I think not

I got the following email this morning:

Payment Confirmation

Order Invoice <smithfre9642@

09:28 (3 hours ago)

to ewanherbalmagic, bcc: me

Thank You For Your Recent Purchase With iCloud by Apple Inc
This is an auto-generated confirmation email for the purchase that you have done.
You will receive another email with the invoice shortly.
This charge may appear in your account in the next 24 hours of purchase.
If you want to cancel or modify your order, visit iTunes/apple. store or call at xxx-9348
Please find your order information below:
Order Number: FNJ DCC NM2M
Order Date: 23-Sep-2021
Order Name: 12 TB iCloud Space
Amount: USD 1499.99
Paid via iTunes
We hope you shop with us again soon.
Apple Inc.
Helpdesk : xxx-9348

There is so much wrong with this message.

First, it was sent from a gmail address. I somehow doubt Apple is using gmail. Next, notice that it wasn’t sent directly to me, but to someone else with a bcc to me. I suppose the hope is that I won’t notice that and no, I have no idea who “ewanherbalmagic” is.
This was sent to an email address that I set up for a specific purpose and isn’t one I use as a matter of course, so is not attached to my iTunes account.

Now that I’ve disposed of the obvious errors, let’s look at the rest: According to the message I purchased 12 Terrabytes of iCloud storage at a price of $1,499.99 USD. That price is the equivalent today, September 23, 2021, of $1,889.99 CAD but there is no guarantee Apple would process it today, so that Canadian amount could be different from my calculation. And, I have a 1 Tb drive that still has 884 Gb free, so such a purchase would have been completely frivolous as well as far too expensive.

My feeling is that they expect you to have questions/suspicions about this message and you will either call them or use the email provided. I’ll save you the trouble and tell you that the address provided is not the way the real iTunes site shows up in your browser. This is a scam or phishing so, if you get such an email, I suggest you just delete it.

Cat.

They are persistent

I checked an email account for the first time since late last week. In it I found the following two emails:

Geek-Squ Renewal (actual address: adammuche1959@)
May 29,2021

Dear Customer,
Thank you for subscribing Defender Firewall Protection From us .
Today the Service Will Renewed Automatically with $349.89 on the same account provided to us.
Order ID: DFP1476608 Date: 29-05-2021

Description Amount

Geek Protection $349.89

(Inclusive Tax)

Total $ 349.89

Note :- Charges will appear on your statement after 8 hours once debited.
If you want to cancel the charges for $349.89 Auto Renew This time.
Get in touch with us :- +1 (800) (674)

Thanks Regards,
Account Dept.
Defender Firewall Protection
+1 (800) (674) Geek Squad (actual address: felixdolphin060@)
May 31. 2021

We Are Renewing It For You

Dear Customer,
Thank you for choosing Geek Squad Pc Support with us.
Today Subscription Will Be Auto Renewed automatically
with $ 399.99 on the same account provided to us.

Customer Support- +1(800) 274
Order #16589GS-59856
Details are giving below –
Account Type:- Personal Home Subscription
Product :- Geek Squad PC Protection
Quantity :- 1
Tenure :- 3 Years
Payment Mode:- Auto Debit
Renewal Amount – $ 399.99

This Email Confirms That You’ve Renewed Your 1 Year Subscription To Geek Squad For $ 399.99 On May 31 2021

To Cancel The Subscription You Can reach Us at +1(800) 274
Regards
Geek Squad Team
Contact +1(800) 274

To keep myself out of trouble with WordPress (again) I’ve left off part of both the actual email addresses and the phone numbers.
I believe Geek Squad is the tech support team at Best Buy, which presents the scammers with their first problem. The last thing I bought from Best Buy was about 3 years ago, and that was a copy of TurboTax. I paid $20 cash for it, so there is no reason I’d have signed up for tech support. If I can’t put a disk in the drive and follow instructions, I shouldn’t be allowed near a computer. And since I paid cash, there is no record of either a debit or credit card number.

These emails came from different addresses, both gmail and both phone numbers are different. Note also the amounts differ. The first is for $349.89 tax included and the second for 399.99 with no mention of taxes. If the scammers are working together, and I find it hard to believe two separate people came up with the idea of a Geek Squad scam at the same time, you’d think they’d at least stick with the same price. Also notice the awkward sentence structure.

