Category Archives: Spam

An uncommonly convoluted con

They say brevity is the soul of wit, but it’s apparently not the soul of spam. I received this in my inbox not too long ago:

From: IMF ADMIN <admin@imfpaymentcenter.com>
Subject: May Good Decision

INTERNATIONAL MONETARY FUND (IMF)
DEPT: WORLD DEBT RECONCILIATION AGENCIES.
ADVISE: YOUR OUTSTANDING PAYMENT NOTIFICATION

Attention Wing Chan

A power of attorney was forwarded to our office this morning by two gentle men, one of them is an American national and he is MR DAVID DEANE by name while the other person is MR… JACK MORGAN by name a CANADIAN national.

This gentlemen claimed to be your representative, and this power of attorney stated that you are dead, they brought an account to replace your information in other to claim your fund of $12.5 Million Usd which is now lying DORMANT and UNCLAIMED, below is the new account they have submitted:

BANK.-HSBC CANADA
Vancouver, CANADA
ACCOUNT NO. 2984-0008-66

Be further informed that this power of attorney also stated that you suffered and died of throat cancer. You are therefore given 24hrs to confirm the truth in this information, If you are still alive, You are to contact us back immediately, Because we work 24 hrs just to ensure that we monitor all the activities going on in regards to the transfer of beneficiaries inheritance and contract payment.

You are to call this office +44(0)7778022499 immediately for clarifications on this matter as we shall be available 24 hrs to speak with you and give you the necessary guidelines on how to ensure that your payment is wired to you immediately.

I have attached a copy of the last part payment of $500,000.00 which was paid into your provided account last week, please check is this is the same account submitted by this two men who claimed to be your representative. Reply this email to [redacted]

Kindly reply

Rev. David Churchman
International Monetary Funds Agents

I get what they’re trying to do here. The victim is supposed to think they got a message intended for someone else (“Wing Chan”) who has a whole lot of money tied up in some account, but they think Wing Chan is dead and would he please confirm that? I assume that the victim is supposed to decide to commit a little fraud himself and reply, “No, I’m Wing Chan and I’m totally alive so give me all that money now please,” followed by the usual, “But wait…you have to wire us a bunch of money first.”

But what a twisty, turny, tricksy route they take to get there. It’s a real adventure, what with the two “gentle men,” the throat cancer and the involvement of the International Monetary Fund.

Here’s the thing about the IMF: I’m fairly certain they don’t handle individual estate accounts for anyone living or dead or allegedly dead. They don’t mention it on their own website.  They deal with financial situations in and between nations. $12.5 million is a lot of money to most individual people. To the IMF, it’s like a nickel dropped down a storm drain. They’re not going to get involved.

So yes, this is an obvious example of spam. I wanted to show it to you, though, because it’s kind of weird. As always, “do this to claim your free money” is forever a scam and always has been.

They’re not working on WRINKLES

Here’s a new one from the Dumb Spam Files (which could totally be a TV series if FX or A&E would return my calls):

2016-03-09-spam

Here’s a NON-secret for you: NASA isn’t researching wrinkles.

I don’t care how bad your wrinkles are. I don’t care if all that’s left of your face is one giant wrinkle. Never click on anything that even resembles this. Deal?

An example of the exact type of email you should NOT open

Here’s a screenshot of something that appeared in my inbox recently:

2015-12-21-spam

I spend a lot of time trying to describe the kinds of emails you should avoid, but this one illustrates those concepts perfectly. Let’s look at a few warning signs:

  1. The message wasn’t expected (I’m not a USAA member, but even if I was, this isn’t a usual email)
  2. The subject line is intended to provoke a fear reaction
  3. The subject line is kind of weird, grammatically; are they saying that a “New Document” has been prevented? If “Due to Suspicious Sign-in” modifies the subject of the sentence, which in this case is “New Document,” then…okay, you get it;  it just reads weird.
  4. There is a file attached (the little paperclip icon)

What is supposed to happen with this kind of email is that the victim sees “Suspicious Sign-in” and immediately opens the message, which is most likely blank or contains instructions to open the attached file. Once the victim does that, some form of malicious software, anything from spyware to ransomware, will be installed on their computer.

What actually happens, when the recipient knows some of the warning signs, is that the message is immediately deleted and causes no harm.

Also note that this message slipped past some pretty burly anti-spam and anti-malware software. Those tools are important, but sometimes a dangerous email still makes it through. Stay vigilant!

