less than three minutes on the phone altogether. After stating that I found a phishing site on a Hetzner server, I was transfered to the technical department. There I repeated my quick explanation and was transfered to the abuse desk. I explained the problem and spelled the domain name to technician, who immediately checked the site and confirmed the existing of the phishing site on the machine. Using the Linux tool “chmod” he then disabled all access to the site. The website stopped working and the phishing gang was prevented from uploading another set of files. I was impressed how quickly Hetzner had resolved the problem and mentioned to the technician that I was a customer of Hetzner in Germany (their parent company) and was pleased to see their service was as efficient in South Africa as in Germany 🙂

Today I came across another site I found worth reporting, a child pornography site hosted on a GoDaddy server. Phishing is done by unscrupulous criminals who steal millions of dollars, but child pornography is far worse. It’s about small, helpless children getting raped and others making money out of that.

This site, created by a criminal gang calling itself “CP COMPANY” and claiming to be based in Ukraine, was advertised in spam in the following way:

Hello pedo lover!
We present to you NEW PEDO COLLECTION!
High Quality h^rd CP content! Low Prices on the net!
See free preview now and get instant access!
THOUSANDS OF HQ CP PICS and MOVIES…
+ BONUSES AND UPDATES!
LOTS OF FUN FOR CP LOVERS:

http://www.fulldbcollection.info

(I only added the actual domain name in this blog posting after the site was finally shut down).

Again, I looked up the IP address and then the WHOIS record for the IP, which included the phone number of the GoDaddy abuse desk.

I called the number and explained I had come across a child pornography site on one of their servers. The representative replied that I would have to put my request in writing because otherwise “you won’t get any action on this.” They needed to be notified in a way that creates a record. I should put the details in an email to abuse (at) godaddy (dot) com.

I said I would do that, but I would like to give him the URL anyway, which I did. The call was finished in less than a minute, but without the desired result.

Checking the details on the domain again, I found it was one of the child pornography sites I had already reported by email as part of my daily spam domain verification procedure, some 15 minutes earlier. So I could only wait, checking at iregular intervals if the site still responded by using the Linux “wget” program that lets me download the text portions without having to retrieve the pictures as a browser would.

It is now more than four hours since I reported the site to GoDaddy by email and more than 3 1/2 hours since I told them by phone. The criminal site is still offering pictures and videos of raped children to willing customers with a credit card.

In the index.html I downloaded with “wget” the criminals explain to their prospective customers:

Buying production at us you support creation of new kids porn films.

I only wish a company as large as GoDaddy was able to take action against criminal abuse of their services as quickly as Hetzner.

P.S. The child porn site was still active 29 hours after reporting it, despite two emails, one phone call and one voicemail left. I have contacted a US law enforcement officer about this.

P.P.S. When the site was still active 56 hours after reporting it, I filed a criminal report with the German police. When I checked again on the following day I found that the site had finally been disabled by GoDaddy.

Botnets meet “Nigerian” spam

Posted on by
5

Today I received an email which was a familiar scam sent from West Africa. I receive literally hundreds of them every day. What made this one different was that it carried a link to a malware site.

Any Windows user foolish enough to click the link and run the executable would get his machine infected with “trojan horse” software that gives others access to their computer.

I found five different domains all used to host the same trojan and all the emails to spread them were sent from countries in Africa.

Here is an example:

Dear friend,

I’m Mr.Alfred Kodjo from Lome Togo the only son of late Mr. David Kodjo.My father was poisoned to death on Dec 23, 2005 by his fellow diamond/gold business associate in Accra Ghana.

My father told me my mother suffered high blood pressure and died when I was 3 years old, but now I’m 24 years. In the light of the above, I have contacted you to assist me to transfer out of Togo the sum of $12 million US dollars, which my father deposited in one box as family treasure with a safety company for my future, I would like the fund to get to you so that you safe-keep it for me after which I will come over to your country in due course to live and school. You will invest this money for me in commercial estate or any other business of your choice you deem healthy.

For your effort, I am prepared to give you 20% of the total funds. I am looking forward to hearing from you while thanking you for your anticipated cooperation in this regard.

Please give me also your phone numbers for better communication between us.

Kind Regards,
Mr Alfred Kodjo
just look http://postcardsbargain . com/clip.html

(spaces inserted by me, to make sure it doesn’t show as a clickable link).

