Phishing – a new approach

April 29th, 2009  Terry Scambaiter

Along with the hundreds of 419 scam e-mails that I receive each day, I also get a lot of regular spam, e-mails with nasty attachments, and phishing e-mails.

Normally, phishers set up a fake website that appears to look and function like the site at your online banking institution. The idea is to target possible customers with phony e-mails demanding that the recipient ‘click the link’ in the e-mail to login to his or her bank account.

Of course, the link in the e-mail leads not to the recipient’s banking intutution but to the phisher’s own phony website where the victim’s real login name and password can be captured by the criminal.

Thankfully, most of these phony bank sites are reported fairly quickly to whomever is hosting them and the phisher may or may not actually capture any useful information in the short amount of time that the phony bank site is in operation.

One phisher has devised a way around this problem. He has actually attached the phony website (actually one login page) to the phishing e-mail itself.

Other than the attachment, the e-mail was just your bog standard phishing e-mail.

============================

From: AIB Bank
Reply-to: do-not-reply@aib.ie
Subject: Your AIB Internet Banking access has been locked.
Date: 29 Apr 2009 23:51:21 +0200 (17:51 EDT)

Dear AIB Customer,

Your Internet Banking access has been suspended due to many unsuccessful login attempts.

You are kindly advised to follow the instructions below to reactivate your account.

The activation form is attached to this email. Please download the attachment, open it, and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

HTML document attachment (form.html)

==============================

This is a simple but very effective solution to the phisher’s problem. No strange links in the e-mail and no one can take the phony login page offline.

Filed under: Internet / Computers No comments

A disturbing approach to 419

April 28th, 2009  Terry Scambaiter

If this one actually happened in the way the author says, this one’s scary:

——————————–

“I received an e-mail from my friend’s e-mail address in Santa Rosa stating that she was in Nigeria. She had been robbed, her ID and passport were stolen.

“It stated that she had contacted the U.S. Embassy and that it would take two weeks for them to process her. I was asked for $2,500 to send in her name to a five-star hotel in Nigeria…” (more)

Filed under: 419 Scams No comments

Another ridiculous fake ID

April 20th, 2009  Terry Scambaiter

One of the scam e-mails I received today was sent by the scammer through Flickr.

The format of the scam itself was unremarkable, just typical scammer fare, but the e-mail also contained a link to the scammer’s Flickr account photostream, whatever that is. There’s no doubt in my mind that the scammer wasn’t expecting this.

In his photostream was this gem which he was probably planning to pass off as “identification” to any victims who happened to reply to him:

Okay, I know this one isn’t quite as bad as the last fake ID that I posted.

Anyway, along with this badly-done piece of art was the scammer’s original e-mail format.

If you happen to have a Flickr or a Yahoo! account, you’re welcome to leave some silly comments on the scammer’s Flickr photostream page.

UPDATE: It appears that Flickr was quick to disable this scammer’s account. The link to this scammer’s Flickr page is dead. If you try to access it, Flickr will display the message: This member is no longer active on Flickr.

Filed under: 419 Scams No comments

Will this fool anyone?

April 18th, 2009  Terry Scambaiter

Well, it didn’t fool me

This e-mail notification of my ‘win’ of the Deaf Lottery has gotta be one of the most incoherent and least convincing scam e-mails I’ve seen in a long time.

Frickin’ hilarious.

From: WINS!!!!!!! <angelwings@cox.net>
Reply-to: adopt007@outgun.com
Subject: reply back to deafwins@gmail.com
Date: Sat, 18 Apr 2009 10:57:01 -0700 (13:57 EDT)

Hello happy deaf This is the let you know that you have won!!!!!!! this is
to inform you about the real deaf lottery wins in newyork we know that
many of you where victim of scam in africa and more The only company
that issue deaf lottery is usa.funds they are in new york if you had send
money to scammers before you should pls contact us and get your
name of scam list and get your real lottery wins thanks we wait for you
contact about this your wins

Filed under: 419 Scams 1 comment

Fake Identification Docs

April 12th, 2009  Terry Scambaiter

I just can’t imagine why a scammer would send out such an awful piece of work as this fake identification card:

This showed up unsolicited in an e-mail from a scammer based in Abidjan that I’m presently dealing with. Not that I think such ineptness is a bad thing

Filed under: 419 Scams, Scambaiting 2 comments

Scammer gets frustrated on the phone

April 11th, 2009  Terry Scambaiter

Many of you know that I enjoy baiting scammers by phone. It’s even better when the scammer is paying for the overseas phone calls.

One scammer located in Malaysia was so convinced that the was going to get a couple of thousand dollars from my character that he was more than happy to foot the bill for upwards of 30 phone calls to my New York number. Each time he would call I would ask him to “call back in ten” or “call back in a half an hour” and he would always comply.

Early one recent morning (about 4:00 AM New York time) I began receiving calls from this particular scammer who called himself Barrister Dennis Darshan. That was the day that my character had promised to wire him some money. Unfortunately, it’s far too early in the morning to be visiting the local Western Union agency but my character is willing to phone his colleague in London and get her to arrange for an immediate online money transfer to Barrister Darshan.

In this recorded 3-way “conference call”, the cast of characters include Holden McRotch in New York (me), Barrister Dennis Darshan in Kuala Lumpur, Malaysia (the scammer) and Miss Fonda Cox in London (a completely digitized voice). Listen to the scammer get frustrated with Fonda during this eight + minute phone call as he just couldn’t quite get that 8 digit Moneygram number right. At the end, he seems to hang up on me in frustration.