Play Along at Home: Fake Target ‘Order Confirmation” Email

Here’s a picture of a fake “Order Confirmation” email I received recently. How many clues can you spot that indicate something is not quite right?

2014-12-08-spam-01

Here’s what comes up if you hover the mouse over the word “link”:

2014-12-08-spam-02

How many fraud indicators did you find?

Here are the ones I found:

  1. Very vague subject line: if this were an actual delivery confirmation, the subject line would usually refer to it in some way. It wouldn’t just say “Order Info.”
  2. The “From” information: support@yummy.cookiesmadeeasy.com is not a Target email address.
  3. The logo is wrong. No bullseye anywhere.
  4. “As Thanksgiving nears…” Thanksgiving was a couple weeks ago. Wrong holiday, dummies.
  5. The (attempted) conversational tone of the email: if you had an actual order to pick up, the email would begin with this information. Whichever holiday is approaching is absolutely irrelevant (for the store) to the fact that they’ve got merchandise they want you to pick up as soon as possible.
  6. The excruciatingly bad grammar. Go ahead, read it out loud. It’s beyond horrid.
  7. This isn’t even how in-store pickup orders work…the customer chooses which store to have their purchase shipped to, and that’s where it goes. That’s the only place it goes. You don’t just go to any random location because they don’t ship one to every single store when an order comes in.
  8. And what happens if I don’t “pick it” within four days? Again, not how online orders work.
  9. The stores aren’t called “Target.com.”
  10. When you get a real order confirmation email, the order information is almost always included in the message. You don’t have to click a link to get to it.
  11. Speaking of links: makingteamsrock.com? Not a Target website.
  12. “Always yours, Target.com.” Pretty sure they don’t refer to themselves as “Target.com.” Or use “Always yours” as a closing.
  13. Not one single item in the “privacy policy” line at the bottom is an actual link.

So, I found thirteen. Did you catch any that I didn’t?

FTC lawsuit reveals what actually happens if you fall for one of those “Free Gift Card” spam text messages

Back in April 2012, The Consumerist reported that around 4.5 billion spam texts were sent to U.S. cell phones in 2011 (“Yeah, and I got about 2 billion of those myself,” I remember thinking).

Yesterday, The Consumerist released an article that gives a little insight into how those soul-crushingly irritating “Free $1,000 Gift Card” spam texts actually work. The good news is: the FTC has 29 people in their legal crosshairs, whom they believe to be responsible for 180 million of those texts. The “meh” news is: what about the other six quadrillion spam texts?

Anyway, for those unlucky enough to fall for the free gift card text scam, here’s a brief rundown of what actually happens:

  1. You’re directed to a website that collects an awful lot of personal information, including medical data in some cases, before you’re allowed to proceed
  2. You are taken to another site that requires participation in a bunch of “offers” before you can get the gift card
  3. This required more personal data, including credit card numbers for “subscriptions” or to actually apply for credit
  4. You’re told you have to get (i.e. trick) three more people into signing up before you can claim your gift card
  5. You never, ever, EVER actually get a free $1,000 gift card, because if spammers actually delivered on their promises, they wouldn’t be spammers.

For the FTC to go after 29 people is a good start, but you know as well as I do there are probably a thousand more involved in these schemes. So if the “Free $1,000 Best Buy Gift Card” texts continue to arrive, just continue to ignore ’em, like always.

Mary, Mary, why ya buggin’?

Maybe it’s just the specific spam email lists I’ve ended up on, but of late I’ve noticed an inordinate amount of garbage email coming from people named “Mary,” with all different last names. Here’s a sample of my deleted items folder over the last several weeks (I photoshopped out a few messages from legit business contacts named “Mary” that were interspersed with these…this is just the spam):

2012-05-14-marymary

This isn’t even all of them. Is it just my inbox, or have you noticed this as well?

Spam Dissection: There may be a change to your Experian credit-score

spam-lovelyThis is the text of a spam/phishing email I received on January 3, 2012. It slipped right past the spam filters (my notes are bold and in brackets):

From: Fraud Monitoring
Subject: CRITICAL: There may be a change to your Experian credit-score

ALERT: There may have been a change to one of your 3 credit-scores!

Your Experian, Equifax & TransUnion Scores are your Ticket to a New car, Credit-cards, a Mortgage & more!

Poor 301-600
Good 600-700
Excellent 700-849

View Your Up-to-the-minute Credit-Scores Now, It’s On Us! Click here.

