Archive for Scams and Spams

You misspelled “schmuck”

This showed up in the mail yesterday, ostensibly from Dropbox:

– This mail is in HTML. Some elements may be ommited in plain text. –

Hello chaz@dustbury.com
A PDF file classified as important has been sent to you.

From: J.M. Smucker Co.
Subject:
Major Product Areas
website; www.smucker.com

Um, no. One of the things that’s “ommited” in plain text is a Sneaky Link, which does not, I assure you, go back to Smucker’s: it’s pointed toward a subdirectory on a hijacked WordPress site.

And regarding the post title, Nancy Friedman reminds me:

The sch- spelling … is German rather than Yiddish.

Just to make sure that’s on the record, you know.

Comments




Google just being Google

It’s been a long time since “Don’t be evil” was supplanted by “Don’t be unobtrusive,” so I wasn’t entirely surprised to see this come down the timeline:

I scoffed for public consumption, then hit up the surfer dudes who host this site for suggestions, since broadside isn’t even a mail server fercrissake. Said they, did you know that the WordPress wp_mail() function, as used in emailing subscribers, is totally devoid of authentication?

[facepalm]

They suggested a plugin to route the mail through a proper SMTP server, and since I have one of those servers, they were happy to tell me all the settings that would be necessary. I had everything in place by four-thirty. So if you’ve been having to fish updates out of the Gmail spam folder, perhaps this will persuade Google to quit acting like the grand high muckety-mucks of the frigging Internet just this once. Maybe.

Comments




External combustion

Someone named “Bethanie Beason” — no, wait, it’s “Beason Bethanie” — writes me, addresses me by name, and asks: “Have you noticed you set my body on fire?”

It’s just the hives. You’ll get over it.

Oh, by the way, “Bethanie,” if that is your real name, why does your email come with a footer from TEN: The Enthusiast Network, publisher of Motor Trend and Automobile? (The TEN links, however, specify Bike magazine, one of the TEN mags to which I don’t subscribe; the rest of the links go to some obscure Tumblr.) And who is this “Stephany” whose picture I’m supposed to want to see?

The probability of someone actually coming on to me, or someone actually feeling feverish in my presence, is of course somewhere between negligible and nonexistent.

Comments (1)




Contains 10% genuine zip

“Borrow between $100 and $15,000 by tomorrow!” says Zippy Loan, sender of this particular spam. The hidden text, visible if you turn off HTML, is as follows:

The Roman world was divided for the time between these two men, Antony receiving the government of the East, Octavian that of the West. In the year which had preceded this division Cleopatra had wavered between the two opposite factions at Rome. In so doing she had excited the suspicion of Antony, and he now demanded of her an explanation. One must have some conception of Antony himself in order to understand the events that followed. He was essentially a soldier, of excellent family, being related to Caesar himself. As a very young man he was exceedingly handsome, and bad companions led him into the pursuit of vicious pleasure. He had scarcely come of age when he found that he owed the enormous sum of two hundred and fifty talents, equivalent to half a million dollars in the money of to-day. But he was much more than a mere man of pleasure, given over to drinking and to dissipation. Men might tell of his escapades, as when he drove about the streets of Rome in a common cab, dangling his legs out of the window while he shouted forth drunken songs of revelry. This was not the whole of Antony. Joining the Roman army in Syria, he showed himself to be a soldier of great personal bravery, a clever strategist, and also humane and merciful in the hour of victory. Unlike most Romans, Antony wore a full beard. His forehead was large, and his nose was of the distinctive Roman type. His look was so bold and masculine that people likened him to Hercules. His democratic manners endeared him to the army. He wore a plain tunic covered with a large, coarse mantle, and carried a huge sword at his side, despising ostentation. Even his faults and follies added to his popularity. He would sit down at the common soldiers’ mess and drink with them, telling them stories and clapping them on the back. He spent money like water, quickly recognizing any daring deed which his legionaries performed. In this respect he was like Napoleon; and, like Napoleon, he had a vein of florid eloquence which was criticized by literary men, but which went straight to the heart of the private soldier. In a word, he was a powerful, virile, passionate, able man, rough, as were nearly all his countrymen, but strong and true.

This particular block of text was swiped from Famous Affinities of History, Volume 1 by “Lyndon Orr,” one of several pseudonyms used by scholar Harry Thurston Peck (1856-1914), who after losing his major academic gig shuffled his way to the Slough of Despond, and ended his sorrows therein.

Still, that’s a better fate than I’d wish on a spammer, even a spammer with an email address of imbecility at calmreload.info.

