An uncommonly convoluted con

They say brevity is the soul of wit, but it’s apparently not the soul of spam. I received this in my inbox not too long ago:

From: IMF ADMIN <>
Subject: May Good Decision


Attention Wing Chan

A power of attorney was forwarded to our office this morning by two gentle men, one of them is an American national and he is MR DAVID DEANE by name while the other person is MR… JACK MORGAN by name a CANADIAN national.

This gentlemen claimed to be your representative, and this power of attorney stated that you are dead, they brought an account to replace your information in other to claim your fund of $12.5 Million Usd which is now lying DORMANT and UNCLAIMED, below is the new account they have submitted:

Vancouver, CANADA
ACCOUNT NO. 2984-0008-66

Be further informed that this power of attorney also stated that you suffered and died of throat cancer. You are therefore given 24hrs to confirm the truth in this information, If you are still alive, You are to contact us back immediately, Because we work 24 hrs just to ensure that we monitor all the activities going on in regards to the transfer of beneficiaries inheritance and contract payment.

You are to call this office +44(0)7778022499 immediately for clarifications on this matter as we shall be available 24 hrs to speak with you and give you the necessary guidelines on how to ensure that your payment is wired to you immediately.

I have attached a copy of the last part payment of $500,000.00 which was paid into your provided account last week, please check is this is the same account submitted by this two men who claimed to be your representative. Reply this email to [redacted]

Kindly reply

Rev. David Churchman
International Monetary Funds Agents

I get what they’re trying to do here. The victim is supposed to think they got a message intended for someone else (“Wing Chan”) who has a whole lot of money tied up in some account, but they think Wing Chan is dead and would he please confirm that? I assume that the victim is supposed to decide to commit a little fraud himself and reply, “No, I’m Wing Chan and I’m totally alive so give me all that money now please,” followed by the usual, “But wait…you have to wire us a bunch of money first.”

But what a twisty, turny, tricksy route they take to get there. It’s a real adventure, what with the two “gentle men,” the throat cancer and the involvement of the International Monetary Fund.

Here’s the thing about the IMF: I’m fairly certain they don’t handle individual estate accounts for anyone living or dead or allegedly dead. They don’t mention it on their own website.  They deal with financial situations in and between nations. $12.5 million is a lot of money to most individual people. To the IMF, it’s like a nickel dropped down a storm drain. They’re not going to get involved.

So yes, this is an obvious example of spam. I wanted to show it to you, though, because it’s kind of weird. As always, “do this to claim your free money” is forever a scam and always has been.

They’re not working on WRINKLES

Here’s a new one from the Dumb Spam Files (which could totally be a TV series if FX or A&E would return my calls):


Here’s a NON-secret for you: NASA isn’t researching wrinkles.

I don’t care how bad your wrinkles are. I don’t care if all that’s left of your face is one giant wrinkle. Never click on anything that even resembles this. Deal?

An example of the exact type of email you should NOT open

Here’s a screenshot of something that appeared in my inbox recently:


I spend a lot of time trying to describe the kinds of emails you should avoid, but this one illustrates those concepts perfectly. Let’s look at a few warning signs:

  1. The message wasn’t expected (I’m not a USAA member, but even if I was, this isn’t a usual email)
  2. The subject line is intended to provoke a fear reaction
  3. The subject line is kind of weird, grammatically; are they saying that a “New Document” has been prevented? If “Due to Suspicious Sign-in” modifies the subject of the sentence, which in this case is “New Document,” then…okay, you get it;  it just reads weird.
  4. There is a file attached (the little paperclip icon)

What is supposed to happen with this kind of email is that the victim sees “Suspicious Sign-in” and immediately opens the message, which is most likely blank or contains instructions to open the attached file. Once the victim does that, some form of malicious software, anything from spyware to ransomware, will be installed on their computer.

What actually happens, when the recipient knows some of the warning signs, is that the message is immediately deleted and causes no harm.

Also note that this message slipped past some pretty burly anti-spam and anti-malware software. Those tools are important, but sometimes a dangerous email still makes it through. Stay vigilant!

