Sorry, wrong number

I received the following in my Gmail spam over the weekend:

Your Navy Account Is Under Review
Navy Federal <inft@usamail.org>

26 Jun (1 day ago)

to Recipients

Navy Federal Credit Union

Attention !!!

Our system can not verify your account and this might
leads to account suspension

please click here to resolve the problem.

*Warning*

Do not login elsewhere after you verify the account within 24 hours

There are a couple of things wrong with this message from my perspective and a couple of general red flags. First, I’m Canadian and second, have never served in the U S Navy. I did serve in the Canadian Army however if that makes a difference.

Now, the general warnings. The address “to recipients” is a prime giveaway you are dealing with spam. If it was a message specifically for you, it would bear your name. I am also suspicious of the email address of the sender. “usamail.org” sounds official, but I somehow doubt it really comes from the USPS.

The warning at the end not to log in anywhere else for 24 hours is something I’ve not seen before, but it raises concerns. Why is it necessary that I stay off the computer for 24 hours after I click on their link? Would doing so somehow mess up their trojan or whatever they’ve put on your computer?

If you receive this email, even if you are a Navy veteran, just delete it. Or if you have some concerns, use the telephone and call whoever you need do. Just don’t click on the link.

Cat.

Nice try

My email brought me the following early this afternoon:

iTunes <iTunes@websitewelcome.com>

Identity verification required

Dear Customer ,

You have received this email because our system has noticed some unusual activity under your Apple ID account.

We have taken steps to ensure nothing can be purchased until you have confirmed your identity.

Please take a moment to confirm it using the link below.
< Click Here

Thanks,
Apple Customer Support
TM and copyright © 2014 Apple Inc. 1 Infinite Loop, MS 96-DM, Cupertino, CA 95014.

Sounds serious, doesn’t it? I can’t speak for you, but when I see something like this, one of the first things I do is check my credit card statement to see if there has indeed been any unusual activity involving the company telling me I’ve been cut off. Since I haven’t bought anything from iTunes in months, any purchases would show up immediately and I’d be on the phone to the credit card company. Nothing. The only purchase in the last week was the incense I bought yesterday.

This showed as being sent “to me”, which is quite common for gmail I’ve found. But there is a little arrow that allows you to see more information. Clicked on the arrow and found something very interesting. It wasn’t sent from iTunes or Apple. Oh no. Here’s what the detailed information showed me:

from: iTunes <iTunes@websitewelcome

to: gcathoward@
cc: iTunes@websitewelcome.com
date: 2 May 2014 12:05
subject: Your Apple ID Has Been Temporarily Restricted
mailed-by: subaru.websitewelcome

Since WordPress’s robots consider any posting with too many links to be spam and blocks your account (I had it happen last year) I’ve removed the extensions on the addresses, but they were both “.com” and I removed the balance of my address for the same reason.

I’m working on only my second coffee of the day so perhaps my brain isn’t fully functioning yet, but am I the only one who finds it suspicious that a message purportedly sent by iTunes is actually being sent by Subaru? I suspect that had I actually clicked on the link I would have provided Subaru with all kinds of information that would have resulted in all kinds of promotional information being sent to me.

Not that I have anything against Subaru. We had a new sedan back in 1983 and I loved it. And truth be told, I’d love to have a new WRX Sti, but that ain’t gonna happen. Besides, there’s something about a 70 year old woman flying around in Subaru’s nastiest offering that puts people off.

If you receive a similar email apparently from iTunes, before you do anything, check your credit card statement. And when you find there is nothing unusual, delete the email. DO NOT, under any circumstances, click on the link.

Enjoy your day and remember to hug an artist – we need love too.

Cat.

They’re back

On September 9, 2012, I wrote a blog about China Shenhua Energy and their “contest” in which I won a 2012 3-series BMW (value$42,505 – same as this year) and one-and-a-half million US. I keep copies of these emails and the resultant blogs just so I can refer back to them, as in this case.