Comments (2)




Winging it

Subject of a spam received yesterday: “Infinite legroom in a private jet charter.”

Infinite? Even if you’re outside sitting on the wing, it’s still finite. I don’t think you could pull this off even in a TARDIS.

Of the four proffered links, only two go to the alleged vendor: a third link goes to a PDF on whitehouse.gov (!) and the fourth to the Internal Revenue Service. Oddly, those two links are not visible in HTML mode, so I assume they’re provided to sneak past context filters.

Comments (4)




Hairier spam than usual

This popped up in the spam trap at the place where I work up my pony tales:

One idea is the fact an alteration with the gene might lead to an amino acid alteration of the TCCH protein which influences how straight or how tresses will appear to be. A number of helpful friends are essential to acquire the various for an upgrade. What was added towards the game caused it to be very enjoyable to learn, and gave additional items to suit your needs to have a great time backyard parties, which has been lacking prior to the addition of these things pack. The reason being these days what a lot of people do is follow trends blindly therefore get the latest trending in-fashion hair-styles and cuts that won’t suit them at all.

So, you really like her mane?

Comments




Um, not just yet

But you know somebody had to have bitten on this:

Has your credit card been stolen?

(Swiped from American Digest.)

Comments




A phish too far

First there was this:

RE: Account Number ACX85766463

This is to remind you of a payment from SpeedPay on 04/06/15.

>> Claim Your Money Here <<

Details regarding the transaction appear below:

Payment Date: 04.06.15
Payment Amount: $3353.25
Fee Amount: $49.00
Card Number: ***************

>> Claim Your Money Here <<

You haven't been charged anything.. Someone has just sent you money!

Um, no. Under “Claim Your Money Here” are standard-level (I presume) evil links.

Which wouldn’t have perturbed me, except that while that particular item was scoring just a hair too low to be caught in the mail filter, this one was trapped below:

Hey!

I wanna pay you to do simple stuff online.

==> Click Here to GO

You can make hundreds per day with nothing more than your HOME PC or MOBILE phone!

Contact me here please:

==> Click Here to GO

This is a PRIVATE message so please hurry as I’ll have no choice but to take it down soon…

==> Click Here to GO

The standard-level (I presume) evil links in that once, under (of course) “Click Here to GO,” are exactly the same as in the first spam, except for the very last character: these were obviously sent in sequence. Same alleged sender, too: “Mark Miller” (members -at- mylaptopblueprint.org). “Mark,” you old sonuvagun, you fail. Big time.

Comments




It’s been a while

But you may be sure that pitches like this still exist. Behold “STRICTLY BUSINESS FROM SENATOR JAMES”:

Attn: Please,

My name is Larry James, the chairman of the World Bank/United Nations delegates sent to African for auditing on foreign African reserve accounts for controlling the issue of money Laundering, Scam, and Bank Fraud with the African Government that has being going on. I am presently in Africa.

Pardon me for not having the pleasure of knowing your mindset before making you this offer and it is utterly confidential and genuine by virtue of its nature. I write to solicit your cooperation in allowing this sum US$20M be received into your account for our mutual benefits.

This fund was stashed out from the funds we recovered during our auditing with African Banks last year. So far, I have already submitted an approved end of the year report to the World Bank and United Nations and I have since then, placed this amount on a Non-Investment Account without a beneficiary with International Commercial Bank Plc Accra Ghana waiting for this time when the ICB will be having their International pay out bills. And I seek your partnership to humbly and sincerely work with me have this fund received into your account for our mutual benefits.

Upon your response, I will make arrangement with an insider of the Bank to configure your name on the Central Computer database under better arrangement as the holder of the Non-Investment Account and I will then guide you on how to apply for the Account Closure/ bank-to-bank remittance of the funds to your designated bank account.

Note: This Ten-man committee was appointed after the meeting held by the United Nation, African Union, IMF and African Apex Bank. Our assignment was to audit every African Bank foreign reserve accounts to know how much they are fairing with the economic standard and to know how much they owe foreigners of their contracts and inheritance fund which is the most reason we are assigned for this job including the foreign individual petitions and reports against African Government as towards the delays in receiving their funds after investment of much efforts.

Why I have contacted you is because we came across a detailed fund claim in your name without good measures and we were able to discover that this fund does not originally belonged to you after much scrutiny and we also believe that some people may wanted to use your name to claim some funds with African Government but due to their inabilities, they were unable to realize this fund before this event..