Play Along at Home: Fake Target ‘Order Confirmation” Email

Here’s a picture of a fake “Order Confirmation” email I received recently. How many clues can you spot that indicate something is not quite right?


Here’s what comes up if you hover the mouse over the word “link”:


How many fraud indicators did you find?

Here are the ones I found:

  1. Very vague subject line: if this were an actual delivery confirmation, the subject line would usually refer to it in some way. It wouldn’t just say “Order Info.”
  2. The “From” information: is not a Target email address.
  3. The logo is wrong. No bullseye anywhere.
  4. “As Thanksgiving nears…” Thanksgiving was a couple weeks ago. Wrong holiday, dummies.
  5. The (attempted) conversational tone of the email: if you had an actual order to pick up, the email would begin with this information. Whichever holiday is approaching is absolutely irrelevant (for the store) to the fact that they’ve got merchandise they want you to pick up as soon as possible.
  6. The excruciatingly bad grammar. Go ahead, read it out loud. It’s beyond horrid.
  7. This isn’t even how in-store pickup orders work…the customer chooses which store to have their purchase shipped to, and that’s where it goes. That’s the only place it goes. You don’t just go to any random location because they don’t ship one to every single store when an order comes in.
  8. And what happens if I don’t “pick it” within four days? Again, not how online orders work.
  9. The stores aren’t called “”
  10. When you get a real order confirmation email, the order information is almost always included in the message. You don’t have to click a link to get to it.
  11. Speaking of links: Not a Target website.
  12. “Always yours,” Pretty sure they don’t refer to themselves as “” Or use “Always yours” as a closing.
  13. Not one single item in the “privacy policy” line at the bottom is an actual link.

So, I found thirteen. Did you catch any that I didn’t?

FTC lawsuit reveals what actually happens if you fall for one of those “Free Gift Card” spam text messages

Back in April 2012, The Consumerist reported that around 4.5 billion spam texts were sent to U.S. cell phones in 2011 (“Yeah, and I got about 2 billion of those myself,” I remember thinking).

Yesterday, The Consumerist released an article that gives a little insight into how those soul-crushingly irritating “Free $1,000 Gift Card” spam texts actually work. The good news is: the FTC has 29 people in their legal crosshairs, whom they believe to be responsible for 180 million of those texts. The “meh” news is: what about the other six quadrillion spam texts?

Anyway, for those unlucky enough to fall for the free gift card text scam, here’s a brief rundown of what actually happens:

  1. You’re directed to a website that collects an awful lot of personal information, including medical data in some cases, before you’re allowed to proceed
  2. You are taken to another site that requires participation in a bunch of “offers” before you can get the gift card
  3. This required more personal data, including credit card numbers for “subscriptions” or to actually apply for credit
  4. You’re told you have to get (i.e. trick) three more people into signing up before you can claim your gift card
  5. You never, ever, EVER actually get a free $1,000 gift card, because if spammers actually delivered on their promises, they wouldn’t be spammers.

For the FTC to go after 29 people is a good start, but you know as well as I do there are probably a thousand more involved in these schemes. So if the “Free $1,000 Best Buy Gift Card” texts continue to arrive, just continue to ignore ’em, like always.

Spam Dissection: There may be a change to your Experian credit-score

spam-lovelyThis is the text of a spam/phishing email I received on January 3, 2012. It slipped right past the spam filters (my notes are bold and in brackets):

From: Fraud Monitoring
Subject: CRITICAL: There may be a change to your Experian credit-score

ALERT: There may have been a change to one of your 3 credit-scores!

Your Experian, Equifax & TransUnion Scores are your Ticket to a New car, Credit-cards, a Mortgage & more!

Poor 301-600
Good 600-700
Excellent 700-849

View Your Up-to-the-minute Credit-Scores Now, It’s On Us! Click here.

[note: there were about twenty blank lines here]

To no longer receive notifications and updates about this offer, please use this safe unsub link.

