Violet and Allen Large – Lottery Windfall Scam

1 Reply

I’ve seen hundreds of spam emails, for a year or more, that reference the Canadian couple, Violet and Allen Large.

The Story
The elderly couple, who lived in Nova Scotia, won $11.2 million in a Lotto 6/49 jackpot in July 2010. They decided, due to the fact hat they were retired and had plenty of savings to continue to live comfortably, to give away the bulk of their winnings to family, local churches and various charities.

The Scam
Almost immediately, the scammers started sending out emails containing details of this true story. Typically, the pitch goes like this:

My wife Violet and I Allen Large won $11.3 million in a lottery 6-49 in July, 2010 and we have decided to donate the sum of $2,000,000.00 USD to you. Contact us via our personal email for more details (violetlargealln@rogers.com). You can verify our story by visiting the web page below. http://www.ctvnews.ca/n-s-couple-gives-away-11m-in-lottery-winnings-1.570916

The link, which is usually to a worldwide news website article about the story, gives the scam bona fides. The amount ‘won’ is generally $2,000,000.
Violet and Allen Large

How it works
The scam is the typical ‘Advance Fee Fraud’ (aka Nigerian or 419), where a large sum of money can only be released by submitting a relatively smaller amount. This takes the form of taxes, bribes, customs, shipping, security, courier, lawyers and any other fees the scammer can think of. A check may arrive in the post, but it’ll be fake or stolen so don’t order your new Porsche just yet.

The amazing thing about these scams, which more usually are about Deposed Dictators’ fortunes, is how long they last. Scamdex has emails and Scam Tip submissions going back years and yet the scam must still have legs, judging by the continuing flow. Scamdex continues to collect, index, and publish information on these scams but …

Scammers have always relied on and profited from P.T Barnum’s famous maxim, “There’s a sucker born every minute”.

Read more: http://www.ctvnews.ca/canada/two-years-after-big-lottery-win-n-s-man-still-plagued-by-scam-artists-1.1194035#ixzz2SXBjhATt

http://419.bittenus.com/11/11/allenandvioletlarge.html

http://www.dailymail.co.uk/news/article-1326473/Canadian-couple-Allen-Violet-Large-away-entire-11-2m-lottery-win.html

RECAP DISTRIBUTION IS A JOB SCAM

1 Reply

A recent Scam Tip Off Report tells me of a Logistics Position for Recap Distribution. Supposedly operating in Finland, all the money seems to flow to Russia.

It’s a simple enough scam – You take a job as a ‘Receivables Clerk’. Packages arrive and you send them on to another address. Money comes in to your PayPal account, you ship it somewhere else bu Western Union.

SCAM JOB COMANY – RECAPDIST.COM


Now you know that the packages were bought with stolen credit card numbers, right? and the money in your paypal account? same thing.

All goes well for a while until a cop turns up on your doorstep asking why you are (a) handling stolen goods and (b) money laundering. Demanding some kind of restitution.

So, if that kind of thing sounds good to you, go to the Recap Distribution Careers page on their website at RECAPDIST.COM

Which has been operating since way back in NOVEMBER 2012

Domain Name: RECAPDIST.COM

Registration Date: 14-Nov-2012
Expiration Date: 14-Nov-2013
Registrant Contact Details:
Recap Distribution
Danny Jones ()
Mannerheimvagen 12
Helsinki
Helsinki,00100
FI
Tel. +358.358923161434

Hey buddy, what password are you using?

Leave a reply

SplashData.com recently published the following information regarding the most popular 2012 passwords on the web. The ranking was based on password information from compromised accounts posted by hackers online. The article was also featured on blogs.avg.com.

This year, the list is back! So it’s time to see how, if at all, users have learned their lessons about what makes a strong password.

Here’s the full list and how it compares to last year’s:
# Password Change from 2011
1. password Unchanged
2. 123456 Unchanged
3. 12345678 Unchanged
4. abc123 Up 1
5. qwerty Down 1
6. monkey Unchanged
7. letmein Up 1
8. dragon Up 2
9. 111111 Up 3
10. baseball Up 1
11. iloveyou Up 2
12. trustno1 Down 3
13. 1234567 Down 6
14. sunshine Up 1
15. master Down 1
16. 123123 Up 4
17. welcome New
18. shadow Up 1
19. ashley Down 3
20. football Up 5
21. jesus New
22. michael Up 2
23. ninja New
24. mustang New
25. password1 New

Scammers turning your WordPress Website into a Spam/Malware Distributor

4 Replies

So I get an email from Google complaining that several links from my son’s blog (which I will not name here) are linking to malware sites. The sample links they included were valid but completely foreign to the site, and the pages themselves were mangled versions of existing blog posts, with long lists of search engine spam and a few websites.
Needless to say, these were not of our making so I set out to investigate and clear them down as soon as possible.
The blog is concerned with my 12 year old son’s love of all things Lego which, since getting his own laptop and discovering Minecraft, has been languishing since his last post in July 2012.
The spam pages are not referenced from the valid blog pages in any way and have been in place since October. Only Google, chiding me about pages with my Adsense code being used to point to Malware alerted me to the breech. Otherwise I would never have noticed.