One other possibility just came to mind. Somewhere in western Canada is a woman who seems unable to remember her email address and frequently gives out mine in error. I say “in error” because I’ve received family newsletters and vacation plans from her friends. I’ve also received emails regarding orders from legitimate businesses in western Canada. I know because I’ve phoned a couple of these firms upon receipt of their messages.

If you have bought goods from Best Buy and signed up for support, if you get one of these emails, check with Best Buy then delete the message.

Summer is almost here. Stay safe, wear a mask when and where required and remember to give an artist a socially distant hug – we need love too.

Cat.

Of course it’s true

This morning I found the following email in a spam folder for an email account I rarely use. I removed part of the email address to keep me out of WordPress’s bad books again.

Officefile2001

Greeting!
This is Mr. Chad F. Wolf, the current Secretary of Homeland Security.
During my routine checks on our warehouse yesterday we discovered a cargo box, while scanning the box our cash tracking machine has detected that the content of the Box the diplomat was delivering to you is cash worth $ 8.5 million.
The diplomat who arrived with the box made several attempts to reach you. All the efforts he made were abortive so he decided to leave the box and travel back to his country, so if you are interested in receiving this fund back then get back to me now with your full information for the delivery.
Copy this email and reply me now only officefileua
REPLY ON THIS EMAIL ONLY >> officefileua
My regards
Chad F. Wolf

Well, to give this person, whoever they really are, their due, the got the name of the acting Homeland Security Secretary correct. But that’s about all.

If I were in the United States and completely braindead I could probably convince myself that some unnamed diplomat from some unknown country really was sending me eight and a half million dollars. I could really believe this unknown person honestly wanted me to have all this cash, although I don’t recall any conversations of any kind regarding this transaction. But, if Homeland Security says they have all this money for me, who am I to argue? After all they are the government. So, of course it’s true.

Okay, enough sarcasm. Time to take this apart. First, it was sent to the email address I use on that account, which is much better than the usual “undisclosed recipients”. I suppose they (the mysterious “they”) feel it will have more impact if it’s a personal message rather than a shotgun approach. But, unlike email providers such as gmail, which could be anywhere, this is a specifically Canadian provider and most subscribers are in western Canada. So right there, if I’m getting a message from Homeland Security, I’m automatically suspicious since I’m not in the US. And think about this: If Homeland could find my email address to notify me, why couldn’t this unknown diplomat have done the same?

I’m not really sure how this works, but I think that the diplomatic corps of any country isn’t just going to abandon 8.5 million. That kind of money isn’t exactly chump change, no matter what country you’re in. I would also think that once the money is abandoned, it ceases to be covered by any treaties covering diplomatic immunity. That being the case, I know there are Customs requirements that all currency must be declared and failure to do so could result in either confiscation or a hefty fine.

I suspect that if anyone were to fall for this and contact this Chad Wolf they’d be told that if they want this money, they will have to pay this fine, plus processing fees and storage charges. In other words, the only parties to make any money from this transaction would be those running the scam.

If you receive something like this, don’t go buy a Bugatti. Do the sensible thing and just delete the message. While using the name of a known government agency and it’s current head may seem to give it a legitimate feel, it really is just intended to separate you from your hard-earned money.

Enjoy your day and remember to hug an artist – we need love (and social distancing) too.

Cat.

I won again!

I received the following in my inbox a couple of hours ago:

CNN’s Good Stuff

14:05 (2 hours ago)

Congratulations, You Have Been Selected To Get A $360 Cvs Pharmacy GiftCard,
In Order To Take Your Gift Card All You Have To Do Is Just Answering A
Short Survey About Your Shopping Experiences At Cvs

I’ve removed the email address and links to keep me out of trouble with WordPress (it’s happened before).

The problem with this email is first, I doubt CNN operates that way and perhaps the biggest problem of all is we don’t have CVS in Canada. Also, and not to sound greedy, by $360 sounds like an odd amount.

If you receive this email, be aware the actual sender’s address is a gmail address, not from CNN.

My advice is that if you get this email, just delete it, or do what I did and send a copy to CNN.

Take care and stay healthy,

Cat.

