Blocking Facebook scammers and spammers

If you run a facebook group, you will notice that a lot of spammers and scammers start to infiltrate but posing as legit members.  How do you identify these people?

Here is an example.  This member “Joan Mayer” joins US Visa groups on facebook posing as a woman.  “She” this message in the most popular comments to get views:

Joan Mayer Employment opportunity 2015/2016 in hotels, FACtory , Oil company , and airport 

The management of Marriott hotels, currently need new workers which careers suite into this work categories, Stewards, nurses, Technicians, Fashion designers , comedians and Entertainers, models, actors, dancers, medical doctor, Artisans, Mechanics, engineer, cleaners, washers, security, Club Bouncers, Catering supervisor, Cooks, Receptionist, Food & Beverage Management, Store Keeper, Landscape & graphic designer, Computer Engineering, professional massage, Professional Chauffeurs, professional beauticians, professional Gardener and florist, Gym and exercise instructors, etc.
Our hotel will be responsible for the payment for his/her air ticket and accommodation, so if you are interested you can contact us direct at this below e-mail address link. With your C.V.
cynthiamenz007@gmail.com +237676981356

We look forward for your prompt reply via this email address for more information’s needed.

Good Luck.

A quick search on “her” number reveals that the number is associated with some sort of scam:

indian scammer number

indian scammer number

 

 

 

 

 

 

 

 

 

 

 

 

A search of “cynthiamenz007@gmail.com” reveals more about the source of this message:

cynthiamenz007 at gmail

 

It looks like some kind of agency.  Maybe not a scam but definitely spam.

Japan Earthquake Scams 8.9 – March 2011

11 Mar 2011, Japan just had a series of huge earthquakes (including one that was 8.9). The result was a huge tsunami and loss of life still being calculated. The tsunami of fraud and scams have already started on Facebook and have surely hit the shores of email spam inboxes everywhere.

Example:

Submission date: March 2011

To:

The quake triggers a tsunami that threatens much of the Pacific. Up to 300 bodies are found in the city of Sendai in northeastern Japan, an area believed to have been hit hardest by the massive waves.

Hundreds are dead after the worst earthquake in generations struck off the northeast coast of Japan on Friday, setting off a devastating tsunami that swallowed swaths of coastal territory and fanned out across the Pacific Ocean, threatening everything in its path.

block text messages

block-text-spam-1
Its called SMS spam, SpaSMS, mobile spamming, and m-spamming.

I was in Amsterdam in Sept. 2010 and I kept getting spam texts:
Leonewd (AIM):-1/2-
Investor Stock Alert! Our pick is up 60% so far today, DO NOT MISS OUT! Get in Fast and Early. For

maryleedwxq (AIM):-1/2-
Hot Penny Stock Alert! AHuge PR Campaign has begun for Fleet Managment, starting

I don’t normally get these messages in the US. I am not sure if this has to do with the carrier I have here or what.

256-019
AIM: You have received a txt from an AIM user. To stop AIM TXTs, reply ‘out’ to this msg.

What really sucks about this sort of spam is that you have to open the text message up to stop it. Once you open up the message, you will see something like this at the bottom of the text (Reply 'block' to stop this user). But the way the spam “user” gets around this is to send the same text message from multiple fake user names. The other thing that really sucks is that, depending on your text message service plan, you maybe charged for each message you receive! OUCH!

How do you block spam text messages?
The way the sms text spammers are finding your phones text address is by guessing. They know that the typical address follows this format:
AT&T
[10-digit wireless number]@txt.att.net

Verizon
[10-digit wireless number]@vtext.com

T-mobile
[10-digit wireless number]@tmomail.net
(comprehensive list 1,2)

So they just put all the numbers possible for a given area. This is easy with good software. Its abuse of the text message marketing using bulk text messaging software and/or services. They will typically forward from multiple fake usernames to the same text address. Its like war-texting or brute force marketing.

