Category Archives: Phishing

When a purchase order email is not what it seems

Image By: Ian Lamont
Image By: Ian Lamont

Today’s award for the least convincing spam message goes to the “purchase order” I received. The funny thing is I don’t sell anything so I’m not sure how it could possibly pertain to me. It just goes to show they grab, harvest or purchase email addresses and then send them out in bulk, sort of like fishing with a bucket of bait. With that much bait you are sure to catch something.

If you receive something like this one, which also has a “zip” file to download my suggestion is to send it to spam and keep going. What are the keys to knowing this isn’t a real purchase interest?

  1. It was in my spam folder – which I do check regularly since sometimes items are mistakenly marked as spam.
  2. The problems with grammar and punctuation.
  3. The fact that I don’t sell any items.
  4. And, that it’s “near” somewhere in Egypt.
  5. That it has a zip file. Beware of downloadable files, links, and images, especially those that come from those you don’t know.

Sample Email below

A dead giveaway is when my spam filler has this in the RE:

****SPAM**** HIGH * Purchase order-
Dear Sir

We are interested to Purchase your product, i got your contact information

from two of our customers.

Please contact us with the following below:-

– Your minimum order quantity.

– Your FOB Prices and FOB Port.

– Your estimated delivery time.

Please fine attached company details and requirements below to preview the samples/specifications needed.

Best Regard
—————————————————————————————————————–
GMCC LTD  IMPORT & EXPORT
Address deleted
Sheraton Bldgs. Heliopolis,Cairo
Landmark:Near To Radisson Blu Cairo Egypt

The FBI wants to know my preferred payment method

Image By: Ian Lamont provided by Flickr

Here’s one of the more interesting messages that my spam folder caught this week. Apparently there’s some money the Federal Bureau of Investigations just can’t wait to give me.

Federal Bureau of Investigation (FBI) Anti-Terrorist And Monitory Crime Division.

Federal Bureau Of Investigation. INTERNATIONAL MONETARY FUNDS

J.Edgar.Hoover Building Washington Dc

Customers Service Hours / Monday To Saturday Office Hours Monday to Saturday:

Dear Beneficiary, Series of meetings have been held over the past 7 months with the secretary general of the United Nations Organization. This ended 3 days ago. It is obvious that you have not received your fund which is to the tune of $2.3million Usd due to past corrupt Governmental Officials who almost held the fund to themselves for their selfish reason and some individuals who have taken advantage of your fund all in an attempt to swindle your fund which has led to so many losses from your end and unnecessary delay in the receipt of your fund. The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation and the International monetary funds have successfully passed a mandate to the current president of Nigeria his Excellency President Good luck Jonathan to boost the exercise of clearing all foreign debts owed to you and other individuals and organizations who have been found not to have receive their Contract Sum, Lottery/Gambling, Inheritance and the likes.

Now how would you like to receive your payment? Because we have two method of payment which is by Check or by ATM card?

ATM Card: We will be issuing you a custom pin based ATM card which you will use to withdraw up to $3,000 per day from any ATM machine that has the Master Card Logo on it and the card have to be renewed in 4 years time which is 2015. Also with the ATM card you will be able to transfer your funds to your local bank account. The ATM card comes with a handbook or manual to enlighten you about how to use it. Even if you do not have a bank account.

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire in the next three weeks you will only need to pay $280 instead of $620 saving you $340 So if you pay before the three weeks you save $340 Take note that anyone asking you for some kind of money above the usual fee is definitely a fraudsters and you will have to stop any communication with every other person if you have been in contact with any. Also remember that all you will ever have to spend is $280.00 nothing more! Nothing less! And we guarantee the receipt of your fund to be successfully delivered to you within the next 24hrs after the receipt of payment has been confirmed.

Note: Everything has been taken care of by the Federal Government of Nigeria the International Monetary Funds, The United Nation and also the FBI and including taxes, custom paper and clearance duty so all you will ever need to pay is $280.