Not withstanding, we were able to recovered and return some funds to the United Nations after studding some foreign payment files, which most of their claims are not genuine and clearly stated since they have not good source of origin in the case of some malpractices by some Government officials to siphon Government funds with the help of their foreign partners, Therefore, since you have been established as one of foreign beneficiaries it will be easy to forward this claim in your favour as the true beneficiary , I would want your confidential cooperation to have this fund wired into your account and after that, we will share the proceeds 50-50. If you concur with this proposal, Reply ASAP.

Thanks,
Chairman Committee Mr. Larry James,
United Nations.
World Bank Group.

I’m not quite sure this qualifies as phishing, as neither link nor snail-mail address is given, and James’ alleged email address (though not the Reply-To address) is test -at- friendlessanimals.com. You’d think a weasel pretending to hand out money would have lots of friends.

Comments (1)




You want that with fries?

The title of this spam was nothing remarkable: “Attention: Our Lowest Home-Rates Expire 3-25-15.” (And a possibly amusing domain: loancashbefore.work.) But this was the text hidden behind the HTML:

The fries themselves are not bad … a bit plain maybe, but not bad. The creamy spicy tuna dipping sauce they serve with the fries is stupidly bad. That stuff doesn’t even belong on sushi; on fries it’s ridiculous and downright trashy. If you like that stuff, stop having sex with your cousin. I’d like house-made mayo or aioli options, or even a really refined, light, bbq sauce seems like it would pair well against the slaw. Traditional ketchup, for me, is a no and their whole grain dijon is meh.

If this was swiped from somewhere, and I always assume it is, I didn’t find the source.

Comments (2)




Necroses are red, my love

There’s nothing special about this spam subject: “Protect Your Wallet and Your Floors — 35% Off.” Nor is the content anything remarkable, although there is an Unsubscribe address in some Las Vegas boiler room, and some of it is vaguely related to stuff one might use to protect a floor. But this email address is a killer: cavemen@bubonicplaguesynonumsantonums.com. Even better, that’s a real domain: there are links to it in the message, and Whois, as it should, coughs up the registration details.

Oh, and since I used the Whois at Network Solutions, NSI was happy to offer me the similar-ish bubonicplaguesymptoms.com for a trifling $14,000.

Comments




Despamination

I’ve mentioned before that in the 1980s I was a customer of MCI Mail, one of the commercial email pioneers. (Actually, I was two customers of MCI Mail, with an account for myself and another for a pseudonym.) And at half a buck for each message, plus $35 a year for a mailbox, spamming was too expensive to undertake.

I don’t know if Warren Meyer was ever on MCI Mail, but he’s been pointing out the same sort of thing for many years:

Long ago I proposed that (and I am not sure how to do this technically) emails should cost $0.001, or a tenth of a cent, to send. For you and I, say if we sent 200 emails a day (an email copied to 5 people would be 5 emails for this purpose) it would cost us 20 cents a day or about $75 a year, not much more than we pay for security software and updates. But if you could make it work, spam would be reduced drastically. No way there is any profit in sending an email for $.001 for an expected return of $.0002.

Now Meyer runs a business, so you may safely assume he sends a lot more email than I do; in fact, my Sent Items folder contains 9,000 items — but it goes back to 1997. By this time, I’d left MCI, else I’d have been out several thousand dollars before they folded the system in 2003.

The key, of course, is “if you could make it work”:

I have no idea in the current structure of the Internet how one would even do this. The charge would have to come from the receiving end, somehow refusing to deliver it if it does not get payment information.

I’d guess that the receiving end would have to subscribe to some sort of service to intercept incoming mail, and presumably there’d be some sort of feature with which you could whitelist friends and (some) relatives. So this scheme would likely not put any money in your pocket — but the idea of putting spammers out of business remains high on my list of desiderata.

Comments




Your grandmother’s phish

It’s been a while since something this blatant came down the wire:

Sorry for the delays towards making the payment, Please see attachment for proof of payment by verifying your email and password through the attached outlook duc transfer page to access the POP. Kindly confirm payment. Thanks CFO Sharon Williams

The “transfer page,” cleverly named “Wire Receipt.htm,” is some Base64-encoded garbage that I am not about to look at.

Weird aspects of this mailing:

  • Sender is identified as “Sharon Smith,” not “Williams,” though the email address given is sharonw at stantrade.com.
  • This line appears in the header:
    X-Source-Args: /usr/bin/php /home/tcfofcha/public_html/mc.php

Is it possible that these folks have been hijacked?

Comments (1)




Purely by coincidence

I don’t think there’s anything particularly unusual about this sales pitch:

Last 10X Longer In Bed
It has never felt so good

And they’d like you to think that “10X” is being cautious, because:

I took this on Valentines Day and went from lasting 2 minutes to over 35.