The email was sent from an IP address in Togo:

Received: from [80.248.70.177] by web58607.mail.re3.yahoo.com
via HTTP; Tue, 27 Feb 2007 20:29:42 ICT
Date: Tue, 27 Feb 2007 20:29:42 +0700 (ICT)
From: alfred kodjo
Subject: {Spam!} ``Erwin co-operation from Mr. Alfred
To: kodja12@yahoo.co.th

The domain postcardsbargain.com was recently registered:

Domain Name: POSTCARDSBARGAIN.COM
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: MANAGEDNS1.ESTBOXES.COM
Name Server: MANAGEDNS2.ESTBOXES.COM
Name Server: MANAGEDNS3.ESTBOXES.COM
Name Server: MANAGEDNS4.ESTBOXES.COM
Status: clientTransferProhibited
Updated Date: 13-feb-2007
Creation Date: 13-feb-2007
Expiration Date: 13-feb-2008

Other domains in the same series were bestnetpostcards.com, freewebpostcards.com, ecolorpostcards.com and mailfreepostcards.com, which were also registered through Estdomains. Here are the details for the emails in which they were spotted:

212.60.73.44 (Gambia) – moceesay@hotmail.com:
mailfreepostcards.com / show.exe

196.28.250.11 (Nigeria) – mr_ban0x19@hotmail.com:
ecolorpostcards.com / winner.html

196.201.156.161 (Kenya) – info_jabrattofood@yahoo.co.uk:
freewebpostcards.com / show.exe

196.3.63.252 (Nigeria) – william_franca_fw2@yahoo.com.hk:
bestnetpostcards.com / show.exe

80.248.70.177 (Togo) – kodja12@yahoo.co.th:
postcardsbargain.com / clip.html

41.243.148.204 (South Africa) – den_ma006@hotmail.com:
nuclearworldaction.com / video.html / clip.exe

196.3.63.252 (Nigeria) – annahoffmanhome@yahoo.com
nuclearwarinusa.com / news.html

Malicious programs installed via links in emails can log keyboard input to steal passwords and online banking details. They can turn your computer into a remote-controlled spam sending zombie.

Such programs have been used primarily by Eastern European spam gangs for sending spam and for hosting illegal websites, such as for phishing scams. However, until recently the Nigerian gangs made virtually no use of malware.

A few months ago I started seeing a trend where spam for Nigerian “419” scams sent through Webmailers traced to IP addresses of broadband hosts in North America (bellsouth.net, adelphia.net, cox.net, comcast.net, shaw.ca), which was highly unusual at the time. I was wondering if the “lads” (Nigerian scammers) were renting botnets from Russian gangs to evade spam filters that were treating West African Internet cafe IP addresses as suspect.

With the latest malware spam from West Africa it appears the cooperation goes much deeper. While it is possible that the malware links were automatically inserted by a very clever trojan running on PCs in Internet cafes, it seems too much of a coincidence that all of the samples we’ve come across so far originated from Africa.

Close cooperation between the manpower of Nigerian and other advance fee fraud gangs and the brains of high tech crime rings in Eastern Europe is indeed a frightening perspective.

Child pornography hosted by Yahoo

Posted on by
14

On an average day I come across 4 new child pornography sites that are hosted at Yahoo. Shocking? It was to me when it started, but it’s been going on for a long time. Finally, at the end of June 2006 I started keeping track of them in detail. Between July 1 and December 31, 2006 I counted 744 such sites hosted at Yahoo and the flood is continuing to this day. To give you a taste, here is one I received on 2006-01-14:

Feel new emotions, taste new experience,
a very HARD and HOT YEAAAAHH!!!

5-10y.o. kids starring as porn models.

Innocent, virgin, naive and so sexy.
Pervert porn.
True effect.

http://yahoo-domain

Download your free CP pics and movie samples.
Limited offer.

As you may know, a few years ago I started publishing names of domains (websites) that were advertised via spam. For more than two years I have been one of the principal data suppliers for SURBL.org. It’s a Spam URL Blocklist that enables people to block spam based on the websites advertised. This type of spam blocking works even when spam advertising a spammer’s site is sent from a thousand different computers using a thousand different fake sender addresses.

About a decade ago, when the World Wide Web was just taking off there were a lot of headlines about child pornographers lurking in Cyberspace, but very little such material could actually be found. Nowadays most people have the perception that child pornography is tackled seriously by law enforcement, but in actual fact the criminals who sell pictures of child rape go about it more blatantly than ever. It is sickening.

