Email Scams

Email is the preferred way to propagate scams.

Scamdex Data used in Research – if only they’d asked!

So a routine search turned up a little Research Paper from the University of Nebraska in Omaha.

Trends in Phishing Attacks: Suggestions for Future Research (2011) | Ryan M. Schuetzler | University of Nebraska at Omaha, rschuetzler@unomaha.edu

While I’m flattered by being used as a creditable source, I am upset that they:

  1. Used the Scamdex Email Archive without permission.
  2. Did not contact Scamdex to get permission.
  3. Used ‘Screen Scraping’ tools to (in their words)

    …To obtain a corpus of phishing emails, we scraped 2709 emails from Scamdex.com (“Email Scam, Internet Fraud, IdentityTheft & Phishing Resource,” n.d.). This corpus contained emails over a 3-year period from November 2006 to June 2009.These emails were submitted to Scamdex by recipients of phishing attacks..

  4. Did not credit Scamdex in their references.

The legality of screen-scraping, a term used for software tools that extensively mine or extract information or complete contents of a website, is debatable – Generally speaking, if commercial use is made of the result then it gets a bit tricky, but for research purposes a lot more latitude is generally given. The Electronic Frontier Foundation has a good one-pager on Fair Use.

If asked, Scamdex would have been completely happy to collaborate. We do ask (nicely) that …

“Any derived content from the Scamdex.com website must clearly show attribution to Scamdex.com as the source and must include a link to the original information”. –http://www.scamdex.com/About-Scamdex.php#use

Scamdex is happy to be used as a research tool, but in future – ask first, then make sure it is credited – is that too much to ask for?

Voice Message Notification Email Warning Could Be Ransomware

Voice Message Notification Email Warning Could Be Ransomware
Don’t play voice mail messages from suspicious sources.

Xavier Mertens at the SANS Internet Storm Center:

“Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification do they have in common? All of them have a phone number and with modern communication channels… everybody can receive a mail with a voice mail notification. Even residential systems can deliver voice message notifications.”

One of the currently most prevalent ransomware strains called Cerber has even experimented with text-to-speech synthesizers to threaten victims to pay the ransom.

This new voice mail attack email arrives with an attachment, which supposedly contains a voice message, in a .wav file compressed in .zip folder. The folder actually contains hidden malicious code that will install ransomware and renames files to [original file name].crypted.

The delivery mechanism may be exploiting the fact that missed call notification emails are enabled by default in Microsoft Outlook.

Consumers appear to be the first target of this ransomware campaign according to Mertens. The initial phishing attack campaign contained a voice message regarding a modem from Vigor, a UK distributor of ADSL modems for the residential market.

Here is the blog post with a screenshot, showing how this looks:
https://blog.knowbe4.com/heads-up-voice-message-notification-email-warning-could-be-ransomware

Is it Polish? No – it’s a Czech Scam!

I would say that 99% of all the scams I see are in English. A smattering of French, Russian and German, even occasionally Italian and Spanish. I have no way of identifying character-based languages (Japanese, Chinese) but I try. This is a new one for me – I first assumed it was Polish, but Google Translate tells me that it is in fact Czech!
Nothing in the email explains why this is so and the bank references is a British bank and the email address is also British.
Still, interesting to see!

From: Mail [mailto:ewen-ss@gmx.co.uk]
Sent: Thursday, April 21, 2016 12:07 AM
Subject: Od pana Ewen Stevenson (Obchodní návrh)

Z: p Ewen Stevenson
Výbor pro audit Group
Royal Bank of Scotland – Anglie
Obor: 48 Haymarket,
LONDÝN SW1Y 4SE
SPOJENÉ KRÁLOVSTVÍ

Komplimenty na vás,

Prosím, můžete věřit? Jsem pan Ewen Stevenson, pracuji tady v Royal Bank of Scotland – Anglie. DůvÄ›ryhodný poradce pro více než 20 let a v současné dobÄ› místopÅ™edseda výboru pro audit Group / finanční Å™editel; Royal Bank of Scotland – Anglie. Rozhodl jsem se hledat důvÄ›rné spolupráce s vámi pÅ™i provádÄ›ní dohodu tady pod popsáno, že bude mít ohromný přínos pro nás oba i tÄ›ch ménÄ› privilegovaných bude mít rovněž prospÄ›ch, a doufám, že si udrží to jako vrchol tajné vzhledem k povaze transakce.