Today’s spam contained another email from them. This time the extension on the sender’s name showed “ru”, which is Russia. Seems a little odd for a Chinese company wouldn’t you say? There are a few things which stand out in today’s email. They’ve upgraded to a 2013 BMW for one thing.

Amazingly, the number they ask me to quote in my reply is the exact same number they used eighteen months ago. Does that mean I’m going to get a 2012 3-series? Still in the body of the bill, they ask me to contact Doctor Francis Chen. In the previous message, they gave me a London address. This time, while it asks me to contact Dr Chen, the contact information is for Dr Fred Chang, in New Delhi, India. Sloppy editing on their part obviously.

What takes this message from being just plain annoying to hilarious is the note they’ve added to the end of the email. Here it is in its entirety: * NOTE* : If you find this mail in your spam or junk folder, it is due to the service of your internet provider. Wrong. It’s in my spam folder because that is where the gmail filter put it. It has nothing to do with my internet provider.

If you receive this email, don’t give them any information. You aren’t going to get a BMW and 1.5 million. All you’re going to get is a lot of grief because you’ve provided them with enough information for them to set up a phony identity.

The same spam also contained a message from someone purporting to be Fedex telling me they were holding a package containing a bank draft for $750,000 US and if I send then $120 they’ll send it to me. I’ll get right on that.

Not a bad haul for a quiet Wednesday. Both emails, including the value of the car, mean that I’ve picked up about 2.3 million, more if I convert it to Canadian funds, before lunch. Maybe I can conquer the world. But first, I need coffee.

Enjoy your day and remember to hug an artist – we need love too.

Cat.

Truth in scamming

 

Despite the date, no, this is not an April Fools’ joke.

I found the following in my gmail spam today:

Pedro A. Bartzen pedrob@cascavel.pr.gov.br

This is a Scammed Victims Compensation by the UN for the sum of $400,000. If you have received this mail, get back to the Payout Bank representative Mr Mark Shawn for your funds with your personal details , by sending your Names, Telephone No and Address directly with the email below,

Contact Payout Bank Email : hboaf (email address removed by me. C.)
Regards,
Pedro A. Bartzen.
(UN Announcer)

I think the first four words sum up the intent of this message quite well “This is a scam…”. If this is indeed from the UN, why is it coming from a Brazilian email address and not the UN in New York? The return email address was from one of the many you can find without much digging, in this case “qq.com” which could be anywhere in the world, or nowhere.

The message mentions the amount of $400,000 but fails to say if that would all be for me, or if it is to be shared. I’m not greedy, but it would be nice to know. I think it is also very self-effacing of Pedro to simply describe himself as “UN Announcer” rather than some grandiose title as is more common with these scams.

Dear readers, if you receive this, delete it. Do not send your names, telephone number and address to these people. If you do so, the only people getting any money from this are the people involved and the money would be yours.

Enjoy your day and remember to hug an artist – we need love too.

Cat.

The name says it all

I found the following in my spam folder this morning (gmail is doing its job):

Gareth & Catherine Bull <yamaguchi-zb@m5.gyao.ne.jp>
   
22:34 (12 hours ago)
My wife and I won the Euro Millions Lottery of £41 Million British
Pounds and we have decided to donate £1.5 million British Pounds each to
4 individuals worldwide as part of our own charity project.

To verify,please see our interview by visiting the web page below:
http://www.dailymail.co.uk/news/article-2091124/EuroMillions-winners-Gareth-Catherine-Bull-scoop-41MILLION-lotto-jackpot.html

Your email address was among the emails which were submitted to us by
the Google, Inc as a web user; if you have received our email please,
kindly send us the below details so that we can transfer your £1,500,000.00
pounds in your name or direct our bank to effect the transfer of the funds to your operational bank account in your country, congratulations.