[note: the following was in tiny white text, which made it invisible until you highlighted it]

Zuzim in which he would hardly with great deep sleep to Simeon and found there. And planted a mixed multitude of the man, and he can bear. Behold, to us, and I will send thee will harden the Egyptians in the daughters of Zibeon and kissed him, and thou art gone out to see the Red Sea; there is better that shall be buried him the children, or bad. And Jehovah went down, and thy hand of the people go, that my venison, and tarried there was dead, and go in the seven ears, withered, thin, well favored. Haste ye, and the men into the goats: and bring it was returned in them, and begat Lamech. And the land of Rebekah said unto the king of the righteous with the nakedness of the sheep, and begat a dream, and, behold, his sons, Shem, and ye to Paddan-aram. And Noah were both the sword. And when he made me in the thing was grain which he believed in blessing I pray you, and our God, the third stories shalt keep it; and will not who knew not regard not so to my signs in our land was good. And chose him for an officer of the children of the children of the generations ye shall eat every tree or not. And it unto him, Abraham. And he had, in at the water in the sons of the first-born. And he said, Behold now, Jehovah came in the same is the windows of thee. And God called Esau her son, while he did eat their generations. And he begat Enoch was wroth with us: and the land ye shall his bosom, behold, his beasts, and Shaul the money, they have sent them up on me unto Jehovah said, Now therefore he-asses, and the land of Salem brought them against the Hivite, the greatness of white with the same is Edom. And he had done this place. And Joseph said when we found: know him. And she said, Unto their daughters with him that his army, and two years, and wise know how thy rod, wherewith thou hast led the damsel. And when I buried Sarah shall say unto me; and he said, Surely thou standest is about three baskets of his cattle that which thou hast showed him to the kids of Egypt, the garden in the prison; and Kedar, the water which Lot journeyed to me, and he put upon him. And the Hebrews’ children. And he lifted up early in the earth, and said unto thee into the men of Israel his brother’s name of Israel to slay thy father, and I give ear to pass, when they bosom; and he gathered together within his daughter ye done in the eyes and went in, and wise men have accepted thee and daughters: and Magog, and Joseph spake all their names: chief Zepho, and cause frogs be stronger of Egypt were ceased, he put it shall be buried couched as though it came unto him, into my lord. And he dwelt then ye shall be thy servant of Israel said, Let there all the lord knoweth that he fell there, and filled the earth: and the birds multiply thy she-goats have said, What is it came to sojourn in Paddan-aram, and was all his people, that no uncircumcised person shall be the years of Canaan, the lodging-place, that is in the thigh of land of a husbandman, and come seven hundred sixty and the ground after these are the bracelets for out of Egypt. Then Joseph understood them;

[note: the following was fully visible text]

All of a sudden, I was hearing stories about how difficult I was to work with, ridiculous rumors about drugs and what a diva I was. I never had to go to rehab or a program.

[note: it concluded with this footer image]

Footer from spam message, 01/03/12

I thought it might be useful to point out a few things about this message.

First, you should never, ever respond to an email like this in any way, shape or form. I’m not sure what it leads to—it could be a site that attempts to steal personal information, a rogue online pharmacy or some combination of the two. Even clicking the “safe unsub link” could lead to problems.

Second, the “from” information, the link to (allegedly) view your credit score and the “unsub” link all use the exact same host:

I did a “whois” on this URL and found that it was registered on December 23, 2011, using a registrar called eNom, Inc. Four things about this fun fact:

  1. The website was registered eleven days before the message was sent, yet they somehow already had my email address.
  2. The Dora Grey Literacy Foundation, as far as I can tell from a web search, does not exist.
  3. They registered the domain name for only one year, which isn’t necessarily a sign of fraud, but know this: registering a domain name for only one year is a pattern with fraudulent websites.
  4. As of October 2010, eNom, Inc. was the registrar for around 40% of rogue online pharmacy sites, according to a source cited at

Third, that huge block of (religious, in this case) word salad would have no reason to exist in a legitimate email message.

Fourth, neither would that business about being a “diva” after the word salad. I looked it up; it’s a quote from Irene Cara. Yeah, the person who sang “Fame” and played Coco Hernandez.

Finally, regarding that footer image, there is neither a Dora Grey Literacy Foundation nor a Facio & Associates at that address. “PMB” indicates the address is a commercial mail drop business, which is a mainstay of con artists.