V průběhu našeho Bank ročního auditu, jsem zjistil, nevyžádaný / opuštěné fondů, celkový součet £ 21.500,000.00 britských librách (dvacet jeden milion pět set tisíc britská libra) v účtu, který patří k jednomu z našich zahraničních zákazníků (Late pan . Moises Saba Masri), který byl židovský (syrského extrakt) mexický podnikatel bohužel dne 10. ledna 2010, Saba přišel o život poté, co jeho vrtulník havaroval v Cuajimalpa spolu s manželkou, synem a manželkou svého syna.

Volba Vás kontaktovat vzbudil z geografické povahy, kde žijete, obzvláště vzhledem k citlivosti na transakce a důvěrnost zde. Nyní náš bankovní bylo čekání na některý z příbuzných přijde-až k tvrzení o dědické fondu, ale bohužel všechny snahy se, že neplatné. Osobně jsem byl neúspěšný při rozmisťování ani příbuzné ani žádný nejbližší příbuzný k (pan Saba) po dobu 5 let. Na této týče, teď mám usilovat o váš souhlas k vám jako další příbuzný / Bude příjemce, aby zemřelého tak, že výtěžek z tohoto účtu oceněn na 21,5 liber milion britských librách šterlinků může být vyplacena na vás. To bude vyplacena, nebo sdílená v těchto procent, 50% pro mě a 50% na vás. Slibuji, že poskytnou vám všechny nezbytné a právní informace je, že mohou být použity k zálohování toto tvrzení jsme o tom s bankou.

Všechno, co potřebujete, je nahrát své osobní údaje, jak je uvedeno níže je uvedeno v naší databázi bankovního systému, aby vám ukáží jako oprávněný příjemce by měla být v případě bankovních šeků. K dispozici bude právní dokumentace, která musí být dosaženo v souladu s Brity zákony, aby se předešlo problémům. Všechny Žádám nyní je vaše nejvíce upřímná Co-operation a absolutní důvěra není pochyb o tom, aby nám umožnila vidět tuto transakci prostřednictvím. Možná, zaručuji vám 100% úspěšnost, která bude legalizován v takové vzdálenosti, že tato transakce bude provedena za legitimní uspořádání a působnosti zákona, který bude chránit vás z jakéhokoli porušení smlouvy, a to jak ve své zemi, a tady v Londýně.

To je velmi naléhavé. Prosím, mi poskytnout tyto informace je, jak máme 5 pracovních dní spustíme ji projít:

-Vaše celé jméno,
-Vaše Kontaktní adresa &
-Vaše Přímá čísla mobilního telefonu.
-Číslo faxu.
-Tvůj věk
-Vaše profese :

S proÅ¡la metodický vyhledávání, rozhodl jsem se Vás kontaktovat doufat, že vás najdou tento návrh zajímavé. Prosím o vaÅ¡i pozornost této zprávy indikující váš zájem, poskytnout výše uvedené informace potÅ™ebné k tomu, aby mi nahrát vaÅ¡e data do Royal Bank of Scotland – Anglie databázi tak, aby odrážely v naší síti systému banky. PravdÄ›podobnÄ› bude banka být pÅ™esvÄ›dčeni, že jste ve vztahu k rodinÄ›, ani jmenoval nejbližším příbuzným / bude příjemcem (pozdní pan Saba). Já vás bude vedení o tom, jak otevřít komunikaci s bankou a dÄ›lat nároky na další pÅ™edávání fondu na váš bankovní účet.

Váš upřímný souhlas na tento e-mail a obchodní návrh bude vysoce ocenil. Zavolej mi na obdržení tohoto e-mailu pro více diskusí.

Poděkoval vám v očekávání pro vaši rychlou odpověď.

S úctou Váš,
Pan Ewen Stevenson.