Full Name:
Mobile No:
Age:
Country:
Send your response to (garethbul2012@hotmail.co.uk)

Best Regards,
Gareth & Catherine Bull

Notice this one didn’t contain the usual “undisclosed recipients”, just nothing for a recipient. And I didn’t think “the Google Inc” would disclose their customer lists.  Well, “the Google Inc” might, but I doubt Google would.

Also notice that even though you are asked to reply to an email address in the UK the origin was actually Japan.  Another sign it’s a scam.

And since this is a scam and I wouldn’t see a penny anyway, I’m going to bitch a bit.  They won 41 million pounds (somewhere north of $60 million Canadian) and all they’re willing to do is give me a measly 1.5 million, or about $2,250,000 Cdn.  Cheapskates.

Do not – repeat “do not” – give them any information.  Doing so will only allow them enough access they can copy your identity. Just delete the message.

Enjoy your weekend and remember to hug an artist – we need love too.

Cat.

I don’t need it

The following ad popped up on my gmail today:    Free Spell Check Toolbar – http://www.DictionaryBoss.com – Avoid Spelling Mistakes with Free Spell Checker – Download for Free!

Correct me if I’m wrong, but don’t word processing programmes such as Word and WordPerfect come with spell check built in?  I know for a fact WordPerfect does because I sometimes use it, in fact I’ve got it set for Canadian English. I got Microsoft Word Starter as part of Windows when I got this system and yes, it too has a spell check feature (I just checked).  So why would anyone need to download a spell check programme from some outside source?

My concern with this particular programme being advertised is that I probably couldn’t make use of it for I suspect it is an American programme and would constantly correct words like “colour”. As I said, I don’t need it since I don’t use the American lexicon.  Another concern is this: what did they use as a source for their spellings?

Cat.

And who are you when you’re home?

Found the following in my gmail spam this morning:

Enchance Your Regions Online Access
    x
Regions Bank <Aerts_security@regionsbank.com>
    
10/12/2012
        
to undisclosed recipients

Dear Regions Member,

Your Regions Account was recently logged into from a computer, mobile device or other location you’ve never used before.
For your protection, we’ve temporarily locked your account until you can review this activity and make sure no one is using your account without your permission.

Did you log into your Regions Account from a new device or an unusual location?

– If this was not you, there’s no need to worry. Simply Download the attached member profile attacment and complete Regions verification form.Otherwise your account will be suspended soon.

For more information, visit our Help Center:by downloading the attachment form and click Submit .

Thanks,
Regions Security Team
Regions_Bank_Private_Login_Page_Verification_form.html    Regions_Bank_Private_Login_Page_Verification_form.html
99K   View   Download  

First telltale: undisclosed recipients.  This is a sure sign the message is either spam or phishing.  If it was a message intended for you, it would have your name on it, not a generic “hey you”.

“Regions Bank”.  As I said in the title, who are they when they’re at home?  Well, according to Google, Regions Bank is a legitimate enterprise with headquarters in Birmingham Alabama and branches in 16 states.  Well, that answers that.

Even with this information, I have trouble believing this is anything other than an attempt to get me to give up personal information.  For example, notice the date on this message  – 10/12/2012.  So has this been wandering aimlessly through cyberspace?  I ask because I got it on February 7, 2013, which is at least two months after it was sent or longer depending on whether they used mm/dd/yyyy or dd/mm/yyyy as the format.

The main question I have about this is “Can these people honestly expect that we would have forgotten whether or not we have an account with Regions Bank?  Do they think we will just automatically send them the requested information because the message is from a “bank” and therefore must be legitimate?  Then again, perhaps some people don’t have any idea where they bank, although I find that hard to believe.  But then again, with things such as direct deposit and the fact there seems to be an ATM on every street corner, some people haven’t seen the inside of their bank for years.

If you get this message, just delete it.  If you do in fact deal with Regions Bank, phone your branch to ask about this, don’t just blindly assume it’s a real message and respond.

