« When Crooks Mess Up | Main | F.U. Spammers and Google »

April 22, 2013

I've lost count of the number of spam messages I've received over the past several months claiming to come from a foreign firm wanting to buy my products. Of course, my domains don't sell any products directly, so I know the request is utter bullshit. Here's one of the latest ones:

From: NZTradingLtd
Subject: New P.O

Dear Sir/Madam,

I am Ms.Suha Arafat, the Purchase Manager of NZ Trading Ltd.,based
in Dunedin, New Zealand.

We are interested in purchasing your products as exactly shown in
the DATASHEET as attached in this mail.

Please check and get back to us as soon as possible with your last
price,payment terms and delivery time.
Your response will be highly appreciated.


Sincerely,

Suha Arafat

Purchasing Manager
NZ Trading Ltd.
173 Maclaggan St.
Dunedin, New Zealand
E-mail: NZTradingLtd@[removed]service.com
Telephone Number : (64) 3 929 [removed] Ex 5
Fax Number: (64) 3 929 [removed]

The attachment is a 771 KB file named Order No1.zip. Running the file through VirusTotal reveals it is a well-known generic Trojan. I believe the primary aim of these types of malware deliveries is to infect computers of small businesses that also use those computers for online banking. Implanting a keylogger on such machines will quickly reveal to the crooks whether the computers can be hijacked for major funds extraction through money mule networks (aka work-from-home scam victims).

While I know such requests directed at me aren't worth the paper they're not printed on, lots of small businesses hungry for new customers might not be so discerning. A minimum of nerdy due diligence with the message's headers would elevate the "stink" level of this inquiry (having been sent through a South African garden supplies company's email system). Sending a purchase order in a .zip file should be another smell bomb. A Google search would lead you down a trail mapped out by squirrels, where the same supposed corporate building with the same vehicle parked by the front door (based on nondescript web site images) is located in both Auckland and Dunedin.

Crooks know that the old adage of something too good to be true is ignored by enough potential victims to go ahead and offer something that is too good to be true, such as an international purchase order coming in over the transom (I know, I'm really showing my age). But the cost of acquiring this "customer" could be many tens of thousands of dollars.