The good news is that your cell phone service should offer some sort of text-blocking services.

(from pogue nytimes blog)
* AT&T: Log in at mymessages.wireless.att.com. Under Preferences, you’ll see the text-blocking and alias options. Here’s also where you can block messages from specific e-mail addresses or Web sites.

* Verizon Wireless: Log in at vtext.com. Under Text Messaging, click Preferences. Click Text Blocking. You’re offered choices to block text messages from e-mail or from the Web. Here again, you can block specific addresses or Web sites. (Here’s where you set up your aliases, too.)

* Sprint: No auto-blocking is available at all, but you can block specific phone numbers and addresses. To get started, log in at http://www.sprint.com. On the top navigation bar, click My Online Tools. Under Communication Tools, click Text Messaging. On the Compose a Text Message page, under Text Messaging Options, click Settings & Preferences. In the text box, you can enter a phone number, email address or domain (such as Comcast.net) that you want to block.

* T-Mobile: T-Mobile doesn’t yet offer a “block text messages from the Internet” option. You can block all messages sent by e-mail, though, or permit only messages sent to your phone’s e-mail address or alias, or create filters that block text messages containing certain phrases. It’s all waiting when you log into http://www.t-mobile.com and click Communication Tools.

SPAM & SCAM Display

Fri 05/30 10:45 Take the Chitika|Premium Challenge – We 4.74
adameeze36@biz.by Sat 05/31 18:48 THANKS FOR YOUR PAST EFFORT. 5.022
devyn-kitayosh@OZLUER.COM Sat 06/07 13:57 Be the longest, be admired 5.504
dom_john016@ig.com.br Thu 05/29 19:15 CONTACT MY SECRETARY FOR YOUR COMPENSAT 5.552
ventoler1965@ETCNY.COM Sun 06/08 5:15 Receipt number for your purchase with u 5.584
tennisqueen5@oxford-analytica.com Thu 06/05 21:30 Luxury 6.969
Don-nocotavo@CENTERDATA.DK Sun 06/08 20:12 Enlarge your organ easily with us today 7.28
RichcellarOsborn@lifefone.com Sun 06/08 4:42 Timepieces Online. Shop us 7.319
wwwrun@servidorweb.gobernaciondecaldas.gov.co Tue 05/27 20:09 CONTANT EFEX EXPRESS COMPANY WORLD 7.459
orouksal1953@HUNTINVESTMENT.COM Thu 06/05 16:42 Super savings off all herba1 products 7.738
nobody@host.vs1host.com Sat 05/31 0:54 CONTACT UNITED STATE PARCEL SERVICE FOR 8.042
MaeepitaxialPiper@merriam-webster.com Tue 06/10 10:21 Penis Enlargment Reviews 8.086
hffverthnad@bordertown.com Wed 06/04 16:36 Update your Penis 8.477
me@localhost.com Tue 06/03 5:45 Congratulation!Congratulation!!Congratu 8.504
me@localhost.com Tue 06/03 5:42 Congratulation!Congratulation!!Congratu 8.504
mary_tuttle_lg@elambers.demon.nl Mon 06/09 22:30 RE: SALE 80% OFF 9.188
password7@elambers.demon.nl Fri 05/30 2:21 RE: SALE 86% OFF 9.188
rob@elcmechanical.com Wed 05/28 10:06 RE: SALE 89% OFF 9.188
rob@eklhq.com Sat 05/31 12:15 RE: SALE 84% OFF 9.188
mrslarisa2002@yahoo.com.hk Sun 06/01 7:06 FOU YOUR KIND ATTENTION 9.308
database0014@switched.com Fri 05/30 3:30 Congratulation!Congratulation!!Congratu 9.625
fsdxtxi@bos.mcd.mot.com Mon 06/09 12:15 Luxury 10.249
PATRICKCHAN@CHAN.NET Fri 05/30 16:54 BUSINESS PROPOSAL!!! 10.46
youngben222@voila.fr Tue 06/03 19:45 PAYMENT NOTIFICATION 10.68
info@oceanicbank.org Fri 05/30 19:30 YOUR PAYMENT NOTIFICATION 12.685
justinkokuvi@gazeta.pl Thu 06/05 2:48 MR JUSTIN KOKUVI 13.444
apache@ftp.trakt.ru Wed 06/04 2:48 Please Respond. 14.125
apache@ftp.trakt.ru Wed 06/04 2:42 Please Respond. 14.125
williams_don01@gazeta.pl Tue 06/03 4:54 FINAL DELIVERY NOTICE 14.939
croupyco08@mobile.mycingular.net Fri 06/06 12:18 Re:to rob! 15.345
swiftpromotions2@silverstarnetworking.co.za Mon 06/02 11:33 ONLINE SWIFT HUMANITARIAN WINNING NOTIF 18.788
watsllp@gmail.com Wed 05/28 12:33 Compliment 19.183
sa_thabo_za39@hotmail.com Fri 05/30 4:57 SEEKING FOR YOUR HELP 19.321
john.j@switched.com Tue 06/03 2:15 CONFIDENTIAL BUSINESS PROPOSAL 19.565
ahmedasiyah@yahoo.com Sat 06/07 16:57 Please read very carefully 19.997
peteraronu03@ig.com.br Wed 06/04 8:09 YOUR UGRENT REPLY NEEDED 20.289
edsolicitors@gmail.com Tue 06/03 2:54 Regarding Your Inheritance 21.064
monica_shadinovo01@yahoo.com Tue 06/03 1:27 FROM:MRS.MONICA SHADINOVO. 21.901
raymond_briggs5@mailbox.hu Tue 06/03 16:00 From Senior Account Officer, Barclays B 22.573
admin@national-onlinelottery.co.uk Sat 05/31 22:00 FINAL WINNING NOTIFICATION! 24.42
lawson@yahoo.com Thu 06/05 11:57 BUSINESS AND INVESTMENT PROPOSAL. 36.008