Enjoy your day and remember to hug an artist – we need love too.

Cat.

They need better writers

I found the following in my gmail spam about fifteen minutes ago:
PAYMENT ACCOUNT ALERT
    x
IRS OFFICE <irsoffice1@globomail.com>
    
20:34 (0 minutes ago)
        
to undisclosed recipients

Internal Revenue and Deputy Commissioner for Services and Enforcement
 
 
Sir/Madam
 
This is an official advice from the Acting Commissioner of Internal Revenue and Deputy Commissioner for Services and Enforcement (Mr. Steven T. Miller). It has come to our notice that the Central Bank of Nigeria (CBN) has approved and released the sum of $1.5, 000,000.00 U.S dollars into a Bank in USA and in your name as the beneficiary by Inheritance means and as reward for default in the release of funds you are expecting from The Nigerian Government ,And the bank of Nigeria knowing full well that they do not have enough facilities to effect this payment from their Bank to your account used what we know as a Secret Diplomatic Transit Payment (S.T.D.P) to pay this fund through wire transfer.
 
But after the investigation on this fund, the attention Reaching Our Department from the Presidential Office in Abuja Nigeria Revealed that Such Transfer was made into The United States Bank as The officials handling this transfer has been Plotting on How to Divert The Funds into a Secret Account . But The UNITED STATES FINANCIAL CRIMES DIVISION (USFD) and THE FEDERAL BUREAU ON INVESTIGATION (F B I) has arrested Most of them and they are under the custody of Nigerian Authorities. The Reports Reaching Our Intelligence Department has declared that you are the original beneficiary to this amount then we have to carry out our investigation to know if they are telling us the fact because we believe that Nigerians are full of scams cheaters.
 
Now your fund is no longer in Nigeria rather its in a Bank accordingly to the Custody of the Internal Revenue and Deputy Commissioner for Services and Enforcement. You have to contact us immediately so that we Can direct you on how to receive your fund from the Bank. Now that you have been in communication with Our Office, you dont have any more problems hence the imposters in Nigeria are behind the bar but You are required to present a classified FUND ONWERSHIP PERMIT to be issued in your favor by The UNITED STATES FINANCIAL CRIMES DIVISION (USFD) so that of the Internal Revenue and Deputy Commissioner for Services and Enforcement can execute the payment order of $1.5, 000,000.00 U.S dollars to your favor.
 
You are also expected to Re-confirm This Office with the below Information Immediately; Your Full name…………..Address……………… Email address…… Country……..Telephone number………………
 
Thank you
 
Mr. Steven T. Miller 59.50.102.171
Acting Commissioner of Internal Revenue and Deputy Commissioner for Services and Enforcement

Where do I begin?  Well, beyond the obvious sign “to undisclosed recipients”, there are many telltales that this is not a legitimate message.  Another good clue is that although this purports to be from the IRS, it wasn’t sent from a US government email.

The English is quite frankly atrocious.  There is no possible way any government agency anywhere in the English speaking world would hire someone with such poor language skills.   The most honest statement, which you wouldn’t find in any legitimate correspondence, is “we believe that Nigerians are full of scams cheaters”.

If you get an email like this, laugh at it, then delete it.  If you do let your greed get the better of you and actually give them the information they seek, you’ve only yourself to blame.

Cat.

not their jurisdiction

I’m still in the process of proofreading my friend’s manuscript, so haven’t checked my email and spam much the past two days.  Found this from yesterday sometime:

FBI OFFICE <postmaster@deneme.com>
    
10 Dec (6 days ago)
        
to undisclosed recipients

Attn please,

This message is coming to you from FBI office here, We are writing this mail to inform you that your (Inheritance winning awarded funds of $1.5million) has been totally converted into a ATM Master card and it’s to be delivered to your address via courier service, Be inform that the courier delivery company will deliver the card with all the manual and instruction both with PIN code to access the Card upon receipt. It’s the best option to receive this amount since every attempt failed, therefore you will need to contact the Barrister that helped in re-claiming the check back and converted it into an ATM visa card with his address below:

Barrister Necter Polimars
Email: barristernecter-@superposta.com
Phone: +229 98651731

Send him your current address where the check should be delivered to and remember to indicate the Reg:code of ATM-0034 to him when making contact with him. Please also choose the courier service you would like to deliver the Card Post office is also working but could take the card much time to get to you.