[note: there were about twenty blank lines here]

To no longer receive notifications and updates about this offer, please use this safe unsub link.

[note: the following was in tiny white text, which made it invisible until you highlighted it]

Zuzim in which he would hardly with great deep sleep to Simeon and found there. And planted a mixed multitude of the man, and he can bear. Behold, to us, and I will send thee will harden the Egyptians in the daughters of Zibeon and kissed him, and thou art gone out to see the Red Sea; there is better that shall be buried him the children, or bad. And Jehovah went down, and thy hand of the people go, that my venison, and tarried there was dead, and go in the seven ears, withered, thin, well favored. Haste ye, and the men into the goats: and bring it was returned in them, and begat Lamech. And the land of Rebekah said unto the king of the righteous with the nakedness of the sheep, and begat a dream, and, behold, his sons, Shem, and ye to Paddan-aram. And Noah were both the sword. And when he made me in the thing was grain which he believed in blessing I pray you, and our God, the third stories shalt keep it; and will not who knew not regard not so to my signs in our land was good. And chose him for an officer of the children of the children of the generations ye shall eat every tree or not. And it unto him, Abraham. And he had, in at the water in the sons of the first-born. And he said, Behold now, Jehovah came in the same is the windows of thee. And God called Esau her son, while he did eat their generations. And he begat Enoch was wroth with us: and the land ye shall his bosom, behold, his beasts, and Shaul the money, they have sent them up on me unto Jehovah said, Now therefore he-asses, and the land of Salem brought them against the Hivite, the greatness of white with the same is Edom. And he had done this place. And Joseph said when we found: know him. And she said, Unto their daughters with him that his army, and two years, and wise know how thy rod, wherewith thou hast led the damsel. And when I buried Sarah shall say unto me; and he said, Surely thou standest is about three baskets of his cattle that which thou hast showed him to the kids of Egypt, the garden in the prison; and Kedar, the water which Lot journeyed to me, and he put upon him. And the Hebrews’ children. And he lifted up early in the earth, and said unto thee into the men of Israel his brother’s name of Israel to slay thy father, and I give ear to pass, when they bosom; and he gathered together within his daughter ye done in the eyes and went in, and wise men have accepted thee and daughters: and Magog, and Joseph spake all their names: chief Zepho, and cause frogs be stronger of Egypt were ceased, he put it shall be buried couched as though it came unto him, into my lord. And he dwelt then ye shall be thy servant of Israel said, Let there all the lord knoweth that he fell there, and filled the earth: and the birds multiply thy she-goats have said, What is it came to sojourn in Paddan-aram, and was all his people, that no uncircumcised person shall be the years of Canaan, the lodging-place, that is in the thigh of land of a husbandman, and come seven hundred sixty and the ground after these are the bracelets for out of Egypt. Then Joseph understood them;

[note: the following was fully visible text]

All of a sudden, I was hearing stories about how difficult I was to work with, ridiculous rumors about drugs and what a diva I was. I never had to go to rehab or a program.

[note: it concluded with this footer image]

Footer from spam message, 01/03/12

I thought it might be useful to point out a few things about this message.

First, you should never, ever respond to an email like this in any way, shape or form. I’m not sure what it leads to—it could be a site that attempts to steal personal information, a rogue online pharmacy or some combination of the two. Even clicking the “safe unsub link” could lead to problems.

Second, the “from” information, the link to (allegedly) view your credit score and the “unsub” link all use the exact same host: doragreyliteracyfoundation.com.

I did a “whois” on this URL and found that it was registered on December 23, 2011, using a registrar called eNom, Inc. Four things about this fun fact:

  1. The website was registered eleven days before the message was sent, yet they somehow already had my email address.
  2. The Dora Grey Literacy Foundation, as far as I can tell from a web search, does not exist.
  3. They registered the domain name for only one year, which isn’t necessarily a sign of fraud, but know this: registering a domain name for only one year is a pattern with fraudulent websites.
  4. As of October 2010, eNom, Inc. was the registrar for around 40% of rogue online pharmacy sites, according to a source cited at Krebsonsecurity.com.

Third, that huge block of (religious, in this case) word salad would have no reason to exist in a legitimate email message.

Fourth, neither would that business about being a “diva” after the word salad. I looked it up; it’s a quote from Irene Cara. Yeah, the person who sang “Fame” and played Coco Hernandez.