Sorry Sarge, not happening

I received the following email this morning. I’ve removed the email address to keep me in WordPress’s good graces.

Griffin, Christine Cgriffin

I am Sgt Monica L Brown I have a proposal for you! Please send me a reply on my personal Email:

slinbrown975

Rather cryptic and designed to instill curiosity in the reader isn’t it? Let’s look at it.

I am Sgt Monica L Brown Good for you. Are you in the army? Air Force, or the local police or some other paramilitary organisation that uses military ranking? Just telling me your rank doesn’t tell me anything useful.

I have a proposal for you! Really!! And what might that be? Do you have several millions in unclaimed funds you want me to help you smuggle out of the country for a cut of said money?

The extension on the sender’s email was “begavalley.nsw.gov.au”, which I translate to mean this was sent by, or on behalf, of the government of the shire of Bega Valley in New South Wales, Australia. A quick Google search shows this area is also known as “the Sapphire Coast” and it appears to be a tourist destination.

I have to ask myself why the government of a tourist area on the west coast of Australia would be contacting a 75 year-old woman in Canada with a proposal? The only thing that comes to mind is that the website has been hacked and this is in fact a scam. Having these suspicions, I have forwarded this to the Bega Valley Council for investigation.

As mysterious and inviting as this may sound, I strongly recommend you do NOT respond to Sargent Monica L Brown.

On the plus side, for a change it is well-written.

Cat.

The Nigerian prince has moved

I received the following email in a junk file this morning. I’ve removed the email address to keep myself out of trouble with WordPress (again).

From: MrDanielMminele

FROM THE DESK OF MR.DANIEL MMINELE
Direct Phone No: + 27 82 4026 229
Private Email: contact.danielmminel@

Dear Sir/Madam,

Peace Be Upon You,

My name is Mr. Daniel Mminele, I am currently working with a Financial Institution based here in South Africa. We offer short and long terms Loans which are tailored to meet important financing needs in the Agricultural, Industrial and Constructional production circle in the whole of the Southern Africa and beyond.

I am contacting you to partner with me to secure the funds US$ 42 Million United States Dollars deposited in the custody of our Bank here in South Africa by LATE MR. ALEXANDER VEREMEEVSKIY, a Russian Businessman and Investor who was involve in the Fly-Dubai Flight 981, a Boeing 737- 800, an International Passenger Flight that crashed during an aborted Landing due to poor weather at Rostov-on-Don Airport, Russia, on 19th of March 2016, resulting in the deaths of all the 62 Passengers and Crew Members on Board, May their souls rest in Peace. The fund was deposited as an Investment fund in 2015 with an open beneficiary. The fund has been with the Bank without anybody coming up for the claims.

I honestly seek your assistance to move these funds into your custody for safe keeping and investment purposes as the depositor has no known Next of kin. I have all the Legal documents necessary to claim the funds as I am directly involved in the deposits. All I need to do is to make you the beneficiary of the fund by filling your name in the appropriate documents and immediately move the funds out of its present place in your name to your account for safe keeping. The funds will be used for Investment purposes in your country as i have planned on investing my own share in a lucrative business venture and settling with my family.

I decided to this as i know all the circumstances surrounding the deposits and knowing very well that the depositor of the fund will not come back to claim the funds since he is deceased. I will send to you all the documents relating to this deposit and direct you on how to apply for the fund. I will give you further details when I receive a positive response from you on this issue. I will ensure all procedures to see the successful completion of this project.

I assure you that this transaction is 100% Risk Free .Be rest assured that we will not encounter any difficulty as the person directly involved in approving the release of the fund is also participating in this transaction. This transaction is Legal and we propose a 60-30% sharing pattern once the fund is transferred to your Account while the remaining 10% will be for all the expensive we might incur during the cause of the transfer.

Please keep this transaction very confidential and let me know if you will be of any assistance.