100 Days of Scams – Dying Woman’s Charitable Bequest

A heart-rending plea from a dying woman for you to take her life savings and distribute them (keeping 30% for yourself).

Uses a valid news source to provide veracity.

The scam is a simple enough Advance Fee Fraud (aka AFF or 419 scam). Before you see a cent of the $20 mission, you will have been asked to send a chunk of change to a shady attorney/bank official/customs official/tax man to cover various fees/taxes/bribes etc.

Hello my dear beloved.
My private email address: ritajmadine71@gmail.com

I am Mrs. Rita J. Madine from republic of Ireland, born in the state of Ohio USA. I am legally married to Mr. Hilary madine, a South Africa citizen born brought up in Switzerland, i live in Switzerland with my husband for 32 years before we move down to south Africa in 1985 after my husband retirement in 1984, i am 71 years old by the grace of God. I am a God fearing person, and i am suffering from long time (illness) cancer of the breast. This illness (sickness) has troubled me for a long time.

All indication from my doctor that my condition is really deteriorating and getting worse; and it is quite obvious that I wouldn’t live more than three months, according to my doctor and in all indication regards to medical analysis. This is because the cancer disease has gotten to a very bad stage that no hope for me to be a living person again. My dear husband was involved with the January 2000 Kenya airways plane crashed as you can see on the news line web site. Http://news.bbc.co.uk/2/hi/ africa/6627485.stm )

40 years period of marriage life, still we could not produce any child, my late husband was very wealthy and after his death, i inherited some part of his business and money in the bank. The doctor has advised me that i may not live for more than three months and 2 weeks and warn me to stop from thinking over who is going to inherit me and the wealth. Based on that, today i have decided to donate and contribute to the less privileges, charity homes, and orphanage homes and to those displaced by wars going on in the middle-east and around the world. I made this decision after listing to the news line about 100 years old woman who secretly donated her fortune and wealth upon her death,
http://www.myfoxspokane.com/ dpps/news/dpgoh-woman-donates- secret-millions-upon-her- death-fc-20100305_6410207 \http://www.youtube.com/watch? V=o8o-e-ilsum

I choose you after viewing your profile and I have the confident in you because i have prayed. I am willing to donate the sum of $20.5million us dollars, to the less privileged of which you will be responsible in taking care of the disbursement and sharing of this money to organizations that i will appoint. Meanwhile, you will also get 30% of the money which will be; six million and one hundred thousand dollars ($6,100,000) as your compensation for helping me fulfill this desire of donation.

Please I want you to note that this fund is still in the bank where my late husband deposited it, I am going to advice my lawyer to change my last will to your name and file in an application for the transfer of the money in your name. Lastly, I honestly pray that this money when transferred to your account will be used for the said purpose even though I am late then or alive, because I have come to find out that wealth acquisition is not always the final thing in life or death if you do not help people as well when they need it. Please bear it in mind that all the money will rightfully belong to your name as quickly as i get your reply, and I made the promise to God that the fund will be used to help the needy and the less privilege, reply me through this email: may the grace of our lord the love of God and the fellowship of God be with you and your family, please further discussion, contact me with my email address:

Reply me through this email: ritajmadine71@gmail.com

I await urgent reply.

Remain blessed
Mrs. Rita J. Madine,

100 Days of Scams – Mystery Consignment Box

So, you’ve been contacted by a senior officer at JFK about an abandoned diplomatic consignment box, containing (approx) $12.5 M, which for some unknown reason has your name on it.

Unlikely as that seems, they want to send the box on to you, but there’s a couple of trifling details – a ‘clearance’ fee of $6,250. Pay this amount and (half) the $12 million will be yours!!!

Dear Value Beneficiary,

I am Brent Paul. Douglas, a senior officer at John F. Kennedy International Airport (JFK) New York. I have contacted you regarding an abandoned diplomatic consignment box and the x-ray scan report box revealed some US dollar bill in it which could be approximately 12.5Million dollars and the official paper of the box indicates your contact details. To confirm you as the authentic beneficiary and also for security Purpose, do send me your full information for crossed checking of your details with the information stated in the office.

