Here we go again. The vultures are circling, ready to take advantage of people affected by the Deepwater Horizon oil spill; just like they do after every disaster.
We just blocked a stack of emails purporting to offer help collecting money from the 20 billion dollar compensation fund BP is so graciously providing. In reality though, these emails are an advance-fee fraud attempt.
Advance-fee fraud is a con game in which the perpetrator promises to help the victim receive a large payment (such as an inheritance) but requires “up-front” money to complete the transaction. If the victim is gullible enough they may request several advance payments but in all cases the final payout is never delivered.
The examples we’re focusing on today are pretty slimy overall and not difficult to detect as fraud but they do provide some insights into how these advance-fee scams work.
First of all the subject is a dead giveaway:
Claim your_part_of_the_20_Billion_Compensation_Fund
We don’t know of any legitimate reason to tie most of the subject words together with underscores but it makes sense if you’re hiding from spam filters.
The from address is equally suspicious:
Oil_Spill_Compensation <OilSpillCompensation.87568959@lwim223remindingo.com>
It’s bad enough that the pretty name uses the same underscore trick as the subject but the actual address positively reeks of fraud. It contains a random number for tracking and is on a domain that is
a.) nonsensical and
b.) is totally unrelated to the content of the message.
The body of the message contains one text link that reads “20 Billion available for oil spill victims. Submit your claim here” but it’s obfuscated with underscores so the real text is:
20_Billion_available_for_oil_spill_victims._Submit_your_claim_here
The remainder of the message consists of two image files that also link to the scam web site (lwim223remindingo.com). The first of these images says:
Fishing, Shrimping and Tourism Industries Devastated by Gulf Oil Spill!
Has the Oil Spill Caused you Financial Loss?
Take Action!
The actual image looks like this:
Click image for larger version
The second image disguises itself as the following text:
To avoid receipt in the future, please use this button or write to the following address:
Ethix Marketing LLC
711 S. Carson St. Suite 4
Carson City, Nevada 89701ADVERTISING MATERIAL
The information above seems fairly convincing, especially if you search the web for Ethix Marketing LLC which is a real company. On the other hand, if you search the address you’ll get Franchise Business Advisers in Carson City. If you search the company name and the address you’ll find a bunch of forum posts wondering if this is a scam.
It is.
The fun begins if you click on any of the links, including the one that’s supposed to be an unsubscribe link. (Interesting side note: The links all contain different random tracking IDs so this spammer is not only tracking which addresses click the links but also which links they choose in the message.) The links all take you to a web site with a form for you to fill out to “determine if you are eligible”.
Click image for larger version
If you visit this page and attempt to leave you will be urged to stay by a pair of JavaScript dialog boxes:
If you do click “Cancel” and hang around to meet their agent you get this (and we thought this was the coolest part by far):
A robot claims agent! Freakin’ cool!
We hung around and talked to Nicole for a while, trying to get her phone number and stuff but it turns out she lied when she said she could “answer most of our questions”. She couldn’t tell us where she lives or the meaning of life or anything we asked about. She just kept urging us to complete a CASE REVIEW FORM and stuff like that.
What a letdown.
We never did complete the “case review form” but we’re pretty sure two things would happen if we did:
- We would be contacted with some sort of dog and pony show about how we have to pay a fee to submit our claim.
- Every spammer in the world would get our email address.
If you do think you’re eligible for compensation due to BP’s (and Halliburton’s and TransOcean’s) negligence, you can submit a claim on BP’s web site:
Or you can call 1-800-440-0858 for more information.
- -
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.
Related posts:
Tags: fraud, rotten spam, scam
