Panda Security Uncovers Top Web Scams of the Decade

Exploits involving Russian women, Nigerian scams and fake job offers top list of creative ploys used by cybercriminals

Sep 02, 2010, 08:30 ET from Panda Security

ORLANDO, Fla., Sept. 2 /PRNewswire/ -- With 2010 drawing to a close, PandaLabs, Panda Security's anti-malware laboratory, has released a ranking of the most widespread scams on the Web from the past 10 years. These include the infamous Nigerian scam, ploys involving beautiful foreign women and money mule schemes based on too-good-to-be-true job offers.

According to Luis Corrons, technical director of PandaLabs, "As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are reticent to report the crime. If recovering the stolen money was difficult in the old days, it is even harder now because criminals' tracks are often lost across the Web. The best defense is to learn how to identify these scams and avoid taking the bait."

Typically, these scams follow a similar pattern: Cybercriminals make initial contact with their victim through e-mail or on a social network. The intended victim is then asked to respond by e-mail, telephone, fax or some other channel. Once the user takes the bait, the criminals will attempt to gain their victim's trust, finding an excuse to ask for money.  

The most frequent scams identified by PandaLabs over the last 10 years, based on their distribution and the frequency, are as follows:

  • Nigerian Scam: This was the first type of scam to appear on the Internet and continues to be widely used by cybercriminals today. This scam typically begins with receiving an e-mail claiming to be from someone who needs to get a very large sum of money out of a country, often Nigeria. Targeted victims are promised a substantial reward if they offer help. However, if they take the bait they will be asked to forward an initial sum to help pay bank fees, often to the tune of $1,000. Once they've sent the sum, their contact disappears and their money is long gone.
  • Lotteries: This is similar to the Nigerian scam. An e-mail arrives claiming that an individual won the lottery, and asking for their details in order to transfer the substantial winnings. As with the previous scam, victims are asked up front for $1,000 or a similar sum to cover bank fees and related expenses.
  • The Girlfriend Ploy: Lurking online for a date is a beautiful girl, often from Russia, who wants to get to know her victim. She will always be young and desperate to visit the victim in his home country. She wants to come immediately, but at the last moment there is a problem and she needs money for her flight ticket or other travel expenses. Unsurprisingly, after she receives the money, she vanishes.  
  • Job Offers: This time victims receive a message from a foreign company looking for financial agents in your country. The work is easy, they can do it from home and earn up to $3,000 working just three or four hours a day. If victims accept the offer, they'll be asked for their bank account details. In this case they will be used to help steal money from people whose bank account information has been stolen by cybercriminals. The money will be transferred directly to the victim's account, and they will then be asked to forward the money via Western Union. Victims then become "money mules," and when the police investigate the theft, they will be seen as an accomplice.
  • Facebook / Hotmail: Criminals obtain details to access an account on Facebook, Hotmail or a similar site. They then change the login credentials so that the real user can no longer access the account, and send a message to all contacts saying that the account holder is on holiday, often to London, and has been robbed just before coming home. They still have flight tickets but need between $500 and $1,000 for the hotel.
  • Compensation: This more recent ruse originates from the Nigerian scam. The e-mail claims that a fund has been set up to compensate victims of the Nigerian scam, and that their address is listed as among those possibly affected. Victims are offered compensation, often to the tune of $1 million. Naturally, as in the original scam, they will need to pay an advance sum of around $1,000.
  • The Mistake: This has become very popular in recent months, fueled by the financial crisis and the difficulty people are having selling their homes and other high-value goods. The criminal contacts someone who has published a classified ad on a site such as Craigslist who is selling a house or other high-cost item. With great enthusiasm, the scammers agree to buy whatever it is and quickly send a check, but for an incorrect amount that is always more than the agreed sum. The seller will be asked to return the difference. The check will bounce and the victim will lose any money they transferred to the criminal.

PandaLabs advises consumers who have fallen victim to any of these scams to promptly report the crime to the police. For more information about these and other threats, please visit

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of Collective Intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of Collective Intelligence. This is complemented through the effort of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog:

SOURCE Panda Security