Please endeavor to inform us once you have received the ATM Card.

Sincere regards
Robert S. Mueller

FBI Monitoring Team Service

Once again, sign number 1 is “undisclosed recipients”.  If it was intended for me, why not just send it to me?   Where do I go next?

Well, the email address of the sender “deneme” is the same address used in the earlier phishing expedition for gmail information – see my posting “This is a fake”.

The telephone number for the “barrister” has a Benin country code, which also seems a little suspicious.  And (and perhaps one of my English readers could advise me) I thought barristers did courtroom work and this should have been from a solicitor.

Now, I know I wrote about an ATM scam a little while ago, although I’m too lazy to look it up, but that originated from some other African nation.  Since the origin and the “barrister” are located somewhere in Africa, Benin apparently, and I’m in Canada, the FBI wouldn’t have any involvement in this anyway unless they were investigating it.  Also note the message merely states “FBI office here”, without specifying where “here” is.  Hell, we have FBI agents at the US Consulate in Toronto (special assignment dealing with gun smuggling).

If you receive this email just delete it.  If the FBI really wants you, they’ll come and get you – same as the RCMP would in Canada – so don’t worry.  It’s just someone trying to steal your identity.

Cat.

I am not your “dear”

In addition to the gmail phishing message, I found the following in my spam today:

Mr Richard Best <richardbest1685@myfastbox.it>
    
07:19 (6 hours ago)
        
to undisclosed recipients
Greetings my dear,

How are you?

I am delighted to inform you about my success in getting the funds transferred under the cooperation of a new partner from
Paraguay. I am grateful to God. Presently I’m in Paraguay for investment-projects; I did not forget your past efforts and
attempts to assist me in transferring the funds,despite your inability to finance the transaction. Now contact my secretary
in Accra Ghana, his name is Mr.Clement Awauh, through this e-mail address ( clementawauh@zing.vn ) and ask him to
send the total of $950.000.00 which I kept for your compensation for all the past efforts and attempts to assist me in this
matter.
 
I appreciated your efforts at that time very much, so feel free and get in-touch with Mr. Clement Awauh and discuss with him
how to send the money to you.
 
Remember that I had forwarded instruction to my secretary on your behalf, so feel free and get in touch
with him,he will release the amount to you without any delay.

Regards,

Richard Best.

This was the second message.  The first was sent three minutes earlier and reads exactly the same.  Do you think he really means it since he felt the need to tell me twice?

Again, “undisclosed recipients” is a good sign it’s a scam or phishing expedition.  I can only imagine the information this “secretary” would require prior to “releasing the funds”.  DON’T DO IT!!

Just for my own curiosity, about two years ago, I started keeping a folder of all these scam messages I receive and I also put a copy of my posting in that folder as well.  As a result of doing so, I am aware that once before someone used the excuse they were in Paraguay on a business deal, but the name wasn’t Richard Best.

Notice that although “Richard” claims his secretary is in Ghana, the secretary’s email address ends in “vn”, which is Vietnam.  And Richard’s address is in Italy. I realize it is possible to get an email address in places other than the country of your residence, but it seems more than a little suspicious to me.  But then again, I am always cynical when I get these offers of money.

Once again, don’t fall for it.   If you don’t remember any previous contact with this man, it’s a fraud.  And if he feels he can call you “my dear”, why didn’t he send the email directly to you.

“Richard”, I am not now, nor have ever been, or will be, your dear.

Cat.