Archive for Scams and Spams

Fake Bureau of Investigation

This FBI ALERT!!! is laughable, but then aren’t they all?

Customers Service Hours / Monday To Saturday:

Attention Dear Beneficiary,

We bring to your notice that your email address was randomly selected as email address of scammed victims who are to be compensated that is why we are in contact with you so take your time to read this information carefully.

Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization, this ended 3days ago. It is obvious that you have not received your funds valued at $3.5 Million us dollars due to past corrupt Governmental Officials who almost held the funds to themselves for their selfish reason and some individuals who have taken advantage of your funds all in an attempt to swindle your funds which has led to so many losses from your end and unnecessary delay in the receipt of your fund.

The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation have successfully passed a mandate to the president of the United States Of America President Obama to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes. Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?

This is, I submit, the first time the UN has “enhanced” anything.

Now it goes off the deep end:

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because UPS have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $420 to $380 nothing more and no hidden fees of any sort!

And then they list various individuals who “have received their payment successfully,” either through UPS or DHL, and the alleged tracking numbers for those shipments. For instance, in the UPS list, there is:

GARY METZGER ==============1Z2X59394195952759

In the DHL list:

GARY METZGER ============== 871363130860

Now who is this Metzger guy, and how does he rate two of these?

No links, surprisingly, except to UPS.com, but there is a list of ten pieces of data you must supply by return email to their “agent,” one of which is “A Copy of Your Identity.” As if.

Oh, and just to make this interesting: character set used is Windows Cyrillic, which is, of course, the FBI standard.

Comments (1)




Scam via scum

Remember this number: 917-675-3332. Two calls from them today in relatively rapid succession. The people behind it need to die a horrible death, live on YouTube.

Apparently they’ve been active for only a couple of days, but already they’ve justified their termination with extreme prejudice. Says Ragator, who heard from them Monday:

Received a partial voice mail about calling in reference to a lawsuit and provided a phone number of 917 675-3332. I called the number and reached a gentleman stating to be “David Frost”. When I asked what company he was with he stated the IRS. I challenged him several times and he continued to claim he is with the IRS and contacting me in reference to a lawsuit. After I continued to challenge his affiliation with the IRS and I vehemently declared that I did not believe he was an employee Internal Revenue Service and pushed him even harder to reveal the company he actually works for he said he can not say and hung up.

The lawsuit claim is, of course, horseshit of the highest (or lowest) order. “Mr. Frost” is obviously a scamster out to make a fast buck off fearful people. Whoever is behind him needs to be named, exposed, and then culled from the species. It doesn’t even have to be in that order.

Remember that number: 917-675-3332.

Comments (6)




Sub-mechanical Turks

So this pops into the spam bin:

çok yakında sizlerle olmayı umut ediyoruz

It’s not often I get spam in Turkish. The URL being hawked is some security company, and God knows we get lots of spam from security companies of late, speaking all manner of languages, some of which vaguely resemble English. And this Turkish phrase translates as “We hope to be with you very soon” — maybe; since that was the whole of the message, I have no idea what the context would be except for the obvious one, which is “Try our service.”

Note: I have never claimed to be actually fluent in Turkish; historically, I admit to knowing no more than how to count to ten, and how to ask “Where is the toilet?”

Comments




And we’re Dun

Junk fax, in case you hadn’t noticed, was made illegal in 1991; senders of this sort of crap were of course mortified, and duly invoked their First Amendment rights to “petition the Government for a redress of grievances,” presumably with, um, sweeteners. In 2006, the new rules were set forth:

In April 2006, the Federal Communications Commission (FCC) implemented changes to the fax advertising rules of the TCPA. The new rules: (1) codify an established business relationship (EBR) exemption to the prohibition on sending unsolicited fax advertisements; (2) define EBR as used in the context of unsolicited fax advertisements; (3) require the sender of fax advertisements to provide specified notice and contact information on the fax that allows recipients to “opt-out” of any future transmissions from the sender; and (4) specify the circumstances under which a request to “opt-out” complies with the Act.

