Scamming By Spamming – They Just Won’t Quit!

It’s just human nature that allows us to think that we can get something for nothing. That’s the way of the world, and human environmental psychology.

Scam artists of course, count on this human failing to increase the chances that their constantly evolving criminal schemes will succeed with enough people to make their efforts economically worthwhile.

Again this morning, I received another carefully crafted email scam; this one aimed at the 120 million strong Blogging community. I have to wonder however, if the people who write these emails have ever heard of a “spell checker”. It boggles my mind as to how the creative minds who can devise these essentially brilliant schemes, can’t spell!

In any event, the following is the email that I received; notice the spelling mistakes.

Subject: Advertising Inquiry

From: advertising@polimedia.us

Hello,

We have reviewed your blogger.com blog on behalf of one of our

clients that would be interested in placing advertising with you.

Client profile :

DoingFine (http://doingfxxx)

We’d like either a 150×150 button, 160×600 skyscraper or 468×60 full banner (or footer). Alternatively, we may be interested in text-only advertising.

This would be a weekly, monthly or yearly arrangement. In either case we will require a one time, one day (24 hours) free placement in order to test the quality and quantity of traffic your website can actually provide*. Within this interval, we will make a final determination, based on the traffic volume, quality, and your asking price. Should we find your terms acceptable, this trial day will count towards the agreed interval.

Kindly let us know if you would be interested, which arrangement best suits your editorial needs, and what rates you would like to charge. We prefer using PayPal but may be able to accomodate alternative payment methods.

Thank you.

*Please note that we employ software that reliably detects autoclick and autosurf bots, pay per click and paid to surf type traffic, and other such non-human traffic. This may be a concern for you, especially if you are buying “bulk traffic”, or employing the services of dubious “SEO experts”

So can you see the problems with this email, other than just the spelling errors?

Well in the first place, they are looking to place a “one time, one day (24 hours) free placement in order to test the quality and quantity of traffic your website can actually provide”. But in reality, there are a fair number of SEO services such as Website Grader, that provide this service and more, at no cost. So the question is: why wouldn’t a professional advertising organization not have this type of information at hand? This doesn’t make sense.

It seems to me, that one of the objectives of this scam is to insert bad JavaScript ads into the Blogs of those who commit to the one time, one day free ad placement. As well, since PayPal is mentioned, it is conceivable that a second part of the scam is aimed at obtaining the credit card details of those who respond to this offer.

While I despise the objectives of these scams, it’s difficult for me not to have some degree of admiration for the creativity, and the audacity, of these scam artists.

As ever, we need to be security conscious while dealing with web related issues and to be sure to always practice the following: Stop – Think – Click.

A great web site which is dedicated to debunking email hoaxes, thwarting Internet scammers, combating spam, and educating web users about email and Internet security issues is Hoax-Slayer. Check it out.

I Got a Refund Notice from the IRS – Except I’m a Canadian – What a Scam!

Like you, I love to get money back from the government. Since I am a Canadian, and I reside in Canada, when I do receive a refund on my income taxes that money comes from the government of Canada. Imagine my surprise then, when I received an email purportedly from the U.S. Internal Revenue Service advising me that I was eligible to receive an income tax refund of $873.20.

Tax refund (Message ID L9238s7ds8)‏
From:	Internal Revenue Service (efile@re-fund.co.us)
Sent:	February 23, 2008 9:51:16 PM
Reply-to:	efile@re-fund.co.us
To:

A Secure Way to Receive Your Tax Refund

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $873.20.
Please submit the tax refund request and allow us 3-9 days in order to
process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.
Regards,
Internal Revenue Service
Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.

Unfortunately, since I am Canadian I will not be getting a refund from the IRS, but instead the scammers responsible for this email expected that I would click on the enclosed link. Clicking on the link would have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide. The scammers would then have used the information to commit identity and financial theft.

The reality is of course, the IRS doesn’t send out unsolicited emails asking for personal or financial information. Credit card numbers, ATM PIN numbers and additional financial would never be required to find out the current status of your tax return, or your tax refund. The link in these phishing emails goes to a fraudulent IRS website, (http://spanishmegapixel.com/tien.da/images/.e-f), hosted abroad.

According to the IRS there are over 1600 IRS phishing sites operating, or online, at any given time in search of potential victims willing to hand over sensitive financial data. It’s easy to see that the email I received is not an isolated incident. The IRS goes on to say that by their estimates, 1% of all spam email is an IRS phishing scam.

What makes this particular scam so potent is the average person, on receiving an email from an authoritative source, generally lowers their defenses. As well, giving the time of year, the timing is right. Be warned, IRS scam emails always ramp up before tax day and continue for some time afterwards.

You know what to do right? Follow the tips below to protect yourself against these threats:

• Your bank, the IRS, or any other legitimate organization will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
• Don’t open emails that come from untrusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.
• Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, scan your computer with a second-opinion security solution, like NanoScan at www.nanoscan.com.
  

 

Elsewhere in this Blog you can download freeware anti-malware solutions that provide excellent overall security protection. Click here.

Be kind to your friends, relatives and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

To help you fight back, the following information has been taken from the official IRS web site and provides instructions on how to assist the IRS in shutting down these schemes.

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov.

Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

IRS reporting site: phishing@irs.gov

Vishing – The New Scam on the Block!

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

·        Consider every email, telephone call, or text message requesting your PII as a scam

·        Never click on embedded email or cell phone links

·        When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at www.ic3.gov.