Kerala police nabs Nigerian email fraudster

by Shijaz Abdulla on 09.08.2009 at 11:36

How many times have we got one of those emails from an African country, promising us a large reward for letting them use our bank account to transfer money?

You might think that in this day and age, people are aware of such fraudulent acts and do not fall into such traps. Wrong! There’s still a  large number of people who fall for such things, as in the case of Sherif, an Indian living in Doha – who happens to hail from the same Indian district that I am from – Kannur.

As per a newspaper report, Sherif paid the Nigerian guy about $80,000 as ‘processing fee’ for transferring $150,000 to his bank account in Kerala, India. He eventually got ‘suspicious’ when the Nigerian kept asking for more money and complained to the Cyber Cell of the Kerala Police.

The cops set a trap for the Nigerian, Shabha Muhammed Razaq, and asked him to come to Bangalore to collect more money. Razaq walked into the police trap and he was caught with counterfeit US currency, fake passports and some chemicals (?!).

scamRazak was part of a much bigger gang engaged in internet fraud in India and admitted tricking many people living in other Indian states.

A great job done by the Cybercops of Kerala! However, the general public need to be more alert and aware about such scams, that take advantage one basic human instinct – greed!

My adventures with Blackberry

by Shijaz Abdulla on 21.12.2008 at 21:51

blackberry-logo I like to visualize the BlackBerry server as a ‘black box’ – only because it is often difficult to figure out where the problem is. Perhaps my ignorance is to blame, or it’s just my love for the simplicity/transparency surrounding the inner workings of ActiveSync.

The other day, for instance, I was trying to activate a Blackberry Bold device. The activation kept timing out for no reason. Most of the time when this happens, one of the following usually solves the problem.

  • "Wipe" the device
  • Delete and re-create the user on the Blackberry server
  • Do a failover (we have NeverFail for Blackberry)
  • Do a full restart of the server.

But this time it was rather strange. All the above actions were in vain. So I decided to ‘troubleshoot by elimination’.

  • Check if same SIM card works on another blackberry enabled device. (yes)
  • Check if another user can be activated on same blackberry device with same SIM (yes)

I then deduced that there is nothing wrong with the Black Box .. er.. BlackBerry server, the device or the SIM card. "It must be something on the mailbox", I thought. But what exactly?

A quick call to our service provider, and a long wait for someone to get back to me revealed to me what I was missing — the user’s junk mail filter!

Blackberry activation involves sending an email to the user’s inbox, which would contain some kind of a hash. The user’s junk mail filter mistakenly thought that the emails from blackberry were spam and sent it to the user’s Junk Mail folder in Outlook, before the blackberry server could pick it up (from the Inbox folder) and activate the device!

10 bad email habits

by Shijaz Abdulla on 13.05.2008 at 13:03

EHLO!

outlook-icon This is a list of ten bad email habits that I’ve come across. Take a look and see if you find yourself doing some or all of these.

If you’re like me, and you can’t stand the sight of ol’ SMTP being abused, I’ve included some tips on how to teach the abuser a lesson :). This is just my list of email habits, feel free to add more by posting comments.

  1. Misusing the CC field – Type 1
    Some people think that if they CC somebody’s boss on every email message requesting action, they can get a quicker response. For something that’s really critical or important, this is good. But CCing the boss on every diminutive email request is just too much. Too many such “CC” e-mails to the sender’s manager is annoying for the manager too, and the manager might eventually stop reading emails from you (or even worse, administer a quick issue of the DEL key) every time you send a message. Your email eventually loses importance might get ignored even when it really is urgent. In the IT world, we can even see users doing this for things as trivial as getting access to a shared folder on the file server.

    What can I do?
    If you are the recipient, do not give the sender an impression that you are expediting on the sender’s low-priority request just because your boss is CC’d on it. Give priority to those other low-priority requests that have been directly sent to you by others and action them first (even if they came after the abuser’s email). If you can afford to do it, action this particular email request at the end of the day. When you reply to this sender, do not CC your boss.

