This weeks email fraud post deals with scams that take advantage of your religious beliefs. Variations of this approach have been used to separate the faithful from their money for hundreds, if not thousands, of years. These days they do it using email.
A pretty clever new Phishing fraud tactic is now being used to trick users into providing their Bank of America login information.
The email itself is fairly standard for a Phish, omitting both the user’s actual name or any reference to the real account number, instead relying on generic terms like “Dear Member.”
There are also are some spelling inconsistencies, including in the Subject line itself which includes “Informatiom” rather than “Information”
The complete email: Read the rest of this entry »
A basic human trait is that we all want and appreciate recognition from time to time.
Unfortunately, there’s always someone looking to take advantage of this fact in order to manipulate and swindle others.
Case in point, the fake “Who’s Who” awards regularly found in spam circles.
A typical example comes from “Emerald Who’s Who” notifying you of your nomination for inclusion in their long and prestigious publication…. assuming you consider an invite from “EasyClickMarketing.com” prestigious and January 7th as a long time, because that’s when their domain was first registered on the Internet.
Because most spam originates outside the US and laws to prevent it are largely unenforceable it’s unlikely that there will ever be a “National Do Not Spam Registry”.
Fortunately the folks at thespeciousreport.com have created a web page to give us an idea what the sign up form would look like if there was one.
Here’s the link: The National Do Not Spam Registry
Disclaimer: The site linked above is a parody. It says so right at the top. The form doesn’t submit and you won’t stop getting spam (unless you use our spam filtering service).
A few weeks ago we posted about Internet Explorer’s most recent vulnerability issue. In that post we noted that IE’s security problems allow millions of computers to be turned into zombie slaves for spammers and other unsavory elements on the Internet. This week one of the worst offenders in the IE family is being buried in effigy by Denver based design firm Aten Design Group. Read the rest of this entry »
In today’s email fraud post we will be discussing messages that are intended to appeal to your patriotism (and greed). These messages pretend to be from soldiers in the field. More specifically, from “military personnel” looking for someone to help them smuggle large amounts of some valuable commodity out of a war zone.
This type of fraud asks you to believe that someone you never heard of has found a large cache of cash (or gold, or diamonds, etc.) in Saddam Hussein’s summer home or in an unguarded bank (like in the movie Three Kings) and needs your help to get it out of whatever theater of operations they claim to be in. You are expected to trust this person because they’re fighting for your freedom, never mind that they’re trying to involve you in a criminal conspiracy. Besides, the government would probably just keep the money so it’s better that you and the unknown soldier split it instead (so much for patriotism).
The following is one of the best examples we’ve seen in a while:
One of the most annoying types of unwanted email is the mass forward. You know, the kind where one of your “friends” sends a heart-warming story about a dog or a list of interesting “facts” about bananas to everyone in their email address book. (More often than not that friend also sends everyone’s address to everyone else too but that’s another story.)
The reason this stuff is so annoying is that you can’t just block the person sending it because, most likely, they are a friend and might actually send you something you’re interested in at some point. On the other hand you really don’t care about an amber alert notice that was proven false five years ago. So, if you can’t block them, what can you do?
We’ve been seeing quite a few of these today so we’re putting up this notice to let everybody know that, yes, this is fraud. Don’t give them your login info.
The “From:” address on the example we’re looking at right now is:
“abuse@stanford.edu” <abuseteam8@gmail.com>
If you look at just the “pretty” address (the part in quotes) you might think the message comes from “abuse@stanford.edu” but the part that matters (in the angle brackets) is actually “abuseteam8@gmail.com”. You might be wondering why Stanford’s abuse team would be sending from gmail.com? The answer is: for a notice like this, they wouldn’t. This is fake.
Every once in a while something comes along that makes you wonder how anyone survived without it.
This isn’t one of those things.
Nevertheless, like so much of the content on the World Wide Web, it is kind of fascinating in a pet rock sort of way.
Those of you who are using our spam filtering service may have forgotten what spam is like since you’re not seeing it in your inbox any more. You might even miss it. (Yeah, we didn’t think so.) Well, now there’s a new way to experience spam without having to delete it . . . Read the rest of this entry »
Well 2009 is history, we know, we can’t believe it’s almost March already either. While previous years have been marked by either large increases in spam traffic, or sometimes a decrease followed by an increase, 2009 was pretty bland.
After the jump we’ve got some graphs and commentary from 2009.
