Sunday, August 30, 2009

Red faces at Democratic Party HQ?

It appears that the Democratic National Committee's Web site has been adopted by scammers to send out all sorts of unwelcome e-mail to unsuspecting - and unhappy - recipients.

Scammers pumping out emails that try to trick recipients into parting with large sums of cash are getting a helping hand from the Democratic National Committee.

According to a researcher with anti-spam company Cloudmark, 419 fraudsters have been relaying a "significant" amount of messages through the domain name. The abuse, which dates back at least to the beginning of this month, helps evade filters that internet service providers employ to block the messages.

"Unfortunately, because they're able to relay mail through the Democratic Party server, it does affect the Democratic Party's IP reputation, as well as their domain sending reputation," Jamie Tomasello, Cloudmark's abuse operations manager, told The Register. "I was surprised."

One such message purports to come from Mrs. Amina Adan and seeks help in recovering $25m in assets belonging to her late husband, said to be the former Somalia security minister who died of an explosives attack in Central Somalia in June.

A second email carries the subject Sign up to volunteer for the Democratic Party and claims to be sent on behalf of a "a wealthy white farmer who was murdered on the land dispute in Zimbabwe." Other messages try to con recipients with a Microsoft lottery scam.

There's more at the link.

I took a look at the Democratic National Committee Web site to confirm this report. The page in question has now been changed to include Captcha authentication, but originally looked like this:

I'm afraid that was a wide-open door for scammers to walk through! Hopefully the introduction of forms of verification will slow, if not stop, this abuse.

(Oh - and this isn't a dig at the Democratic Party as such. There are many other Web sites with similar lapses in security. It's a good reminder to all of us to be aware of such dangers, and be careful how we set up our internet security.)


No comments: