700cb Programming

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This message loses all credibility through misspellings.  In addition, the email address is totally different from the sender’s name (Stacy).  Finally, although the email is addressed to “co-workers”, this email is only sent to one person.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

Tax time in America, a time of windfall payments to countless people.  Some people see it as their yearly bonus, although it’s actually your own money being returned to you.  So it’s no wonder that a scammer would try to take advantage of this.

The biggest flaw of this email is the use of the term “Tax Draw”, which has no meaning in the U.S.  Other things of note would be:

• A dollar amount that is ridiculous.  The only thing that this could hope to gain is curiosity.
• A document that is a ZIP file, not a normal document format.
• No personal details: no name, account number, contact information.  Not even a thank you.
• Bare-bones instructions with poor grammar.

If an email isn’t personal, it isn’t for you.  It’s very safe to just ignore it.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This spam message is just pretty humorous.  Here’s the things I can see wrong:

• Poor grammar for a business email.
• Times in 12hr and 24hr format
• Currency incorrectly formatted
• Email address of sender inconsistent with name
• “Single choice” link in email
• No contact information of company
• No personalized greeting or other identifying information.

The email may pique curiosity, so that you want to click the link to see what the total cost of renting a helicopter would be.  Think of someone approaching you on the street and saying, “Wanna see a dead body?”

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is clearly spam.  The numerous spelling and grammar errors throughout should be enough to discredit it completely.  Some of the mistakes are strange and humorous.  “Up to 50,000 USD per annum”, after which I guess your pay simply stops?  “Vacant educational training”? “PayPal Manager”?

This spam falls under a similar type as online dating scams, where you voluntarily give information to the scammers.  If you send your resume to this email address, they have quite a good leg up on stealing your identity.  If they want more, they can simply say that you are hired and ask for your SSN and banking information for payroll.  Then what?

This email has no contact information.  There is a name, which is unverifiable.  There is a company name, which doesn’t match the domain of the email address (gmx.us is a free email host).  There is no address, website, or phone number.  This is just like other “single choice” emails, where you can only do one thing in the email, and that is exactly what the spammer wants.

Beware of too-good-to-be-true offers.  If this was a job offer, wouldn’t you want to research the company first?  There’s no links to the company website.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This piece of mail has an interesting trait of being a forgery of another spam service.  Gift Certificate Delivery.com is probably a legitimate business, but assuredly is one that should not exist.  In any case, this email is using their email template to get you to click the links and get infected.

The email uses the first part of the email address (JSmith, jane.doe) to give it legitimacy, but a real email from a real company would use your real name.  They would have that in their database.  The other clue is that the links all direct to latestyearsvacation.info, which has nothing to do with gift certificates, rewards, or anything else.

One thing that is interesting though, is t the spammers actually purchased a valid domain name and hosting services to host their infection files.  Usually, the files would be hosted on a hacked legitimate website in a hidden folder so the spammers wouldn’t have to pay anything.

Always check the link addresses, and don’t  assume you’re getting something for free.  That’s not the way the world works.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

Another simple piece of spam.  This email has a single link to do its work, and like all others, takes you to a site that is not VISA.  Understand that VISA itself doesn’t not manage credit cards, banks do.  You would get a notice from the bank that handles your VISA card, and that would be a phone call, not an email.  So, what wrong with this email?

• No personal details like name, “account ending in xxxx”, etc.
• No one says a credit card is “blocked”.
• Poor grammar throughout
• The spammer lives in an area where periods and commas are reversed, like Eastern Europe ($1.345,50=$1,345.50)
• No logos or other disclaimers like you would find in a company email.  Light purple is not a typical highlight color.
• VISA doesn’t manage credit card transactions, banks do.

I can’t even give a closing recommendation for this.  There’s no reason to click the link out of curiosity or misplaced urgency.  The poor grammar in the message should be enough to convince you the email is fake.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

This email is humorous to me because I used to work with someone named Magaly and I thought it was a pretty unique name. But some of the standout features of this email are:

• The FROM address is from my domain, which is a personal domain.  In a corporate environment, this could be convincing, since “officejet” is the name of a print server.
• The subject says the email has been forwarded twice, but the body of the email shows no headers from previous recipients
• The email was sent at midnight.
• The “document” is not attached, but is linked.  This is backwards of the spam that had the ZIP file attachment, where you would expect it to be a link.  in this case, you would expect it to be attached, since the print server is usually a small network device, not a file server.

In a corporate environment, this email could be convincing.  You may not know what printers/scanners are available, nor who would be sending files like this.  The best clues to spot this as spam are the “fwd” tags in the subject.

The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.

After all my posts about emails simply looking suspicious, then comes one that is all wrapped up in someone else’s template.  Let’s look at what they did right:

• They used a complete template from a UPS email, which makes it look authentic.
• They left most of the links in the email untouched, so if you clicked the UPS logo, you would go to the UPS home page.  The only malicious link is the “Track your Shipment now!” link
• They included the first part of my email address in their greeting for personalization.

But they still got plenty wrong, including:

• The FROM address is from my email, except using @gmail.com,  not from ups.com.
• The subject line uses the name “United Postal Service”, not “United Parcel Service”.  Things get weirder in the email footer, where “United Parcel Service” is used, but references are also made to “USPS.com” and “USPS Team”.
• They use the phrase “With Respect To You”.  Foreign spammers must think American companies are very personal and proper.  They are not.

When you receive an email like this, ask yourself: how did they get my email address?