Archive for Scams and Spams

You want that with fries?

The title of this spam was nothing remarkable: “Attention: Our Lowest Home-Rates Expire 3-25-15.” (And a possibly amusing domain: loancashbefore.work.) But this was the text hidden behind the HTML:

The fries themselves are not bad … a bit plain maybe, but not bad. The creamy spicy tuna dipping sauce they serve with the fries is stupidly bad. That stuff doesn’t even belong on sushi; on fries it’s ridiculous and downright trashy. If you like that stuff, stop having sex with your cousin. I’d like house-made mayo or aioli options, or even a really refined, light, bbq sauce seems like it would pair well against the slaw. Traditional ketchup, for me, is a no and their whole grain dijon is meh.

If this was swiped from somewhere, and I always assume it is, I didn’t find the source.

Comments (2)




Necroses are red, my love

There’s nothing special about this spam subject: “Protect Your Wallet and Your Floors — 35% Off.” Nor is the content anything remarkable, although there is an Unsubscribe address in some Las Vegas boiler room, and some of it is vaguely related to stuff one might use to protect a floor. But this email address is a killer: cavemen@bubonicplaguesynonumsantonums.com. Even better, that’s a real domain: there are links to it in the message, and Whois, as it should, coughs up the registration details.

Oh, and since I used the Whois at Network Solutions, NSI was happy to offer me the similar-ish bubonicplaguesymptoms.com for a trifling $14,000.

Comments




Despamination

I’ve mentioned before that in the 1980s I was a customer of MCI Mail, one of the commercial email pioneers. (Actually, I was two customers of MCI Mail, with an account for myself and another for a pseudonym.) And at half a buck for each message, plus $35 a year for a mailbox, spamming was too expensive to undertake.

I don’t know if Warren Meyer was ever on MCI Mail, but he’s been pointing out the same sort of thing for many years:

Long ago I proposed that (and I am not sure how to do this technically) emails should cost $0.001, or a tenth of a cent, to send. For you and I, say if we sent 200 emails a day (an email copied to 5 people would be 5 emails for this purpose) it would cost us 20 cents a day or about $75 a year, not much more than we pay for security software and updates. But if you could make it work, spam would be reduced drastically. No way there is any profit in sending an email for $.001 for an expected return of $.0002.

Now Meyer runs a business, so you may safely assume he sends a lot more email than I do; in fact, my Sent Items folder contains 9,000 items — but it goes back to 1997. By this time, I’d left MCI, else I’d have been out several thousand dollars before they folded the system in 2003.

The key, of course, is “if you could make it work”:

I have no idea in the current structure of the Internet how one would even do this. The charge would have to come from the receiving end, somehow refusing to deliver it if it does not get payment information.

I’d guess that the receiving end would have to subscribe to some sort of service to intercept incoming mail, and presumably there’d be some sort of feature with which you could whitelist friends and (some) relatives. So this scheme would likely not put any money in your pocket — but the idea of putting spammers out of business remains high on my list of desiderata.

Comments




Your grandmother’s phish

It’s been a while since something this blatant came down the wire:

Sorry for the delays towards making the payment, Please see attachment for proof of payment by verifying your email and password through the attached outlook duc transfer page to access the POP. Kindly confirm payment. Thanks CFO Sharon Williams

The “transfer page,” cleverly named “Wire Receipt.htm,” is some Base64-encoded garbage that I am not about to look at.

Weird aspects of this mailing:

  • Sender is identified as “Sharon Smith,” not “Williams,” though the email address given is sharonw at stantrade.com.
  • This line appears in the header:
    X-Source-Args: /usr/bin/php /home/tcfofcha/public_html/mc.php

Is it possible that these folks have been hijacked?

Comments (1)




Purely by coincidence

I don’t think there’s anything particularly unusual about this sales pitch:

Last 10X Longer In Bed
It has never felt so good

And they’d like you to think that “10X” is being cautious, because:

I took this on Valentines Day and went from lasting 2 minutes to over 35.

So: a factor of seventeen, then?

I wouldn’t have noticed it at all, in fact, except for the minor detail that the bogus name they conjured up for the sender accidentally duplicated the name of someone I never actually took to bed — but might have wanted to.

Comments




Embiggenment resisted

The March Consumer Reports has a page called “How to Win at E-Mail,” which struck me as odd: the only way to win, says the server looking over my shoulder, is not to play. Still, some of the statistics seemed valid, especially this one:

2 in 5 Americans have received email in the past year promising to enhance their libido or certain parts of their anatomy. (It annoys women more than men.)

I thought nothing annoyed women more than men; I know I’ve annoyed several.

But I understand why women object to this sort of thing, since the “certain part” most commonly specified is one they genitally generally lack.