Now how could a major reputable company such as Yahoo host repulsive, clearly-illegal material? They provide a legitimate service to register and host websites, like many other companies do. They are neither the cheapest nor the best webhoster, but a lot of people use them for personal websites.

All it takes is access to the Internet and a credit card.

The criminals use Yahoo for hosting illegal sites ranging from fake bank sites (phishing) to child pornography sites. They are not easy to track down since they use other people’s credit card data to register domains and sign up for site hosting. Then they upload websites and send out spam to advertise these sites. From amongst the millions of spam recipients, several thousand people will respond and sign up for more of this stuff, presumably hosted on others servers that are not closed down so quickly. They pay by credit card, handing their card data to the criminals. Repeat ad nauseam.

Once the illegal sites are reported to Yahoo, they will eventually shut them down, but by then the criminals have already had time to find new paying customers. The earlier the sites are detected and suspended, the less money the criminals make.

The credit card data abused for site hosting does not necessarily originate from child pornography customers. Phishing scams and fake internet stores are other data sources. There is reason to believe in connections between phishing gangs and child pornography gangs, as there are many common elements. Both extensively use Yahoo domains. Along with pill spammers and “warez” (software piracy) spammers they obtain credit card data in bulk and use armies of spambots to send out spam emails. These are remote controlled PCs infected with “Trojan horse” software that turn them into zombies that receive instructions from one of several hidden master servers on the Internet.

Yahoo is by no means the only company that ends up hosting illegal content. However, it is the biggest single webhosting company that we’ve come across that is hosting child pornography. No other company even comes close. There has got to be a reason for that.

The situation with phishing scams using newly registered domains is similar. Phishing sites tend to be hosted either on cracked websites, hijacked computers, computers in China or by Yahoo. There has to be a reason for why criminal spammers prefer Yahoo, even though it’s by no means the largest webhosting company.

Typically when a provider is massively abused for hosting illegal content, as for example MSN was for hosting Nigerian scam sites (419 scams), it means that either its credit card fraud detection mechanisms are inadequate or it’s technical support is not geared up to effectively handle fraud reports about hosted sites submitted by the public. Usually it’s a combination of both.

The spam gangs that host sites at Yahoo know that their sites will be shut down eventually. That’s why they launch four new sites per day and keep the mail pipeline stuffed with new spam. Every extra day that it takes a webhoster to respond is a day during which they get new credit card orders, at $99.95 a client. Some of that money finds its way to the rapists who provide the pictures.

For the last 6 months I have been reporting all Yahoo child pornography sites to the company. Trying to get a more direct connection, I contacted a friend in the USA with law enforcement contacts. My friend went as far as talking to the FBI, only to be told that the FBI wasn’t interested in this type of site. They were only after the main sites that the Yahoo sites act as a shop window for. The number of new sites is still the same as it was six months ago. Yahoo appears to have done nothing to discourage this abuse of their services.

I would be glad to hear from Yahoo directly to work out a modality to get those spam sites shut down as quickly as possible. Even more I wish for Yahoo to get its act together and tighten up its checks on new domain setups, so as to detect attempts to signup for illegal purposes by watching out for recurring patterns in the signup attempts. If I as the owner of a small software company can detect all those pornography domains to report then, why not a billion dollar company like Yahoo?

Echoes of Trotsky

Posted on by
Reply

“You have shown yourself unworthy of the trust of civilized men and women.” These are the words with which murdered former Russian spy Alexander Litvinenko accused Russian president Vladimir Putin in a letter dictated on his deathbed. “You succeeded in silencing one man but the whole of protest from around the world will reverberate, Mr. Putin, in your ears for the rest of your life.”

Like the murder of Litvinenko’s friend, the journalist Anna Politkovskaya, the poison murder of the former agent is unlikely to be solved any time soon. Though the Russian authorities, which probably hold the key to the mystery, have declared their cooperation with the British police, they also emphasized that only they will be able to interrogate any suspects on Russian soil, or make arrests. They categorically stated that no suspects will be extradited to Britain, where the murder took place and of which Litvinenko had become a citizen. The only place any Russian suspects could be tried, according to the Russians, is in Russia. Already there are signs that the Russian authorities are not fully cooperating with British law enforcement, for example by refusing to question some parties the British were interested in talking to.

Putin denied any involvement in the two murders. That was to be expected, whether it was the truth or not.