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for shipping your ATM card is $420 but because UPS have temporarily discontinued the C.O.D which gives you the chance to pay when package is delivered for international shipping We had to sign contract with them for bulk shipping which makes the fees reduce from the actual fee of $620 to $280 nothing more and no hidden fees of any sort!To effect the release of your fund valued at $2.3million Usd you are advised to contact our correspondent in Africa the delivery officer Mr James Morgan with the information below,

Full Name:DANNY BLESSED Email: +++++++@gmail.com Telephone: (512) 240-XXXX

You are advised to contact him with the information as stated below: Your full Name : Your Address: . Home & Cell Phone: Occupation: Preferred Payment Method (ATM & Cashier Check) Upon receipt of payment the delivery officer will ensure that your package is sent within 24 working hours. Because we are so sure of everything we are giving you a 100% money back guarantee if you do not receive payment/package within the next 24hrs after you have made the payment for shipping. Yours sincerely, Miss Donna Story FEDERAL BUREAU OF INVESTIGATION UNITED STATES DEPARTMENT OF JUSTICE WASHINGTON, D.C. 20535

5 tips to help you recognize that it is a spam or phishing email:

  1. If they ask you for money it’s spam/phishing – let’s start with that.
  2. Bad grammar – there are quite a few mistakes in it – including the dropping of articles like “a” “the” look for those mistakes. I’m pretty sure the FBI has someone who proofs their emails before they send them out.
  3. If official it would have come certified mail, not in your email.
  4. If it sounds too good to be true it most likely is.
  5. It’s a plain text with no logo and uses an unusual email address, for example in this case it was +++++@163.com.

Find even more tips and frequent scams that arrive in your inbox with these tips from the real US Government.  Report spam/scam and phishing emails to the organization they are claiming to be from.  In this case it’s going to spam@uce.gov.

 

What in the Heck is Smishing?

You’ve probably heard of “phishing” – when hackers send bogus messages to your email, hoping that you’ll reply or click a link so that they can get their hands on your information. But there’s a new version of this scheme that’s gaining prevalence, and it targets your smartphone. This scam is called “smishing” as in “phishing via your SMS (text) messages.”IMG_1698

One of the most popular smishes takes the form of a “Congratulations! You’ve won X prize from X company! Reply to this message to receive your reward!” text message to your smartphone. Do not reply to messages like this! Even if you figure out that it’s a scam and you really want to reply with something like “Go blank! your blank! you scamming blank!” – don’t do it. Yes, it would be cathartic, but the act of replying will only affirm to the smishers that your phone number is active, and you’ll receive more of this type of message (plus you’ll probably just be replying to a robot anyway, and robots are unfazed by profanity).

These “congratulations” messages, if replied to, may also ask you for your credit card information to allegedly pay for the shipping and handling costs of your prize. Never give out this information in a situation like this. Many messages like these have claimed to be from Walmart or Target. The Walmart messages have been used by smishers so frequently that at one point the company issued a statement saying that they absolutely never send consumers messages asking for sensitive information via text.

Another smish is one that will claim to be from your bank or another seemingly credible or important institution. The message will claim to be urgent and will request a reply. If you receive a text like this, do not reply via text message. Instead, look up the phone number for the bank or company and call them directly.

Other tips related to smishing prevention:

  • If a text message comes from the number 5000, it’s a smish. It’s safest to delete it without even opening it.
  • You may want to set up a text alias with your provider. This will allow you to receive and send texts, but the texts that you send will show up under your “alias” rather than your real number. It’s like having a secret phone number. Then you can block incoming texts to your “real” number and give family and friends your alias. Ask your service provider about how a text alias works.
  • Never give any sensitive information (your social security number, bank account information, etc) to anyone that you don’t absolutely trust.

Don’t let yourself get smished! If you’re receiving any messages that might be from smishers, report them to your service provider. You may also want to report suspicious messages to the Federal Trade Commission.