Best Regards,
Mr. Daniel Mminele.
Direct Phone No: + 27 82 4026 229
Private Email: contact.danielmminele@

******************************************************************************************************************************************************
The information in the Email and/or attachment(s) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521. It may be confidential and/or privileged and is intended solely for the person or entity to which it is addressed. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you have received it in error. The review, dissemination, copying, or taking of any action based on the contents thereof is strictly prohibited. If you have received this Email in error, please advise the sender by reply Email and then delete it and any attachment(s) from your system immediately. Thank you. *********************************************************************************************************************************************************

Interesting, isn’t it? First, this wasn’t sent to me personally. The “Dear Sir/Madam” is a good indicator this is a shotgun style scam. The generic salutation is designed to rope in anyone gullible enough to fall for it. Another sign this is intended to rope in as many people as possible is the “Peace Be Upon You”, which is a common salutation for those who follow Islam. Again, make the mark feel comfortable.

Notice this person doesn’t name the “bank” which employs him, nor does he use an email address that would appear to be that of a financial institution. The amount of $42 million US is certainly attractive. Based on the offered split, the recipient would be looking at a $12.6 million windfall. If this were real. The specific details of the crash are intended to encourage the mark to check to see if such a crash actually took place. I didn’t check it myself but presume the sender used an actual accident to show the veracity of the balance of his claims. But to my mind, the details are too specific, almost as if they were taken directly from a crash report.

The disclaimer at the bottom of the email is a nice touch but, if this is purportedly being sent from South Africa (no city – just a generic “South Africa”), why is he quoting US law and not the corresponding South African legislation?

Consider this as well: If someone is investing over forty million in any currency, chances are this is not an individual’s own funds, but if from a company. And you can be certain a company would know where $42,000,000 of their money is at any given time.

And now, the kicker in this: The email showed as being sent from: “Mr.DanielMminele” with a return email address at gmail. The actual sender turned out to be someone using the address “m_h_bruce834″ with a Yahoo address.

So, if you were to fall for this and send Mr Bruce the requested information, you wouldn’t find twelve point six million magically appearing in your account. It is much more likely you’d find your own balance diminishing at an astounding rate.

If you get this, or anything like this, don’t fall for it. As I said in the title, the Nigerian prince has moved, but it’s still the same scam.

Cat.

Submissions wanted from LGBT and HIV communities

I’m a transwoman and my co-writer, a positive woman, are working on a project detailing how society treats members of the LGBT and HIV/AIDS communities at the various stages of our journeys. A few years ago, I spoke with a psychologist at CAMH in Toronto who thought such a book would be a great benefit to them in their work.

We have our own experiences to draw on, but would like to hear other people’s experiences. No names will be used in this and any submissions will be checked to remove any clues that might give away your location. For example, if a submission from Toronto refers to “streetcars”, that would be replaced with the term “public transit” and any route names or number removed. Additionally, specific cities will be removed and replaced with either the name of your province or state, or a more generic term such as “midwest” will be substituted. We will do everything we can to protect your identity.

We both have friends in the LGBT and HIV/AIDS communities, so can call upon them for information, but that would be quite localized in scope. We need to hear from others, not just in Canada, but from anywhere. We especially would like to hear from transmen, for their experiences would no doubt be much different from my own. If you have generally found acceptance, great! Please tell us for that may give those just starting their new lives hope that things will get better. If you’ve experienced discrimination, or worse, please share that as well. Others need to know what pitfalls and danger may await them. Either way, we would like to share your story.

If you are willing to share your journey, you can send it to us at the following email address: 1outcastsofsociety@gmail.com Please remember the “1″ at the start of the address as the address without the numeral is taken.

Thank you,
Cat.

The answer is still “no”

I received the following email in my Gmail spam today:
GOOD NEWS FROM THE WHITE HOUSE

GOD BLESS AMERICA <WW.@oregano.ocn.ne.jp>

17:18 (21 hours ago)

to

GOOD NEWS FROM THE WHITE HOUSE

I am Mrs. Michelle Obama, and I am writing to inform you about your Bank Check Draft brought back by the United Embassy from the government of Benin Republic in the white house Washington DC been mandated to be deliver to your home address once you reconfirm it with the one we have here with us to avoid wrong delivery

Sixty million united states dollars 60,000,000,00usd that was assigned to be delivered to your humble home address by my husband Honorable president Barrack Obama the president of this great country this week by a delivery agent Mr JAMES BOOMBERG

I will like you to reconfirm to me the following details
Your phone number…………..?
Your current home address……?
Your full name…………………?
Occupation……………….?
Next of kin…………….?
Your email address…………..?
Password………………?