Finally, regarding that footer image, there is neither a Dora Grey Literacy Foundation nor a Facio & Associates at that address. “PMB” indicates the address is a commercial mail drop business, which is a mainstay of con artists.

Amazing what you can learn with a little research, isn’t it?

Ridiculous Spam: I get Brandnew Car at Super-Saving Price!

Even by broken-English standards, this one I got today is a real mess:

Subject: The cheapest way to buy new car, once a year

Hi Regional Federal Credit Union, this is an Incredible Opportunity for You to get Brandnew Car at Super-Saving Price

Last Chance to get up to $7000 off on all Vehicles Model 2011 Blowout Sales.This happens only Once a year.
Register now for Free and get your price quote for all possible saving brandnew autos.
Hurry up, only few days left to win those crazy deals.

Start Saving up to $7000 by spending 2 minutes to fill out the registration form here

Rule #1 of dealing with spam: if they’re using the name of the place you work as if it’s your name, there is no logical reason to click on anything within the message or to respond in any way other than to delete the message.

Ridiculous Spam Friday the 13th

How’s that for timing? The thirteenth installment of Ridiculous Spam Friday falls on an actual Friday the 13th. I love it when a plan comes together.

Let’s get to the garbage…

From: Dick Glock <[removed]@amadorcoe.k12.ca.us>
Date: Sunday, August 01, 2010 11:30 AM
To: info@lotto.co.uk
Subject: Final Notification!!!?

Dear e-MAIL Winner,
Your email address won £850,000.00 GBP in this month NATIONAL LOTTERY E-mail online drew.
To file for your claim, contact our agent Mr.Albert Nelson.  with
the details below(Full Names, Contact Address, Country, Age, Sex, Occupation &
Telephone numbers) to this Email: uknldepartment2010@discuz.org  Phone Number: Tel:+44 7024027755

MODE OF PAYMENT !!!

Option (1)  Via Courier Delivery

Option (2)  Via Bank Wire Transfer

Note: This is an automatic message do not click on your reply button send all details to the below  Email:  uknldepartment2010@discuz.org  

Yours Sincerely,
Dick Glock

I removed the email address under “From” because it is apparently the legitimate address of an administrator for a school district out in California. Where do spammers get the legit addresses from?

At any rate, since it’s just another lottery scam message, you don’t even have to wonder why a school admin would be telling you about a lottery, since you already know it’s a scam. The incredulous punctuation in the subject line (“!!!?”) is cute, though.

From: Zoosk Request Notification <noreply@dipfishesnet.com>
Date: Tuesday, July 20, 2010 12:09 PM
To: [correct address]
Subject: Facebook Notification – Zoosk dating app

-Someone is searching for you on a Facebook application called Zoosk-     
      
Press here to see who wants to make a connection with you:     
http://dipfishesnet.com/c/ejAvaGhF7140LFFvOEtFKA.html?0      

—–      
             
To not receive this message again please visit this page:     
http://dipfishesnet.com/c/ejAvaGhF7140LFFvOEtFKA.html?1     
      
or write to:     
      
Zoosk Inc. 475 Sansome Street., 10th Floor,     
San Francisco, CA 94111     
To remove yourself from this list,
click here http://dipfishesnet.com/u/ejAvaGhF7140LFFvOEtFKA.html
or write to us at:
PO Box 85073
Richmond, VA 23285-5073

And how, pray tell, would an application on Facebook (I thought Zoosk was its own site) be trying to find me at my work email address? That’s not the one I use there.

This one serves as a good reminder: never click the “unsubscribe” link in a spam message. All you’re doing is confirming that your address is good. I wonder what happens if you write to the P.O. Box, though. I’d imagine putting your email address, full name and home address into the hands of these people could be even worse. Ten bucks says that P.O. Box is just a drop site that is set up to forward everything to Russia.

From: [removed]
Date: Tuesday, June 29, 2010 10:29 AM
To: [removed]
Subject: Hello!

Hello!
How are you recently?
I bought a laptop from a website:   www.laosm.info/ Last week, i  have got the product, its quality is very good and the price is  competitive. They also sell phones, TV, psp, motor and so on, by the  way, they import products from Korea and sell new and original  products, they have good reputation and have many good feedbacks. If  you need these products, look at this website will be a clever choice.
I am sure you will get many surprise and benefits.
Greetings!Hello!