Sources:

http://www.nbcnews.com/technology/technolog/smishing-text-messages-seek-your-credit-card-info-947348

http://netsecurity.about.com/od/secureyouremail/a/Protect-Yourself-From-Smishing-Attacks.htm

http://learningcenter.statefarm.com/safety-2/family-1/avoid-the-dangers-of-smishing/

What’s in Your Email and What Should You Do with It? Four Favorite Schemes

download-key-logger-programIt seems that not a week goes by without having to check my spam mailbox as it fills with ever more increasing frequency.  When they said “spam” and phishing schemes where on the rise they really meant, on the rise!  I thought I would share with you my five favorites this week that you should be on the look out for.  One or two  have already hit some friends  and I wouldn’t want them to happen to you.

You Got Mail!

This phishing email message is sent allegedly from FEDEX or UPS.  You have a very important package that they tried to deliver but couldn’t.  If you could just take a minute to provide this information your VIP package will be on it’s way.   This one quite often asks for information, payment of an invoice (requiring me to open an attachment) and will include a subject like like this one,  “UPS Delivery Notification Tracking Number:EVKDBQXRTKRXN4CTMI.”

UPS offers more information on these fake emails as does FEDEX .

Report these types of messages to UPS at fraud@ups.com and to FEDEX at abuse@fedex.com

You Have WON!

So far this week I have won from a lottery that I never entered (scratch offs are about as far as I go) as well as won money from a casino I never heard of, let along gambled at.   Even the FBI got in on the act, telling me that I won $1 million!  This, of course, is different from the email I received last week where the FBI (who I’m quite sure already has quite a bit of information on me) attempted to phish for some more.

You have been Blessed!  Continue reading What’s in Your Email and What Should You Do with It? Four Favorite Schemes

Fear of the FBI hopes to make you respond to this identity theft email

As one of the not so lucky people affected by the Yahoo security break, my email in box and spam box get a lot more work than they used to and some of the plots, plans and scams make me laugh.  Other’s could cause a reader to rapidly respond out of fear.  One thing they all have in common, they are lying to me to get information.  Here is the most recent one you should know about and how you can know this email is fake when and if you get one.

————————-Email stated below

RE:  Federal Bureau of Investigation (FBI) !!! !!! !!! (I am pretty sure that 1) the FBI would not email me and 2) that they would know that it is bad manners and bad writing to use all 9 of those exclamation points.)

Federal Bureau of Investigation
Intelligence Field Unit
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C.
(Pretty convincing – I give them credit for looking it up)
URGENT ATTENTION: BENEFICIARY
I AM SPECIAL AGENT _____________ (I’ve deleted just in case this Agent truly does exist)  FROM THE FEDERAL BUREAU OF INVESTIGATION (FBI) INTELLIGENCE UNIT, WE HAVE JUST INTERCEPTED AND CONFISCATED TWO (2) TRUNK BOXES AT JFK AIRPORT IN NEW YORK, AND ARE ON THE VERGE OF MOVING IT TO OUR BUREAU HEADQUARTER.
 WE HAVE SCANNED THE SAID BOXES, AND HAVE FOUND IT TO CONTAIN A TOTAL SUM OF $4.1 MILLION AND ALSO BACKUP DOCUMENT WHICH BEARS YOUR NAME AS THE RECEIVER OF THE MONEY CONTAINED IN THE BOXES, INVESTIGATIONS CARRIED OUT ON THE DIPLOMAT WHICH ACCOMPANIED THE BOXES INTO THE UNITED STATES HAS IT THAT HE WAS TO DELIVER THIS FUNDS TO YOUR RESIDENCE AS PAYMENT WHICH WAS DUE YOU FROM THE OFFICE OF FEDERAL GOVERNMENT OF NIGERIA FROM UNPAID CONTRACT SUMS.
WE CROSS-CHECKED ALL LEGAL DOCUMENTATION IN THE BOXES, AND WERE ABOUT TO RELEASE THE CONSIGNMENT TO THE DIPLOMAT,WHEN WE FOUND OUT THAT THE BOXES IS LACKING ONE VERY IMPORTANT DOCUMENTATION WHICH AS A RESULT, THE BOXES HAS BEEN CONFISCATED.
 ACCORDING TO SECTION 229 SUBSECTION 31 OF THE 1991 CONSTITUTION IN TAX PAYMENT, YOUR CONSIGNMENT LACKS PROOF OF OWNERSHIP CERTIFICATE FROM THE JOINT TEAM OF THE IRS AND HOMELAND SECURITY, AND THERE FOR, YOU MUST CONTACT US FOR DIRECTION ON HOW TO PROCURE THIS CERTIFICATE, SO THAT YOU CAN BE RELIEVED OF THE CHARGES OF EVADING TAX WHICH IS A PUNISHABLE OFFENSE UNDER SECTION 12 SUBSECTION 441 OF CONSTITUTION ON TAX EVASION. Continue reading Fear of the FBI hopes to make you respond to this identity theft email