Amazing what you can learn with a little research, isn’t it?

Ridiculous Spam: I get Brandnew Car at Super-Saving Price!

Even by broken-English standards, this one I got today is a real mess:

Subject: The cheapest way to buy new car, once a year

Hi Regional Federal Credit Union, this is an Incredible Opportunity for You to get Brandnew Car at Super-Saving Price

Last Chance to get up to $7000 off on all Vehicles Model 2011 Blowout Sales.This happens only Once a year.
Register now for Free and get your price quote for all possible saving brandnew autos.
Hurry up, only few days left to win those crazy deals.

Start Saving up to $7000 by spending 2 minutes to fill out the registration form here

Rule #1 of dealing with spam: if they’re using the name of the place you work as if it’s your name, there is no logical reason to click on anything within the message or to respond in any way other than to delete the message.

Ridiculous Spam Friday the 13th

How’s that for timing? The thirteenth installment of Ridiculous Spam Friday falls on an actual Friday the 13th. I love it when a plan comes together.

Let’s get to the garbage…

From: Dick Glock <[removed]>
Date: Sunday, August 01, 2010 11:30 AM
Subject: Final Notification!!!?

Dear e-MAIL Winner,
Your email address won £850,000.00 GBP in this month NATIONAL LOTTERY E-mail online drew.
To file for your claim, contact our agent Mr.Albert Nelson.  with
the details below(Full Names, Contact Address, Country, Age, Sex, Occupation &
Telephone numbers) to this Email:  Phone Number: Tel:+44 7024027755


Option (1)  Via Courier Delivery

Option (2)  Via Bank Wire Transfer

Note: This is an automatic message do not click on your reply button send all details to the below  Email:  

Yours Sincerely,
Dick Glock

I removed the email address under “From” because it is apparently the legitimate address of an administrator for a school district out in California. Where do spammers get the legit addresses from?

At any rate, since it’s just another lottery scam message, you don’t even have to wonder why a school admin would be telling you about a lottery, since you already know it’s a scam. The incredulous punctuation in the subject line (“!!!?”) is cute, though.

From: Zoosk Request Notification <>
Date: Tuesday, July 20, 2010 12:09 PM
To: [correct address]
Subject: Facebook Notification – Zoosk dating app

-Someone is searching for you on a Facebook application called Zoosk-     
Press here to see who wants to make a connection with you:      

To not receive this message again please visit this page:     
or write to:     
Zoosk Inc. 475 Sansome Street., 10th Floor,     
San Francisco, CA 94111     
To remove yourself from this list,
click here
or write to us at:
PO Box 85073
Richmond, VA 23285-5073

And how, pray tell, would an application on Facebook (I thought Zoosk was its own site) be trying to find me at my work email address? That’s not the one I use there.

This one serves as a good reminder: never click the “unsubscribe” link in a spam message. All you’re doing is confirming that your address is good. I wonder what happens if you write to the P.O. Box, though. I’d imagine putting your email address, full name and home address into the hands of these people could be even worse. Ten bucks says that P.O. Box is just a drop site that is set up to forward everything to Russia.

From: [removed]
Date: Tuesday, June 29, 2010 10:29 AM
To: [removed]
Subject: Hello!

How are you recently?
I bought a laptop from a website: Last week, i  have got the product, its quality is very good and the price is  competitive. They also sell phones, TV, psp, motor and so on, by the  way, they import products from Korea and sell new and original  products, they have good reputation and have many good feedbacks. If  you need these products, look at this website will be a clever choice.
I am sure you will get many surprise and benefits.

Hello! This one came from a person I work with, although from their personal email address. Somehow it was used to forward this message to every one of her contacts. Greetings! She’s perfectly capable of using coherent English, so I could tell right away something was fishy.

I’m sure you’d get all kinds of “surprise” if you tried to follow that link and actually purchase electronics, and there’d be absolutely nowhere to give them any negative “feedbacks.” Hello! Greetings!