Disingenuously Putin suggested, Politkovskaya’s death could have been the work of his political opponents in next-door Ukraine, to smear his name. The suggestion is somewhat ironic. Ukrainian president Viktor Yushchenko himself fell seriously ill after being poisoned with hard-to-detect but highly toxic dioxin by pro-Russian members of the Ukrainian security forces. If Litvinenko and Politkovskaya were indeed killed on behalf of Putin’s enemies, one would expect Russian authorities to be most keen and cooperative to track down their murderers. Yet so far there is no indication of that.

The nature of the poison used against Litvinenko, Polonium-210, makes anything but a state-sponsored assassination attempt unlikely. It is sold by commercial suppliers only in tiny quantities and the dose used would have cost $10 million. Arguably the question is not if Litvinenko was poisoned by current or former members of a state secret service, but whether Putin authorized the murder or not.

After the September 11, 2001 attacks against the USA Putin won praise as an ally in the so-called “War on Terror”. He let the US use airbases in former Soviet republics in Central Asia during the war against the Afghan Taliban regime. He maintains personal friendships with George W. Bush, former German chancellor Gerhard Schröder and former Italian premier Berlusconi.

His political friends in the West and also largely the Western media chose to turn a blind eye to Russian atrocities and massive human rights violations in Chechnya. Torture, arbitrary detention and “disappearances” (extrajudicial killings) are widespread. Russian forces act with total impunity. They literally get away with murder. A report by Human Rights Watch wrote in 2004:

Unchecked patterns of abuse by Russia’s forces in Chechnya will eventually affect the rest of Russian society. Tens of thousands of police and security forces have done tours of duty in Chechnya, after which they return to their home regions, bringing with them learned patterns of brutality and impunity. Several Russian human rights groups have begun to note a “Chechen syndrome” among police who served in Chechnya—a particular pattern of physical abuse and other dehumanizing treatment of people in custody. Russians already face serious risk of torture in police custody. The Chechnya experience is thus undermining efforts to promote the rule of law in Russia’s criminal justice system.

Putin ascended to power on the promise of a quick victory in Chechnya, yet despite of (or perhaps because of) ruthless methods Chechens still resist Russian occupation six years later. If anything can be learned from this period it is that Putin has few scruples, as long as he can get away with it. When the Chechen conflict erupted into a war again as Putin rose to power, Russia was gripped by fear from a series of unsolved bombings of apartment blocks which were blamed on Chechens, even though later security forces were caught red handed with explosives in the basement of one building. Anna Politkovskaya was investigating these bombings.

The murder of Litvinenko made a lot more headlines than that of Politkovskaya, not just because of the unusual choice of method but also because it took place in a Western country.

Probably the most famous of all foreign murders of an enemy of a Russian leader was that of Leon Trotsky. Exiled in 1929, the revolutionary and writer continued his opposition to Stalin, denouncing his policies in numerous books and articles. Finally in August 1940 he was slain by Ramon Mercader, an agent of the NKVD (the precursor of the KGB), at his home in Mexico City using an ice axe. His murderer, a Spanish citizen who used a fake Canadian passport and name, was arrested and sentenced to 20 years in prison. Stalin denied any involvement. Mercader’s real identity was not discovered until 1953. Upon his release from prison in 1960 he left Mexico and went to revolutionary Cuba. Until his death in Havana in 1978 he lived in Cuba and the USSR, where he was honoured as a “Hero of the Soviet Union”. His involvement with the KGB was not officially revealed until the fall of the Soviet Union in 1991.

While it took over half a century until written proof became available, Mercader’s hero status in the Soviet block from after his prison release had already made clear that Mercader had murdered Trotsky on Stalin’s orders.

In a similar vain, it may take a long time before all facts about Litvinenko, Politkovskaya and Putin get documented, a lack of cooperation from the Russian authorities will make it clear whose interests were served through these unscrupulous murders.

In February 2004 exiled former Chechen president Zelimkhan Yandarbiyev was killed by a car bomb explosion in Qatar. His killers, Russian agents Anatoly Belaskhov and Vasily Bogachev were sentenced to life in prison by a court but later transferred to Russia, which had put intense pressure on the small Gulf state while denying any involvement in the crime. At home the murderers were soon released from prison. In the summer of 2006 the Russian parliament passed a law that explicitly permits foreign assassinations if signed off by the Russian president.