Over the intervening years, I have had received basically three flavors of junk fax: travel-agency crap, life-insurance crap, and business-loan crap. The example on exhibit today is of the third flavor:

Your high Dun & Bradstreet business score of 81 has pre-approved your business for a Line of Credit up to $250K. Because of your high business score, we can offer your business a Working Capital Loan, or Equipment Financing for either new or used equipment.

Well, no. D&B has two scores, the Commercial Credit Score, which ranges from 101 to 670, so I’m assuming this is not the one they meant. The other is called Paydex, which is concerned solely with whether you pay your bills on time. It runs 1 to 100, and somewhere around 70 is considered a passing grade.

This thing was “signed” by “Steve Rogers,” described as a “funding specialist” in “Chicago.” There follows an Unsubscribe number, but I’d just as soon not provide any further evidence that my fax number works.

Comments (7)




From the “Yeah, right” files

This, ostensibly from one “Mike Kellogg,” landed in the spam trap last night:

Hi admin, i see your page needs fresh posts. Daily updates will rank your page in google higher, content is king nowadays. If you are to lazy to write unique articles everyday you should search in google for: [name redacted because why should I give you publicity, you grit-eating, scum-sucking, pencil-neck geek?].

Content may be king, “Mike,” but you don’t know jack. I’ve done more daily updates than you’ve had hot meals.

Comments (5)




You misspelled “schmuck”

This showed up in the mail yesterday, ostensibly from Dropbox:

– This mail is in HTML. Some elements may be ommited in plain text. –

Hello chaz@dustbury.com
A PDF file classified as important has been sent to you.

From: J.M. Smucker Co.
Subject:
Major Product Areas
website; www.smucker.com

Um, no. One of the things that’s “ommited” in plain text is a Sneaky Link, which does not, I assure you, go back to Smucker’s: it’s pointed toward a subdirectory on a hijacked WordPress site.

And regarding the post title, Nancy Friedman reminds me:

The sch- spelling … is German rather than Yiddish.

Just to make sure that’s on the record, you know.

Comments




Google just being Google

It’s been a long time since “Don’t be evil” was supplanted by “Don’t be unobtrusive,” so I wasn’t entirely surprised to see this come down the timeline:

I scoffed for public consumption, then hit up the surfer dudes who host this site for suggestions, since broadside isn’t even a mail server fercrissake. Said they, did you know that the WordPress wp_mail() function, as used in emailing subscribers, is totally devoid of authentication?

[facepalm]

They suggested a plugin to route the mail through a proper SMTP server, and since I have one of those servers, they were happy to tell me all the settings that would be necessary. I had everything in place by four-thirty. So if you’ve been having to fish updates out of the Gmail spam folder, perhaps this will persuade Google to quit acting like the grand high muckety-mucks of the frigging Internet just this once. Maybe.

Comments




External combustion

Someone named “Bethanie Beason” — no, wait, it’s “Beason Bethanie” — writes me, addresses me by name, and asks: “Have you noticed you set my body on fire?”

It’s just the hives. You’ll get over it.

Oh, by the way, “Bethanie,” if that is your real name, why does your email come with a footer from TEN: The Enthusiast Network, publisher of Motor Trend and Automobile? (The TEN links, however, specify Bike magazine, one of the TEN mags to which I don’t subscribe; the rest of the links go to some obscure Tumblr.) And who is this “Stephany” whose picture I’m supposed to want to see?

The probability of someone actually coming on to me, or someone actually feeling feverish in my presence, is of course somewhere between negligible and nonexistent.