Investigator Alert: Microsoft email and telephone hoaxes resurface

It’s an “oldie” but apparently it is still a “goody” as the Microsoft technical support hoax resurfaces in an effort to trick Microsoft customers into releasing private, personal and credit card information.

There are several different methods used to gain your trust and your information.  But all of them are fakes and frauds.   Here are a few that Microsoft wants to make sure that their customers know about:

  1. Microsoft does not call customers to fix your computer.
  2. You have not won a Microsoft lottery.
  3. Credit card information is not required to verify your Microsoft account.
  4. Unsolicited email messages containing so called security updates do not come from Microsoft.
Official notifications regarding your security can be found on the Microsoft website.  But that’s not all.  There are currently 14 different updates planned to occur this week, several which are labeled “critical.”  These updates are designed to patch “holes” in the security of popular programs like Windows, Office, and Internet Explorer.  Internet Explorer will soon be updated every month instead of every other month. Security professionals seem to like this idea, “It looks like IE will be the story every month now,” said Storms, who noted there seems to be no shortage of IE vulnerabilities. “I don’t think they’re proving a point, that they’re patching just because they said they can every month, but because they have to.”
IT professionals will be happy to hear of patches to Exchange and SQL Server, “Those are two of the three things that are most important to IT in enterprises,” said Andrew Storms, director of security operations at nCircle Security. “Thank goodness SharePoint’s not included. But Microsoft is hitting two out of three in just one month.”
If all else fails when it comes to fighting hackers, Microsoft may take the “if you can’t beat them hire them” attitude that they have had in the past.  After all if they are good enough to get into the system, then they are good enough to protect it.
Have you encountered any of these types of scams here is where Microsoft would  like for you to report it.

 

No, Mark Zuckerberg isn’t giving Facebook users a free iPhone and iPad

Let’s talk about the importance of a Spam mail box in your email.  Today I’m doing my weekly spam check, before I empty my spam mail folder and I find this wonderfully, well written email from WoW! the CEO of Facebook!  Did I really get an email from him?  No, but at first glance it’s actually a pretty good spam copy.

But let’s talk about how you can know it’s a fake.  First I hovered over the email name which said Mark Zuckerberg. But by hovering over it I found an email account that was XXXX@hotmail.com.  I’m sure that account has already been closed, but I’m definitely not letting them know they found someone by replying.

Next, this email actually is pretty well written, without many of the common “tells” that let you know it is a fake message, like small errors in spelling, syntax or punctuation.   But if you look closely you will see many errors, they just aren’t glaringly obvious. I’ve highlighted them for you.

Lastly, the email address that this message came to isn’t associated with my Facebook account, so how would they have gotten it and why not use my name if it’s a personalized invitation to claim my prize?

The hope is that you will see some keywords like Facebook, Mark Zuckerberg, iPad and iPhone, that will really get your attention and Continue reading No, Mark Zuckerberg isn’t giving Facebook users a free iPhone and iPad

Slow down! That’s not a real traffic ticket it’s a scam

With the use of cameras at lights it is not unheard of to get a traffic ticket in the mail.  I admit, I recently received one, including a really bad photo) as I went through a light, lost and looking for signs.  My first in over 15 years, but that’s beside the point. However, there’s a new scam in town coming to your straight from your email.  This email message claims to be a traffic ticket from New York and it directs you to “click” the link to open your ticket, see your charges and find out how to pay the fine.   At first glance it looks “legit.”  It even has a return address @nyc.gov.