It would be far easier to believe in Putin’s protestations of his innocence if it wasn’t for the track record of his regime in the past 6 years. Whether Putin gave direct orders or failed to supervise his security forces, it is he as the commander in chief who bears the responsibility for these deaths, as he does for the suffering and deaths of numerous others in Chechnya and other parts of the Russian sphere of influence. Those who still treat his rogue regime as a valuable friend and ally must share this grave responsibility.

CrossLoop beta released

Posted on by
Reply

CrossLoop, a secure screen sharing utility for anyone who uses a computer with a broadband connection, is now in beta testing. If you use computers you sooner or later encounter problems where you need somebody’s help to solve them. Often it can be difficult to describe the symptoms or the solution. Whether it’s helping a parent or a customer, CrossLoop makes remote problem solving and cooperation easy and intuitive. Installed and running in under two minutes, it lets you share access to the same computer, looking at the same screen and (optionally) with shared use of the keyboard and mouse. It’s also handy for running a slide show or demonstrating the use of some software to someone hundreds or thousands of kilometres away. Complex software installations, remote troubleshooting — it’s almost like you’re both sitting in front of the same computer. CrossLoop does this without complex setup such reconfiguring routers and firewalls and leaves no backdoors. All data is securely encrypted using 128-bit encryption, so no one can snoop in. And it’s all free 🙂

CrossLoop

Disclaimer: I work for the company that makes this product. As someone who lives in Japan, with family, friends and colleagues in Europe, the USA and elsewhere this is a natural product for me to work on and use myself.

Other blogs that talk about CrossLoop:

You can add comments and ratings to the digg review mentioned above by clicking the “join digg for free” link below the list of user comments.

Ten eyes for an eye

Posted on by
2

The Old Testament rule of “an eye for an eye, a tooth for a tooth” is often quoted to expose someone who is merciless to those he regards as his enemies. It is quite a different kind of justice to the one preached by Jesus when he asked his followers to “turn the other cheek” when someone slaps them in the face.

What is often forgotten is that even this brutal “an eye for an eye” rule was meant to prevent escalating vendettas, where two families would inflict ever increasing punishments on each other to exact revenge for previous misdeeds by members of the other family. Without it the violence could escalate without limits, until one side is wiped out.

I can’t help but think of this ancient concept of justice when I watch the news from Israel and Lebanon in these days of war. As I write this, over 50 Israelis have been killed since the beginning of the war, while numbers in Lebanon are anywhere from 500 to 750 dead, depending if bodies suspected to still be buried under collapsed buildings are counted or not. The vast majority of these victims are civilians, about one third of them are children.

It is obvious in this conflict that Israel has overwhelming firepower, but it can not use that firepower to win itself peace. I believe it is doing exactly what Hezbollah wants it to do, responding to a calculated provocation in way that will fan the flames of hatred against Israel in the Arab and Muslim world. 1 in 7 Lebanese is now a refugee. Billions of dollars in damage to housing, infrastructure and the whole economy will throw back Lebanon by years.

An excessive response that punishes Lebanese civilians, including many children, for the violence of Hezbollah will make it harder for both sides to speak to each other. A durable peace can only be based on a negotiated compromise.

CNN reports about online scams

Posted on by
3

A recent CNN article described various online scams, including fake lotteries and other 419 scams:

As one scam-watch site pointed out, lottery companies do not organize “promotional” lotteries, they advertise. A free “promotional” lottery that you only hear about if you win would only promote the lottery to a handful of customers. That doesn’t make any sense.

If you answer the e-mail, after one or two e-mail exchanges with the so-called lottery officials or claims agent, perhaps accompanied by some official looking but fake documents, you’ll be asked to pay fees for taxes or handling or some other reason. This is the scam — you pay the fees and never see any winnings, mainly because there are none to see.

Currently fake lotteries are the most prominent of online scams. We get far more queries about fake lotteries than about all other types of scams taken together. More people fall for them than for any other scam, maybe because so many people play lotteries in “real life”, so the idea of a sudden lucky strike is not alien to them.

In case you wondered, the unnamed scam-watch site quoted by CNN is the one you’re looking at right now. It was a quote from our 419 fraud FAQ about fake lotteries. The article also prominently mentioned Fraudwatchers.org of which we’re a member and listed it as the first of several fraud-information websites.

Education is the most effective weapon against scams. People who know about scams are not easily tricked any more. If more newspaper and TV and radio stations were to talk about scams, fewer people would fall victim to them.