  2. Misusing the CC field – Type 2
    And there are some other senders, who mark a CC to every son of Adam whenever they send an email message. If the motive of the email is to advertise about an achievement of the sender (often in a subtle way), this is perhaps done to show the world that the sender is worth his salary. If the motive of the email is to point out a fault concerning one of the recipients, then this most likely shows arrogance on part of the sender.

    What can I do?
    If the motive of the email is to communicate something which does not directly concern you – it is best to ignore it – if you can’t take it any longer, pick up the phone, and ask the sender nicely to stop marking you on such emails. If several of the recipients do the same thing, the sender will gradually come to terms with the idea. If the motive of the email is genuine and if you need to respond to it, make sure you remove all the unnecessary recipients after hitting ‘Reply to all’. This will reduce the number of recipients in the remaining part of the thread, and most likely prove a point to the sender.

  3. BCC
    The BCC field is a mistake. It shouldn’t have been there in the first place.
    Users, be aware that, upon request of the management, your email administrator can and will be able to determine whom you are marking on BCC.
  4. Responding when you are angry/frustrated
    This can make things very ugly. There is no worse feeling than wishing that you had never sent an email – two hours later. Think twice before typing an email. This is going to be a permanent record in the pages of history. Think of email like a gun. Once you pull the trigger (hit Send), there is no turning back.

    What can I do?
    Do not hit ‘Reply’ as soon as you finish reading a provocative e-mail. Sit back, relax, take a deep breath and reply later when you are ‘yourself’ again.

  5. Using email instead of the phone
    Using the phone for minor things can be faster than sending an email. Some people tend to think that sending an email increases the priority of the matter. However, in the real world, people are not always glued to their Outlook and may not (or choose not to) see your message till you call them :).

    What can I do?
    Accept the fact that email is not a replacement for the telephone. Period.

  6. Read receipts
    A read receipt is a cool feature designed with a purpose – it tells the sender when and if you have read the message. So, use it! Some people (usually managers) do not like to send read receipts when they receive email. The justification might be “who is this guy to ask me if read my email?!”. On the other hand, some people configure Outlook to always ask for a read receipt on every email they send. That’s a terrible waste of a good email feature.

    What can I do?
    Respond positively to all read receipts. Avoid configuring Outlook to automatically request read receipts for every email you send. It is annoying!

  7. Overdoing the Out-of-Office reply
    Out-of-Office reply messages are really cool too. They let the sender know that you’re not in town so they need not expect an immediate reply. It can also be used to direct the sender to contact someone else. However, some people use the Out-of-Office to write essays to explain at great lengths what they are up to and what’s missing in the organization because they are gone. I guess this is done by some users to show the boss (and everyone else) that they are taking care of a lot of responsibilities – the work of four men, etc. Oh please!

    Example of a good Out-of-Office message:

    Dear Sender,

    I will be out of office from May 27th, 2008 to June 26, 2008 and I will be having limited access to my email during this period. For any urgent matters, please contact Mr. Humpty Dumpty on 050-123-456 or email him on hdumpty@mycompany.com

    Regards,
    Yankee Doodle


    Example of a bad Out-of-Office message:

    Dear Sender,

    I will be on vacation at a beach resort in Hawaii from May 27th, 2008 to June 26, 2008. I will be having limited access to my email during this period.
    Please contact the following people during my absence:

    For matters concerning cabbage and cauliflower, please contact Jack Thompson.
    For reporting rotten cauliflower, please contact Charlie Brown.
    For issues related to onions and garlic, please contact John Smith.
    For issues related to onions without leaves, please contact Charlie Brown.
    For issues related to onion skin, please contact Jack Thompson.
    For anything related to vegetables, please contact John Smith.
    For queries related to legumes, please contact Charlie Brown.
    Anything else related to food that grows on plants, please contact Jack Thompson

    Regards,
    Show-Off Jones

    What is this? An IVR system? The sender could have also added one more line – “If you are confused, wait till I come back, because I’m THE MAN“.

