July 29, 2009Spam Pie
Perhaps it's a sign of these economic times. A small New Jersey-based bakery with an online presence—and perhaps desperate to increase sales—sent the following unsolicited email message:
Subject: SWEET POTATO PIES AND MORE
BEAN PIES, SWEET POTATO PIES, CARROT PIES AND BUTTERNUT SQUASH PIES
ORDER YOUR FRESH BAKED PIES TODAY. FREE PIE WITH YOUR ORDER.
ORDER TODAY AND RECEIVE FREE PRIORITY SHIPPING.
The domain name is very bakery-like and has been around for just over one year.
This spam campaign appears to have been very much a roll-your-own effort. Aside from the lack of CAN-SPAM compliance (let me count the ways), the sender transmitted the message through a local (i.e., northern New Jersey) Verizon internet account. The Message-ID: header field included the name of the PC used to originate the message. The PC's name included the full name of the owner of the bakery (according to a local business directory).
The possible scenarios that led this small business owner down the spam path are too numerous to imagine. But somewhere along the line, he had to buy a list of email addresses and perhaps some bullshit "online marketing" program from a huckster. If enough complaints come into Verizon, he could lose his account entirely. If he keeps it up, some ISP could go after him on CAN-SPAM violations.
Can you hear one of your pies as it hurls toward you own face?Posted on July 29, 2009 at 09:54 AM
July 24, 2009Diploma Spam Surge
I've been seeing a recent upswing in spam touting fake university diplomas. There's nothing unusual here, modeled on the same tactics used for years. Here's a sample, brought to you by a botnetted PC in Brazil:
From: Erin <[bogusUserName]@msn.com>
Subject: Get your Diploma Today!
No Exams! No Study! No Classes!
Lines are Open 24 x 7
That's a Salt Lake City, Utah area phone number. Although I dare not call it (for reasons described in Spam Wars), if it follows the usual M.O. for diploma spammers, the number is to an automated answering service. You'll be asked to record your name and phone number so the crook (not named "Alice") can call you later.
I got a kick out of the "Prestigious University" phrase. That must be the actual name of the university on the diploma. Good ol' PU, whose football team is known as the Fightin' Scammers. Go PU!!!Posted on July 24, 2009 at 12:20 PM
July 15, 2009Cue "Mission Impossible" Theme Music
Here's another variation on the 419 email message that invokes the United Nations to lend credibility to an outright scam (previous posts here and here). This time, however, we get the intrigue of a "Diplomatic Attaché", who, believing he is carrying sensitive photographic film (shh, don't tell him otherwise), will supposedly visit your house with sealed boxes of cash.
I am Lt General Sam Edwards National Special Adviser,I am delighted to inform you that the contract panel, which just concluded it seating in our department just released your name amongst contractors to benefit from the Diplomatic Immunity Payment. This Panel was primarily delegated to investigate manipulated contract claims,contracts and over-invoiced payment as the effect has eaten deep into the economy of our dear country here in UNITED KINGDOM UK..
However, we wish to bring to your notice that your contract profile is still reflecting in our central computer as as it was instructed by the UNITED NATION unpaid contractor while auditing was going on. Your contract file was forwarded to my office by the auditors as unclaimed fund, we wish to use this medium to inform you that for the time being Federal Government have stopped further payment through bank to bank transfer due to contractors numerous petitions to United Nations against banks on wrong payment and diversion of contract funds to different account.
In this regards we are going to send your contract part payment of $10.100,000.00 Million USD.To you via our accredited shipping company via diplomatic means and I have secured every needed documents to cover the money. Note: The money is coming on 2 security proof boxes. The boxes are sealed with synthetic nylon seal and padded with machine.
Please you don't have to worry for anything, as the transaction is 100% risk free. The boxes are coming with a Diplomatic agent who will accompany the boxes to your house address. All you need to do now is to send to me your full house address and your identity such as, international Passport or drivers license and your mobile phone and telephone number, The Diplomatic Attach? will travel with it. He will call you immediately he arrives your country's airport. I hope you understand me.
