Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Posted in Uncategorized | 1 Comment

A new scam email offering free money…

Given below is an email I came across that is offering free money in exchange for all my demographic information, passport information and contact information.

It’s from an extremely lazy spammer. Notice how they are using this email as a template and they did a search and replace for “(INTERNET)”

DEAR,INFORMATION FROM ( DR PETER BENSON ) FROM LONDON‏

From:
wnuser30@aol.com

Sent: Thu 5/28/09 5:41 AM


Dear Friend
How are you doing? I hope all is well with you and your family.  My name is Dr. Peter Benson I am 40 years old and I am from the UK.
I love to help people from their problems, so I decided to contact you because I felt that you may need help from people or some one.
I saw your contacts on the (INTERNET), and I decided to know how much may need to help you solve your problems . I made a promise to God that i will help one person from (INTERNET) because of what he did to me by  making me what I am today, am so happy for that. I would like to donate some things like money to you because i know that much problems need money to be solve them , I promise to God that i will help  one person from the  (INTERNET).
So my dear friend I will love you to send me your full information, and passport and home address, including phone number, so that I can communicate with you, as well as the total amount you need.
Am hoping to hear from you soon.
You have to contact me through my privat E-mail address ( drpeterbenson50@yahoo.com ).
NAME:
AGE:
OCCUPATION:
SEX:
MARRIED OR SINGLE:
COUNTRY:
CITY:
HOUSE ADDRESS:
PHONE:
HOW MUCH MONEY YOU NEED:
You have to contact me through my private E-mail address (drpeterbenson50@yahoo.com ).
Regards.
God Bless.
Dr. Peter Benson

Windows Live Tags: clubhouse, phish, hotmail, spam, safety, scam

Posted in Phishing | 17 Comments

Free money from an empty patch of land: Anatomy of a lottery scam

Here is an example of a lottery scam email (in red). I went through it and documented some ways to measure the authenticity of this email. These techniques can be applied to any kind of email that you think is potentially malicious. My techniques are in black and preceded by “[Technique"]”

6123 COOL STREET RD
PAULGREENVUL LE AX34587,
AUSTRALIA.

[TECHNIQUE] The address above resolves to the following: An empty patch of land!!!!!!!!

REF: 4758961725
BATCH: 70564943902/188

WINNING NO: FGNGB2701/LPRC

(Australia Lotto lottery is an affiliate of Lottery Subscriber Agents.)

[TECHNIQUE]   I searched for the name of the lottery on the web. The first result shows me that this email is a scam!!


Arena Complex 14 Donegall Square South Australia .

[TECHNIQUE]   Again, the address listed above does not resolve!

From: miss. Carol Sweet (Lottery Co-ordinator)

Sir/Madam,

CONGRATULATIONS!!!

We are delighted to inform you that you have won prize money of eight
hundred and fifty thousand dollars ($850, 000.00 USD)

[TECHNIQUE]   Why is the Australian lottery giving money in United States currency? USD?

for the 2009 end of the year lottery promotion, which is organized by Australia lottery
award. This is a bonus to promote lotto in Australia

[TECHNIQUE]   These guys got the year wrong. 2009 has not ended yet:)

Australian lottery award, arranged and gathered all the e-mail


[TECHNIQUE]   Earlier in the email, the lottery is organized by “Australian Lotto Lottery”. Now it has changed to “Australian Lottery Award” hmmm…seems like a lazy scammer at work!

addresses of the people that are active online, among the millions that
subscribed to all email addresses, and others we only select Eight (8)
candidates annually as our winners through electronic balloting system
(EBS) without the candidates applying, we congratulate you for being
one of the people selected.

However, your email address was attached to ticket number;
4706172507056490902 , serial number: 7050490902/189 this batch draws
the lucky numbers as follows 5-13-33-37-42 bonus number 17, which
consequently won the lotto in the second category. You here by have
been approved lump sums pay of us$850,000.00 (Eight Hundred and Fifty
Thousand Dollars) in cash credit file Ref: ilp/hw 47509/09 from the
total cash prize shared amongst eight lucky winners in this category.
**********PAYMENT OF PRIZE AND CLAIM**********
Your payment approval file was sent to African and European continent
only due to the fact that more winners emerged from their. You are to
contact our location claim agent on or before your date of claim.
These are your identification numbers:

REF: 4758961725
BATCH: 70564943902/188

WINNING NO: FGNGB2701/LPRC

[TECHNIQUE]   Again, the numbers referenced above are not consistent. The batch number and winning no is different!!!

TICKET NUMBER…………………. 4706172507056490902
SERIAL NUMBER……………………7050490902/189
BATCH NUMBER…………………….5-13-33-37-42
BONUS NUMBER ………………………17
These numbers above fall within the agent location file, and you are
requested to contact your agent and send your identification numbers
and personal information to him.

NAME: REV. ARMSTRONG WILLIAMS
E-MAIL: armstrongwilliams02@gmail.com
E-MAIL: rev.fr.armstrongwilliams@gmail.com

[TECHNIQUE]  Never trust an official email that is sent from a “free” email service.

PHONE: +44 70457 76916

[TECHNIQUE]   The country code for Australia is 66 not 44!  44 is for the UK.

So, I live in North America, the lottery was in Australia and I have to call someone in the UK for the money. Wow, this is one interesting international cooperation for giving me money from a lottery that I never entered!