Comments (1)




Not the best approach

Obviously I’m not the only person who gets spam. I usually don’t reply to it, though:

Then again, her initial reaction was less kindly:

Stabbiness is not an uncommon reaction to particularly noxious spammage.

Comments (1)




They wish to register a complaint

The following item, claimed to be from complaints@irs.gov — oddly, it seems to have originated in Italy — landed in my email box, though it had been addressed to someone entirely different:

Dear business owner,

A criminal complaint has been filled against your company.

Your company is being accused of trying to commit tax evasion schemes.

The full text of the complaint file ( .DOC type ) can be viewed in your Microsoft Word, complaint is attached.

AN official response from your part is required, in order to take further action.

Please review the charges brought forward in the complaint file, and contact us as soon as possible by:

Telephone Assistance for Businesses: Toll-Free, 1-800-829-4933
Email: complaints@irs.gov

Thank you,
Internal Revenue Service Fraud Prevention Department

I need hardly point out that were this an actual criminal complaint, you’d get something a lot more emphatic than a badly worded email with a spam score over 5.

I did not, of course, look at the Word document, which presumably carries the payload.

Comments (3)




Recipient has no game

Received last night: a reasonably careful replica of an actual iTunes Store invoice. Since I hadn’t bought anything from the iTunes Store in the last week or so, I knew this was a fake. And this is what I’m supposed to have bought:

Space Qube

About this game:

Space Qube is a voxel based retro style shooting game which also allows the players to create everything they can image in the game using voxel.

There’s a lot to be said for retro shooters. And this was said:

SpaceQube will be free on iTunes store soon. Then it will be ported to Windows 8, Windows Phone 8 and maybe Android.

In the meantime, it’s $2.99, which is nowhere near the £38.59 asked by the forgers of the invoice.

Comments




Waiting for .gresham

The .click top-level domain is perfectly legitimate and open to all:

The reason .CLICK is such an attractive choice for a TLD is because it encompasses a highly used Internet buzzword, increasing memorability and functionality. But, because “click” also has a multitude of positive meanings, from getting along, to fitting together, is [sic] also works to create positive associations. This TLD is an open registry, meaning any individual, group, or business may register a .CLICK domain, making this extension choice flexible, memorable, unique, and marketable.

I have yet to see an actual .click site, though links to several of them have already shown up in my spam trap, substantially diminishing my “positive associations.”

Comments




Say hello, Bob

Up to this point, pretty much all the spammers putatively offering sexual services of one sort or another have claimed to be persons of the female persuasion. Then there’s “Robert,” who sent me this Thursday night:

My name is Robert, and this is the first time I write to a guy first. But I find you attractive and would like to chat about your interests.

Historically, men who find me appealing have been even rarer than women who find me appealing, so this was amusing for about forty-five seconds.

Comments (4)




A little slow on the meme there

I found this floating around a Facebook page I am alleged to have liked:

Attempted meme: Bought a penis enhancement device on eBay, bastards sent me a magnifying glass

Regular readers will know that something like this has already happened, though it happened some place other than eBay.

And is embiggenment truly an enhancement? (I suspect all the guys, and perhaps some of the girls, are nodding Yes.)

Comments




Disorder confirmation

You know, if I’d actually ordered this, I think I’d have known about it:

Phishing scam disguised as an Amazon.com confirmation

The bad bit of character encoding (in “We’ll”) gives it away, even if you don’t look at the three links, all of which go to the same bit.ly URL that I have no reason to trust. Besides, Amazon doesn’t collect tax for this state — see “use tax” — and if they did, it wouldn’t be a mere 6.75 percent. (Actually, the state rate is 4.5, but city and county taxes exist, and where I live, it’s a total of 8.375, though none of that is assessed by the county.)

Comments (4)




Seeming incompatibility

Subject line on a spam received last night: iPad Owners Overjoyed by Revolutionary Keyboard. Second One 1/2 Off.

Actual text of the spam:

Just Fresh Direct Unfiltered Olio Novello. Imported straight from Italy within one week of pressing, this oil is delicious enough to drizzle on bruschetta but affordable enough to use in cooking, too. (Note: Only available in select markets).

I, for one, do not look forward to keyboards that can be drizzled.

Comments off




Thieves vying for honor points

Received in the spam trap yesterday afternoon:

Hi there! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

This might have carried more weight had the “author” been identified as something other than “buy litecoin With credit card no verification.”

Comments off




Focused attack

Usually comment spam is just slopped onto the place without any particular regard to where it may land. Which concerns me when it isn’t:

Spam screenshot

I mean, really, what did McGehee do to deserve this?

Comments (2)




The usual blondishments

Actually, we don’t know her hair color, but I assume by default that every word of this spam is bogus:

I was browsing and saw your profile and just had to contact you

This might seem crazy but I thought you were cute and have to know if you are dating anyone?