There are a great many people who would fear that somehow they got notice of a traffic ticket, whether they have driven in New York or not.  Maybe they sent it to you because of a data entry mistake on the driver’s license input.  What if they suspend your license? But before you panic stop and think about these things.

Have you driven in New York?

How on earth did they track your email address by your driver’s license?

and

Could this possibly be a scam?

The answer to the third question is yes, it is a scam.  But not the type you might think.  Instead of a “spam” scam which most likely would be trying to harvest your credit card number for credit card fraud it’s actually a Trojan, a hidden virus that will gather information from your computer and drop more malicious content. This virus is  identified as “Troj/Invo-Zip and it is described as one ” that could allow attackers access to your Windows system and give them the ability to drop more malicious files on it.

Internet security firm Sophos received many messages today on their Facebook page about the email scam/virus from all over the world.  I think it’s safe to say anyone that received it in Thailand is just going to ignore it.

How can you be safe from viruses and email scams?  Remember just because a link is there doesn’t mean you have to “click” it especially when it is a fake ticket.   Keep your antivirus programs updated and but the brakes on email scams by simply not opening them.

 

Three Ways Identity Thieves Find Your Phone Number

When it comes to identity theft, every individual in the world is at risk. This criminal practice has been going on for countless years and the number of victims continues to grow.

Some reports claim that as many as 10 million people are subject to identity theft every single year. Many times, this information is used to simply promote spam messages and illegal advertisements. Unfortunately, it can also be used to irrevocably ruin a person’s credit and potentially their life. An active phone number can be sold to illicit advertisers and scam artists who want to make a phone call in order to try to get more information.

Of course getting a phone number is relatively simple.  However, when combined with other pieces of information about you, your phone number can become quite valuable.

Here are a few of the ways in which identity thieves illegally gain the phone numbers of innocent individuals and add it to other (more potentially harmful) pieces of information, to assemble a picture of who you are.

Dumpster Diving
One of the easiest and most popular forms of accessing private information has been deemed dumpster diving. While the world continues its shift towards digitized information, vast amounts of information are still sent through generic letters, bills, and notices. Continue reading Three Ways Identity Thieves Find Your Phone Number

Gold Dust SCAM from Grace Makumba – myprivat00@att.net

Please, please please. We’re begging you.

If you want to buy gold, please do it through a reputable organization.

————–
Two reputable places we recommend if you want to buy gold:
Apmex
GoldMoney (set up an account)

Or get more educated about buying gold at http://www.HowToBuyGoldX.com
————–

Please don’t fall for this SCAM about gold dust. As the price of gold and silver continue to increase, more and more of these gold scams are creeping up. Don’t be a victim. Buy gold through reputable companies instead.
Here’s the scam email.

———————————————–
SCAM – SCAM – SCAM – SCAM
———————————————–

From: Grace Makumba
Date: Wed, Apr 13, 2011 at 5:28 AM
Subject: Dear sir,
To:

Dear sir,
GOLD DUST PROPOSAL
MY Name is Mrs GRACE MAKUMBA the wife of late Chief K. MAKUMBA the
former village chief where there are Gold field here in Ghana.
My late husband died last year November, but before his death he has
260 kilos of gold dust in his position as the village chief.
after his death nothing has left with my children, i therefore decided
to contact you so that you will fly down to Ghana to enable us meet
face to face and reach an Agreement, then after our meeting you will
help me to ship the gold into your country for sales.
then after selling the commodities you will use the money to assist
our family to invest it in any profitable business.
if you are interested do contact me immediately for more details.
Regards
Mrs Grace Makumba

———————————————–
END OF GOLD DUST SCAM EMAIL
———————————————–

Don’t fall for it.

————–
Two reputable places we recommend if you want to buy gold:
Apmex
GoldMoney (set up an account)

Or get more educated about buying gold at http://www.HowToBuyGoldX.com
————–