remove a name from mailing lists

Remove from Credit Card and Insurance Mailing Lists

The Fair Credit Reporting act of 1997 allows for consumers to stop unsolicted credit card & insurance offers. It puts more responsibility of customer privacy on the business that collected the sensitive data in the first place.

In order to use the strength of the law you must take action. Write or call the credit bureaus and request removal of your name and address from those lists. Here are the credit bureaus’ contact information:

Trans Union
P.O. Box 736
Springfield, PA 19064-0736
Telephone: (800) 680-7293

Experian (used to be TRW)
P.O. Box 949
Allen, TX 75013
Telephone: (800) 353-0809

Equifax
P.O. Box 105139
Atlanta, GA 30374-5139
Telephone: (800) 556-4711

Once you make the request they have 5 days to notify all national credit agencies. Your name will then be dropped from their mailing list for two years.

Remove your name from mailing lists permanently

To remove your name from mailing lists permanently ask the credit bureau to send you an “election form.”

To receive a credit report contact the following:

Experian (formerly TRW)
(800) 682-7654

Equifax
(800) 685-1111

Trans Union
(800) 916-8800

To Stop “Junk Mail”

Contact the Direct Marketing Association (DMA).

Mail Preference Service
PO Box 9008
Farmingdale NY 11735-9008

Telephone Preference Service (telemarketing)
PO Box 9014
Farmingdale NY 11735-9014

With a request (written) your name will by removed from their mailing lists.

I’m not sure there is a way to remove your name from all email mailing lists at once. But one thing you want to NOT do is put your email address on a website. If you want customers to get to your via email but don’t want the spam and scams that come with, use a contact form or something like this elamb.security(at)gmail(dot)com – this makes it so spam emails can’t automatically grab your email from the Internet, a common spammer tactic.