YOUR FULL NAME, YOUR HOME ADDRESS, OCCUPATION, GENDER, YOUR HOME/MOBILE TEL NUMBER AND NEAREST AIRPORT CLOSE TO YOU.

For your information, the box was abandoned by the diplomat who was on transit to your city because he was not able to pay the (JFK) clearance fee of 6,250 dollars. I have taken it upon myself to contact you personally about this abandoned box so that we can transact this as a deal and share the total money 70% for you and 30% for me. As soon as I get the requested detail from you for verification. I will pay the clearance fee and make arrangement for the box to be delivered to you which can be concluded within 4-6 hours after confirmation is made and upon your acceptance and willingness to co-operate. All communication must be held extremely confidential to ensure a successful delivery. Kindly click reply and get your correct and valid details to me as soon as you get this email.

I will give you a call after my confirmation.Reply Email: infoswiftcard@yahoo.com

Sincerely
Brent P. Douglas

100 Days of Scams – From The White House

#100daysofscams

So the White House denied all knowledge of this email – Thanks Obama!

———————————–

The white house
Office of the presidency
Pennsylvania Avenue and 17th street, NW
Washington, D.C.

Debt settlement of us$10.5 million,
Date: 19th February, 2016

Attention: Humble Beneficiary,

I have been instructed by the White House president Barrack Obama, and the senate committee on debt settlements, to communicate with you regarding your unpaid payment contract/inheritance fund worth us$10.5 million. This is to find out from you why you have not been able to receive your approved fund up till now?

This is to notify you that you’re debt settlement contract/inheritance fund have been programmed for immediate payment to you once you are ready to corporate with this office and your inheritance fund payment has been finalized to be released to you as the legitimate beneficiary of the fund.

Meanwhile, I want you to clarify if you indeed approve a man few days ago to claim your fund on your behalf, who now claim that he is your representative sent by you to receive your fund.
Note that he actually tendered some vital document, which proved that you actually sent him for the collection of these funds.

Below is the list of the documents which he tendered to bank:
1. Letter of administration.
2. High court injunction.
3. Order to release.

Due to the nature of my job as the presidential secretary, I cannot afford to make any mistake in releasing the approval fund letter to anyone except you who is the recognized true beneficiary to these funds. Note that I asked him to come back next week so I can verify this fact from you first to know what to do.

However, I am waiting to hear from you shortly, as you provide the required information bellow to enable us start the processing of the payment release order to you. The required information is as stated below:

1. Your name:
2. Your address:
3. Your telephone:
4. Fax:
5. Age:
6. Sex:
7. Your occupation:

I am waiting to hear from you as soon as possible so that I will work with you and make sure that your due belong fund is been released to you as the lawful beneficiary.

Best regards,

Katherine B. Johnson
Personal secretary to United States president Barrack Obama

100 Days, 100 Scams received by Email

99.5% of the email scams we receive are in the English language. There may be a few in Chinese/Japanese that don’t get identified by us, but it’s not so easy to spot them. This one appears to be Turkish, and is presumably about getting some of AYMAN AL ZAWAHIRI’s money:

Bey,

bana izin ver cunku sende yardim istiyorum,benim baska secim yoktur.Benim
isim :KAPTAN,Bir A.B.D ni Ulke,(missisipi) dan benim koy,ben bir A.b.d
askenim ama iraki dan baglanti yaptem Beni.