Valley of Ridiculous Spam Friday

It is unwise to linger overlong on doorsteps in these troubled times, so let’s just get to the spam, already…

Date: Saturday, July 10, 2010 9:36 PM

You have been awarded the sum of E1,625,000.00GBP in the MICROSOFT EMAIL PROMOTION AWARD 2010.Cont Mr Mark Anderson with your names,address,phone and Country to Email: or call +4470-4573-9535 for moreinformation on this award.

If there really was a lottery of this type based in the United Kingdom (.uk), why would the email have been sent from the University of Florida (, and ask you to reply to a Chinese address (.cn)?

Of course, we both know this is a scam, you and me, so we’ll just move on, now, won’t we?

From: Mr. Albert Harry <>
Date: Monday, May 24, 2010 12:41 AM
Subject: I Need Your Corporate Business Assistance!

Dear Sir/Madam,

It’s my great pleasure to seek your help and genuine co-operation to our mutual benefit and I believe that you will not betray me with the trust and confidence i’m about to bestow on you. I am Mr.Albert Harry, procurement manager to SJCM Solid Minerals England (UK). My GM normally send me to Malaysia to purchase a product called Borax Oil Lq, which is use in the purification/cleansing of Gold and Precious Stones Borax Oil Lq is very cheap in Asia Malaysia compare to US and Europe,per carton of the product cost $6,500 USD to $7,000 USD. While in Asia Malaysia it only cost $2,000 USD. per carton and  you will supply to my company at the rate of $3,500 USD Per carton.

Now,I am expecting a promotion to become a branch manager and my GM is mandating a person to represent the company. I do not want my colleague to know the source/actual cost prize of Borax Oil Lq in Malaysia which is $2,000 USD, this is why i am contacting you.I propose the percentage ratio sharing made i.e. $1,500 USD per cartons. 85% for you and 15% for me. Upon your devoted seriousness and willingness to handle this business without betraying me.

I will pass you the contact details of the Malaysian Supplier. You are to act as the main supplier of the Borax Oil Lq in Malaysia to my Company, and you will buy the product from the Malaysian supplier at $2,000 USD.per carton with your capital and re-sell to my Company representative at $3,500 USD.

If you wish to take up this offer, kindly mail me at your earliest time I will furnished you with the next level of proceedings/contact details of the Malaysian distributor as well as that of my company directors to give a quotation.

Please If this business proposition offends your moral and ethic values, do accept my sincere apology.

Best Regards
Mr. Albert Harry

You know what? It does offend me, Mr. Albert Harry, and I don’t accept your apology. Once again, the “” domain shows up.

From: Sr. Douglas Gregg <>
Sent: Monday, July 26, 2010 11:35 AM
To: [removed]
Subject: Your Advise Needed Urgently

I am Sr. Douglas Gregg,

I’m writing to inform you my desire for you to assist me contact a Cooperate Fiduciary Company in United-State, to assist me receive a shipment it contain funds ($31.9Million) in a shipment package.

It was shipped via a Shipping company based in Bern Switzerland to their affiliate vault in (US).

Please email me for more detail.

Awaiting your urgent response.

Sr. Douglas Gregg.

So now you’re trying to get me to believe a bog box o’ cash is waiting for me somewhere? I’m trying to figure out what the setup here is, but I have no doubt it would involve wiring money to Sr. Douglas.

What the heck does the “Sr.” mean when it comes before a name, anyway? Is it supposed to be “Sir?” I’ve never seen that before. I wasn’t aware of the need to abbreviate a three-letter word. I mean, it’s already pretty brief. I like how it’s part of the email address, too.

This concludes our latest batch of emails you should ignore. Not just these specific messages, but anything that looks even a little bit like them.