BRITISH INTERNATIONAL LOTTERY INC

******************SCAM ALERT*********************************
************************************************************
***********************************************************

I just want to make this perfectly clear. This is a SCAM! I get these emails about British International Lottery, British National Lottery about every three weeks or so. DO NOT.. I repeat DO NOT send these people money or your personal information. If you are new to the Internet, this kind of thing is rampant.

THIS JUST IN.. I Just won the British International Lottery… AGAIN! How about you?!

BRITISH INTERNATIONAL LOTTERY INC. <sondrag@peoplepc.com>
reply-to “BRITISH INTERNATIONAL LOTTERY INC.” <dr.garrylee3_clearinghouse2008@yahoo.co.uk>,
to
date Jan 22, 2008 5:30 AM
subject ATTN: WINNER! YOUR EMAIL ID JUST WON YOU £1,000,000.00

hide details 5:30 am (1 day ago)

Reply

BRITISH INTERNATIONAL LOTTERY INC.
5th Floor East
Commonwealth Centre
55 Currie Street London
United Kingdom.
DATE: January 22th 2008.
CONGRATULATION! NEW YEAR BONUS WINNING NOTIFICATION

ATTENTION:

We happily announce to you the draw (#1068) of the BRITISH
INTERNATIONAL LOTTERY, online Sweepstakes International program held on, January
21th 2008. Your e-mail address attached to ticket number: 56475600545188
with Serial number 5368/02 drew the lucky numbers:
02-06-10-17-29-30(Bonus no,30), which subsequently won you 1st category in the match 5 plus
bonus category.

You have therefore been approved to claim a total sum of £1,000,000.00
(One Million Pound Sterling Only) in cash credited to file
KTU/9023118308/03. This is from a total cash prize of £51,002,068 shared amongst
the (6) lucky winners in the match 6 category.

All participants for the online version were selected randomly from
World Wide Web sites through computer draw system and extracted from over
100,000 unions,associations and corporate bodies that are listed
online.

This promotion takes place weekly. Please note that your lucky winning
number falls within our European booklet representative office in
Europe as indicated in your play coupon.

In view of this, you have therefore been approved to claim a total sum
of £1,000,000.00 (One Million Pound Sterling Only). This sum will be
released to you by any of our payment offices in Europe. Our European
agents will immediately commence the process to facilitate the release of
your funds as soon as you contact them.

As part of our precautionary measure to avoid double claiming and
eradicate the unwarranted abuse of this program, you are advised to keep
your winning information confidential until your claims is remmited to you.

PLEASE MAKE SURE THAT YOU QUOTE YOUR BELOW WINNING PARTICULARS WHEN
CONTACTING YOUR CLAIMS AGENT:

Ref No:4758961725
Batch No: 70564943902/188
Winning No: FGNGB2701/LPRC
****************************************
Claims Processing Agent
Dr.Garry Lee
Email: dr.garrylee3_clearinghouse2008@yahoo.co.uk
+447024091279
+447024091403
( Mon – Fri 8:00am – 6:00pm London Time )
Verifications/Logistic Department.
**************************************
For further clarification/verification of your claims, Please call on
any of our official numbers as stated in notification email:
dr.garrylee3_clearinghouse2008@yahoo.co.uk
Congratulations from me and the entire members of THE BRITISH LOTTERY.

Yours faithfully,
Mrs. Tricia Moore
Online co-ordinator for THE BRITISH INTERNATIONAL LOTTERY
Sweepstakes International Program.

Symantec acquired IMlogic the anti-spim

  

Symantec has acquired IMlogic to get into IM and email security:

LAS VEGAS, NV–(Marketwire – June 13, 2007) – Symantec Vision 2007 — Symantec Corp. (NASDAQ: SYMC) today announced the newest version of Symantec Information Foundation, an integrated Information Risk Management (IRM) product suite that builds on the company’s Security 2.0 strategy. Symantec Information Foundation delivers advanced controls to safeguard companies against data loss with unified protection for e-mail, Web and instant messaging (IM). The new solution, expected to be available this summer, enables information entering or exiting the organization to be archived, audited and discovered through a validated process that ensures proper chains of custody.