The reason I ask you to reconfirm to me this following details is to avoid wrong delivery.
FOR MORE INFORMATION ABOUT THE ORIGIN OF YOUR FUND YOU CAN CALL OR TEXT MY HUSBAND THE PRESIDENT OF THIS GREAT NATION +1 (202) 792-0696

Yours Sincerely,
MRS MICHELLE HUSSEIN OBAMA
FIRST_LADY USA

Wow! The First Lady is sending me an email telling me she has my sixty mill US from Benin.

There are problems with this message. First, although it purports to be from the White House, the extension on the sender’s email is “.jp”, which last time I checked was Japan. Second, the addressee is blank. And finally, I’m Canadian, so why the hell would Michelle Obama be sending me anything?

Couple more things are wrong. President Obama’s first name is spelled “barrack”, which as I recall from my army days is similar in nature to a dormitory. And when she “signed” the letter, she would have used her middle name, not her husband’s.

Being the cynic I am, I guess by writing this blog and telling others I’m doing myself out of sixty million dollars US, which at current exchange rates would be about seventy mill Canadian. Ah well, easy come, easy go.

Enjoy your day, don’t take any wooden nickels and remember to hug an artist – we need love too.

Cat.

This time she’s not playing

I was away for a couple of days and upon my return found this in my gmail spam:
Mrs Vivian Douglas <.it>

04:26 (22 hours ago)

to

Attn,

I have to inform you again, that we are not playing over this, I know my
reason for the continuous sending of this notification to you, the fact is that
you can’t seem to trust any one again over this payment for what you have been
in cantered in many months ago, but I want you to trust me, I cannot scam you
for $49 it is for bank processing of your payment, the fees of $49 is clearly
written to you before, I did not invent the bill to defraud you of $49 it is an
official bank payment processing fee, and the good part of this, is that you
will never, ever be disturbed again over any kind of payment, this is final,
and the forms from there becomes effective once we submit your payment
application processing fee and pay the form fee of $49 I don’t want you to
loose this fund this time, because you may never get another such good
opportunity, the federal government is keen and very determined to pay your
overdue debts, this is not a fluke, I would not want
you to loose this fund out of ignorance, I will send you all the documents as
soon as bank payment processing fee is paid, you have to trust me, you will get
your fund, find a way to get $49 you will not loose it, instead it will bring
your financial breakthrough, find the money and send it to our bursary. The
reason why am sending you this because I want you to receive your USD1.8M
immediately we are trying to round up for this payment program.

The processing charges which was initially on the high price has been cut down
by the payout bank considering the poor economic situations that make it
difficult for the middle class citizens to meet up with the processing charges
of their entitlement. Upon the confirmation of your processing charges you will
get your $1.8M into
your account within 15hrs.

Here is the payment information through western union money transfer only,
finally my advice to you is not to abandon this transaction because of the
requirement of ($49) send the fee through western union or money gram.

Receivers name:Prince Egbo
Location address:Cotonou Benin Republic
Text Question: When
Answer: Today
Amount required: $49

Sender’s Name:
MTCN Number#:
Sender’s address:

Sender’s full banking details to avoid wrong transfer:
NAME AND ADDRESS OF BANK:
ACCOUNT NAME:
ACCOUNT NO:

As soon as the payment is received today, you will receive your $1.8M the same
today without any delay.

Yours Faithfully,
Mrs Vivian Douglas
Email:@gmail.com
+22961129879

I’ve deleted most of the mail addresses just to keep from running afoul or WordPress policy – again.

This is interesting in many ways. First, despite her assertion she’s been sending me these emails for a while, that is not so, otherwise I would have written of it before. Second, although she is talking about a “prince” in Benin, the email was sent from an Italian (.it) website and the response is to go to a gmail address.

A few more red flags: The addressee has been left blank, as has the “attn” line. If you don’t know my name, why are you contacting me with this offer? And learn to use the correct word. It should be “lose” not “loose”.

Then there’s the information they ask for. What the hell is an “MTCN” number?

Sorry to burst your bubble, but if you are foolish enough to actually send the forty-nine bucks and the information, you’ll have lost not only the $49, but probably everything else in your bank account. If you receive this email, or anything similar, delete it. Answering it will not result in you becoming a millionaire.