Neden bu konu soyleyorsun sende yardim istiyorsun cunku bu is benim hayatim.
Benim iraq asker da baglanti yapten cunku once ki savas zaman sok yerde kirimis
,onda dolayi tamir etmek icin A.B.D asker baskan beni irak gonderdik .sende iyi
biliyorsun butun iraq binarlar tamir edicek sok yapicek tamir var onda dolayi beni irak
gonderdik cunku ,benim is bu.
Baska zaman da binarlar yikimak gerekiyor ,emde yeni bir plani,ben hakki veriyorum
yani binarlar nasil yeni yapicek .bu is sok risk var bende cektem,cunku salisiyor erken,
iraklar terrorist baskin yapten,sok asker hayattin kaybetin .Benim 12yil arkadasim
hayattin kaybet,bu ay da 3 gun once oldu,2016 yil,tam 11:00 sat,ben kontrol ediyorsun
haifa sokak ,neder sok uzun binarlar var,bu binarlar saddam hussein yasiyor zaman
yaptek.Ben uc aske koruyorsun.Sonra sella da bir garip bisi gordum,oda eski dan,depo
gibi. Ben kontrol etmek gitem, o depo kapi actem zaman delik icinde 6 tana demir
kutu cikte,ama evsi kilitlendik,kilit kirimis zaman kutular icindeki gordum zaman
sok sasildim bir kas kutu,icinde silah ve kursun var,bir kas kutu da uyusturucu,(heroin)
var icinde. kalan iki kutu actem zaman kutular icinde .A.B.D parasi var,hesaplandin
($23.2M ) A.B.D parasi var. biz uc sat dan parayi sayiyoruz. biz bir plani yapten
cunku parayi bizden kalicek emde gizli bisi yani,sadeece ben ver 3 asker bu parayi
biliyor,baska kimsin bilimiyor.bu kutular eski dan bir kas terrorist var AL QAEDA
VE AYMAN AL ZAWAHIRI,garanti bu teroristlar ni parasi ,ama bize helal geldik
sukur allahm.

Bu parayi tasimak pilani yapiyorsun,ama sok gizli yer bize lazim,neder ic kimse
parayi gormesin,biz irakta parayi satladik,ama uyusturucu ve silah,ve kursun,telsim
ektmis biz ,sadeece parayi bize kaldik.

bu konu dan dolayi bana bir guvenlik insan lazim cuncu parayi icin irakya birakamaz
neden,hergun dah fazla risk icindeiz,onur icin sen bize lazim.sen ne dusunuyorsun
biliyorum onur icin benim resim ve kimlik gondericem sana sonra.

sana 30% komisyon soz verdim ,ama gine bu komisyon icin anasabiliyor.lutfen bana soz ver
cunku bu konu aramizdin kalicak,baskasi bilmez tamam.

Saygilar
KAPTAIN.

Data Conversion Job Scam is active again

The scam goes like this: a company contacts you about a job where you work from home, doing various office jobs, filing, inventorying stuff, converting data from one format to another. You just need to use an application, the price of which they may or may not refund you on your first paycheck. The software application – “XXXX Inventory Software” costs 60 Euros or £58 or USD60

The ‘sting’ is in the software – it’s useless junk, and even if it isn’t, there’s no “work”. The whole scam is to get you to part with your cash. There is no “work”, or if there is it’ll probably involve you receiving fake checks and sending on the ‘remainder’.

I went to the website CEZASOFT.COM and they don’t accept credit cards [RED FLAG] and you have to contact them to buy the software, and they’ll send you back a Software Order Form which asks you to use a dubious payment provider called CashU.com, which is basically an untraceable digital conversion of your cash into easily stolen/transferred cash.

I’ve warned about this scam before and the names keep changing so it obviously works. Today it is ‘BYRAM and CEZASOFT’, tomorrow it may change when too many sites such as this report on it.

This is the email you’ll get when yu apply for the job:

Your application is approved, now you can start work with us, attached are employment documents and first paid project work,
we have send you One Day of work But its your first project so you can submit in 3days and after that you have to submit in 24 hours,
attached are the image files of Data Sheets, Guideline of work is attached with this Email on MS word format, kindly read carefully,
Also Guideline Tutorial is included as a Picture format after entering the Data in Ceza Inventory Software Save the files and Saved
files you have to send us back by online software and we will immediately transfer you your first week salary in advance, (get software to www.CezaSoft.net )
with this email following files are attached in .ZIP folder,
1: Data Sheets to Complete (Project Pack)
2: Step by Step Guideline and Tutorial (Guideline)
3: Your Salary invoice (Salary)
4: Employment Documents
kindly Download Project zip folder and Extract / Unzip after download: (attached with this email)
Note: its One day of work but you can complete this project in 3 days and contact us back,
regards
eldwin clay
BYRAM Inc

If you see a new websit efor this scam, please comment or email webmaster@scamdex.com

Here is a Tip Off Report with more details from a Scamdex Contributor