With IMlogic’s technology they will also be able to battle “SPIM” Spam on Instant Messanger which can get pretty bad. 

Black Hat Spammers (NIST Hacked)

NIST.gov, heidelberg university and others have been hacked by black hat spammers.

Lately I’ve been getting some spam that I consider a special treat.  These are websites that have been exploited and used to promote spammy pharmacy products such as viagra and cialis. 

I am not happy that victims are being used, I’m intriqued on how the spammers managed to get away with it.

This one comes from NIST.gov: 

SPAM Hack of NIST.gov
viagra
http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html
viagra
[URL=”http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html”]viagra[/URL]
tramadol
http://www.nist.gov/HyperNews/atp/get/collaboration/288.html
tramadol

I’ve been working with the U.S. Govt for a long time so I am familiar with the NIST.  It is the National Institue of Standards and Technology: “Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration.” 

When I thought that they might have been hacked, I immediately sent and email to the webmaster.  But unfortunately they rejected my email.
Here is another hack attempt (this one unsuccessful):

UTA.edu
viagra
http://www.uta.edu/HyperNews/get/delgua/158.html
viagra
[URL=”http://www.uta.edu/HyperNews/get/delgua/158.html”]viagra[/URL]
phentermine
http://www.uta.edu/HyperNews/get/delgua/160.html
phentermine

Here is one is what looks like a division of Heidelberg University:

physi.uni-Heidelberg.de
cheap xanax
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
cheap xanax
[URL=”http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html”]cheap xanax[/URL]
generic viagra
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/860.html
generic viagra

email I sent to Heidelberg Universtiy (translated with babelfish):

Hallo,
Ihr Aufstellungsort kann ausgenutzt worden sein:
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
Die Person, die dies getan hat, benutzt Ihren Aufstellungsort zu Spam andere Internet-Aufstellungsorte. Traurig über meinen Deutschen. Ich verwende babelfish.altavista.com, um zu übersetzen. Auf Wiedersehen

Here is another attempt on Kryten.murdoch.edu.au 

pacific poker
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html
pacific poker
[URL=”http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html”]pacific poker[/URL]
cialis
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/297.html
cialis

As with any exploit, the spammers used a flaw in the webpage to post the data on victims webpages.  The sad thing is that it can happen to anyone.  Security Awareness is really the only defense one can have.
 

I have been getting a lot.  I’ll update this when I get some good one.

who is ludochekmy? date spammer

Apparently, she is a lonely single woman who speaks english as a second language.

I googled “ludochek” and found this:

ludochekmy googled 

YOU SEARCH WOMAN? I’m single woman and i search man my mail: ludochekmy()gmail.com
I’m blond, 32y.old. If you search woman for pen pal and more write to me and i can send
to you my new pics and tell more about myself.
I use () instead @ for my email.
I post this message from this forum because i don’t have credit card and can’t use dating site.
If you want find a friend please write to me i am very lonely girl.
I wait your message to my email: ludochekmy()gmail.com but you must use @ Ludmila.
I wonder if date spamming works.  I’ll do some research on this.

paypal email scams

I get these paypal email scams ALL the time. It is really just one of so many phishing scams that put up mock versions of legitimate financial services and institutions such as Wells Fargo, Western Union, Bank of America and others in order to trick some of their customers into giving up usernames, passwords and account information.

Notice that the URL adress bar goes to IP: 202.181.96.33

This IP goes to somewhere in Australia and not PayPal. NEVER go to these mock sites and give your information. If you think something maybe wrong with your account after receiving an email make sure you open a NEW BROWSER and type the url in your self.

1 2