So: a factor of seventeen, then?

I wouldn’t have noticed it at all, in fact, except for the minor detail that the bogus name they conjured up for the sender accidentally duplicated the name of someone I never actually took to bed — but might have wanted to.

Comments off




Embiggenment resisted

The March Consumer Reports has a page called “How to Win at E-Mail,” which struck me as odd: the only way to win, says the server looking over my shoulder, is not to play. Still, some of the statistics seemed valid, especially this one:

2 in 5 Americans have received email in the past year promising to enhance their libido or certain parts of their anatomy. (It annoys women more than men.)

I thought nothing annoyed women more than men; I know I’ve annoyed several.

But I understand why women object to this sort of thing, since the “certain part” most commonly specified is one they genitally generally lack.

Comments (1)




Not the best approach

Obviously I’m not the only person who gets spam. I usually don’t reply to it, though:

Then again, her initial reaction was less kindly:

Stabbiness is not an uncommon reaction to particularly noxious spammage.

Comments (1)




They wish to register a complaint

The following item, claimed to be from complaints@irs.gov — oddly, it seems to have originated in Italy — landed in my email box, though it had been addressed to someone entirely different:

Dear business owner,

A criminal complaint has been filled against your company.

Your company is being accused of trying to commit tax evasion schemes.

The full text of the complaint file ( .DOC type ) can be viewed in your Microsoft Word, complaint is attached.

AN official response from your part is required, in order to take further action.

Please review the charges brought forward in the complaint file, and contact us as soon as possible by:

Telephone Assistance for Businesses: Toll-Free, 1-800-829-4933
Email: complaints@irs.gov

Thank you,
Internal Revenue Service Fraud Prevention Department

I need hardly point out that were this an actual criminal complaint, you’d get something a lot more emphatic than a badly worded email with a spam score over 5.

I did not, of course, look at the Word document, which presumably carries the payload.

Comments (3)




Recipient has no game

Received last night: a reasonably careful replica of an actual iTunes Store invoice. Since I hadn’t bought anything from the iTunes Store in the last week or so, I knew this was a fake. And this is what I’m supposed to have bought:

Space Qube

About this game:

Space Qube is a voxel based retro style shooting game which also allows the players to create everything they can image in the game using voxel.

There’s a lot to be said for retro shooters. And this was said:

SpaceQube will be free on iTunes store soon. Then it will be ported to Windows 8, Windows Phone 8 and maybe Android.

In the meantime, it’s $2.99, which is nowhere near the £38.59 asked by the forgers of the invoice.

Comments off




Waiting for .gresham

The .click top-level domain is perfectly legitimate and open to all:

The reason .CLICK is such an attractive choice for a TLD is because it encompasses a highly used Internet buzzword, increasing memorability and functionality. But, because “click” also has a multitude of positive meanings, from getting along, to fitting together, is [sic] also works to create positive associations. This TLD is an open registry, meaning any individual, group, or business may register a .CLICK domain, making this extension choice flexible, memorable, unique, and marketable.

I have yet to see an actual .click site, though links to several of them have already shown up in my spam trap, substantially diminishing my “positive associations.”

Comments off




Say hello, Bob

Up to this point, pretty much all the spammers putatively offering sexual services of one sort or another have claimed to be persons of the female persuasion. Then there’s “Robert,” who sent me this Thursday night:

My name is Robert, and this is the first time I write to a guy first. But I find you attractive and would like to chat about your interests.

Historically, men who find me appealing have been even rarer than women who find me appealing, so this was amusing for about forty-five seconds.

Comments (4)




A little slow on the meme there

I found this floating around a Facebook page I am alleged to have liked:

Attempted meme: Bought a penis enhancement device on eBay, bastards sent me a magnifying glass

Regular readers will know that something like this has already happened, though it happened some place other than eBay.

And is embiggenment truly an enhancement? (I suspect all the guys, and perhaps some of the girls, are nodding Yes.)

Comments off




Disorder confirmation

You know, if I’d actually ordered this, I think I’d have known about it:

Phishing scam disguised as an Amazon.com confirmation

The bad bit of character encoding (in “We’ll”) gives it away, even if you don’t look at the three links, all of which go to the same bit.ly URL that I have no reason to trust. Besides, Amazon doesn’t collect tax for this state — see “use tax” — and if they did, it wouldn’t be a mere 6.75 percent. (Actually, the state rate is 4.5, but city and county taxes exist, and where I live, it’s a total of 8.375, though none of that is assessed by the county.)