Ridiculous Spam Friday Goes to Eleven

Today’s collection of ludicrous spam emails is one louder, innit?*

From: Kim Farah
Date: Tuesday, June 22, 2010 5:58 AM
To: none
Subject: Your Email Has Been Chosen

Good day,
I am Mr. Kelvin Barry, Director Of Operations, of Euro Million Lottery Company, United Kingdom. I am soliciting your sincere Co-operation for a swift transfer of £4,528,000 GBP which would be allocated to your E-mail address as the winner in our ballot draws. If you are willing to Co-operation with me in this project and you will be having 60% of the total funds while I would have 40%.All you need to do is that, you register online with Euro Million Lottery Company and as a result of my position in the company I would make it possible that your E-mail address would be drawn as the winner of the above stated amount.You would agree with me that naturally, everybody would like to play a lottery if they are assured of winning. Thus I am assuring you today that you would be a winner with my influence. Please do not take this for granted as this is a one in a life time opportunity, as we both stand to collectively gain from this at the success of the transaction. Should you be willing to Co-operation with me in this transaction please do get in contact me, so that I inform you on how to go about the registration process. Reply To this E-mail:
Best regards,
Mr. Kelvin Barry,
Director Of Operations.
Euro Million Lottery, UK

NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

This is one of the most typical spam messages I’ve ever seen. It has it all:

  • Disagreement between the name in the “from” line and the name given in the message? Check.
  • Disagreement between the email address in the “from” field ( domain) and the one given in the message? Check.
  • Lottery winners chosen by email address? Check.
  • The implication that you’re doing something not quite legal (so don’t tell anyone)? Check.
  • The offer to share the prize money? Check.
  • An email address with a Hong Kong country code? Check.
  • Bad English? Check.
  • A fake lottery based in the United Kingdom? Check.

It’s like an exhibit from the Antique Spam Museum, if there were such a thing. Let’s move on, shall we?

From: James Labonte <>
Date: Friday, June 18, 2010 6:50 AM
To: none
Subject: Business Proposal..

Dear friend,
Sorry to bother you, I know we haven’t spoken before but I’m currently looking for someone trustworthy to work with me on a profitable project.
My name is James Labonte, I’m originally from South Africa but now living here in London.  I moved here to work with WESTBRIDGE FINANCE & LOGISTICS as a Senior Account Manager in the audit department. Note, WESTBRIDGE FINANCE & LOGISTICS is a Finance and Security Company, they are incharge of funds of individual and co-operate bodies who do not want to disclose there wealth.And they are also a security firm as well.
The reason for my email is that myself and a colleague recently discovered an Offshore account which was opened with a large sum of money in 2004, since then there has been no activity on the account and all the contact details we have for the customer appear to be out of date, with the interest which has built up over the last few years, the balance of the account is now £17.9m.
Only me and a friend of mine, one of our audit managers know about this account and we decided to keep it to ourselves while we investigated it. It turns out that the account is in the name of a foreigner who has died.  We have no details of heirs or next of kin so the money will just end up being sucked up by the security company .

As we are the only two people at the bank with access to this information and we have decided to keep it that way and claim the money for ourselves using a third party who will take the place of the deceased next of kin…. and that’s where you come in to it, of course if you are interested, We’ll do all the paper work for you and we’re pretty sure the process will be 100% risk free for the three of us. We’re able to produce any documents that will be required.
Obviously we’d be looking to take a cut of the funds ourselves, so we propose 70/30, I and my colleague will take 35% of the funds each leaving you with a very generous 30%.

Again, sorry for intruding in your email, if you are interested then get back to us with this email address
James Labonte

More sender/reply-to email address discrepancies, although they did have the brilliant idea of making the sender’s name the same in both places.

This is a case of “Even If It Was Real, You Wouldn’t Want In On It.” These guys are going to embezzle millions of dollars? First, why would they choose you out of six billion people to share it with? Second, why would you want to be a part of a crime of this magnitude?

Of course, it’s not real, so you don’t have to worry about that. All you would have to worry about is how you’d replace the thousands of dollars you lost when you wired it to these clowns.


From: Jiang Jianmin <>
Date: Saturday, May 01, 2010 2:02 AM
To: none
Subject: Very Important

Good Day,
I have a secured business proposal of $28,272,000.00.Contact me via my private email( interested.
Mr Jiang Jianmin.

You’re not even trying, are you, Mr. Jiang?

I’ve noticed a pattern—spam and scam messages always seem to start off with “good day” or “dear friend.” I don’t think I’ve ever received a legitimate email message with either of those salutations, and I know for a fact I’ve never sent one.

* If you haven’t seen This is Spinal Tap, this is…you know what? Just go watch This is Spinal Tap. Today if possible.