Comments (1)




Contains 10% genuine zip

“Borrow between $100 and $15,000 by tomorrow!” says Zippy Loan, sender of this particular spam. The hidden text, visible if you turn off HTML, is as follows:

The Roman world was divided for the time between these two men, Antony receiving the government of the East, Octavian that of the West. In the year which had preceded this division Cleopatra had wavered between the two opposite factions at Rome. In so doing she had excited the suspicion of Antony, and he now demanded of her an explanation. One must have some conception of Antony himself in order to understand the events that followed. He was essentially a soldier, of excellent family, being related to Caesar himself. As a very young man he was exceedingly handsome, and bad companions led him into the pursuit of vicious pleasure. He had scarcely come of age when he found that he owed the enormous sum of two hundred and fifty talents, equivalent to half a million dollars in the money of to-day. But he was much more than a mere man of pleasure, given over to drinking and to dissipation. Men might tell of his escapades, as when he drove about the streets of Rome in a common cab, dangling his legs out of the window while he shouted forth drunken songs of revelry. This was not the whole of Antony. Joining the Roman army in Syria, he showed himself to be a soldier of great personal bravery, a clever strategist, and also humane and merciful in the hour of victory. Unlike most Romans, Antony wore a full beard. His forehead was large, and his nose was of the distinctive Roman type. His look was so bold and masculine that people likened him to Hercules. His democratic manners endeared him to the army. He wore a plain tunic covered with a large, coarse mantle, and carried a huge sword at his side, despising ostentation. Even his faults and follies added to his popularity. He would sit down at the common soldiers’ mess and drink with them, telling them stories and clapping them on the back. He spent money like water, quickly recognizing any daring deed which his legionaries performed. In this respect he was like Napoleon; and, like Napoleon, he had a vein of florid eloquence which was criticized by literary men, but which went straight to the heart of the private soldier. In a word, he was a powerful, virile, passionate, able man, rough, as were nearly all his countrymen, but strong and true.

This particular block of text was swiped from Famous Affinities of History, Volume 1 by “Lyndon Orr,” one of several pseudonyms used by scholar Harry Thurston Peck (1856-1914), who after losing his major academic gig shuffled his way to the Slough of Despond, and ended his sorrows therein.

Still, that’s a better fate than I’d wish on a spammer, even a spammer with an email address of imbecility at calmreload.info.

Comments (2)




Winging it

Subject of a spam received yesterday: “Infinite legroom in a private jet charter.”

Infinite? Even if you’re outside sitting on the wing, it’s still finite. I don’t think you could pull this off even in a TARDIS.

Of the four proffered links, only two go to the alleged vendor: a third link goes to a PDF on whitehouse.gov (!) and the fourth to the Internal Revenue Service. Oddly, those two links are not visible in HTML mode, so I assume they’re provided to sneak past context filters.

Comments (4)




Hairier spam than usual

This popped up in the spam trap at the place where I work up my pony tales:

One idea is the fact an alteration with the gene might lead to an amino acid alteration of the TCCH protein which influences how straight or how tresses will appear to be. A number of helpful friends are essential to acquire the various for an upgrade. What was added towards the game caused it to be very enjoyable to learn, and gave additional items to suit your needs to have a great time backyard parties, which has been lacking prior to the addition of these things pack. The reason being these days what a lot of people do is follow trends blindly therefore get the latest trending in-fashion hair-styles and cuts that won’t suit them at all.

So, you really like her mane?

Comments




Um, not just yet

But you know somebody had to have bitten on this:

Has your credit card been stolen?

(Swiped from American Digest.)

Comments




A phish too far

First there was this:

RE: Account Number ACX85766463

This is to remind you of a payment from SpeedPay on 04/06/15.

>> Claim Your Money Here <<

Details regarding the transaction appear below:

Payment Date: 04.06.15
Payment Amount: $3353.25
Fee Amount: $49.00
Card Number: ***************

>> Claim Your Money Here <<

You haven't been charged anything.. Someone has just sent you money!

Um, no. Under “Claim Your Money Here” are standard-level (I presume) evil links.

Which wouldn’t have perturbed me, except that while that particular item was scoring just a hair too low to be caught in the mail filter, this one was trapped below:

Hey!

I wanna pay you to do simple stuff online.

==> Click Here to GO

You can make hundreds per day with nothing more than your HOME PC or MOBILE phone!

Contact me here please:

==> Click Here to GO

This is a PRIVATE message so please hurry as I’ll have no choice but to take it down soon…

==> Click Here to GO

The standard-level (I presume) evil links in that once, under (of course) “Click Here to GO,” are exactly the same as in the first spam, except for the very last character: these were obviously sent in sequence. Same alleged sender, too: “Mark Miller” (members -at- mylaptopblueprint.org). “Mark,” you old sonuvagun, you fail. Big time.

