Category Archives: Spam Gallery

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

Another simple piece of spam.  This email has a single link to do its work, and like all others, takes you to a site that is not VISA.  Understand that VISA itself doesn’t not manage credit cards, banks do.  You would get a notice from the bank that handles your VISA card, and that would be a phone call, not an email.  So, what wrong with this email?

• No personal details like name, “account ending in xxxx”, etc.
• No one says a credit card is “blocked”.
• Poor grammar throughout
• The spammer lives in an area where periods and commas are reversed, like Eastern Europe ($1.345,50=$1,345.50)
• No logos or other disclaimers like you would find in a company email.  Light purple is not a typical highlight color.
• VISA doesn’t manage credit card transactions, banks do.

I can’t even give a closing recommendation for this.  There’s no reason to click the link out of curiosity or misplaced urgency.  The poor grammar in the message should be enough to convince you the email is fake.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is humorous to me because I used to work with someone named Magaly and I thought it was a pretty unique name. But some of the standout features of this email are:

• The FROM address is from my domain, which is a personal domain.  In a corporate environment, this could be convincing, since “officejet” is the name of a print server.
• The subject says the email has been forwarded twice, but the body of the email shows no headers from previous recipients
• The email was sent at midnight.
• The “document” is not attached, but is linked.  This is backwards of the spam that had the ZIP file attachment, where you would expect it to be a link.  in this case, you would expect it to be attached, since the print server is usually a small network device, not a file server.

In a corporate environment, this email could be convincing.  You may not know what printers/scanners are available, nor who would be sending files like this.  The best clues to spot this as spam are the “fwd” tags in the subject.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

After all my posts about emails simply looking suspicious, then comes one that is all wrapped up in someone else’s template.  Let’s look at what they did right:

• They used a complete template from a UPS email, which makes it look authentic.
• They left most of the links in the email untouched, so if you clicked the UPS logo, you would go to the UPS home page.  The only malicious link is the “Track your Shipment now!” link
• They included the first part of my email address in their greeting for personalization.

But they still got plenty wrong, including:

• The FROM address is from my email, except using @gmail.com,  not from ups.com.
• The subject line uses the name “United Postal Service”, not “United Parcel Service”.  Things get weirder in the email footer, where “United Parcel Service” is used, but references are also made to “USPS.com” and “USPS Team”.
• They use the phrase “With Respect To You”.  Foreign spammers must think American companies are very personal and proper.  They are not.

When you receive an email like this, ask yourself: how did they get my email address?

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is one of those “almost had it” types.  I have done work for a company called SupportSpace, who had a contact named Monika.  The filename referenced used my online handle to provide legitimacy.  However, I still didn’t bite.  I considered the following:

• I’ve never heard of “SendSpace”.  There are no links to their website in the email and the email is not sent from a sendspace.com domain.  For being the best file sharing service, they don’t know how to promote themselves.
• The capitalization of the company name differs in the email.  This would not happen in a professional communication.
• The capitalization of the sender’s name is odd.
• Checking the link address of the download link points to some random site, not anything related to sendspace.com.

Be even more careful when you see something that may be relevant to you.  When there is only once choice in an email, like “Download” in this example, be suspicious.  Businesses love to promote themselves whenever they contact someone.  The lack of logos, slogans, and promotional links is a red flag.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is working on the premise that you must act before thinking.  Like most spam, the link will redirect you to a page where you are at risk of virus/trojan/worm infections.  This email has the following traits:

• The FROM address is unfamiliar.  It uses the same domain as my email address, which could be effective in a large corporation, where you may not recognize the person, but the you familiarize with the email address.  This is known as “affinity fraud”.
• There is no personal information in the email to indicate that the email was sent directly to me.
• Most people would paste the URL to the bill in the email.  This email has the URL hidden behind a label (“Here is the bill”).  Although it isn’t difficult for the average person to do this, it isn’t likely that if the email was sent in a hurry, the sender would take the time to format the link in that way.
• I’m unsure of what the purpose of the “Secure Checksum” closing line on a lot of these spam messages means, but it’s beginning to be a sign of spam.

Always check the address of links in emails.  If the sender is someone you don’t recognize, slow down.  If you receive a message like this at work, check the company directory to see if it really is someone that works there.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is so full of mistakes, the spammer must be hoping that the recipient doesn’t even read the message and just clicks the link.  How many mistakes are there?

• The FROM email is from UPS, but the email message is from FedEx
• UPS and FedEx are always capitalized in that format.  Anything else is not their trademarked name.
• The link in the email does not go to fedex.com (or ups.com, either).
• Grammar and spelling mistakes.
• A non-professional closing, “With best wishes”.

Overall, the email looks sloppy.  A company would never sent out something that brief and simple.  If the email doesn’t catch your eye, or catches your eye in a “huh?” manner, it needs a second look over before clicking anything in it.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email tries to use terms that sound current.  News reports may be mentioning FDIC more often with the recent banking problems,  but a lot of people may not realize what an ACH transaction is.  The general fear the spam is trying to evoke is that you will not be able to do any bank transfers until you apply a security patch to your computer.

To think this through, why would an update to your computer help anything?  Your computer is not involved in financial transfers.  Those transactions happen between banks.  Even if this were legit – and it isn’t because the FDIC has no part in managing transfers – it would be a patch your bank would need to make to its computers.

Look closely at the language.  When would a company ever use the closing “Faithfully yours”?  That is very inappropriate language for business.  Moreover, the general grammar and terminology is poor.  There is no proper use of the phrase “update your security version”.  Also, the email address is not from the fdic.gov email domain.

Pay close attention to who the email is from.  If it’s a person, it’s probably not an email representing an organization.  Businesses have specific email address that they use to send bulk communication from.

A variant:

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This one should be easy.  It’s pretty unlikely that the recipient really did meet at a café, but the curiosity is there to see exactly what this is all about.  Don’t be fooled.  The link doesn’t download a DOC file.  It directs to a malicious web page.  Notice:

• The FROM name is different than the signature
• The spelling and grammar is terrible for a supposed business communication
• There is no personal greeting

Be careful of emails that sound intriguing or juicy.  The spammers want you to click that link.

A slight variant:

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This spam is actually listed as a news item on www.nacha.org.  There’s not much to go on, but if you mouse over the link, you will see that it doesn’t direct you to any site affiliated with nacha.org.  The only other suspicious thing about this email is the odd wording about “you or any other person”.  That’s not usual business language.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is one of those that gives you a single option and that is the option that will wreak havoc.  Here’s the signs of spam:

• A subject that makes you feel you need to take immediate action.  A traffic ticket that is wrongly issued would scare most people into taking action.
• The FROM address is from AOL.  It is not likely the LA police department is using AOL for email.
• A strange formatting of an official document.  “POLICE AGENCY” is very out of place.
• The time is misformatted (“0:14 AM”).
• Although the date format is DD/MM/YYYY, and that format is used by the military and federal government, it typically is not used in normal communication.  It may make the notice seem more official, though.
• Lack of details such as license plate, your name, anything more than “SPEED OVER 90 ZONE”, which in itself doesn’t make any sense.
• The email is marked as being replied to and forwarded, but the email body has no headers from previous recipients.
• The link address does not go to any website that would even make sense for entering a plea.

Don’t rush to click the first link you see if the message freaks you out. There is plenty of time to evaluate a notice.  Always check link addresses.