Since it’s Friday, enjoy your weekend and remember to hug an artist – we need love too.

Cat.

Notes on a phishing expedition

I found the following in my gmail spam this morning and it easily lends itself to explaining some of the telltales it is a scam and/or phishing expedition. I’ve put the areas I wish to discuss in boldface for you.

CONTACT HSBC BANK FOR YOUR BANK TRANSFER UPDATE

Mr. Stanley Clarke @gmail.com>

01:48 (9 hours ago)

to

HSBC Regional Bank FL (HSBC Regional Bank)
Avenue Cotonou , BP 988 Cotonou Benin Republic.
Telex :5211 F B COTONOU BENIN REPUBLIC .
Tel::+22968579277
From the desk of, Mr. Stanley Clarke ,
Director Payment Department. Hsbc Bank
of West African(HSBC Regional Bank)
Instant compensation Payment valued at US$7,500.000.00 usd

It is my modest obligation to write you this letter as regards the authorization of your owed payment through our most respected financial institution (HSBC Regional Bank). I am Mr. Stanley Clarke , the chief executive officer, foreign operations department HSBC Regional Bank, the British government in conjunction with U.S government, united nations organization on foreign payment matters has empowered my bank after much consultation and consideration to handle all foreign payments and release them to their appropriate beneficiaries.
Having received these vital payment numbers, you are instantly qualified to receive and confirm your payment with us within the next 48hrs.

Be well informed that we have verified your payment file as directed to us and your name is next on the list of our outstanding fund beneficiaries to receive their payment before the end of this first term of the year 2015. Be advised that because of too many funds beneficiaries due for payment at this first quarter of the year, you are entitled to receive the sum of Seven million Five hundred thousand United State dollars (7,500.000.00 us dollars only) as part payment of your fund.
So you are therefore advise to re-confirm the following Information for immediate payment processing.

1) Your full name:…..
2) Your full address:….
3) Your contact telephone and Fax:…..
4) Your profession:…….
5) Any valid form of your identification/driven license:…

As soon as we receive the above mentioned information, your payment will be processed and released to you without any further delay. Be also informed that You are not allowed to communicate with any other person(s) or office so as to avoid conflict of information, you are required to provide the above information for your transfer to take place through HSBC Regional Bank to your personal bank account.

We look forward to serving you better.

Yours sincerely.

First, I doubt strongly a firm with the global reach of HSBC would be using a gmail address. Email would probably come from their own site. Incidentally, I deleted the sender’s name which was shown as “johnsonmarkso99″ because I’ve had a problem with WordPress not liking too many email addresses in blogs – they take it as spam and shut you down.

Next, Benin Republic. Benin seems to have become the new Nigeria for this type of scam. I’ve also received similar messages from Burkina Faso among others.

Another clue this is a shotgun style scam is that it isn’t addressed to anyone in particular.

US$7,500,000 is a nice amount to offer. Not too large as to seem suspicious, yet not small enough to make people ignore it. However, the way they showed the amount “US$7,500,000.00 usd” is not the way a legitimate banking operation would show any dollar figure.

Dummy, you forgot to change the year to 2016. If you did indeed mean “the year 2015″, you’ve been very lax in performing you duties in advising me.

Now that they’ve dangled the bait in the form of seven-and-a-half mill, they set the hook. Notice the information they ask for, especially the inclusion of a copy of some form of identification. If you were foolish enough to actually send them the requested information, you can not only kiss the 7.5 good-bye, but you’ve given them sufficient information to steal your identity. But of course since you’re one of my followers or readers, you have the smarts not to fall for this.

The fact you are advised not to tell anyone about this is to stop you from going to the authorities once they’ve stolen your name. (Damn!! Since I’m telling you, I guess I’m not getting my money. Oh well.)

There is one more thing that is glaring in its absence. They ask for all kinds of information except for the number of the bank account in which you want the money deposited. Were this legitimate, wouldn’t you think they’d need that information?

These are a few of the things to watch for the next time someone tells you they’ve got millions for you and they are all red flags.

Enjoy your weekend (unless you’re in the northeastern US, in which case, stay safe); don’t take any wooden nickels and remember to hug an artist – we need love too.

Cat