  8. Empty Meeting Requests
    If you send a meeting request, you are requesting time from other people – which is valuable. Make sure you have a darn good reason for throwing a meeting and mention it in your request. Write a brief note on the meeting – use the OARRs rule: Objective, Agenda, Roles and Responsibilities. There’s nothing more ridiculous than receiving an empty meeting request and you end up reaching the venue wondering what the whole meeting is about. And when you reach there, you find other attendees in your very same, clueless, sorry situation.
  9. Using c
    razy shortcuts and too many smileys
    Using abbreviations like ASAP, FYI, FYA are well-accepted and good. Avoid using words like ‘coz’, ‘bcz’, ‘pls’, ‘thx’, ‘thnx’, ‘LOL’, etc. These might be good to use in a chat session, but not in a formal email message. Also make sure your email is well-punctuated and easy to read. Do not use more than one smiley per formal message. Read your mail once to see if it makes sense and run a spell check before hitting ‘Send’.
  10. Sending chain mail
    Sending a few impressive emails is good and keeps cheer in the workplace. It also helps build conversation at the water cooler and in the coffee room. But please don’t overdo it. Do not keep sending every trash that you receive from the internet – especially the ones that ask you to ‘send this message to 500 people in 3 days otherwise your momma’s gonna die’.

Hope you enjoyed this post. Let me know if you have come across more email habits by posting a message below.

How to understand an Exchange Server 2007 NDR

by Shijaz Abdulla on 26.04.2008 at 19:52

Here’s one for users and IT support personnel who sometimes have problems understanding what exactly an email non-delivery report (NDR) is trying to convey. Messaging experts, please excuse.

In Exchange Server, all NDRs returned to the sender appear to come from the local Exchange Server of your organization and not from the remote recipient’s mail server – even if the problem is at the receiving end. If the mail is received at the remote server and an error occurs during further re-routing/relaying, then the NDR might not appear to come from your organization’s Exchange Server. The NDR is formatted in an easy-to-read email message by the Exchange server in your organization and is sent back to the sender.

So, how easy is it to understand an NDR?

At first sight of the new, well-designed NDR of Exchange Server 2007, most users and non-email administrators tend to think that the problem is always on the local Exchange Server. To add to the confusion the NDR contains the words “Sent by Microsoft Exchange Server 2007” and “Generating server: “.

Here are some tips:

  • The text marked in blue is not what’s important. It will always show YOUR organizations edge transport server – unless the error occurred at a subsequent mail re-routing operation at the destination.
  • Pay attention to the part that I’ve marked in red. The part labeled (1) is more important. It gives you an overview of what’s wrong – but need not always give you the full picture.
  • The part labeled (2) is the server on which the error occurred. If this doesn’t look like one of the servers inside your organization, the problem is most likely not at your end.
  • The part labeled (3) is the error reported by the server mentioned in (2).
  • Part (4) shows the flow of the message between various servers both within and outside your organization. All it takes is a little effort to understand what’s going on.
  • Trust your email servers :). Don’t always think the problem is at your end, even if it looks like your server is reporting the error. Make an earnest attempt and apply some educated logic to figure out where the problem lies.

The more users you train on how to read NDRs the lesser helpdesk calls you will get. I’ve seen that sometimes very simple NDRs like the following get escalated all the way to the email administrator as an “email problem”:

Your message did not reach some or all of the intended recipients.

Subject: RE: Acquisition of Yahoo Sent: 4/15/2008 11:09 PM
The following recipient(s) could not be reached:
shijaz@2hotmail.com on 4/15/2008 11:09 PM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

The solution? Teach the user how to type an email address correctly :).

POP3 vs. Outlook Anywhere (Exchange RPC over HTTP)

by Shijaz Abdulla on 23.04.2008 at 08:56
The year is 2008 and you might be wondering why I’m making such a post.