Comments




It’s been a while

But you may be sure that pitches like this still exist. Behold “STRICTLY BUSINESS FROM SENATOR JAMES”:

Attn: Please,

My name is Larry James, the chairman of the World Bank/United Nations delegates sent to African for auditing on foreign African reserve accounts for controlling the issue of money Laundering, Scam, and Bank Fraud with the African Government that has being going on. I am presently in Africa.

Pardon me for not having the pleasure of knowing your mindset before making you this offer and it is utterly confidential and genuine by virtue of its nature. I write to solicit your cooperation in allowing this sum US$20M be received into your account for our mutual benefits.

This fund was stashed out from the funds we recovered during our auditing with African Banks last year. So far, I have already submitted an approved end of the year report to the World Bank and United Nations and I have since then, placed this amount on a Non-Investment Account without a beneficiary with International Commercial Bank Plc Accra Ghana waiting for this time when the ICB will be having their International pay out bills. And I seek your partnership to humbly and sincerely work with me have this fund received into your account for our mutual benefits.

Upon your response, I will make arrangement with an insider of the Bank to configure your name on the Central Computer database under better arrangement as the holder of the Non-Investment Account and I will then guide you on how to apply for the Account Closure/ bank-to-bank remittance of the funds to your designated bank account.

Note: This Ten-man committee was appointed after the meeting held by the United Nation, African Union, IMF and African Apex Bank. Our assignment was to audit every African Bank foreign reserve accounts to know how much they are fairing with the economic standard and to know how much they owe foreigners of their contracts and inheritance fund which is the most reason we are assigned for this job including the foreign individual petitions and reports against African Government as towards the delays in receiving their funds after investment of much efforts.

Why I have contacted you is because we came across a detailed fund claim in your name without good measures and we were able to discover that this fund does not originally belonged to you after much scrutiny and we also believe that some people may wanted to use your name to claim some funds with African Government but due to their inabilities, they were unable to realize this fund before this event..

Not withstanding, we were able to recovered and return some funds to the United Nations after studding some foreign payment files, which most of their claims are not genuine and clearly stated since they have not good source of origin in the case of some malpractices by some Government officials to siphon Government funds with the help of their foreign partners, Therefore, since you have been established as one of foreign beneficiaries it will be easy to forward this claim in your favour as the true beneficiary , I would want your confidential cooperation to have this fund wired into your account and after that, we will share the proceeds 50-50. If you concur with this proposal, Reply ASAP.

Thanks,
Chairman Committee Mr. Larry James,
United Nations.
World Bank Group.

I’m not quite sure this qualifies as phishing, as neither link nor snail-mail address is given, and James’ alleged email address (though not the Reply-To address) is test -at- friendlessanimals.com. You’d think a weasel pretending to hand out money would have lots of friends.

Comments (1)




You want that with fries?

The title of this spam was nothing remarkable: “Attention: Our Lowest Home-Rates Expire 3-25-15.” (And a possibly amusing domain: loancashbefore.work.) But this was the text hidden behind the HTML:

The fries themselves are not bad … a bit plain maybe, but not bad. The creamy spicy tuna dipping sauce they serve with the fries is stupidly bad. That stuff doesn’t even belong on sushi; on fries it’s ridiculous and downright trashy. If you like that stuff, stop having sex with your cousin. I’d like house-made mayo or aioli options, or even a really refined, light, bbq sauce seems like it would pair well against the slaw. Traditional ketchup, for me, is a no and their whole grain dijon is meh.

If this was swiped from somewhere, and I always assume it is, I didn’t find the source.

Comments (2)




Necroses are red, my love

There’s nothing special about this spam subject: “Protect Your Wallet and Your Floors — 35% Off.” Nor is the content anything remarkable, although there is an Unsubscribe address in some Las Vegas boiler room, and some of it is vaguely related to stuff one might use to protect a floor. But this email address is a killer: cavemen@bubonicplaguesynonumsantonums.com. Even better, that’s a real domain: there are links to it in the message, and Whois, as it should, coughs up the registration details.