Note: The diplomat does not know the original contents of the boxes. What we declared to them as the contents is Sensitive Photographic Film Materials for security reasons.I did not declare money to them please. If they call you and ask you the contents please tell them the same thing. email ([removed]@mail2broker.com) I will let you know how far I have gone with the arrangement. I will secure the Diplomatic immunity clearance certificate, which will make it pass every custom checkpoint all over the world without hitch. Confirm the receipt of this message and send the requirements to me immediately you receive this message. Please I need urgent reply because the boxes are schedule to live as soon as we hear from you. Call me immediately.
1)YOUR FULL NAME
2)PHONE AND FAX NUMBER
3)ADDRESS WHERE YOU WOULD LIKE TO RECEIVE YOUR FUND
4)YOUR AGE AND CURRENT OCCUPATION
5)A COPY OF YOUR IDENTITY
Lt General Sam Edwards.
National Security Adviser.
Note: Make sure you reply and forward the needed information to this email address:[removed]@mail2broker.com
Even if you don't pay a cent to this scammer (I guarantee you that this phony baloney transaction won't avoid some "hitches" that need upfront grease payments from you), your first response will include enough information for your identity to be lifted. Then the only people coming to your house will be the men in white jackets, as they carry your blathering being to the loony bin.
July 13, 2009More 419 Return Email Address Laughs
I've commented many times how 419 crooks — whether they claim to be Nigerian princes or European lottery administrators — use free email accounts as their points of contact. I therefore got a huge chuckle from a phony lottery sent under the guises of Microsoft, Yahoo, and Google combined:
MICROSOFT YAHOO GOOGLE LOTTERY PROMOTION
2nd Floor Chiltern House, St Nicholas Court
25 - 27 Castlegate, Nottingham NG1 7AR,
Dear Lucky Winner,
We happily announce to you the result of the Microsoft, Yahoo and Google Lottery draws held on Saturday 5th July 2009, Lotto 6/49 in Essex, United Kingdom. All participants were selected randomly from World Wide Web site through computer draws system and extracted from over 100,000.00 companies and personal e-mail addresses.
Your e-mail address attached to ticket number: B9564 7560 with serial number 046560 drew the winning numbers 6 7 14 16 17 27 Bonus 32. You have therefore been approved to claim a total sum of L500,000.00 (FIVE HUNDRED THOUSAND POUNDS STERLING) in cash credited to file EAAL/9080118308/08.
To file for your claim, please contact your corresponding Fiduciary Claim Agent (Mr. James David) immediately you get this message for quick and urgent release of your fund.
Contact information is as follow:
Mr. James David
Phone Number: +44[removed]
[more standard 419 blather deleted for your sanity.]
You'd think that if this clown had any sense of being considered real, he'd get a free email address from, say...um...I don't know...um...how about Microsoft, Yahoo, or Google! Instead, this guy signed up for a free email account at a Spanish jobs site.
Mierda for brains.Posted on July 13, 2009 at 06:14 PM
July 11, 2009A Tall 419 Tale, Including Kitchen Sink
A few weeks ago, I posted about a 419 email that claimed to come from the United Nations aiming to compensate anyone who had been scammed. Arriving today was a variation of that one that not only invokes the United Nations, but even the U.K. Prime Minister. The email's author claims to work for the British Government. If only "she" could write in better English.
Before I get to the message body, check out this forged From: field:
From: "Foreigners Fund Release Dept." <Fundrelease@ffrd.org>
Twenty seconds of due diligence with a web browser (to check the domain record, and then the web site) revealed that despite the sender's claim, the ffrd.org domain does not stand for "Foreigners Fund Release Dept." Instead that domain has belonged to a non-profit organization called Fund for Reconciliation and Development since 2001. While I don't know much about the non-profit (and can't vouch for it), I don't for an instant believe it was anything but a coincidental victim of a 419er who exercised a bit of creativity.