This blogger has seen that even in this time and age, some people simply love POP3 and prefer it over better and more secure alternatives. This post serves as an eye-opener to users as well as administrators who are die-hard POP fans.

Some reasons why you shouldn’t use POP

  1. Traditional POP3 (without any secure configuration – which is also the most common way admins configure your Outlook Express) transmits your username and password over the network in plaintext. Any user with malicious intent, can “sniff” your password over the network and get hold of your email. In most cases, the credentials that you use to retrieve mail are the same that you use to send mail, which means the intruder can not only read your mail, but also send mails to other people on your behalf!
  2. Now, relating to the above point, replace the ‘hacker’ with malicious software/spyware/virus on the PC of a legitimate user on your network. The malware can do the sniffing and use the credentials to inject spam into your organization, as well as the rest of the known universe, pretending that its YOU the POP user who is sending the spam.
  3. All your emails are dumped to your PC from the server. What if you’ve been using POP for the past 5 years and your PC decides to crash – and you have no backup.
  4. What if your PC doesn’t crash, but your mail folders get corrupted – quite common with many POP3 clients.
  5. What if you want to access your received emails from some place else and you do not have your PC with you. Of course, for points 3, 4 and 5, you could leave a copy of your mails on the server – but what’s the point in sticking to POP3? – read on!
  6. For some users, their email might seem very secure when it’s sitting on their own PC and nowhere else. I have news for you. The moment someone else sits on your PC, kiss privacy goodbye. A knowledgable user can open password protected folders. An additional point to ponder: SMTP traffic on the internet is not encrypted by default. It is most likely that your sensitive email is flying about cyberspace in plain text anyway!
  7. If you travel to a partner/client’s office with your laptop, accessing your mailbox via POP3 might require intervention of their network administrator if POP is not already open on their firewall – or you may require some sort of firewall client.
  8. No access to your company’s Address Book.

Some reasons why you should use RPC over HTTPS instead

  1. Passwords don’t go out in plain text. Just about anybody can’t get hold of your password.
  2. If you use RPC over HTTPS, an SSL session is established between your PC and the server that has your email. The email content reaches you in a secure, encrypted channel.
  3. The email is stored on your server, and (hopefully) a backup is taken every night.
  4. If you use Outlook in cached mode, all you have is an offline copy of the same email – which means its available for your reference even when your PC is not connected to the office network.
  5. If your client PC crashes, or if your Outlook folders get corrupted, your emails are still safe on the server. All it needs is a fixing of your Outlook. (Note: If you archive some of your email on PST – make sure its backed up – or that the organization has a centralized email archiving system in place)
  6. You can access your company’s Address Book and all your contacts, tasks, calendar, etc.
  7. Presence information from Live Communications Server, integration with SharePoint workspaces, etc.
  8. Unlike POP3, Outlook Anywhere uses HTTPS and can be used from any partner network where they allow you to surf the net. No additional config required. 🙂

Some users need to have more than one Exchange mailbox open at the same time on the same PC (usually executive secretaries). The common excuse is that they cannot configure two Exchange mailboxes on the same Outlook profile.

It is indeed possible to configure two Exchange Server mailboxes on the same Outlook profile. Here’s a tip: In Outlook 2007: Tools –> Account Settings –> Select your Exchange mailbox –> Change –> More Settings –> Advanced tab –> Add –> type the second mailbox name –> OK –> Next…Finish. See this page for more details.

Blackberry vs. India

by Shijaz Abdulla on 13.03.2008 at 07:12

The Indian Department of Telecommunications (DoT) had announced that it will terminate the Blackberry services in India over concerns of security, since the Indian government cannot monitor the Blackberry servers as they are located in Canada.

Indian mobile operators that offer BlackBerry services, top executives of the Canadian telco Research in Motion (RIM) (the company that owns the “Blackberry” brand), security agencies and officials of the DoT are meeting on March 14 to discuss the concerns of security agencies in order to prevent having BlackBerry services terminated after the March-end deadline.

