NEWS FROM THE LAB - Tuesday, May 24, 2011

Banks Profit From Spam Posted by Mikko @ 14:07 GMT

While doing some spam research a couple of years ago, we did a series of test purchases from spam e-mails.

We bought pills, software, cigarettes, et cetera. We were a bit surprised that almost all of the orders went through and actually delivered goods. Sure, the Windows CD we got was a poor clone and the Rolex was obviously fake, but at least they sent us something.

We were carefully watching the credit card accounts we created for our tests but we never saw any fraudulent use of them.

The most surprising outcome from this test was that we didn't see more spam to the e-mail addresses we used to order the goods.

Our findings were reinforced today by an excellent new study published by University of California researchers (with an impressive list of authors).

The researchers not only did test purchases from spam, they also tracked down the botnets used to send the e-mails, the hosting systems to host the spam sites and the banks that moved the money.

spam banks

One of the most interesting details in the study is this: almost all spam sales worldwide are handled by just three banks.

The banks? They were:

  •  DnB NOR (a Norwegian bank)
  •  St. Kitts-Nevis-Anguilla National Bank (in the Caribbean)
  •  Azerigazbank (from Azerbaijan)

We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this.

Download the full paper from here.

P.S. We never actually got the Rolex we ordered. It was stopped and confiscated by local customs as a pirated product. They ended up destroying it. With a hammer.

Updated to add: DnB NOR bank has responded to the allegation. See their reply.