Online scammers are abusing top web brand names such as Google, Dell, Microsoft and Yahoo to sell fake "work from home" packages and defraud unsuspecting users, an online security firm has warned.
Websense Security Labs senior manager Carl Leonard said the scams used a combination of legitimately bought advertising space, false news stories and the lure of job opportunities with well-known companies.
While the kits are sold cheaply or given away, they are subject to "small" handling fees. Some victims' credit card accounts were debited up to $80.
"This aggressive campaign, which preys on a population weakened by the economic downturn, shows how cybercrime has moved from the spotty teenage hacker in his bedroom to a sophisticated business run with all the trimmings."
An on-line journal, eWeek, reported that Google has filed a suit against Pacific WebWorks and unnamed defendants in connection with the scam.
According to Google, the scheme used a variety of names, including Google Adwork, Google Biz Kit, Google Cash and Earn Google Cash Kit. After making an initial payment, many consumers got nothing. Others were sent DVDs containing viruses and no information of value or a DVD and access to an online portal containing information available free of charge elsewhere on the web.
Websense said the scam was based on a network of hundreds of "template" websites that hold the same theme and do the same thing. They pretend to be news websites and personal blogs to make the site appear more reputable and trustworthy.
"The 'news article' or 'blog' talks about how easy it is to make money with the featured Google Kit and how the financial lives of those who did changed for the better," a Websense blog said.
"The templates used all have the same look and feel, but the actual source code is often changed from one to another to avoid easy detection. This is very similar to methods used in e-mail spam, such as Nigerian scams that have been changing forever but have the same goal," it said.