BlackBerry is famous for its push-mail services that deliver mails as and when it receives, and has over 12 million customers across the world. It is estimated that Blackberry has around 400,000 corporate customers in India.

Google and Yahoo declined to comment on the issue and Microsoft India said the issue was not of immediate concern to them.

Sumeet Gugnani, Director, Mobile Communication Business, Microsoft India, said: “Windows Mobile-enabled handheld devices and cellphones enable users to configure mails on their respective in-house (read in India) Exchange Servers if they so wish.”

I believe in a country like India where mobile internet services is inexpensive, it may be worthwhile to use Exchange Activesync push-mail services which can be hosted by the organization’s Exchange Server itself.
Update: March 15, 2008
The government announced that it is not seeking to ban mobile operators from offering Blackberry services in discussions over security concerns. However cellular operators where asked to reason with RIM to work on a possibility of legally intercepting the data.

GMail user data exposed in Kuwait

by Shijaz Abdulla on 01.03.2008 at 16:03

Talk about security – and Google.

GMail users in Kuwait and some other countries reporting being able to read other GMail users’ email without having to log in.

Full Story:
http://www.news.com/8301-10784_3-9875714-7.html

Google claims that an ‘ISP caching problem’ that allowed users to log in to other users’ mailboxes. This talks volumes about Google’s security, doesn’t it? Does this mean that an ISP can break Gmail security if it really wants? Wait a minute – how can ‘caching’ at the ISP preserve Gmail sessions? Some neat security, huh?

No wonder Gmail is still in Beta.

Digitally sign your email for free

by Shijaz Abdulla on 03.07.2007 at 10:05

Thawte gives away free personal email certificates at their website.

A thawte Personal E-mail Certificate in conjunction with the thawte Web of Trust allows you to secure and guarantee authorship of your e-mail communications by digitally signing and encrypting your e-mails.

IN SHORT: A personal email certificate lets you digitally sign all your outgoing email so that the recipient knows that you sent it!

Click here to get a certificate.

A word of caution here, read everything carefully whilst you apply for digital certificate. Remember the password and the question-answer pairs otherwise you will *never* be able to get another certificate for the same email ID. Also keep your password totally secret – a recipient can take you to court for documents that appear to be digitally signed by you, but was in reality signed in your name by an identity thief!

More Nigerian email hoaxes

by Shijaz Abdulla on 28.01.2007 at 18:12

Most of us are already aware of email hoaxes involving Nigerian beneficiaries asking you to help them get their money and offering you a copious sum for the “assistance”. Well, here’s an all-new range of hoaxes. These target job seekers!

Click on image to zoom

Here’s the text of the email message (I’ve marked the ridiculous parts in red , my comments are in red italics: hope you enjoy it!)

JOBREF:CH/21563
DATE: 28/01/07
CLIENT/EMPLOYER:CNL(CHEVRON NIGERIA LIMITED)
LABOUR CONSULTANT: WWW.NAUKRIGULF.COM
RECRUITMENT AGENCY: UNION RECRUITMENT CONSULTANTS
ATTN:ENGR……… , (What a beautiful way to address you!)

At UNION RECRUITMENT CONSULTANTS we specialise in engineering career moves
for professionals engaged in the E&P sector. Interestingly, most of
our clients are not actively looking for a new job, but are keen to
consider the right opportunity.
We listen carefully to what is important to you with regard to
career, family and lifestyle. We then use our connections and
investigative skills (yeah, right) to identify interesting opportunities that meet
your criteria. Some of the moves we engineer are ‘in-country’, but
the vast majority are international placements (world wide) with
some of the best companies in the industry.

DETAILS:
union recruitment consultants; with the mandate to recruit expatriate
services employees’ for the fulfillment of the requirements of nlng “GAS FLARING PROJECT (what the hell is that???) in Nigeria, seek to write your consent after recommendation from our labour consultants (http://www.naukrigulf.com/) recent expatriate vacancies with
our client.

