I sometimes can’t stop to ask myself if the scammers are actually human beings with feelings of loss and tragedy and if they have the same concerns as the normal citizens. I guess they are not, because otherwise you can’t explain this: Hello friend, I intend to give out some portion of my wealth as a free-will Financial donation to you for the ongoing COVID-19 that was cause by China because am a good citizen of china. Respond to partake. Regards Wang Jianlin CEO: Wanda Group And they even write the name of the virus wrong in the subject : CONVID instead of COVID The email contains also some tracking pixel in the HTML content, pointing to tracking.net.
German users are receiving a lot of such spams these days: It is about a package which allegedly it has its transport costs not paid. (2 €). The user is invited to visit a page where he can be pay this. Verfolgen Sie Ihr Paket: DE3428632-19 STATUS: BEARBEITUNG – VERTEILERZENTRUM BERLIN – Transportkosten VON 2,00 € wurden nicht bezahlt LIEFERUNG ERFOLGT NACH BEZAHLUNG LIEFERKOSTEN BEZAHLEN Useless to say, this is not the usual way to deal with packages, so those which sent the spam have no idea how things work. The link goes to a page delivering a malicious payload. This is how the email looks like: Observe the blue marked items. The spammers are either lacking skills, or they think that the users are idiots, or are themselves idiots. The body of the email is one single line of Base64 encoded text. It appears to be sent from an AWS account. Received: from domain.com (ec2-52-193-124-80.us-west-1.compute.amazonaws.com [22.214.171.124]) by mx.google.com with ESMTP id d8si40042704pgv.61.2019.07.23.01.00.43 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from smtp.J51G83V9.org (enr2-mrelay-01.ad4123fb38497b9631680eea23dbd0b2.org. ) by mx.google.com with ESMTP id t6si5997511qvm.25.2019.02.12.06.38.06 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from pdr8-services-05v.prod.J51G83V9.org (HELO…
If you got one of these emails, do not click the link in it or the button. It will try to send an email to those email addressed below. Of course, it can’t do that automatically, it will open an email with the subject “Unsubscribe me” and the To field prefilled with those email addresses. You would need to send it. Please don’t send it unless you want to receive even more spam ! Why? Because this way you confirm that you are human and actually read the emails . The domains do not work anymore because they used to be (almost all) registered with No-IP.com. <div style=”MARGIN-BOTTOM: 30px; FONT-SIZE: 18px; font-weight: bold”>Please confirm your Unsubscribe</div> <div style=”margin-bottom: 20px”>To confirm your Unsubscribe, please <a style=”COLOR: #4cbad7; TEXT-DECORATION: none” href=”mailto:email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,email@example.com, firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org, email@example.com?subject=Unsubscribe me” target=”_blank”> <b>click here</b></a> or on the link below.</div>
Sometimes, looking after spams is also fun, not just research work. This is what I found today: Dear Energy User, If you pay for electricity, you`ve been hit hard by high energy prices. And, if you`re like most people, you`re thinking there`s got to be a better way. A better way to heat your home a better way to use electricity without spending a fortune a better way to get save on your electricity bill…. >> Watch this F-R-E-E Video Take Note: This video will last only 24 hours, it’s up to you. Yours Truly, Nikola Tesla Click here to unsubscribe But then you click to see this: and you see this hosted on http://www.teslaenergy.trade/ What a joke, right ? 🙂 Bu the film about Nikola Tesla is good, even if it is 23 minutes long. :))) Btw, all those things are just bullshit… Wrong interpretation of real facts. All this trouble to buy a book :
The email below looks like a classical phishing trying to fool users to enter their details and get access to the Google account. But, if you check it, you will be redirected in two steps to an online Canadian pharmacy website. I wonder why so much trouble for a stupid Canadian pharma website? Do people still buy from these crappy websites ?