Even if you are.. we should chat because I think I am someone you could have a good time with.

Lets chat on facebook and Ill tell you more. I can show you some of my latest photos. I think you will really like what you see.

Hit me up on messenger soon and lets hookup.

You can get my profile and contact details here.

Chat soon

xoxo Katie

There follows, concealed by text color if I were dumb enough to read HTML mail, about twenty lines of pure word salad. “Here” yields up an address at privatelymessage.me.

Comments off




Discreet petite

This wandered into my email box:

The #1 rule if you’re having an affair

Never do it with a single woman. Instead, date a married woman who has just as much reason to keep it a secret as you do.

(“Me and Mrs. Jones,” explained Billy Paul.)

Why did I get this?

You are receiving this message because you opted in to *insert web address of list*

Apparently Cyprus, whence this came, is not up on the latest deceptive techniques — which can’t possibly help them selling a “service” like this.

Comments (2)




Meanwhile across the hall

Received at another site I run:

This motor is a blower that pulls fresh air from the outdoors, through the heat chamber and back out to the outdoors. 2) A mockingbird has limitless songs, and no two mockingbirds sound alike. To me, that is what spring maintenance is all about.

If there’s a lesson here, it’s this: don’t put the exhaust vent next to a bird’s nest.

Comments off




Monetizing the egregiousness

Lynn has an idea for dealing with comment spam, and like most such ideas, it springs from frustration:

Comment spam has been really horrendous lately. I used to get, usually, no more than 20 a day. Since last Saturday it’s been 300 – 500 a day! The first time comment moderation is stopping it all but I still have to take the time to delete all of them.

That certainly qualifies as “horrendous.” (I’ve had just over 600 this month. Then again, I have several thousand IPs blocked on general principle.)

Someone once said that spammers should be crucified alongside the highways. Right now that seems like a pretty good idea.

That someone was Eric Scheie of Classical Values, about 11 years ago. The original post has vanished from Blogspot, as posts will sometimes do, but I excerpted the money quote here.

But then I think, why litter the countryside with so much garbage. Let’s just publish their real names and addresses. But then I think, no I have a better idea. Let’s make them pay. Literally. Someone needs to come up with a system to automatically charge spammers by the minute, with the proceeds going to the website owner, minus a small percentage to maintain the system. Five cents for each minute until the spam comment is deleted, even if it is held in the moderation queue for that time. I would be wealthy!

Hmmm. If this ever comes to pass, I’m going to have to unblock several thousand IPs on general principle.

Note: The wp-ban plugin, used here, has turned away approximately 530,000 attempts to dump stuff here before it ever gets to Akismet, which has rejected 36,000 on its own. It is not infallible — no software is — but I’m not getting 300-500 spams a day either.

Comments (2)




This swan is already dead

In this morning’s spam heap, an improbable offer:

Anna Pavlova has sent you a message.
=========================
Message ID #3184324
=========================
Date: 10-16-14.
=========================
Username:  chaz@dustbury.com 
=========================
Password:   [redacted]
=========================

Chat with Anna Pavlova today.  Follow these instructions

-1- Go here http://gonow.mumob.com

-2- Enter your communication mode.

-3- Meet Anna Pavlova today.

It did not help that pretty much the same message (different message ID, marginally different “password”) was sent to one of my other email addresses.

Still, who among us with a peripheral interest in dance wouldn’t want a chance to chat with Anna Pavlova?

Comments (3)




Iggnernt fahkeds

There was a time when misspelling an occasional word to get past a spam filter was just uncommon enough to make you giggle as you pressed the Del key. Then the focus shifted to random word salad. But there are traditionalists out there, and one of them sent me this offer, in which the occasional word is spelled correctly, undoubtedly due to an oversight:

gurnltvfjqvwcbqwulieiouuyjxb

Best Medications Onlinee

Best prrices in the world

Beestselleerrs
0,90$ Viggara
1,52$ Ciilaais
2,18$ Levtira
0,79$ Piink Femaale Vigaaraa
2,02$ Viigaraa Soft Taabs

View all

Somee infoormation
a.. Top quality
b.. 100% Satiisffacttion Gurantee
c.. Loweest priices in thee universe!
d.. FDA approoved
e.. Offiiciial suppliiers
f.. Unmarkeed parceel
g.. Insuraancee deeliveeryy
h.. Worldwiidee trackablee shippiing
i.. Gifts and diiscoounts
j.. All kiind of products in one place
k.. Neext daay faast shipping foor Americaan cliients ^NEW!

ahsgcmhmpeshxk
ihxabsseaufissqaxzqcqbrcdiallzqnyhbwlnfvbd

Now how the farking fark did they get A through K in the right order? (Singing, I’d guess.)