CNL intends to invite prime experienced individuals/expatriates
capable of rendering expertise services in fields below:
a) Petroleum Engineering
b) Drilling Services
c) Civil Engineering
d) Computer Engineering
e) Architect Engineering
f) Marine Engeenering (hmmm…)
g)Mechanical Engineering
h)Electrical Engineering
i)Electronics-Telecommunication Engineering
j)Surveying Engineer
k)Aerospace Engineering (all this for a GAS FLARING project!!!)
And others (what was that supposed to mean?)

PROJECT SHALL REQUIRE:
A cooperate project management team, engineering, procurement,
construction, transportation and installation, safety, drawing,
Designs, Geological services,maintenance and commissioning.
Entitlement, Compensation and Benefits packages include:
. A very attractive net salary paid in US$, Sterling or Euros
equivalent depending on employee
home country and currency preference.
. Quality single or family housing accommodation in company
community.

. Free medical care in Nigeria for employee and family.
. Excellent educational assistance benefits with family status
employment.
. Paid airfares allowing full flexibility with holiday travel. (whats that?)
. Personal effects shipment and excess baggage allowances.
. Full access to some of the finest and social recreational
facilities in Nigeria.
CONTRACT DURATION:
Level 1: 12 Months, (One Year) and renewably only on satisfactory
performance by employee.

Level 2: Full time
Interested candidates must have not less than 3 years experience in
any of the above listed fields.
Interested candidates should forward their resumes/CV with
verifiable reference(s) as word attached document to:
EMail:unionrecruitment_consultants@yahoo.com (Why yahoo.com?)
Interested candidates are also required to contact our Nigerian
Local Office strictly for the purpose of this project.

CONTACT: DR.OGBUJA OKEMINI
Head Of Union Recruitment Consultants (Why is the head of Union Recruitment Consultant contacting you directly?)
Nigeria.
TEL: (+234) 80-64438276
FAX : (+234)82-30 856

**ends**

This is the second hoax mail I’ve received in the past two weeks. The earlier one was supposedly from Shell UK. I thought I’d join in the fun and sent my CV across. Immediately after, I get my “employment agreement” with a whopping salary attached to it – with NO interview. The contract shows Shell UK website is at http://www.shelluk.com/ – there is no such web site!! Two days later somebody calls me on my phone – out of the blue – and tells me I need to sign the document and send them back. Then an “attorney” would contact me, to discuss “what I should do to get my work permit”. Oh yeah – and that’s where the money part comes.

So next time you receive anything in your email, be very sure whom you’re dealing with!

Update:

  • There is also a new scam going around from Omni Hotel, Canada. It’s fake. More info here.

Fake Microsoft emails

by Shijaz Abdulla on 21.01.2007 at 17:52

Today I received a mail, supposedly from Microsoft, regarding a “security vulnerability”:

Click on the image to zoom

It had an EXE attachment “installation689.exe”. The message was written in the kind of language Microsoft uses to communicate with its customers – clear, courteous and concise explaining clearly what the update is for, etc. The first thing a novice (or even an intermediate) user would do, is to download the attachment and install the patch.

It even had the classic Microsoft footer:

Click on the image to zoom

Now, there are a few things that are revealed upon closer examination:

  • The “from” address is suspicious: Network Security Center [xclocltwp@confidence.microsoft.net]. (Hmmm…)

  • It addresses you as “MS” customer. It also uses terms like “MS Internet Explorer” and “MS Outlook”. Microsoft officially doesnt use “MS” to address itself :). (Hmmm Hmmm…)

  • Microsoft NEVER (never never ever) sends an update out to its customers as an email attachment.

  • Microsoft update files normally have a filename that start with the letters “KB” followed by the KB article number.

What a clever way to outwit the unsuspecting user! So those of you out there, beware of stuff that comes in your e-mail! Think twice before you run an EXE attachment.

From my experience, 9 out of 10 EXE attachments are viruses. Sometimes they appear to come from people you know, because they are actually sent by malicious programs that have already infected their machines.