PERSONAL INFORMATION:
1. FULL NAME……………………… …………………..
2. COUNTRY………………….. ………………………..
3. CONTACT ADDRESS ………………………… ………….
4. TELEPHONE NUMBER ………………………… ………..
5. MARITAL STATUS ………………………… ………….
6. OCCUPATION ………………………… ……………..
7. AGE …………………………. ……………………
8. SEX………………………. ……………………….

[TECHNIQUE]   A valid lottery winning requires one to show up at the lottery office with identification. You never have to send such information over email.

Australia lottery award prize must be claimed not later than 21 days

[TECHNIQUE]  False sense of urgency. If I win a  lottery sponsored by a country’s government, I am very sure that there is no time limit for receiving the money

from date of draw notification after the draw date in which prize has
won unless otherwise.
Note: any prize not claimed within this period (21days) will be
forfeited unless where necessary.
NOTE: NOBODY WILL TOUCH YOUR PRIZE FOR ANY REASON AND AN AFFIDAVIT OF
FACT AND CLAIM WILL BE PRESENTED TO THE BANK BY THE COURT BEFORE THE
BANK CAN RELEASE YOUR PRIZE.
PLEASE DO NOT REPLY TO THIS EMAIL, CONTACT YOUR CLAIMS AGENT @:
armstrongwilliams02@gmail.com
ANY BREACH OF CONFIDENTIALITY ON THE PART OF THE WINNERS WILL RESULT TO
DISQUALIFICATION.

[TECHNIQUE]  Never true. Lottery winnings never require confidentiality. They announce lottery winners on TV!

 
Congratulations once again.
Yours in service,
CAROL SWEET (CO COORDINATOR)

Moral of the story: These scammers are lazy. A little background check can easily reveal the truth.

Posted in spam | 11 Comments

Red is for stop, yellow for caution!

Hotmail provides an easy way to tell apart good and bad emails.

RED == High Risk== Phishing/Spoofing

If there is a red box on top of the email in the reading pane window (see below), Hotmail has determined the email to be a fraudulent, malicious email because either the email contains phishing content or the email’s source can not be verified. Such emails are considered dangerous and should only be opened if you are confident about the email’s source or content.

YELLOW == Medium Risk == Unknown sender

An email is marked with a yellow box if you do not know the sender i.e. the sender is not on your safe sender’s list. If you do wish to receive email from this sender and want to add the a sender to the safe sender’s list, you can click on “Mark as Safe”. If you do not want to receive email from this sender, you can click on “Mark as Junk”.

 

WHITE == For your information

If Hotmail considers an email as harmless however the mail has been junked because of your preferences (such as because the sender is on the blocked sender’s list), Hotmail adds a white information box such as the one shown below.

 

Posted in spam | 26 Comments

My friend’s e-mail is being junked! why?

Hotmail supports three settings for the junk mail filter in Hotmail that determine WHAT goes into the junk e-mail folder.

Low, Standard and Exclusive.

If your junk e-mail filter is set to “Exclusive” and  your friend is not on your “contacts” or the “safe senders” list, his/her email will land in the junk mail folder.

If you notice mail from your friends going to the junk mail folder, make sure you add them to your contacts or to the safe senders list.

Here are some easy to follow steps to manage your “Exclusive” Hotmail spam settings.

Here are some easy to follow steps to  fine tune Hotmail spam filters.

 

Windows Live Tags: clubhouse, hotmail, spam, e-mail, junk, how-to, tips, filters

Posted in spam | 12 Comments

What happens when I mark a mail as junk?

Have you ever wondered what happens when you mark an email as junk in Hotmail?

Reporting a mail as Junk goes into a big bucket of such junk email reports that are used to build the definition of what Hotmail users consider spam.

These definitions are produced regularly and frequently and are used to prevent similar messages from entering the inbox! The power of the community goes a long way in easing the spam problem for everyone.

Moral of the story:  Reporting spam e-mail as Junk in Hotmail is very very useful and greatly appreciated.

still tired of seeing spam everyday? try this out and let me know if it worked for you.

From the Hotmail spam filtering options,

Posted in spam | 40 Comments

Wack Wack and a third Wack…send the nasty phisher back

Here is an easy tip I came across to detect if someone is trying to phish me!

A phisher will attempt to make you arrive at their website that looks and feels exactly like a legitimate website.

For example, let’s assume you wanted to go to a good website such as http://www.mygoodbanksite.com/update.html?account

However, a phisher could subvert your browsing and force you to go to http://www.mygoodbanksit.com/update.html?account (notice the difference in the name of the website).

The phisher, to ensure that his attach is successful, will make http://www.mygoodbanksit.com/update.html?account resemble http://www.mygoodbanksite.com/update.html?account exactly so that on casual look, the 2 websites will look the same.

If you know the exact website that you want to browse to, here is a quick tip to ensure that you are indeed on the correct website.

1. Look at the address bar of the browser.

2. Find the first 2 wacks “//”. These always exist in the “http://” part of the address.

3. Next, find the third “wack”.

4. The website you are talking to you is between the 2nd wack and the 3rd wack.

5. If that does not sound like the website address that you intended to browse/visit, close the browser!

Posted in Phishing | 13 Comments