Forensics Journal - Stevenson University 2013 | Page 26

FORENSICS JOURNAL

FIGURE 3: 419 Nigerian Advanced Fee Fraud Scam Lifecycle,
.NExT Web Security.

FIGURE 4: Lottery Prize Scam, Rubinstein, Maria. SecureList.

Rubinstein, Maria. “Congratulations, you’ve won! The reality behind
online lotteries.” SecureList. 25 Jan. 2012. Web. 30 Apr. 2012.
http://www.securelist.com/en/analysis/204792215/Congratulations_
youve_won_The_reality_behind_online_lotteries
Facebook recently encountered a problematic IKEA malvertising gift
card scam, according to ITbusiness.ca columnists, Robert McMillan
and Robert X. Cringely. With the promise of a $1,000 gift card by
following through on the fictitious marketing scheme, approximately
40,000 Facebook users shared the offer with their friends, and encouraged users to click on to a fraudulent, malware infested website in an
effort to generate revenue for website traffic (McMillan and Cringely).
At the peak of the scam, Facebook noticed the fraudster’s Facebook
business page gained roughly 5,000 “fans” per hour, until the page
was shut down later in the day (McMillan and Cringely). With the
inclusion of ads into trusted social media sites, users have become
easily tricked into believing that all ads that run on a trusted site, such
as Facebook, are legitimate.

“419 Nigerian Advanced Fee Fraud Scam Lifecycle.” .NExt Web
Security Services. n.d. Web. 18 Oct. 2012. http://www.nextwebsecurity.com/419LifeCycle.asp.
Simply noting that an email is from a reputable company such as
Coca-Cola immediately establishes brand credibility and provides the
prospective victim with a way to connect with the fraudster. If he
has heard of the organization, it baits the victim into believing that
a reputable company has offered an opportunity to win a prize. The
email shown in Figure 4 is sent from a free web domain “yahoo.fr”
rather than the actual organization, Coca-Cola. The free web domain
in conjunction with the numerous grammatical errors, serve as warnings that this is an e-scam. Using a root address of “cocacolaclaimsdepartmentukfr1” is customizable within any well-known ISP service,
assuming that the email address itself has not already been claimed by
someone else (like Coca-Cola). The appearance of the organization
in the root of an email addr