Hello! This one came from a person I work with, although from their personal email address. Somehow it was used to forward this message to every one of her contacts. Greetings! She’s perfectly capable of using coherent English, so I could tell right away something was fishy.

I’m sure you’d get all kinds of “surprise” if you tried to follow that link and actually purchase electronics, and there’d be absolutely nowhere to give them any negative “feedbacks.” Hello! Greetings!

Valley of Ridiculous Spam Friday

It is unwise to linger overlong on doorsteps in these troubled times, so let’s just get to the spam, already…

From: MICROSOFT CORPORATIONS <[removed]@ufl.edu>
Date: Saturday, July 10, 2010 9:36 PM
To: microsft@alive.co.uk
Subject:

You have been awarded the sum of E1,625,000.00GBP in the MICROSOFT EMAIL PROMOTION AWARD 2010.Cont Mr Mark Anderson with your names,address,phone and Country to Email: microsft_loto2010@9.cn or call +4470-4573-9535 for moreinformation on this award.

If there really was a lottery of this type based in the United Kingdom (.uk), why would the email have been sent from the University of Florida (ufl.edu), and ask you to reply to a Chinese address (.cn)?

Of course, we both know this is a scam, you and me, so we’ll just move on, now, won’t we?

From: Mr. Albert Harry <albert.h@hungary.org>
Date: Monday, May 24, 2010 12:41 AM
To: yao.koos@9.cn
Subject: I Need Your Corporate Business Assistance!

Dear Sir/Madam,

It’s my great pleasure to seek your help and genuine co-operation to our mutual benefit and I believe that you will not betray me with the trust and confidence i’m about to bestow on you. I am Mr.Albert Harry, procurement manager to SJCM Solid Minerals England (UK). My GM normally send me to Malaysia to purchase a product called Borax Oil Lq, which is use in the purification/cleansing of Gold and Precious Stones Borax Oil Lq is very cheap in Asia Malaysia compare to US and Europe,per carton of the product cost $6,500 USD to $7,000 USD. While in Asia Malaysia it only cost $2,000 USD. per carton and  you will supply to my company at the rate of $3,500 USD Per carton.

Now,I am expecting a promotion to become a branch manager and my GM is mandating a person to represent the company. I do not want my colleague to know the source/actual cost prize of Borax Oil Lq in Malaysia which is $2,000 USD, this is why i am contacting you.I propose the percentage ratio sharing made i.e. $1,500 USD per cartons. 85% for you and 15% for me. Upon your devoted seriousness and willingness to handle this business without betraying me.

I will pass you the contact details of the Malaysian Supplier. You are to act as the main supplier of the Borax Oil Lq in Malaysia to my Company, and you will buy the product from the Malaysian supplier at $2,000 USD.per carton with your capital and re-sell to my Company representative at $3,500 USD.

If you wish to take up this offer, kindly mail me at your earliest time I will furnished you with the next level of proceedings/contact details of the Malaysian distributor as well as that of my company directors to give a quotation.

Please If this business proposition offends your moral and ethic values, do accept my sincere apology.

Best Regards
Mr. Albert Harry

You know what? It does offend me, Mr. Albert Harry, and I don’t accept your apology. Once again, the “9.cn” domain shows up.

From: Sr. Douglas Gregg <sr.douglasgregg@srdouglasgregg.com>
Sent: Monday, July 26, 2010 11:35 AM
To: [removed]
Subject: Your Advise Needed Urgently

I am Sr. Douglas Gregg,

I’m writing to inform you my desire for you to assist me contact a Cooperate Fiduciary Company in United-State, to assist me receive a shipment it contain funds ($31.9Million) in a shipment package.

It was shipped via a Shipping company based in Bern Switzerland to their affiliate vault in (US).

Please email me for more detail.

Awaiting your urgent response.
Regards,

Sr. Douglas Gregg.

sr.douglas.gregg@zoho.com

So now you’re trying to get me to believe a bog box o’ cash is waiting for me somewhere? I’m trying to figure out what the setup here is, but I have no doubt it would involve wiring money to Sr. Douglas.

What the heck does the “Sr.” mean when it comes before a name, anyway? Is it supposed to be “Sir?” I’ve never seen that before. I wasn’t aware of the need to abbreviate a three-letter word. I mean, it’s already pretty brief. I like how it’s part of the email address, too.

This concludes our latest batch of emails you should ignore. Not just these specific messages, but anything that looks even a little bit like them.