We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them. I received now a new email on a corporate address, which is a black-e-mail … in digital form. I have to say, that the amount of thoughts expressed in the email is interesting. Somebody, with some basic knowledge and bad English knowledge has put some infos together. 🙂 Here is the plain text, so that it is easier to index: Hello. I do not want to judge anyone, but as a result of several occasions, we have point of contact from now. I do not think that caress oneself is very bad, but when all your relatives, colleagues and friend see it- its obviously awful. So, closer to the point. You visited the website with роrn, which I’ve adjusted with the deleterious soft. Then you chose video, virus started working and your device became working as dedicated desktop immediately. Naturally, all cams and screen started recording instantly and then my virus collected all contacts from your device. I text you on this e-mail address, because I got it it with my soft, and I guess you for sure check this work address. The most…
As a premiere, I received the first Nigerian Scam on XING. It is quite common to receive such requests on LinkedIn, but for me it is the first time on XING. This is the text: Hello Sorin Mustaca, I have partners who I front for to assist source for a foreign partner who could be of help to receive fund for the purpose of various viable investment abroad on their behalf, they are all still in service and want anonymity to protect their reputation in service.I will furnish you with their mode of operations after receiving your readiness. Regards, Dr. John Zaffar And the profile of the spammer, pretty fresh (24h), with only 3 contacts. One of these was me: I erased him as a contact and reported the profile to XING. For reference,
And I mean really colorful, as in it has signs and colors. Like the one in the featured image. If you look in their source, they look like this: Subject: =?utf-8?b?8J+QlfCfkIhZb3UgY2FuIHNhdmUgb24gcGV0IGZvb2Qg8J+QlfCfkIg=?= As it can be seen on this page, there are all possible symbols described: http://www.unicodetools.com/unicode/codepage-utf8.php All it has to do is to force the email client to display them. Most of the time, it actually works, as can be seen above. Sometimes, it doesn’t, even if the symbols are correctly set up: Subject: =?utf-8?q?=F3=BE=86=93_sorin=2Emustaca=2C_Discount_Dental_Implants_in_You?= =?utf-8?b?ciBBcmVhIPO+hpM=?= You can actually see the character’s code number 🙂 So, are they dangerous ? Not really… usually. I can imagine though, that if the mail client has a vulnerability when it displays certain characters, some bad guys could use it to exploit it. This way it could, in theory, trigger an unwanted execution of a script or download a file and execute it.
My Junk folder from ITSecurityNews.info is currently flooded with “Delivery Status Notification” from various servers, all with the same content. Various servers, same content, in Russian: The email goes indeed from a non existent email address of my domain to some server that refuses it for various reasons. What can you do? Block the spam: Fortunately, Google detects this mail as spam and blocks it. Unfortunately, this is pretty much everything you can do. 2) Don’t use a catch-all email address The reason for which my Gmail account was receiving this amount of emails was because it was set up as the catch-all account. Basically, anything that can’t be delivered to somebody at your domain will be sent automatically to the catch-all address. Now, these emails will go do the one that sent them. 🙂 What else ? There is nothing else that can be configured or set up to prevent anyone to use your email address or domain in the FROM or REPLY TO fields in spam messages. Basically, this is a Distributed Denial of Service (DDOS) again my domain.
I start this post with the Conclusion Don’t fall for these scams! You will never get money or vouchers like this. Details I see a lot of these messages in my Spam folder: PayPal payment received Report Spam Hi, Your account has been credited with $563.50 Click Here to Claim If you don’t want to get any more e-mails please Unsubscribe Malware as invoice Dear Customer Your invoice appears below. Please remit payment at your earliest convenience. Thank you for your business – we appreciate it very much. Sincerely, Dwain Dale Courier Service 3. Received Google Voucher Report Spam Hi, You have just received a Google Voucher of $500, claim below: ==> Claim Now If you don’t want to get any more e-mails please Unsubscribe 4. Shipping update for your Amazon.com order And many more…