Of course, people should be discouraged from buying from operations like this, if only because the products will be used in connection with sexual activity, and if you answer ads like this, you are obviously too stupid to live.

Comments off




I’ll consider myself peered

I don’t know if this was translated from Urdu into Dutch, or what, but it showed up in the spam bucket last night:

I am really impressrd wit your writing tzlents as wekl as
witth thee strudture onn your weblog. Is this a paid subject orr did you mdify
it yiur self? Either way stay up the nice quality writing, itt
is uncommon to peer a niice bog like this one
today..

A niice bog indeed.

Comments (8)




Tastier phish

Remember that jaundiced eye with which you review your incoming email? Get ready to go Full Yellow:

Pretty much ever since the new top level domain (TLD) “.biz” went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN’s latest folly and money-grab went live. It looks like a number of the “new” top level domains, like “.support”, “.club”, etc have now come online. And again, it seems like only the crooks are buying.

Okay, that’s to be expected. But was this?

But wait, there’s more! Since the crooks in this case own the domain, and obviously trivially can pass the so-called “domain control validation” employed by some CA’s, they actually managed to obtain a real, valid SSL certificate!

And we all know what that means:

Addition of SSL to the phish means that another “scam indicator” that we once taught our users is also no longer valid. When a user clicks on the link in the phishing email, the browser will actually show the “padlock” icon of a “secure site”.

Honest-looking thieves! Who knew?

(Via SwiftOnSecurity. She knew, for sure.)

Comments (2)




Maybe they need fiber

Somehow I suspect this will not sell any product:

[Home DIY Network Presents]
Build Anything with Success and ease
The Faster & Easier Way To Woodworking
————————————————-
Over 16,000 Step-by-step plans

Put yeast into a small bowl with 1/4 cup warm water, 110-115 degrees F, for about 5 minutes and let it foam. In a large mixing bowl put the hot milk, hot water, salt, sugar and shortening and let it cool to lukewarm, add yeast and 3 cups of flour and beat until smooth.

You have to see how cool this is…

I swear, the spammers aren’t even trying anymore.

Comments (1)




Must be the drugs

This bit of weirdness was submitted to another site I run — strangely, or maybe appropriately, to a post called “Unconscious hilarity”, which was about, you guessed it, comment spam.

I can only affirm three answers, (2, 6, 8) and with serious qualifications on #2 (if it weren’t for my wife and sons I would have no pets).

Christopher Street West, Town of West Hollywood, spouse organizations, supporters and sponsors all contribute to support and celebrate the June 28, 1969 anniversary of the Stonewall Rebellion in Ny.

An important aspect of buying real estate is feeling at ease with the professional who’s helping you.

The intended link was to a site named for a diet pill; methinks the bots have had too much exposure to drug-addled humanoids.

Comments off




More than just a weird trick

Actual subject line from yesterday’s mail: “This Simple Action Poisons Your Organs (On National TV)”.

Inevitably, there’s a questionable link, with this text: “Why Eating Salad Makes You Old.” I rather suspect that I’d be old even if I’d never had a salad in my life. (Last actual salad: last night.)

And the sender, it says, is “Reverse Disease.” Um, what about all that organ poisoning?

There are, say the experts, people who respond to these things. How? Surely they’re dead by now.

Comments (4)




Semi-useful household advice

I’m not sure why this was stuck onto a My Little Pony-related post, but what the heck:

Watch for chewing, especially around items such as electric cords. Ferrets are also prone to certain illnesses — and injuries — and may also require emergency services. Don’t make any sudden movements as you don’t want your boa constrictor to bite you as boas are sensitive to humans and can easily feel threatened.

And sometimes they’re hungry.

Comments (1)




Untrue to its contents

This spam was from, it said, “Cable Service,” and the subject was “Optimize your viewing experience with cable TV.”

Then followed three links, anchored as follows:

  • Greencard
  • Need a Greencard? Get help from experienced US Attorneys – Attorney Advertisement
  • Work legally with a greencard.

And, you know, the CableCARD is dead.

Comments (1)




Recapture clause

Freshly spammed my way: a method to get one’s ex back.

No, really:

My system is rooted in behavioral psychology. By combining this with text messages to deliver the message, the result is a system that is so powerful, it has worked for more than 10,000 people!

Text messages are direct, non-confrontational, and can be responded to when it is convenient to the person you sent it to. They are especially effective when dealing with the situation in person, could be too risky.

Let Justin Sinclair, personal relationship expert, show you exactly what messages you need to send your Ex, and how to send them. You’ll be blown away when your Ex starts talking to you again and eventually asks to see you.

Believe me, if Jimmy Webb can’t do it, nobody can.

Comments (1)