Filed under: Scambaiting No comments

E-mail Welfare Scheme

April 10th, 2009  Terry Scambaiter

The UK gets a new type of welfare scheme:

From: ORANGE WELFARE SCHEME <info@orange.com>
Subject: GOOD NEWS TO YOU !!!!!!!!!!
Date: Fri, 10 Apr 2009 16:26:26 +0530 (06:56 EDT)3 Upper Dean Street,
Birmingham, England, B5 4SG.
United Kingdom.

Dear Sir/Madam,

As part of showing gratitude to the United Kingdom government and people
for providing a very conducive business atmosphere for us, we (orange
group) have decided to be an innovative organisation with a passion for
changing lives in the United Kingdom as well as very few citizens from
other countries all over the world. This was made possible through the
newly introduced e-mail welfare scheme.

In this newly introduced e-mail welfare scheme, you do not have to
purchase a ticket to participate. E-mail addresses are randomly selected
from the world wide web and entered into draws on behalf of the e-mail
account owners. Subsequently, e-mail addresses that emerged beneficiary
are notified via the said email account.

We gladly announce to you that the results of the just concluded e-mail
address ballot program held by Orange welfare scheme is out. Your email
account have been picked as a beneficiary for a lump sum pay out of One
million pounds sterling (£1,000,000) credited to file REF
NO.REF:ORG/74-A0802742009. You are to contact our claims agent immediately
for validation: His name and email address is given below:

Name: Mr. Jerome Burley.
E-mail:orangewelfare01@gmail.com
Tel: +44 703 1901 793

PLEASE COMPLETE THE CLAIMS FORM BELOW AND SEND TO OUR CLAIMS AGENT(Mr.
Jerome Burley) WHOSE NAME AND EMAIL ADDRESS IS ALREADY GIVEN ABOVE.

1. FULL NAMES OF BENEFICIARY:
2. RESIDENTIAL ADDRESS:
3. DATE AND PLACE OF BIRTH:
4. PHONE/FAX NUMBERS:
5. NAME AND ADDRESS OF NEXT OF KIN:
6. SEX:
7. OCCUPATION:
8. MARITAL STATUS:
9. NATIONALITY:

Note: You do not have to purchase a ticket to participate in the orange
e-mail welfare scheme as e-mail addresses are randomly selected from the
world wide web and entered into draws on behalf of the e-mail account
owners. Subsequently, e-mail addresses that emerged beneficiaries are
notified via the said email account. Please contact Mr. Burley as earlier
instructed above immediately.

Abigail Downing.
Online Coordinator.

…but this just looks like yet another strange lottery scheme invented by the scammers.

Filed under: 419 Scams No comments

Hitman Extortion Scam

April 7th, 2009  Terry Scambaiter

It’s a rare treat for me to receive one of these type of scam e-mails…but letters like this can be a scary experience for those who’ve never seen one before.

From: ali morgan <oosavey@gmail.com>
Subject: ITS URGENT
Date: Sat, 4 Apr 2009 01:15:06 -0800 (05:15 EDT)

ATTN.LISTEN VERY CAREFULLY ,THIS IS THE ONLY WAY I CAN CONTACT
YOU, my TEAM HAS BEEN PAID TO ASSASINATE YOU, I HAVE EVERY REASON TO
CARRY OUT THE CONTRACT,BUT I DECIDED TO GIVE YOU A CHANCE AND SAVE YOUR FAMILY THIS PAIN,THIS YOUR ALTERNATIVE,I WISH TO HELP YOU UNLESS YOU
DONT WANT TO HELP YOUR SELF,I WILL SEND YOU ENOUGH EVIDENCE YOU NEED ON A VIDEO TAPE RECORD
TO NAIL MY EMPLOYER DOWN WITH THE LAW.BEFORE THAT YOUR REQUIRED TO MAKE AVAILABLE THE SUM OF $70,000. USD,
AFTER WHICH I WILL DIRECT YOU ON WHAT TO DO NEXT TO SAVE YOUR SELF AND
YOUR FAMILY FROM THIS PAIN THAT WOULD HAVE BEFALLED YOU FROM MY
EMPLOYER,THE MONEY WILL BE USED TO SETTLE THE TEAM MEN INVOLVED TO GO
BACK TO THERE DESTINATIONS AND YOU BETTER KEEP THIS INFORMATION TO
YOUR SELF BECAUSE YOU DONT KNOW WHO IS WHO WHERE YOU ARE NOW,IF HE
FINDS OUT I HAVE BETRAYED HIM TRYING TO HELP YOU,YOU WILL HAVE YOUR
SELF TO BLAME, I HAVE ORDERED MY MEN TO SATY AWAY FROM YOU.DO WE HAVE A DEAL OR NOT ?

NOTE: YOU HAVE TWO OPTIONS HERE, (1)YOU HAVE TO GET HIM ARRESTED WITH
THE INFORMATION I WILL GIVE YOU AFTER THE PAYMENT OR ( 2)YOU HAVE HIM
KILLED TO SAVE YOUR SELF.

I WILL VISIT YOUR HOUSE AGAIN BUT NOT NOW,MY BOYS EYES ARE ON YOU SO
GET BACK TO ME AS SOON AS POSSIBLE

Of course, this is nothing more than just another scam mass-mailed to hundreds or even thousands of anonymous recipients.

Filed under: 419 Scams No comments