Tag Archives: scam

Let’s kick off the long weekend with a derpy lottery scam

Many of us (here in the States, anyway) will spend today looking forward to a nice three-day weekend, visions of grilled meat, open-wheel race cars and (if you’re like me) binge-watching the entire fourth season of Arrested Development on Netflix dancing in their heads.

Seems like a good time for a “fun” sort of post, so let’s snark at a bad lottery scam email I received this morning:

From: [redacted]@co.pg.md.us
Subject: ! Are You Aware!!

Your email has been announced the winner of the Microsoft E-mail Sweepstakes of 5.6, Million Pounds. Please send these informations:
Full Name:
Address:
Tel / Mobile No.:
Country:
Occupation:
Sex / Age:
Alternative E-mail:
Contact Mrs. Kathrin Rogers: { Kath.rogers@msn.com<mailto:kath.rogers@msn.com> } OR { Kath.rogers@rogers.com<mailto:kath.rogers@rogers.com> } with details. Sincerely, Josphine B. Clay
(Microsoft Management Board, Copyright 1991-2013)

—————————————————————————————

This E-mail and any of its attachments may contain Prince George’s
County Government or Prince George’s County 7th Judicial Circuit
Court proprietary information or Protected Health Information,
which is privileged and confidential. This E-mail is intended
solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient of this E-mail,
you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and
attachments to this E-mail is strictly prohibited by federal law
and may expose you to civil and/or criminal penalties. If you have
received this E-mail in error, please notify the sender immediately
and permanently delete the original and any copy of this E-mail and
any printout.

Oh, where to even begin?

For one thing, it doesn’t say I won anything. My email, on the other had, has won 5.6 million pounds. Fat lot of good it will do.

Also: pounds? Microsoft, based in Redmond, Washington, conducts business in pounds? Sure. Whatever.

“Please send these informations.” Uh-huh. Because Microsoft doesn’t have enough money to hire people who use proper grammar.

! Are You Aware!! Um, ?No I’m Am Not ! !!

Why would a message about a Microsoft sweepstakes come from a Prince George’s County, Maryland email address?

Why would the disclaimer refer to said county, and not, oh…I don’t know…maybe Microsoft?

Finally: there is absolutely no such thing as a Microsoft E-Mail Sweepstakes, nor has there ever been, and nor will there ever be. But if you’ve been reading this site for a while, you already knew that one, didn’t you?

Have a good weekend. Stay vigilant. (Also, try grilling corn with garlic butter and without wrapping it in foil if you’re cooking out this weekend. You have to move it around a lot to avoid flare-ups and burnt corn, but dude…seriously, you’ll never do it the old way again.)

Email Scam/Malware Alert: “Corporate eFax message”

I received this message yesterday afternoon (links have been removed, but are shown in blue):

*   *   *

From: eFax <[redacted]@coderbit.com>
Subject: Corporate eFax message – 9 pages

Fax Message [Caller-ID: 680-973-3656]

You have received a 9 pages fax at Wed, 03 Oct 2012 22:22:19 -1000.

* The reference number for this fax is min1_20121003222219.1055179.

View this fax using your PDF reader.

Click here to view this message

Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.

Thank you for using the eFax service!

Home | Contact | Login

© 2011 j2 Global Communications, Inc. All rights reserved.

eFax® is a registered trademark of j2 Global Communications, Inc.

This account is subject to the terms listed in the eFax® Customer Agreement.

*   *   *

eFax is a real company, and the whole thing looks right, with the footer and all. So how did I know this message was bad news?

By mousing-over the links. I’ve used that term before but I’ve never explained it, so here it is: to mouse over (or mouseover) is to move the cursor (the arrow, usually) on your screen over a link without clicking on it. In most web browsers and email clients, this action will show you where the link actually leads, usually in the lower left corner of the window. If the text of the link says one thing, but the information that shows up when you mouseover, that’s a good indication of foul play.

In this case, every single link was disguised. Here are the links and where they actually led, in order. Do NOT visit any of the sites listed!

  1. min1_20121003222219.1055179: www.bathroomdesignstafford.co.uk/SAMiMyXq/index.html
  2. Click here to view this message: gurkan.bae.com.tr/1ttCGhGq/index.html
  3. www.eFax.com/en/efax/twa/page/help: webview360.net/Zn3VbH/index.html
  4. Home: egelisanfen.com/v2WPTAhV/index.html
  5. Contact: christianharfouche.net/Q1uRBnn/index.html
  6. Login: teknoturkbilisim.com.tr/5UTrCN5/index.html
  7. eFax® Customer Agreement: happlications.com/phjbPEB/index.html

You’d think a legitimate message from eFax would have at least ONE link that led to eFax.com, wouldn’t you? You’d also think the “from” address would contain “@efax.com.”

Instead, we’ve got web pages from all around the globe, including the UK and Turkey (.tr). Every single one of these pages has likely been compromised with malware.

Word on the street is that the linked sites will try to infect your computer with the BlackHole exploit kit, which takes control of your computer and adds it to a worldwide network of compromised (“zombie”) computers used to traffic illicit data, launder money and other criminal activity.

Like I said, bad news. If you get this message (the number of “pages” in the subject line may be different), don’t click. Delete it on sight.

IC3 Scam Alerts

The latest batch of scam alerts from the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) came out yesterday, and there are some interesting things going on out there.

I won’t past the entire text here, but the “Triangle Credit Card Fraud” was a new one to me. It works this way:

The first party is the fraudster who acts as a seller on a popular auction or marketplace site. The fraudster “sells” a product to the second party, the buyer that knows nothing about the scam. The buyer pays the seller for the product or service. The seller then needs to deliver the product or service to the buyer and does so by placing an order with the manufacturer of the product or service to the buyer and does so by placing an order with the manufacturer of the product or service, the third party. That order will contain the buyer’s information for shipping and stolen credit card information for billing. When the company receives the order, the billing and shipping information is all legitimate, thus it looks like an order being placed as a gift, so the company delivers the product or service.

That’s a big ball of text that takes a minute to decipher (and it seems to repeat itself at least once, but the underlying message is clear: you have to be really, really cautious when buying things from online auction sites.

The alerts also point out a new take on the old work-at-home scheme. This time, crooks are telling victims they submitted a resume online and using the names of well-known financial institutions and agencies (instead of the usual out-of-the-blue offer for mystery shopper work), then sending victims a fraudulent cashier’s check to purchase software or other supplies. Naturally, the victim then wires back the overage and ends up losing money. This time they’re finding victims because a vast number of people have been submitting resumes online, and I can tell you from experience: unless you’re a record-keeping ninja, it can get hard to keep track of what jobs you’ve applied for.