Oh, and since I used the Whois at Network Solutions, NSI was happy to offer me the similar-ish bubonicplaguesymptoms.com for a trifling $14,000.

Comments




Despamination

I’ve mentioned before that in the 1980s I was a customer of MCI Mail, one of the commercial email pioneers. (Actually, I was two customers of MCI Mail, with an account for myself and another for a pseudonym.) And at half a buck for each message, plus $35 a year for a mailbox, spamming was too expensive to undertake.

I don’t know if Warren Meyer was ever on MCI Mail, but he’s been pointing out the same sort of thing for many years:

Long ago I proposed that (and I am not sure how to do this technically) emails should cost $0.001, or a tenth of a cent, to send. For you and I, say if we sent 200 emails a day (an email copied to 5 people would be 5 emails for this purpose) it would cost us 20 cents a day or about $75 a year, not much more than we pay for security software and updates. But if you could make it work, spam would be reduced drastically. No way there is any profit in sending an email for $.001 for an expected return of $.0002.

Now Meyer runs a business, so you may safely assume he sends a lot more email than I do; in fact, my Sent Items folder contains 9,000 items — but it goes back to 1997. By this time, I’d left MCI, else I’d have been out several thousand dollars before they folded the system in 2003.

The key, of course, is “if you could make it work”:

I have no idea in the current structure of the Internet how one would even do this. The charge would have to come from the receiving end, somehow refusing to deliver it if it does not get payment information.

I’d guess that the receiving end would have to subscribe to some sort of service to intercept incoming mail, and presumably there’d be some sort of feature with which you could whitelist friends and (some) relatives. So this scheme would likely not put any money in your pocket — but the idea of putting spammers out of business remains high on my list of desiderata.

Comments




Your grandmother’s phish

It’s been a while since something this blatant came down the wire:

Sorry for the delays towards making the payment, Please see attachment for proof of payment by verifying your email and password through the attached outlook duc transfer page to access the POP. Kindly confirm payment. Thanks CFO Sharon Williams

The “transfer page,” cleverly named “Wire Receipt.htm,” is some Base64-encoded garbage that I am not about to look at.

Weird aspects of this mailing:

  • Sender is identified as “Sharon Smith,” not “Williams,” though the email address given is sharonw at stantrade.com.
  • This line appears in the header:
    X-Source-Args: /usr/bin/php /home/tcfofcha/public_html/mc.php

Is it possible that these folks have been hijacked?

Comments (1)




Purely by coincidence

I don’t think there’s anything particularly unusual about this sales pitch:

Last 10X Longer In Bed
It has never felt so good

And they’d like you to think that “10X” is being cautious, because:

I took this on Valentines Day and went from lasting 2 minutes to over 35.

So: a factor of seventeen, then?

I wouldn’t have noticed it at all, in fact, except for the minor detail that the bogus name they conjured up for the sender accidentally duplicated the name of someone I never actually took to bed — but might have wanted to.

Comments




Embiggenment resisted

The March Consumer Reports has a page called “How to Win at E-Mail,” which struck me as odd: the only way to win, says the server looking over my shoulder, is not to play. Still, some of the statistics seemed valid, especially this one:

2 in 5 Americans have received email in the past year promising to enhance their libido or certain parts of their anatomy. (It annoys women more than men.)

I thought nothing annoyed women more than men; I know I’ve annoyed several.

But I understand why women object to this sort of thing, since the “certain part” most commonly specified is one they genitally generally lack.

Comments (1)




Not the best approach

Obviously I’m not the only person who gets spam. I usually don’t reply to it, though:

Then again, her initial reaction was less kindly:

Stabbiness is not an uncommon reaction to particularly noxious spammage.

Comments (1)




They wish to register a complaint

The following item, claimed to be from complaints@irs.gov — oddly, it seems to have originated in Italy — landed in my email box, though it had been addressed to someone entirely different:

Dear business owner,

A criminal complaint has been filled against your company.

Your company is being accused of trying to commit tax evasion schemes.