(The email message originated from central Nigeria and was relayed through a government-owned (but otherwise pwned) mail server in Ecuador. Aren't the Intertubes great?)
Now onto the main act, the message body:
Subject: YOUR PENDING PAYMENT IS READY TO BE RELEASE TO YOU.
I am Mrs. Helen Robinson the foreign verification and payment sectary to
British Government and the Chairman House committee Payment and
foreign contractors and Foreign Affairs office of the British Prime Minister.
He told me to Contact all the Foreigners that are waiting for their Payment,
with regards to series of petition we receiving from unpaid (Foreign
contractors, Inheritance next of kin and Uk National lotto beneficiaries that
originated from America, Europe, Asia, and on how especially Africa government
usually don't pay them their contract funds, and other Debts owned them by the
Based on this fact the British/African Government made thorough
ascertain the cause and find out that there are some officials that cooperate
with outsiders to extort money from foreigners.
So the United Nations then held a meeting and made a resolution that all
foreigners contractors and those that are waiting their Bank draft payment and
ATM Payment to be paid by Cash through Online Banking system cheque/
delivery which is the fastest and reliable way of receiving payment,
in other to
beat those fraudsters in Africa that export money from Foreigners without
releasing their Fund to them.
Be informed that all the Bank Drafts, ATM, and other Fund that was on hold by
Customs, Drug Law Enforcement Agency, and others asking for one charges and
another from Africa, Europe, America has been re-called back,
converted to Cash
payment system and channeled to Northern Bank Ltd UK, to pay through their
secure and most trusted online banking system.
You should then stop any further communication regards to your fund with any
office in Africa, United Kingdom, America or Europe.
A soon as you received this e-mail, you are to re-confirm your current full
contact information as shown below to the right payment release Chairman House
committee Payment and verification on foreign contractors and Foreign Affairs
Beneficiary Full Name:______________________________
Mode OF Payment: Bank transfer or cheque/Cash Diplomatic delivery (please
His contact Address
His Name; Dr. Brian Anderson
E-mail Address; [removed]@live.com
Mrs. Helen Robinson verification and foreign payment sectary
to the British Government and The Chairman House committee
Payment and verification on Contracts and Foreign Affairs
Office to the Prime Minister.
What's odd about this 419 appeal is that there is no promise of a specific amount of money. In fact, if a U.S. recipient has never conducted business outside of the States, this whole message would turn into a giant question mark. I think the real intended targets for this type of letter are those who previously fell (even part way) for a 419 scam. They might believe they could get their money back — heck, they thought they could pick up millions from another preposterous story. The email address list of those who have taken 419er bait must be worth a fortune to the 419 criminal class. But I guess there are also countless others who have been scammed via eBay or other ecommerce transactions — those who wired "excess payments" or Fedexed fraudulently-paid goods to Africa.
In the rush to submit their claims, they'll fail to recognize that the reply email address isn't to the domain whence the message claims to have originated. Rather, it's to a place where anyone can sign up for a virtually anonymous free email account. How classy and official-looking!Posted on July 11, 2009 at 09:16 AM
July 01, 2009Another Banned URL Shortener
The "The Business News" spammer who uses URL shortening services (noted here and here) has shown me another shortening service that doesn't give a crap about spam abuse reports — even though they solicit such reports directly on their home page.
I am now adding hurl.ws to my destructo spam filters. It's too bad, because on the surface they look like they want to do the right thing. Moreover, the outfit appears to be run by bluespark.co.nz, a fellow iPhone app developer (yeah, that's sort of been my day job recently). They advertise the service thusly:
Hurl is a url shortening service with a difference, ....
I guess the difference is that they turn a deaf ear to abuse complaints.
In return, my email server turns a deaf ear to any email message (from a non-whitelisted sender) whose body contains a hurl.ws URL. What's Maori for "Adios, amigos"?Posted on July 01, 2009 at 11:43 PM