How it got there?

I suspect that the intrusion method was a theme I installed in October. It’s just a guess though – WordPress is so ubiquitous, I’m sure there are loads of vulnerabilities, especially if the constant stream of updates is anything to go by. Suffice it to say that they got in, and with enough authentication to allow them to upload files.

What I found

I found a couple of anonymous type directories under the ‘/wordpress’ directory: “imgxkm” and “imguut”. The content was a load of files of the form 74XXXXX.html. Each file was a complete webpage which seems to be spam content mixed with genuine blog page content. There was also an index.php.txt file which does a lot of stuff which I was in no mood to examine.
The important file, the one that makes the whole thing work is a .htaccess file. For those not in the know, this file is the Swiss-army penknife for web developers – it can make black into white and cure cancer – it can also take a mangled-looking url and make it go to a perfectly normal-looking webpage (and vice versa). Anyway, the job of this one was to take those odd looking SEO-spammy type urls and serve them up with a content-rich webpage – all without the website owner knowing a thing about it.

What Now?

I dont have time to completely debug this issue, I’m just glad to have found it (thanks to Google’s ever vigilant search engine spam detection algorithms). If you get messages from Google relating to webpages that you dont recognize, check for .htaccess files like this one.

Bon Chance!

dDos attacks on Scamdex – an apology.

Leave a reply

Running the Scamdex Website isn’t a full-time job but occasionally I fall foul of the lovable rogues who perpetrate these scams and who get upset when I tell people about their doings. For example, from mid November in 2012, I had a week of distributed denial of service (dDos) attacks which effectively made Scamdex.com stop responding to requests.

A day or so into the attack, I was contacted by the instigator; a nice Russian scammer who said “You see I can bring your server down, now remove the post”. He referred to a post someone had made in the Scam Tip Off Reports section of the site.

I’m sad to say that I had no option other than to comply with is threat on the grounds of ‘The Greater Good’. Cowardly you may say, but dDos attacks are not to be taken lightly and while they were going on, no-one would be able to see anything on Scamdex.

You have all seen the effects that dDos attacks have on even the biggest Internet presences – with all their resources and experts, they can still be reduced to server farms full of technically dead servers – Scamdex really can’t fight this.

I’m sorry if the Russian scammed someone who just might have been saved if the original post had remained online, but my duty is to the whole Internet community, above and beyond the individual. Mea Culpa!

Just how valuable is a Hacked PC?

Leave a reply

The massively informative “Krebs on Security” Blog published this graphic which is a startling depiction of just how valuable a compromised PC can be to cyber criminals.

Often the owner of such a PC does not even know that this has happened, and there are millions that have. Check your own PC regularly for oddities and update your malware/virus/firewall softwarre to prevent your own machines becoming a tool of scammers.

From Krebs on Security blog, a graphic showing the value to hackers, scammers and cyber criminals of a compromised (Hacked) PC.

The [domain] names change, but the “Data Conversion Job” Scam remains the same…

12 Replies

“Data Conversion Job Scam”?

Yes – this has been running for several months now. This is how it works:

A spam email, probably coming via a job seekers website [such as Careerbuilder.com or Dice.com or Monster.com or Craigslist.com] tells the victim about a great employment opportunity he can do at home – all he has to do is transcribe some written text into a software program and send it off.

Scam Job Website Garindata from Scamdex

The employer website domain name changes but they almost always use the term ‘E-Books Conversion and Data Technology’ and is similar to the image here.
The applicant (Garindata Scam Job Application Form) ALWAYS gets the job and, after agreeing to the benefits etc, is directed to go to the website of a software company that has a product that he will need to perform his function. He will, of course, be fully reimbursed with his first paycheck!
The Software company is unique in Internet terms, of being unable to accept any form of credit card, PayPal, MoneyBookers or any other Internet payment method. No – all they accept is WESTERN UNION (which basically means untraceable, uncancellable, unverifiable cash payments). The cost for this ‘software’ is around 57 Euros.

Garindata scam job employment confirmation card


This is the whole scam
Continue reading

FTC Kills “MAKE MONEY FROM WEBSITES” Scam

Leave a reply

An Own-Your-Own Website Business Opportunity where consumers would make money from links to major retailers was halted by the FTC.
An operation that lured consumers into spending thousands of dollars for Internet websites and advertising by misrepresenting that they could make lots of money by linking the sites to major retailers. The court ordered a stop to the defendants’ allegedly deceptive practices and froze their assets pending further litigation. The action is part of the FTC’s ongoing efforts to protect consumers in financial distress.

There are many of these ‘Business Opportunities’ on the Internet and only the most egregious (read “Greedy”) are ever brought to account. The rest go on taking millions of people’s hard earned money with dubious, immoral, illegal and downright criminal schemes. As soon as the current pool of suckers is exhausted and/or the law start sniffing around, they close up shop and reopen with a new name, domain name and logo and just carry on.
Continue reading