Comments (4)




Seeming incompatibility

Subject line on a spam received last night: iPad Owners Overjoyed by Revolutionary Keyboard. Second One 1/2 Off.

Actual text of the spam:

Just Fresh Direct Unfiltered Olio Novello. Imported straight from Italy within one week of pressing, this oil is delicious enough to drizzle on bruschetta but affordable enough to use in cooking, too. (Note: Only available in select markets).

I, for one, do not look forward to keyboards that can be drizzled.

Comments off




Thieves vying for honor points

Received in the spam trap yesterday afternoon:

Hi there! Do you know if they make any plugins to protect against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

This might have carried more weight had the “author” been identified as something other than “buy litecoin With credit card no verification.”

Comments off




Focused attack

Usually comment spam is just slopped onto the place without any particular regard to where it may land. Which concerns me when it isn’t:

Spam screenshot

I mean, really, what did McGehee do to deserve this?

Comments (2)




The usual blondishments

Actually, we don’t know her hair color, but I assume by default that every word of this spam is bogus:

I was browsing and saw your profile and just had to contact you

This might seem crazy but I thought you were cute and have to know if you are dating anyone?

Even if you are.. we should chat because I think I am someone you could have a good time with.

Lets chat on facebook and Ill tell you more. I can show you some of my latest photos. I think you will really like what you see.

Hit me up on messenger soon and lets hookup.

You can get my profile and contact details here.

Chat soon

xoxo Katie

There follows, concealed by text color if I were dumb enough to read HTML mail, about twenty lines of pure word salad. “Here” yields up an address at privatelymessage.me.

Comments off




Discreet petite

This wandered into my email box:

The #1 rule if you’re having an affair

Never do it with a single woman. Instead, date a married woman who has just as much reason to keep it a secret as you do.

(“Me and Mrs. Jones,” explained Billy Paul.)

Why did I get this?

You are receiving this message because you opted in to *insert web address of list*

Apparently Cyprus, whence this came, is not up on the latest deceptive techniques — which can’t possibly help them selling a “service” like this.

Comments (2)




Meanwhile across the hall

Received at another site I run:

This motor is a blower that pulls fresh air from the outdoors, through the heat chamber and back out to the outdoors. 2) A mockingbird has limitless songs, and no two mockingbirds sound alike. To me, that is what spring maintenance is all about.

If there’s a lesson here, it’s this: don’t put the exhaust vent next to a bird’s nest.

Comments off




Monetizing the egregiousness

Lynn has an idea for dealing with comment spam, and like most such ideas, it springs from frustration:

Comment spam has been really horrendous lately. I used to get, usually, no more than 20 a day. Since last Saturday it’s been 300 – 500 a day! The first time comment moderation is stopping it all but I still have to take the time to delete all of them.

That certainly qualifies as “horrendous.” (I’ve had just over 600 this month. Then again, I have several thousand IPs blocked on general principle.)

Someone once said that spammers should be crucified alongside the highways. Right now that seems like a pretty good idea.

That someone was Eric Scheie of Classical Values, about 11 years ago. The original post has vanished from Blogspot, as posts will sometimes do, but I excerpted the money quote here.

But then I think, why litter the countryside with so much garbage. Let’s just publish their real names and addresses. But then I think, no I have a better idea. Let’s make them pay. Literally. Someone needs to come up with a system to automatically charge spammers by the minute, with the proceeds going to the website owner, minus a small percentage to maintain the system. Five cents for each minute until the spam comment is deleted, even if it is held in the moderation queue for that time. I would be wealthy!

Hmmm. If this ever comes to pass, I’m going to have to unblock several thousand IPs on general principle.

Note: The wp-ban plugin, used here, has turned away approximately 530,000 attempts to dump stuff here before it ever gets to Akismet, which has rejected 36,000 on its own. It is not infallible — no software is — but I’m not getting 300-500 spams a day either.

Comments (2)




This swan is already dead

In this morning’s spam heap, an improbable offer:

Anna Pavlova has sent you a message.
=========================
Message ID #3184324
=========================
Date: 10-16-14.
=========================
Username:  chaz@dustbury.com 
=========================
Password:   [redacted]
=========================

Chat with Anna Pavlova today.  Follow these instructions

-1- Go here http://gonow.mumob.com

-2- Enter your communication mode.

-3- Meet Anna Pavlova today.

It did not help that pretty much the same message (different message ID, marginally different “password”) was sent to one of my other email addresses.

Still, who among us with a peripheral interest in dance wouldn’t want a chance to chat with Anna Pavlova?

Comments (3)