The full text of the complaint file ( .DOC type ) can be viewed in your Microsoft Word, complaint is attached.

AN official response from your part is required, in order to take further action.

Please review the charges brought forward in the complaint file, and contact us as soon as possible by:

Telephone Assistance for Businesses: Toll-Free, 1-800-829-4933
Email: complaints@irs.gov

Thank you,
Internal Revenue Service Fraud Prevention Department

I need hardly point out that were this an actual criminal complaint, you’d get something a lot more emphatic than a badly worded email with a spam score over 5.

I did not, of course, look at the Word document, which presumably carries the payload.

Comments (3)




Recipient has no game

Received last night: a reasonably careful replica of an actual iTunes Store invoice. Since I hadn’t bought anything from the iTunes Store in the last week or so, I knew this was a fake. And this is what I’m supposed to have bought:

Space Qube

About this game:

Space Qube is a voxel based retro style shooting game which also allows the players to create everything they can image in the game using voxel.

There’s a lot to be said for retro shooters. And this was said:

SpaceQube will be free on iTunes store soon. Then it will be ported to Windows 8, Windows Phone 8 and maybe Android.

In the meantime, it’s $2.99, which is nowhere near the £38.59 asked by the forgers of the invoice.

Comments




Waiting for .gresham

The .click top-level domain is perfectly legitimate and open to all:

The reason .CLICK is such an attractive choice for a TLD is because it encompasses a highly used Internet buzzword, increasing memorability and functionality. But, because “click” also has a multitude of positive meanings, from getting along, to fitting together, is [sic] also works to create positive associations. This TLD is an open registry, meaning any individual, group, or business may register a .CLICK domain, making this extension choice flexible, memorable, unique, and marketable.

I have yet to see an actual .click site, though links to several of them have already shown up in my spam trap, substantially diminishing my “positive associations.”

Comments




Say hello, Bob

Up to this point, pretty much all the spammers putatively offering sexual services of one sort or another have claimed to be persons of the female persuasion. Then there’s “Robert,” who sent me this Thursday night:

My name is Robert, and this is the first time I write to a guy first. But I find you attractive and would like to chat about your interests.

Historically, men who find me appealing have been even rarer than women who find me appealing, so this was amusing for about forty-five seconds.

Comments (4)




A little slow on the meme there

I found this floating around a Facebook page I am alleged to have liked:

Attempted meme: Bought a penis enhancement device on eBay, bastards sent me a magnifying glass

Regular readers will know that something like this has already happened, though it happened some place other than eBay.

And is embiggenment truly an enhancement? (I suspect all the guys, and perhaps some of the girls, are nodding Yes.)

Comments




Disorder confirmation

You know, if I’d actually ordered this, I think I’d have known about it:

Phishing scam disguised as an Amazon.com confirmation

The bad bit of character encoding (in “We’ll”) gives it away, even if you don’t look at the three links, all of which go to the same bit.ly URL that I have no reason to trust. Besides, Amazon doesn’t collect tax for this state — see “use tax” — and if they did, it wouldn’t be a mere 6.75 percent. (Actually, the state rate is 4.5, but city and county taxes exist, and where I live, it’s a total of 8.375, though none of that is assessed by the county.)

Comments (4)




Seeming incompatibility

Subject line on a spam received last night: iPad Owners Overjoyed by Revolutionary Keyboard. Second One 1/2 Off.

Actual text of the spam:

Just Fresh Direct Unfiltered Olio Novello. Imported straight from Italy within one week of pressing, this oil is delicious enough to drizzle on bruschetta but affordable enough to use in cooking, too. (Note: Only available in select markets).

I, for one, do not look forward to keyboards that can be drizzled.

Comments




Thieves vying for honor points

Received in the spam trap yesterday afternoon:

Hi there! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

This might have carried more weight had the “author” been identified as something other than “buy litecoin With credit card no verification.”

Comments




Focused attack

Usually comment spam is just slopped onto the place without any particular regard to where it may land. Which concerns me when it isn’t:

Spam screenshot

I mean, really, what did McGehee do to deserve this?

Comments (2)